[ 20.352810][ T42] bridge_slave_0: left allmulticast mode
[ 20.358318][ T42] bridge_slave_0: left promiscuous mode
[ 20.364179][ T42] bridge0: port 1(bridge_slave_0) entered disabled state
[ 20.372718][ T42] veth1_macvtap: left promiscuous mode
[ 20.378114][ T42] veth0_vlan: left promiscuous mode
[ 30.683849][ T28] kauditd_printk_skb: 70 callbacks suppressed
[ 30.683867][ T28] audit: type=1400 audit(1686746270.789:146): avc: denied { transition } for pid=309 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 30.713633][ T28] audit: type=1400 audit(1686746270.789:147): avc: denied { noatsecure } for pid=309 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 30.734485][ T28] audit: type=1400 audit(1686746270.789:148): avc: denied { rlimitinh } for pid=309 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 30.753968][ T28] audit: type=1400 audit(1686746270.789:149): avc: denied { siginh } for pid=309 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
Warning: Permanently added '10.128.1.153' (ECDSA) to the list of known hosts.
2023/06/14 12:37:58 ignoring optional flag "sandboxArg"="0"
2023/06/14 12:37:58 parsed 1 programs
2023/06/14 12:37:58 executed programs: 0
[ 38.071380][ T28] audit: type=1400 audit(1686746278.169:150): avc: denied { mounton } for pid=330 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 38.097007][ T28] audit: type=1400 audit(1686746278.169:151): avc: denied { mount } for pid=330 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[ 38.130154][ T333] bridge0: port 1(bridge_slave_0) entered blocking state
[ 38.137346][ T333] bridge0: port 1(bridge_slave_0) entered disabled state
[ 38.144668][ T333] bridge_slave_0: entered allmulticast mode
[ 38.150627][ T333] bridge_slave_0: entered promiscuous mode
[ 38.157046][ T333] bridge0: port 2(bridge_slave_1) entered blocking state
[ 38.164137][ T333] bridge0: port 2(bridge_slave_1) entered disabled state
[ 38.171241][ T333] bridge_slave_1: entered allmulticast mode
[ 38.177408][ T333] bridge_slave_1: entered promiscuous mode
[ 38.211472][ T28] audit: type=1400 audit(1686746278.309:152): avc: denied { write } for pid=333 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 38.216594][ T333] bridge0: port 2(bridge_slave_1) entered blocking state
[ 38.232688][ T28] audit: type=1400 audit(1686746278.319:153): avc: denied { read } for pid=333 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 38.239432][ T333] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 38.266853][ T333] bridge0: port 1(bridge_slave_0) entered blocking state
[ 38.273745][ T333] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 38.291492][ T36] bridge0: port 1(bridge_slave_0) entered disabled state
[ 38.298805][ T36] bridge0: port 2(bridge_slave_1) entered disabled state
[ 38.306612][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 38.313954][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 38.332625][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 38.341534][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 38.349689][ T36] bridge0: port 1(bridge_slave_0) entered blocking state
[ 38.356810][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 38.363991][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 38.372485][ T36] bridge0: port 2(bridge_slave_1) entered blocking state
[ 38.379316][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 38.386814][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 38.394582][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 38.403576][ T333] veth0_vlan: entered promiscuous mode
