Warning: Permanently added '10.128.10.19' (ED25519) to the list of known hosts.
2023/11/17 10:11:03 ignoring optional flag "sandboxArg"="0"
2023/11/17 10:11:03 parsed 1 programs
2023/11/17 10:11:03 executed programs: 0
[   43.393100][   T23] kauditd_printk_skb: 68 callbacks suppressed
[   43.393110][   T23] audit: type=1400 audit(1700215863.820:144): avc:  denied  { mounton } for  pid=402 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   43.430788][   T23] audit: type=1400 audit(1700215863.870:145): avc:  denied  { mount } for  pid=402 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   43.516986][  T408] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.524407][  T408] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.532786][  T408] device bridge_slave_0 entered promiscuous mode
[   43.540223][  T408] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.547484][  T408] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.555106][  T408] device bridge_slave_1 entered promiscuous mode
[   43.610993][   T23] audit: type=1400 audit(1700215864.040:146): avc:  denied  { create } for  pid=408 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   43.621701][  T408] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.632923][   T23] audit: type=1400 audit(1700215864.040:147): avc:  denied  { write } for  pid=408 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   43.639770][  T408] bridge0: port 2(bridge_slave_1) entered forwarding state
[   43.640019][  T408] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.661203][   T23] audit: type=1400 audit(1700215864.040:148): avc:  denied  { read } for  pid=408 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   43.667588][  T408] bridge0: port 1(bridge_slave_0) entered forwarding state
[   43.720155][  T106] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.727565][  T106] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.735622][  T106] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   43.743561][  T106] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   43.753823][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   43.761880][  T124] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.769631][  T124] bridge0: port 1(bridge_slave_0) entered forwarding state
[   43.784416][  T106] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   43.792769][  T106] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.800361][  T106] bridge0: port 2(bridge_slave_1) entered forwarding state
[   43.814232][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   43.822025][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   43.843910][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   43.852494][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   43.862041][  T106] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   43.876734][  T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   43.890184][  T106] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   43.904854][   T23] audit: type=1400 audit(1700215864.340:149): avc:  denied  { mounton } for  pid=408 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=10713 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[   43.939717][  T414] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[   43.951779][   T23] audit: type=1400 audit(1700215864.390:150): avc:  denied  { write } for  pid=413 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   43.973640][   T23] audit: type=1400 audit(1700215864.390:151): avc:  denied  { nlmsg_write } for  pid=413 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   43.995920][    C1] ==================================================================
[   43.995937][    C1] BUG: KASAN: stack-out-of-bounds in __xfrm_dst_hash+0x355/0x430
[   43.995945][    C1] Read of size 4 at addr ffff8881f6f09a78 by task kauditd/23
[   43.995946][    C1] 
[   43.995954][    C1] CPU: 1 PID: 23 Comm: kauditd Not tainted 5.4.254-syzkaller-04743-g2ac128c04e33 #0
