Warning: Permanently added '10.128.0.115' (ED25519) to the list of known hosts.
2024/01/23 14:13:56 ignoring optional flag "sandboxArg"="0"
2024/01/23 14:13:56 parsed 1 programs
2024/01/23 14:13:56 executed programs: 0
[ 40.998910][ T29] kauditd_printk_skb: 74 callbacks suppressed
[ 40.998918][ T29] audit: type=1400 audit(1706019236.927:150): avc: denied { mounton } for pid=337 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 41.029609][ T29] audit: type=1400 audit(1706019236.927:151): avc: denied { mount } for pid=337 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[ 41.053366][ T29] audit: type=1400 audit(1706019236.927:152): avc: denied { setattr } for pid=337 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 41.077528][ T29] audit: type=1400 audit(1706019236.937:153): avc: denied { mounton } for pid=341 comm="syz-executor.0" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[ 41.105821][ T341] bridge0: port 1(bridge_slave_0) entered blocking state
[ 41.112985][ T341] bridge0: port 1(bridge_slave_0) entered disabled state
[ 41.121275][ T341] device bridge_slave_0 entered promiscuous mode
[ 41.128438][ T341] bridge0: port 2(bridge_slave_1) entered blocking state
[ 41.135463][ T341] bridge0: port 2(bridge_slave_1) entered disabled state
[ 41.142819][ T341] device bridge_slave_1 entered promiscuous mode
[ 41.184597][ T341] bridge0: port 2(bridge_slave_1) entered blocking state
[ 41.191885][ T341] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 41.199081][ T341] bridge0: port 1(bridge_slave_0) entered blocking state
[ 41.206116][ T341] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 41.224402][ T38] bridge0: port 1(bridge_slave_0) entered disabled state
[ 41.232011][ T38] bridge0: port 2(bridge_slave_1) entered disabled state
[ 41.239482][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 41.247441][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 41.257464][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 41.266115][ T291] bridge0: port 1(bridge_slave_0) entered blocking state
[ 41.273251][ T291] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 41.292486][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 41.300823][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 41.309272][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 41.317828][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 41.325776][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 41.334040][ T38] bridge0: port 2(bridge_slave_1) entered blocking state
[ 41.340952][ T38] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 41.348328][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 41.356192][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 41.364544][ T341] device veth0_vlan entered promiscuous mode
[ 41.374301][ T341] device veth1_macvtap entered promiscuous mode
[ 41.382230][ T298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 41.394814][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 41.403175][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 41.421428][ T29] audit: type=1400 audit(1706019237.347:154): avc: denied { write } for pid=345 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 41.442524][ T29] audit: type=1400 audit(1706019237.347:155): avc: denied { nlmsg_write } for pid=345 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 41.465747][ T29] audit: type=1400 audit(1706019237.347:156): avc: denied { prog_load } for pid=345 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 41.791807][ C0] ==================================================================