[ 38.412814][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 38.420879][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 38.428857][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 38.436156][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 38.445744][ T333] veth1_macvtap: entered promiscuous mode
[ 38.454584][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 38.463981][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 38.478165][ T28] audit: type=1400 audit(1686746278.579:154): avc: denied { mounton } for pid=333 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=360 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[ 38.511152][ T343] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 38.522791][ T28] audit: type=1400 audit(1686746278.629:155): avc: denied { write } for pid=342 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 38.548531][ T28] audit: type=1400 audit(1686746278.629:156): avc: denied { nlmsg_write } for pid=342 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 38.550788][ T345] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 38.570003][ C0] ==================================================================
[ 38.587595][ C0] BUG: KASAN: stack-out-of-bounds in __xfrm_dst_hash+0x38d/0x460
[ 38.595591][ C0] Read of size 4 at addr ffffc90000007aa0 by task kauditd/28
[ 38.602866][ C0]
[ 38.605917][ C0] CPU: 0 PID: 28 Comm: kauditd Not tainted 6.4.0-rc2-syzkaller #0
[ 38.613537][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 38.623530][ C0] Call Trace:
[ 38.626903][ C0]
[ 38.629784][ C0] dump_stack_lvl+0x155/0x1c0
[ 38.634468][ C0] ? nf_tcp_handle_invalid+0x400/0x400
[ 38.640368][ C0] ? _printk+0xd5/0x120
[ 38.644447][ C0] ? __virt_addr_valid+0xc7/0x300
[ 38.649658][ C0] print_report+0x15d/0x540
[ 38.654282][ C0] ? __virt_addr_valid+0xc7/0x300
[ 38.659411][ C0] ? kasan_addr_to_slab+0x11/0x80
[ 38.664281][ C0] kasan_report+0x16d/0x1a0
[ 38.668615][ C0] ? __xfrm_dst_hash+0x38d/0x460
[ 38.674092][ C0] __asan_report_load4_noabort+0x18/0x20
[ 38.679633][ C0] __xfrm_dst_hash+0x38d/0x460
[ 38.684242][ C0] xfrm_state_find+0x2e2/0x4040
[ 38.689011][ C0] ? xfrm_sad_getinfo+0x180/0x180
[ 38.693866][ C0] ? xfrm4_get_saddr+0x171/0x260
[ 38.698646][ C0] ? xfrm4_dst_lookup+0x250/0x250
[ 38.703591][ C0] ? xfrm_pol_bin_obj+0x1e0/0x1e0
[ 38.708880][ C0] ? rhashtable_lookup+0x49d/0x530
[ 38.713835][ C0] xfrm_resolve_and_create_bundle+0x66c/0x2a90
[ 38.719843][ C0] ? __xfrm_policy_inexact_prune_bin+0x9f0/0x9f0
[ 38.725985][ C0] ? xfrm_sk_policy_lookup+0x5b0/0x5b0
[ 38.731279][ C0] ? xfrm_policy_lookup+0xfe4/0x1050
[ 38.736405][ C0] xfrm_lookup_with_ifid+0x73f/0x2030
[ 38.741606][ C0] ? __xfrm_sk_clone_policy+0x930/0x930
[ 38.746985][ C0] ? ip_route_output_key_hash_rcu+0x135a/0x1fb0
[ 38.753205][ C0] xfrm_lookup_route+0x3f/0x170
[ 38.758150][ C0] ip_route_output_flow+0x219/0x340
[ 38.763129][ C0] ? ipv4_sk_update_pmtu+0x20b0/0x20b0
[ 38.768600][ C0] ? make_kuid+0x204/0x700
[ 38.772937][ C0] ? __put_user_ns+0x60/0x60
[ 38.777893][ C0] igmpv3_newpack+0x3cb/0x1040
[ 38.782575][ C0] ? __kasan_check_write+0x18/0x20
[ 38.787523][ C0] ? igmpv3_sendpack+0x190/0x190
[ 38.792312][ C0] ? kthread+0x2ba/0x350
[ 38.796374][ C0] ? _raw_spin_unlock_irqrestore+0x5f/0x80
[ 38.802222][ C0] ? try_to_wake_up+0x815/0x1280
[ 38.806990][ C0] add_grhead+0x84/0x330