[   43.995958][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
[   43.995960][    C1] Call Trace:
[   43.995963][    C1]  <IRQ>
[   43.995972][    C1]  dump_stack+0x1d8/0x241
[   43.995980][    C1]  ? nf_ct_l4proto_log_invalid+0x258/0x258
[   43.995986][    C1]  ? printk+0xd1/0x111
[   43.995994][    C1]  ? __xfrm_dst_hash+0x355/0x430
[   43.996001][    C1]  print_address_description+0x8c/0x600
[   43.996011][    C1]  ? __xfrm_dst_hash+0x355/0x430
[   43.996016][    C1]  __kasan_report+0xf3/0x120
[   43.996024][    C1]  ? __xfrm_dst_hash+0x355/0x430
[   43.996032][    C1]  kasan_report+0x30/0x60
[   43.996040][    C1]  __xfrm_dst_hash+0x355/0x430
[   43.996048][    C1]  xfrm_state_find+0x2cc/0x2dc0
[   43.996058][    C1]  ? call_rcu+0x10/0x10
[   43.996067][    C1]  ? xfrm_sad_getinfo+0x170/0x170
[   43.996073][    C1]  ? xfrm4_get_saddr+0x18c/0x2a0
[   43.996081][    C1]  ? stack_trace_save+0x118/0x1c0
[   43.996087][    C1]  ? xfrm_pol_bin_key+0x21/0x1c0
[   43.996095][    C1]  xfrm_resolve_and_create_bundle+0x6aa/0x31d0
[   43.996102][    C1]  ? xfrm_pol_bin_obj+0x1c0/0x1c0
[   43.996113][    C1]  ? xfrm_sk_policy_lookup+0x5c0/0x5c0
[   43.996120][    C1]  ? xfrm_policy_lookup+0xe4f/0xec0
[   43.996133][    C1]  xfrm_lookup_with_ifid+0x549/0x1c90
[   43.996140][    C1]  ? rt_set_nexthop+0x21b/0x700
[   43.996148][    C1]  ? __xfrm_sk_clone_policy+0x8a0/0x8a0
[   43.996156][    C1]  ? ip_route_output_key_hash+0x230/0x230
[   43.996164][    C1]  xfrm_lookup_route+0x37/0x170
[   43.996170][    C1]  ip_route_output_flow+0x1fe/0x330
[   43.996177][    C1]  ? ipv4_sk_update_pmtu+0x1ed0/0x1ed0
[   43.996185][    C1]  ? make_kuid+0x200/0x700
[   43.996192][    C1]  ? __put_user_ns+0x50/0x50
[   43.996198][    C1]  ? __alloc_skb+0x29e/0x4d0
[   43.996207][    C1]  igmpv3_newpack+0x425/0x1030
[   43.996215][    C1]  ? asan.module_dtor+0x20/0x20
[   43.996223][    C1]  ? igmpv3_sendpack+0x190/0x190
[   43.996230][    C1]  ? check_preemption_disabled+0x9f/0x320
[   43.996239][    C1]  add_grhead+0x75/0x2c0
[   43.996247][    C1]  add_grec+0x12c9/0x15d0
[   43.996256][    C1]  ? mod_timer_pending+0x20/0x20
[   43.996264][    C1]  ? _raw_spin_lock_bh+0xa4/0x1b0
[   43.996271][    C1]  ? igmpv3_send_report+0x410/0x410
[   43.996278][    C1]  ? prandom_u32+0x236/0x270
[   43.996287][    C1]  igmp_ifc_timer_expire+0x7bc/0xea0
[   43.996294][    C1]  ? _raw_spin_lock_irq+0xa5/0x1b0
[   43.996301][    C1]  ? _raw_spin_lock_irqsave+0x210/0x210
[   43.996309][    C1]  ? igmp_gq_timer_expire+0xd0/0xd0
[   43.996315][    C1]  call_timer_fn+0x36/0x390
[   43.996322][    C1]  ? igmp_gq_timer_expire+0xd0/0xd0
[   43.996328][    C1]  __run_timers+0x879/0xbe0
[   43.996337][    C1]  ? enqueue_timer+0x300/0x300
[   43.996344][    C1]  ? check_preemption_disabled+0x9f/0x320
[   43.996351][    C1]  ? debug_smp_processor_id+0x20/0x20
[   43.996359][    C1]  ? lapic_next_event+0x5b/0x70
[   43.996366][    C1]  run_timer_softirq+0x63/0xf0
[   43.996374][    C1]  __do_softirq+0x23b/0x6b7
[   43.996382][    C1]  ? sched_clock_cpu+0x18/0x3a0
[   43.996391][    C1]  irq_exit+0x195/0x1c0
[   43.996399][    C1]  smp_apic_timer_interrupt+0x11a/0x460
[   43.996405][    C1]  apic_timer_interrupt+0xf/0x20
[   43.996408][    C1]  </IRQ>
[   43.996414][    C1]  ? io_serial_out+0x10/0x10
[   43.996423][    C1]  ? console_unlock+0xa62/0xfa0
[   43.996431][    C1]  ? sched_clock+0x36/0x40
[   43.996437][    C1]  ? sched_clock_cpu+0x18/0x3a0
[   43.996450][    C1]  ? vprintk_emit+0x3f0/0x3f0
[   43.996456][    C1]  ? down_trylock+0x53/0xa0
[   43.996463][    C1]  ? __printk_safe_exit+0x5/0x10
[   43.996469][    C1]  ? console_trylock+0x166/0x1c0
[   43.996475][    C1]  ? resume_console+0x40/0x40
[   43.996481][    C1]  ? vprintk_store+0x4f6/0x570
[   43.996489][    C1]  ? vprintk_emit+0x1e0/0x3f0
[   43.996496][    C1]  ? vprintk_store+0x570/0x570
[   43.996503][    C1]  ? _raw_spin_trylock+0xcd/0x1a0
[   43.996510][    C1]  ? __lock_text_start+0x8/0x8
