Warning: Permanently added '10.128.10.6' (ED25519) to the list of known hosts.
2023/09/21 04:04:53 ignoring optional flag "sandboxArg"="0"
2023/09/21 04:04:53 parsed 1 programs
2023/09/21 04:04:53 executed programs: 0
[ 38.796666][ T29] kauditd_printk_skb: 74 callbacks suppressed
[ 38.796674][ T29] audit: type=1400 audit(1695269093.733:150): avc: denied { mounton } for pid=334 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 38.834482][ T29] audit: type=1400 audit(1695269093.733:151): avc: denied { mount } for pid=334 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[ 38.867780][ T29] audit: type=1400 audit(1695269093.743:152): avc: denied { setattr } for pid=334 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 38.898955][ T29] audit: type=1400 audit(1695269093.763:153): avc: denied { mounton } for pid=338 comm="syz-executor.0" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[ 38.943787][ T338] bridge0: port 1(bridge_slave_0) entered blocking state
[ 38.953166][ T338] bridge0: port 1(bridge_slave_0) entered disabled state
[ 38.962101][ T338] device bridge_slave_0 entered promiscuous mode
[ 38.970927][ T338] bridge0: port 2(bridge_slave_1) entered blocking state
[ 38.979077][ T338] bridge0: port 2(bridge_slave_1) entered disabled state
[ 38.987455][ T338] device bridge_slave_1 entered promiscuous mode
[ 39.033600][ T338] bridge0: port 2(bridge_slave_1) entered blocking state
[ 39.040928][ T338] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 39.048728][ T338] bridge0: port 1(bridge_slave_0) entered blocking state
[ 39.057941][ T338] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 39.075499][ T55] bridge0: port 1(bridge_slave_0) entered disabled state
[ 39.083895][ T55] bridge0: port 2(bridge_slave_1) entered disabled state
[ 39.094267][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 39.104471][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 39.126675][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 39.136451][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 39.145843][ T294] bridge0: port 1(bridge_slave_0) entered blocking state
[ 39.153250][ T294] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 39.162276][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 39.171973][ T294] bridge0: port 2(bridge_slave_1) entered blocking state
[ 39.179778][ T294] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 39.188366][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 39.198245][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 39.210365][ T338] device veth0_vlan entered promiscuous mode
[ 39.216719][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 39.224658][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 39.233380][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 39.244775][ T338] device veth1_macvtap entered promiscuous mode
[ 39.251928][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 39.262749][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 39.273818][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 39.297123][ T29] audit: type=1400 audit(1695269094.233:154): avc: denied { write } for pid=343 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 39.318184][ T29] audit: type=1400 audit(1695269094.233:155): avc: denied { nlmsg_write } for pid=343 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 39.341806][ T29] audit: type=1400 audit(1695269094.233:156): avc: denied { prog_load } for pid=343 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 39.545084][ C0] ==================================================================
[ 39.553530][ C0] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x4f95/0x5b20
[ 39.561615][ C0] Read of size 4 at addr ffffc90000007b88 by task udevd/342
[ 39.569247][ C0]
[ 39.571416][ C0] CPU: 0 PID: 342 Comm: udevd Not tainted 5.15.131-syzkaller #0
[ 39.579329][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 39.589759][ C0] Call Trace:
[ 39.592867][ C0]
[ 39.595566][ C0] dump_stack_lvl+0x38/0x49
[ 39.600475][ C0] print_address_description.constprop.0+0x24/0x160
[ 39.607531][ C0] ? xfrm_state_find+0x4f95/0x5b20
[ 39.612626][ C0] kasan_report.cold+0x82/0xdb
[ 39.617663][ C0] ? netlink_has_listeners+0x80/0x170
