[ 23.829233][ T52] bridge0: port 2(bridge_slave_1) entered disabled state
[ 23.836820][ T52] device bridge_slave_0 left promiscuous mode
[ 23.842922][ T52] bridge0: port 1(bridge_slave_0) entered disabled state
[ 23.850522][ T52] device veth1_macvtap left promiscuous mode
[ 23.856706][ T52] device veth0_vlan left promiscuous mode
[ 33.818236][ T29] kauditd_printk_skb: 71 callbacks suppressed
[ 33.818245][ T29] audit: type=1400 audit(1688619895.040:147): avc: denied { transition } for pid=330 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 33.846697][ T29] audit: type=1400 audit(1688619895.040:148): avc: denied { noatsecure } for pid=330 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 33.867258][ T29] audit: type=1400 audit(1688619895.040:149): avc: denied { rlimitinh } for pid=330 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 33.885970][ T29] audit: type=1400 audit(1688619895.040:150): avc: denied { siginh } for pid=330 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
Warning: Permanently added '10.128.0.239' (ECDSA) to the list of known hosts.
2023/07/06 05:05:01 ignoring optional flag "sandboxArg"="0"
2023/07/06 05:05:02 parsed 1 programs
2023/07/06 05:05:02 executed programs: 0
[ 40.821613][ T29] audit: type=1400 audit(1688619902.040:151): avc: denied { mounton } for pid=351 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 40.846889][ T29] audit: type=1400 audit(1688619902.080:152): avc: denied { mount } for pid=351 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[ 40.884357][ T355] bridge0: port 1(bridge_slave_0) entered blocking state
[ 40.891562][ T355] bridge0: port 1(bridge_slave_0) entered disabled state
[ 40.899068][ T355] device bridge_slave_0 entered promiscuous mode
[ 40.905755][ T355] bridge0: port 2(bridge_slave_1) entered blocking state
[ 40.912919][ T355] bridge0: port 2(bridge_slave_1) entered disabled state
[ 40.920083][ T355] device bridge_slave_1 entered promiscuous mode
[ 40.951468][ T29] audit: type=1400 audit(1688619902.170:153): avc: denied { write } for pid=355 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 40.956549][ T355] bridge0: port 2(bridge_slave_1) entered blocking state
[ 40.972111][ T29] audit: type=1400 audit(1688619902.170:154): avc: denied { read } for pid=355 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 40.978951][ T355] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 40.979051][ T355] bridge0: port 1(bridge_slave_0) entered blocking state
[ 41.013646][ T355] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 41.028463][ T6] bridge0: port 1(bridge_slave_0) entered disabled state
[ 41.035636][ T6] bridge0: port 2(bridge_slave_1) entered disabled state
[ 41.043053][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 41.050383][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 41.059440][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 41.067467][ T37] bridge0: port 1(bridge_slave_0) entered blocking state
[ 41.074298][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 41.082961][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 41.090924][ T306] bridge0: port 2(bridge_slave_1) entered blocking state
[ 41.097721][ T306] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 41.112055][ T355] device veth0_vlan entered promiscuous mode
[ 41.118647][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 41.127290][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 41.135963][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 41.143273][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 41.150417][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 41.158965][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 41.170698][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 41.179326][ T355] device veth1_macvtap entered promiscuous mode