[ 38.811072][ C0] add_grec+0x12c8/0x15c0
[ 38.815346][ C0] ? _raw_spin_lock_bh+0xa8/0x1b0
[ 38.820384][ C0] ? igmpv3_send_report+0x450/0x450
[ 38.825416][ C0] ? __queue_work+0xaaf/0xe60
[ 38.829924][ C0] igmp_ifc_timer_expire+0x833/0xf40
[ 38.835565][ C0] ? __kasan_check_write+0x18/0x20
[ 38.840599][ C0] ? _raw_spin_lock+0xa8/0x1b0
[ 38.845199][ C0] ? _raw_spin_trylock_bh+0x1a0/0x1a0
[ 38.850414][ C0] ? igmp_gq_timer_expire+0xd0/0xd0
[ 38.855537][ C0] call_timer_fn+0x3b/0x2e0
[ 38.860129][ C0] ? igmp_gq_timer_expire+0xd0/0xd0
[ 38.865335][ C0] __run_timers+0x739/0xa30
[ 38.869762][ C0] ? enqueue_timer+0x480/0x480
[ 38.874397][ C0] ? sched_clock+0xd/0x10
[ 38.878530][ C0] ? sched_clock_cpu+0x76/0x490
[ 38.883239][ C0] run_timer_softirq+0x6d/0xf0
[ 38.887906][ C0] __do_softirq+0x193/0x57c
[ 38.892255][ C0] __irq_exit_rcu+0xbb/0x170
[ 38.896759][ C0] irq_exit_rcu+0xd/0x10
[ 38.900836][ C0] sysvec_apic_timer_interrupt+0x9e/0xc0
[ 38.906302][ C0]
[ 38.909080][ C0]
[ 38.911858][ C0] asm_sysvec_apic_timer_interrupt+0x1f/0x30
[ 38.917849][ C0] RIP: 0010:console_flush_all+0x739/0xb90
[ 38.923403][ C0] Code: f6 48 81 e6 00 02 00 00 31 ff e8 52 c6 1a 00 49 81 e6 00 02 00 00 75 07 e8 e4 c1 1a 00 eb 06 e8 dd c1 1a 00 fb 4c 8b 74 24 58 <48> 8b 44 24 70 42 0f b6 04 38 84 c0 48 8b 7c 24 30 0f 85 fd 01 00
[ 38.944439][ C0] RSP: 0018:ffffc900001df840 EFLAGS: 00000293
[ 38.950327][ C0] RAX: ffffffff815a5613 RBX: 0000000000000001 RCX: ffff8881089aa180
[ 38.958708][ C0] RDX: 0000000000000000 RSI: 0000000000000200 RDI: 0000000000000000
[ 38.966638][ C0] RBP: ffffc900001df9d0 R08: ffffffff815a55fe R09: 0000000000000003
[ 38.974726][ C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffffffff862d80d8
[ 38.982783][ C0] R13: ffffffff862d8080 R14: ffffffff862d80d8 R15: dffffc0000000000
[ 38.990765][ C0] ? console_flush_all+0x71e/0xb90
[ 38.995991][ C0] ? console_flush_all+0x733/0xb90
[ 39.001442][ C0] ? is_console_locked+0x20/0x20
[ 39.006934][ C0] ? _raw_spin_lock_irqsave+0xfd/0x220
[ 39.012649][ C0] ? kasan_set_track+0x61/0x70
[ 39.017420][ C0] ? kasan_save_free_info+0x2f/0x50
[ 39.022622][ C0] ? ____kasan_slab_free+0x131/0x180
[ 39.027830][ C0] ? __kasan_slab_free+0x15/0x20
[ 39.032777][ C0] console_unlock+0x1bc/0x3b0
[ 39.037714][ C0] ? vprintk_emit+0x440/0x440
[ 39.042288][ C0] ? __printk_safe_exit+0xd/0x20
[ 39.047281][ C0] ? console_trylock+0x194/0x200
[ 39.052360][ C0] ? resume_console+0x50/0x50
[ 39.057079][ C0] vprintk_emit+0x145/0x440
[ 39.061444][ C0] ? printk_sprint+0x400/0x400
[ 39.066003][ C0] ? __kasan_check_write+0x18/0x20
[ 39.071038][ C0] ? _raw_spin_trylock+0xd1/0x1b0
[ 39.075909][ C0] ? __sched_text_end+0x9/0x9
[ 39.080505][ C0] vprintk_default+0x2a/0x30
[ 39.085023][ C0] vprintk+0x8a/0x90
[ 39.088756][ C0] _printk+0xd5/0x120
[ 39.092587][ C0] ? kauditd_hold_skb+0xf5/0x210
[ 39.097521][ C0] ? panic+0x670/0x670
[ 39.101429][ C0] kauditd_hold_skb+0x1c4/0x210
[ 39.106561][ C0] ? auditd_conn_free+0xe0/0xe0
[ 39.111247][ C0] ? auditd_conn_free+0xe0/0xe0
[ 39.115943][ C0] ? kauditd_send_queue+0x2e0/0x2e0
[ 39.121034][ C0] kauditd_send_queue+0x28d/0x2e0
[ 39.125833][ C0] ? auditd_conn_free+0xe0/0xe0
[ 39.130615][ C0] ? kauditd_send_queue+0x2e0/0x2e0
[ 39.135640][ C0] kauditd_thread+0x4f5/0x740
[ 39.140497][ C0] ? __kasan_check_write+0x18/0x20
[ 39.145549][ C0] ? release_firmware_map_entry+0x190/0x190
[ 39.151382][ C0] ? _raw_spin_lock+0x1b0/0x1b0
[ 39.156224][ C0] ? audit_log+0x150/0x150
[ 39.160916][ C0] ? wake_bit_function+0x230/0x230