[ 41.799704][ C0] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x4f95/0x5b20
[ 41.807429][ C0] Read of size 4 at addr ffffc90000007b88 by task syz-executor.0/341
[ 41.815521][ C0]
[ 41.817771][ C0] CPU: 0 PID: 341 Comm: syz-executor.0 Not tainted 5.15.147-syzkaller #0
[ 41.826461][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 41.837672][ C0] Call Trace:
[ 41.840748][ C0]
[ 41.843526][ C0] dump_stack_lvl+0x38/0x49
[ 41.849614][ C0] print_address_description.constprop.0+0x24/0x160
[ 41.857210][ C0] ? xfrm_state_find+0x4f95/0x5b20
[ 41.862351][ C0] kasan_report.cold+0x82/0xdb
[ 41.866950][ C0] ? netlink_has_listeners+0x80/0x170
[ 41.872431][ C0] ? xfrm_state_find+0x4f95/0x5b20
[ 41.877783][ C0] __asan_report_load4_noabort+0x14/0x20
[ 41.883314][ C0] xfrm_state_find+0x4f95/0x5b20
[ 41.888214][ C0] ? rcu_gp_init+0x422/0xe00
[ 41.892627][ C0] ? xfrm_state_migrate+0x2180/0x2180
[ 41.897887][ C0] ? dst_release+0x44/0x60
[ 41.902636][ C0] ? xfrm4_get_saddr+0x12b/0x1a0
[ 41.907440][ C0] ? xfrm4_fill_dst+0x690/0x690
[ 41.912199][ C0] ? update_stack_state+0x12c/0x4d0
[ 41.917426][ C0] xfrm_tmpl_resolve+0x271/0xb40
[ 41.922297][ C0] ? xfrm_tmpl_resolve+0x271/0xb40
[ 41.927521][ C0] ? unwind_get_return_address+0x58/0xa0
[ 41.933625][ C0] ? __xfrm_dst_lookup+0xe0/0xe0
[ 41.938582][ C0] ? __stack_depot_save+0x36/0x440
[ 41.943616][ C0] xfrm_resolve_and_create_bundle+0x125/0x20c0
[ 41.949839][ C0] ? policy_hash_bysel+0xdf0/0xdf0
[ 41.954713][ C0] ? xfrm_policy_find_inexact_candidates.part.0+0x11f/0x1c0
[ 41.961828][ C0] ? xdst_queue_output+0x5e0/0x5e0
[ 41.966866][ C0] ? xfrm_sk_policy_lookup+0x380/0x380
[ 41.972353][ C0] ? __kmalloc_track_caller+0x2d4/0x4f0
[ 41.977909][ C0] ? __alloc_skb+0x8b/0x250
[ 41.982592][ C0] ? igmpv3_newpack+0x1b1/0xde0
[ 41.987302][ C0] ? add_grec+0xbef/0xec0
[ 41.991564][ C0] ? __kasan_check_write+0x14/0x20
[ 41.996512][ C0] xfrm_lookup_with_ifid+0x408/0x1c50
[ 42.001803][ C0] ? xfrm_policy_lookup_bytype.constprop.0+0xab0/0xab0
[ 42.009525][ C0] ? __kasan_check_read+0x11/0x20
[ 42.014379][ C0] ? ip_route_output_key_hash_rcu+0x776/0x2b40
[ 42.020453][ C0] ? __local_bh_enable_ip+0x28/0x60
[ 42.025487][ C0] xfrm_lookup_route+0x1f/0x150
[ 42.030174][ C0] ip_route_output_flow+0x259/0x2d0
[ 42.035217][ C0] ? kasan_poison+0x55/0x60
[ 42.039547][ C0] ? inet_rtm_getroute+0x20e0/0x20e0
[ 42.044677][ C0] igmpv3_newpack+0x2a8/0xde0
[ 42.049267][ C0] ? ip_mc_find_dev+0x290/0x290
[ 42.053958][ C0] ? __kasan_check_write+0x14/0x20
[ 42.058903][ C0] ? reweight_entity+0x328/0x440
[ 42.063687][ C0] add_grhead+0x235/0x320
[ 42.068450][ C0] add_grec+0xbef/0xec0
[ 42.072541][ C0] ? __kasan_check_read+0x11/0x20
[ 42.077680][ C0] ? __kasan_check_write+0x14/0x20
[ 42.083469][ C0] ? igmpv3_sendpack.isra.0+0x200/0x200
[ 42.089242][ C0] ? clear_posix_cputimers_work+0xa0/0xa0
[ 42.095066][ C0] igmp_ifc_timer_expire+0x46e/0xb10
[ 42.100521][ C0] ? __kasan_check_write+0x14/0x20
[ 42.105463][ C0] ? ip_mc_check_igmp+0xe60/0xe60
[ 42.110344][ C0] call_timer_fn+0x28/0x190
[ 42.114761][ C0] __run_timers.part.0+0x45c/0x840
[ 42.119693][ C0] ? ip_mc_check_igmp+0xe60/0xe60
[ 42.124580][ C0] ? call_timer_fn+0x190/0x190
[ 42.129450][ C0] ? kvm_sched_clock_read+0x18/0x40
[ 42.134444][ C0] ? sched_clock+0x9/0x10
[ 42.138706][ C0] ? sched_clock_cpu+0x18/0x1b0
[ 42.143545][ C0] run_timer_softirq+0x9c/0x180
[ 42.148298][ C0] __do_softirq+0x1c1/0x5c8
[ 42.152800][ C0] irq_exit_rcu+0x64/0x110
[ 42.157597][ C0] sysvec_apic_timer_interrupt+0x9d/0xc0
[ 42.163169][ C0]
[ 42.166186][ C0]
[ 42.169125][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 42.175475][ C0] RIP: 0010:ext4_sb_block_valid+0x184/0x3e0