[ 41.187400][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 41.199102][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 41.209809][ T29] audit: type=1400 audit(1688619902.430:155): avc: denied { mounton } for pid=355 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=360 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[ 41.239257][ T362] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 41.250628][ T29] audit: type=1400 audit(1688619902.470:156): avc: denied { write } for pid=361 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 41.272053][ T29] audit: type=1400 audit(1688619902.470:157): avc: denied { nlmsg_write } for pid=361 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 41.272419][ C0] ==================================================================
[ 41.298557][ T29] audit: type=1400 audit(1688619902.470:158): avc: denied { prog_load } for pid=361 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 41.301445][ C0] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x4f95/0x5b20
[ 41.301464][ C0] Read of size 4 at addr ffffc90000007b88 by task swapper/0/0
[ 41.301468][ C0]
[ 41.301471][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.15.119-syzkaller #0
[ 41.326791][ T364] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 41.328641][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 41.328648][ C0] Call Trace:
[ 41.328651][ C0]
[ 41.328654][ C0] dump_stack_lvl+0x38/0x49
[ 41.375605][ C0] print_address_description.constprop.0+0x24/0x160
[ 41.382087][ C0] ? xfrm_state_find+0x4f95/0x5b20
[ 41.387303][ C0] kasan_report.cold+0x82/0xdb
[ 41.392155][ C0] ? netlink_has_listeners+0xb0/0x170
[ 41.397629][ C0] ? xfrm_state_find+0x4f95/0x5b20
[ 41.402662][ C0] __asan_report_load4_noabort+0x14/0x20
[ 41.408131][ C0] xfrm_state_find+0x4f95/0x5b20
[ 41.412895][ C0] ? rcu_exp_wait_wake+0x42/0x630
[ 41.417772][ C0] ? xfrm_state_migrate+0x2180/0x2180
[ 41.422977][ C0] ? dst_release+0x44/0x60
[ 41.427302][ C0] ? xfrm4_get_saddr+0x12b/0x1a0
[ 41.432074][ C0] ? xfrm4_fill_dst+0x690/0x690
[ 41.436766][ C0] ? update_stack_state+0x12c/0x4d0
[ 41.442081][ C0] xfrm_tmpl_resolve+0x271/0xb40
[ 41.447070][ C0] ? xfrm_tmpl_resolve+0x271/0xb40
[ 41.452270][ C0] ? __xfrm_dst_lookup+0xe0/0xe0
[ 41.457053][ C0] ? __stack_depot_save+0x36/0x440
[ 41.461997][ C0] xfrm_resolve_and_create_bundle+0x125/0x20c0
[ 41.468229][ C0] ? policy_hash_bysel+0xdf0/0xdf0
[ 41.473162][ C0] ? xfrm_policy_find_inexact_candidates.part.0+0x11f/0x1c0
[ 41.480540][ C0] ? xdst_queue_output+0x5e0/0x5e0
[ 41.485496][ C0] ? xfrm_sk_policy_lookup+0x380/0x380
[ 41.490969][ C0] ? __kmalloc_track_caller+0x2d4/0x4f0
[ 41.496341][ C0] ? __alloc_skb+0x8b/0x250
[ 41.500685][ C0] ? igmpv3_newpack+0x1a0/0xdd0
[ 41.505458][ C0] ? add_grec+0xbef/0xec0
[ 41.509621][ C0] ? __kasan_check_write+0x14/0x20
[ 41.514643][ C0] xfrm_lookup_with_ifid+0x408/0x1c50
[ 41.519854][ C0] ? xfrm_policy_lookup_bytype.constprop.0+0xab0/0xab0
[ 41.526712][ C0] ? __kasan_check_read+0x11/0x20
[ 41.531747][ C0] ? ip_route_output_key_hash_rcu+0x776/0x2b40
[ 41.537819][ C0] xfrm_lookup_route+0x1f/0x150
[ 41.542507][ C0] ip_route_output_flow+0x259/0x2d0
[ 41.547552][ C0] ? kasan_poison+0x55/0x60
[ 41.551887][ C0] ? inet_rtm_getroute+0x2080/0x2080
[ 41.557089][ C0] igmpv3_newpack+0x297/0xdd0
[ 41.561603][ C0] ? ip_mc_find_dev+0x290/0x290
[ 41.566290][ C0] ? ttwu_do_activate.isra.0+0x11c/0x250
[ 41.571842][ C0] add_grhead+0x235/0x320
[ 41.576878][ C0] add_grec+0xbef/0xec0
[ 41.580957][ C0] ? sched_setscheduler_nocheck+0x190/0x190
[ 41.587152][ C0] ? __kasan_check_write+0x14/0x20
[ 41.592264][ C0] ? igmpv3_sendpack.isra.0+0x200/0x200
[ 41.597675][ C0] ? insert_work+0x251/0x320
[ 41.602069][ C0] igmp_ifc_timer_expire+0x46e/0xb10
[ 41.607220][ C0] ? __kasan_check_write+0x14/0x20
[ 41.612137][ C0] ? _raw_spin_lock_bh+0x110/0x110
[ 41.617097][ C0] ? igmp_start_timer+0x100/0x100
[ 41.622050][ C0] call_timer_fn+0x28/0x190
[ 41.626390][ C0] __run_timers.part.0+0x45c/0x840
[ 41.631330][ C0] ? igmp_start_timer+0x100/0x100
[ 41.636371][ C0] ? call_timer_fn+0x190/0x190
[ 41.640967][ C0] ? kvm_sched_clock_read+0x18/0x40
[ 41.646086][ C0] ? sched_clock+0x9/0x10
[ 41.650442][ C0] ? sched_clock_cpu+0x18/0x1b0
[ 41.657123][ C0] run_timer_softirq+0x9c/0x180