[ 39.166750][ C0] ? __kthread_parkme+0x12d/0x180
[ 39.171954][ C0] kthread+0x2ba/0x350
[ 39.176557][ C0] ? audit_log+0x150/0x150
[ 39.182149][ C0] ? kthread_blkcg+0xe0/0xe0
[ 39.187011][ C0] ret_from_fork+0x1f/0x30
[ 39.191282][ C0]
[ 39.194143][ C0]
[ 39.196284][ C0] The buggy address belongs to the virtual mapping at
[ 39.196284][ C0] [ffffc90000000000, ffffc90000009000) created by:
[ 39.196284][ C0] irq_init_percpu_irqstack+0x337/0x490
[ 39.216277][ C0]
[ 39.218455][ C0] The buggy address belongs to the physical page:
[ 39.224868][ C0] page:ffffea0007dc8240 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1f7209
[ 39.235039][ C0] flags: 0x4000000000001000(reserved|zone=1)
[ 39.240834][ C0] page_type: 0xffffffff()
[ 39.245095][ C0] raw: 4000000000001000 ffffea0007dc8248 ffffea0007dc8248 0000000000000000
[ 39.253596][ C0] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 39.262012][ C0] page dumped because: kasan: bad access detected
[ 39.268360][ C0] page_owner info is not present (never set?)
[ 39.274340][ C0]
[ 39.276590][ C0] Memory state around the buggy address:
[ 39.282237][ C0] ffffc90000007980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 39.290394][ C0] ffffc90000007a00: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00
[ 39.298379][ C0] >ffffc90000007a80: 00 00 00 00 f3 f3 f3 f3 00 00 00 00 00 00 00 00
[ 39.306360][ C0] ^
[ 39.311398][ C0] ffffc90000007b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 39.319474][ C0] ffffc90000007b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 39.327500][ C0] ==================================================================
[ 39.335512][ C0] Disabling lock debugging due to kernel taint
[ 39.342499][ T28] audit: type=1400 audit(1686746278.629:157): avc: denied { bpf } for pid=342 comm="syz-executor.0" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 39.363507][ T28] audit: type=1400 audit(1686746278.629:158): avc: denied { prog_load } for pid=342 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 39.390502][ T348] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 39.440630][ T350] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 39.479855][ T353] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 39.529979][ T355] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 39.570199][ T357] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 39.613910][ T359] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 39.673989][ T361] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 39.724002][ T363] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
2023/06/14 12:38:03 executed programs: 73
[ 43.559421][ T540] __nla_validate_parse: 72 callbacks suppressed
[ 43.559436][ T540] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 43.629501][ T543] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 43.669492][ T545] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 43.709950][ T547] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 43.750116][ T549] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 43.809460][ T552] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 43.859131][ T554] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 43.898380][ T556] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 43.949583][ T558] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 43.990307][ T560] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
2023/06/14 12:38:08 executed programs: 175