[   43.996517][    C1]  ? printk+0xd1/0x111
[   43.996524][    C1]  ? kauditd_hold_skb+0xe3/0x200
[   43.996530][    C1]  ? panic+0x896/0x896
[   43.996538][    C1]  ? kauditd_hold_skb+0x1b3/0x200
[   43.996544][    C1]  ? kauditd_send_queue+0x2f0/0x2f0
[   43.996550][    C1]  ? auditd_conn_free+0xd0/0xd0
[   43.996556][    C1]  ? kauditd_send_queue+0x297/0x2f0
[   43.996562][    C1]  ? kauditd_send_queue+0x2f0/0x2f0
[   43.996567][    C1]  ? auditd_conn_free+0xd0/0xd0
[   43.996574][    C1]  ? kauditd_thread+0x4ff/0x860
[   43.996581][    C1]  ? cpus_share_cache+0x110/0x110
[   43.996588][    C1]  ? _raw_spin_lock+0x1b0/0x1b0
[   43.996594][    C1]  ? audit_log+0x150/0x150
[   43.996601][    C1]  ? init_wait_entry+0xd0/0xd0
[   43.996608][    C1]  ? __wake_up_locked+0xb7/0x110
[   43.996615][    C1]  ? __kthread_parkme+0xb0/0x1b0
[   43.996622][    C1]  ? kthread+0x2da/0x360
[   43.996627][    C1]  ? audit_log+0x150/0x150
[   43.996633][    C1]  ? kthread_blkcg+0xd0/0xd0
[   43.996639][    C1]  ? ret_from_fork+0x1f/0x30
[   43.996643][    C1] 
[   43.996645][    C1] The buggy address belongs to the page:
[   43.996653][    C1] page:ffffea0007dbc240 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0
[   43.996658][    C1] flags: 0x8000000000001000(reserved)
[   43.996669][    C1] raw: 8000000000001000 ffffea0007dbc248 ffffea0007dbc248 0000000000000000
[   43.996676][    C1] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   43.996679][    C1] page dumped because: kasan: bad access detected
[   43.996681][    C1] page_owner info is not present (never set?)
[   43.996682][    C1] 
[   43.996684][    C1] Memory state around the buggy address:
[   43.996690][    C1]  ffff8881f6f09900: 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 00 00 00 00
[   43.996695][    C1]  ffff8881f6f09980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   43.996700][    C1] >ffff8881f6f09a00: 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00 f3
[   43.996703][    C1]                                                                 ^
[   43.996708][    C1]  ffff8881f6f09a80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[   43.996713][    C1]  ffff8881f6f09b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   43.996715][    C1] ==================================================================
[   43.996717][    C1] Disabling lock debugging due to kernel taint
[   44.062554][  T416] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[   44.676170][  T420] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[   44.737665][  T423] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[   44.795022][  T425] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[   44.835356][  T427] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[   44.884828][  T429] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[   44.925511][  T431] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[   44.987185][  T433] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[   45.047801][  T436] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
2023/11/17 10:11:08 executed programs: 60
[   48.955505][  T593] __nla_validate_parse: 58 callbacks suppressed
[   48.955511][  T593] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[   49.012656][  T595] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[   49.075486][  T598] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[   49.123888][  T601] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[   49.187083][  T604] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[   49.236054][  T606] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[   49.292589][  T608] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[   49.367714][  T611] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[   49.424096][  T613] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[   49.444707][  T615] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
2023/11/17 10:11:13 executed programs: 141