[ 41.662062][ C0] __do_softirq+0x1c1/0x5c8
[ 41.666401][ C0] ? irqtime_account_irq+0x2c4/0x430
[ 41.671512][ C0] irq_exit_rcu+0x64/0x110
[ 41.675866][ C0] sysvec_apic_timer_interrupt+0x9d/0xc0
[ 41.681754][ C0]
[ 41.684551][ C0]
[ 41.687321][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 41.693132][ C0] RIP: 0010:acpi_idle_do_entry+0x18e/0x200
[ 41.698939][ C0] Code: 4c 89 e2 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 75 5a 49 8b 04 24 a8 08 75 c5 66 90 0f 00 2d 44 42 b6 00 fb f4 eb b7 4c 89 e7 e8 17 f6 ff ff 4c 8b 65 f8 c9 c3 e8 1c a6 61 fd
[ 41.718584][ C0] RSP: 0018:ffffffff85807c90 EFLAGS: 00000246
[ 41.724456][ C0] RAX: 0000000000004000 RBX: ffff8881065d7065 RCX: ffffffff84322b14
[ 41.732270][ C0] RDX: 1ffffffff0b03448 RSI: 0000000000000008 RDI: ffffffff8581a240
[ 41.740079][ C0] RBP: ffffffff85807c98 R08: 0000000000000000 R09: ffffffff8581a247
[ 41.747898][ C0] R10: fffffbfff0b03448 R11: 0000000000000001 R12: ffffffff8581a240
[ 41.755968][ C0] R13: ffff8881047af000 R14: ffff8881047af004 R15: ffff8881065d7064
[ 41.765515][ C0] ? acpi_idle_do_entry+0x164/0x200
[ 41.770545][ C0] acpi_idle_enter+0x2aa/0x460
[ 41.775273][ C0] ? rcu_dynticks_eqs_enter+0xe/0x10
[ 41.781999][ C0] cpuidle_enter_state+0x189/0xe00
[ 41.787034][ C0] ? cpuidle_enter_s2idle+0x420/0x420
[ 41.792243][ C0] ? menu_reflect+0x110/0x110
[ 41.796883][ C0] ? sched_clock_cpu+0x18/0x1b0
[ 41.801830][ C0] cpuidle_enter+0x4a/0xa0
[ 41.806223][ C0] do_idle+0x3f7/0x5a0
[ 41.810130][ C0] ? arch_cpu_idle_exit+0x30/0x30
[ 41.815084][ C0] cpu_startup_entry+0x1b/0x20
[ 41.819943][ C0] rest_init+0x10e/0x140
[ 41.824103][ C0] arch_call_rest_init+0x9/0xc
[ 41.828723][ C0] start_kernel+0x36b/0x388
[ 41.833256][ C0] x86_64_start_reservations+0x29/0x2b
[ 41.838736][ C0] x86_64_start_kernel+0x93/0x97
[ 41.844039][ C0] secondary_startup_64_no_verify+0xb0/0xbb
[ 41.849844][ C0]
[ 41.852706][ C0]
[ 41.854876][ C0]
[ 41.857046][ C0] Memory state around the buggy address:
[ 41.862529][ C0] ffffc90000007a80: 00 00 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00
[ 41.870674][ C0] ffffc90000007b00: 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00
[ 41.878788][ C0] >ffffc90000007b80: 00 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00
[ 41.886740][ C0] ^
[ 41.891177][ C0] ffffc90000007c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 41.899603][ C0] ffffc90000007c80: 00 00 00 00 00 f1 f1 f1 f1 00 f3 f3 f3 00 00 00
[ 41.907647][ C0] ==================================================================
[ 41.915675][ C0] Disabling lock debugging due to kernel taint
[ 41.954364][ T369] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 41.987728][ T371] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 42.037067][ T373] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 42.092040][ T376] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 42.124365][ T378] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 42.183999][ T380] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 42.254513][ T383] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 42.294196][ T386] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
2023/07/06 05:05:07 executed programs: 82
[ 46.277091][ T579] __nla_validate_parse: 79 callbacks suppressed
[ 46.277099][ T579] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 46.333809][ T581] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 46.367465][ T583] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 46.427125][ T586] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 46.481742][ T589] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 46.527110][ T591] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 46.574337][ T593] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 46.616879][ T595] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 46.672711][ T598] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 46.728049][ T601] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
2023/07/06 05:05:12 executed programs: 181