[ 42.181397][ C0] Code: 9c 8f ff 49 8d bc 24 e0 02 00 00 48 8b 75 d0 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 28 02 00 00 <49> 8b 9c 24 e0 02 00 00 48 85 db 0f 84 bb 00 00 00 48 b8 00 00 00
[ 42.201738][ C0] RSP: 0018:ffffc900006078d0 EFLAGS: 00000246
[ 42.208334][ C0] RAX: dffffc0000000000 RBX: ffff88810ae57400 RCX: 0000000000001d5c
[ 42.216811][ C0] RDX: 1ffff110215b5c5c RSI: ffff88811f5e5900 RDI: ffff88810adae2e0
[ 42.224736][ C0] RBP: ffffc90000607908 R08: 0000000000000001 R09: ffff88811f5e58c7
[ 42.233020][ C0] R10: ffffed1023ebcb18 R11: 0000000000000001 R12: ffff88810adae000
[ 42.240874][ C0] R13: 0000000000001d5c R14: 0000000000001d5b R15: 0000000000040000
[ 42.249256][ C0] ext4_inode_block_valid+0x3f/0x60
[ 42.254793][ C0] ? ext4_es_lookup_extent+0x3a4/0x9b0
[ 42.262199][ C0] __check_block_validity.constprop.0+0x16f/0x2b0
[ 42.269216][ C0] ext4_map_blocks+0x8c5/0x1450
[ 42.274895][ C0] ? ext4_issue_zeroout+0x1d0/0x1d0
[ 42.279992][ C0] ? rwsem_down_read_slowpath+0x1030/0x1030
[ 42.285928][ C0] ? _raw_read_unlock+0x25/0x50
[ 42.290976][ C0] ? ext4_es_lookup_extent+0x3a4/0x9b0
[ 42.297066][ C0] ? up_read+0x56/0x1a0
[ 42.301032][ C0] ext4_getblk+0x11f/0x5e0
[ 42.305399][ C0] ? ext4_iomap_overwrite_begin+0x10/0x10
[ 42.310935][ C0] ext4_bread+0xc/0x120
[ 42.314945][ C0] ext4_append+0x1f8/0x5b0
[ 42.319874][ C0] ? ext4_ci_compare+0x3d0/0x3d0
[ 42.324638][ C0] ext4_init_new_dir+0x241/0x4f0
[ 42.329497][ C0] ? selinux_inode_permission+0x2a1/0x480
[ 42.335051][ C0] ? ext4_init_dot_dotdot+0x480/0x480
[ 42.340497][ C0] ext4_mkdir+0x353/0x890
[ 42.344610][ C0] ? ext4_init_new_dir+0x4f0/0x4f0
[ 42.349728][ C0] ? selinux_inode_mkdir+0xe/0x10
[ 42.354855][ C0] ? security_inode_mkdir+0x80/0xd0
[ 42.360066][ C0] vfs_mkdir+0x1d5/0x430
[ 42.364253][ C0] do_mkdirat+0x152/0x2c0
[ 42.368424][ C0] ? __ia32_sys_mknod+0xb0/0xb0
[ 42.373658][ C0] ? getname_flags.part.0+0x8c/0x480
[ 42.379478][ C0] ? debug_smp_processor_id+0x17/0x20
[ 42.384905][ C0] __x64_sys_mkdirat+0xf4/0x140
[ 42.389821][ C0] do_syscall_64+0x35/0xb0
[ 42.394504][ C0] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 42.401057][ C0] RIP: 0033:0x7f8c040c1467
[ 42.406078][ C0] Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 42.427195][ C0] RSP: 002b:00007ffc93dc3468 EFLAGS: 00000202 ORIG_RAX: 0000000000000102
[ 42.436115][ C0] RAX: ffffffffffffffda RBX: 00007ffc93dc34f0 RCX: 00007f8c040c1467
[ 42.444922][ C0] RDX: 00000000000001ff RSI: 00007ffc93dc34f0 RDI: 00000000ffffff9c
[ 42.452967][ C0] RBP: 00007ffc93dc34cc R08: 0000000000000004 R09: 00007ffc93dc3206
[ 42.461033][ C0] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000032
[ 42.469289][ C0] R13: 000000000000a327 R14: 000000000000a325 R15: 0000000000000005
[ 42.477096][ C0]
[ 42.480473][ C0]
[ 42.482739][ C0]
[ 42.484997][ C0] Memory state around the buggy address:
[ 42.490465][ C0] ffffc90000007a80: 00 00 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00
[ 42.499494][ C0] ffffc90000007b00: 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00
[ 42.507401][ C0] >ffffc90000007b80: 00 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00
[ 42.515740][ C0] ^
[ 42.520165][ C0] ffffc90000007c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 42.528497][ C0] ffffc90000007c80: 00 00 00 00 00 f1 f1 f1 f1 00 f3 f3 f3 00 00 00
[ 42.536902][ C0] ==================================================================
[ 42.545148][ C0] Disabling lock debugging due to kernel taint
2024/01/23 14:14:01 executed programs: 814
2024/01/23 14:14:06 executed programs: 1924