[ 39.623175][ C0] ? xfrm_state_find+0x4f95/0x5b20
[ 39.628230][ C0] __asan_report_load4_noabort+0x14/0x20
[ 39.633777][ C0] xfrm_state_find+0x4f95/0x5b20
[ 39.638657][ C0] ? rcu_gp_cleanup+0x82/0xa10
[ 39.643805][ C0] ? xfrm_state_migrate+0x2180/0x2180
[ 39.649036][ C0] ? dst_release+0x44/0x60
[ 39.653457][ C0] ? xfrm4_get_saddr+0x12b/0x1a0
[ 39.658497][ C0] ? xfrm4_fill_dst+0x690/0x690
[ 39.664028][ C0] ? update_stack_state+0x12c/0x4d0
[ 39.669268][ C0] xfrm_tmpl_resolve+0x271/0xb40
[ 39.674264][ C0] ? xfrm_tmpl_resolve+0x271/0xb40
[ 39.679493][ C0] ? unwind_get_return_address+0x58/0xa0
[ 39.684981][ C0] ? __xfrm_dst_lookup+0xe0/0xe0
[ 39.690045][ C0] ? __stack_depot_save+0x36/0x440
[ 39.695284][ C0] xfrm_resolve_and_create_bundle+0x125/0x20c0
[ 39.701334][ C0] ? policy_hash_bysel+0xdf0/0xdf0
[ 39.707413][ C0] ? xfrm_policy_find_inexact_candidates.part.0+0x11f/0x1c0
[ 39.714928][ C0] ? xdst_queue_output+0x5e0/0x5e0
[ 39.719826][ C0] ? xfrm_sk_policy_lookup+0x380/0x380
[ 39.726718][ C0] ? __kmalloc_track_caller+0x2d4/0x4f0
[ 39.732758][ C0] ? __alloc_skb+0x8b/0x250
[ 39.737183][ C0] ? igmpv3_newpack+0x1a0/0xdd0
[ 39.742184][ C0] ? add_grec+0xbef/0xec0
[ 39.746519][ C0] ? __kasan_check_write+0x14/0x20
[ 39.751467][ C0] xfrm_lookup_with_ifid+0x408/0x1c50
[ 39.756668][ C0] ? xfrm_policy_lookup_bytype.constprop.0+0xab0/0xab0
[ 39.763638][ C0] ? __kasan_check_read+0x11/0x20
[ 39.768584][ C0] ? ip_route_output_key_hash_rcu+0x776/0x2b40
[ 39.774999][ C0] xfrm_lookup_route+0x1f/0x150
[ 39.779776][ C0] ip_route_output_flow+0x259/0x2d0
[ 39.785383][ C0] ? kasan_poison+0x55/0x60
[ 39.789701][ C0] ? inet_rtm_getroute+0x2080/0x2080
[ 39.795324][ C0] igmpv3_newpack+0x297/0xdd0
[ 39.800182][ C0] ? ip_mc_find_dev+0x290/0x290
[ 39.804997][ C0] ? ttwu_do_activate.isra.0+0x11c/0x250
[ 39.810641][ C0] add_grhead+0x235/0x320
[ 39.814900][ C0] add_grec+0xbef/0xec0
[ 39.818881][ C0] ? sched_setscheduler_nocheck+0x190/0x190
[ 39.824695][ C0] ? __kasan_check_write+0x14/0x20
[ 39.829790][ C0] ? igmpv3_sendpack.isra.0+0x200/0x200
[ 39.835115][ C0] ? insert_work+0x251/0x320
[ 39.839811][ C0] igmp_ifc_timer_expire+0x46e/0xb10
[ 39.844940][ C0] ? __kasan_check_write+0x14/0x20
[ 39.849863][ C0] ? _raw_spin_lock_bh+0x110/0x110
[ 39.855521][ C0] ? igmp_start_timer+0x100/0x100
[ 39.860376][ C0] call_timer_fn+0x28/0x190
[ 39.864718][ C0] __run_timers.part.0+0x45c/0x840
[ 39.869665][ C0] ? igmp_start_timer+0x100/0x100
[ 39.874620][ C0] ? call_timer_fn+0x190/0x190
[ 39.879221][ C0] ? kvm_sched_clock_read+0x18/0x40
[ 39.885220][ C0] ? sched_clock+0x9/0x10
[ 39.890004][ C0] ? sched_clock_cpu+0x18/0x1b0
[ 39.894940][ C0] run_timer_softirq+0x9c/0x180
[ 39.899756][ C0] __do_softirq+0x1c1/0x5c8
[ 39.904368][ C0] irq_exit_rcu+0x64/0x110
[ 39.909208][ C0] sysvec_apic_timer_interrupt+0x9d/0xc0
[ 39.915204][ C0]
[ 39.917968][ C0]
[ 39.920753][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 39.926792][ C0] RIP: 0010:netlink_sendmsg+0x22f/0xd10
[ 39.932819][ C0] Code: 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 3c 07 00 00 <49> 8d 7e 08 45 8b 7f 04 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48
[ 39.954811][ C0] RSP: 0018:ffffc900006879d8 EFLAGS: 00000246
[ 39.961023][ C0] RAX: 0000000000000007 RBX: ffffc90000687aa0 RCX: 1ffff11023c5ddce
[ 39.970399][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88811f7e7204
[ 39.978984][ C0] RBP: ffffc90000687ac8 R08: ffff888121863a80 R09: ffffc90000687a40
[ 39.987569][ C0] R10: fffff520000d0f4b R11: 0000000000000000 R12: ffff88811f133800
[ 39.996477][ C0] R13: ffffc90000687e40 R14: ffff88811f7e7200 R15: ffff88811f7e7200
[ 40.005287][ C0] ? netlink_sendmsg+0x143/0xd10
[ 40.010541][ C0] ? __kasan_check_write+0x14/0x20
[ 40.016998][ C0] ? netlink_unicast+0x810/0x810
[ 40.022407][ C0] ? netlink_unicast+0x810/0x810
[ 40.027380][ C0] sock_sendmsg+0xb5/0xf0
[ 40.031516][ C0] ____sys_sendmsg+0x694/0x990
[ 40.036232][ C0] ? kernel_sendmsg+0x30/0x30
[ 40.041051][ C0] ? do_recvmmsg+0x5a0/0x5a0
[ 40.046277][ C0] ? stack_trace_save+0x8f/0xc0
[ 40.051069][ C0] ? locks_remove_flock+0x298/0x310
[ 40.056416][ C0] ___sys_sendmsg+0xfc/0x190
[ 40.061368][ C0] ? sendmsg_copy_msghdr+0x110/0x110
[ 40.066498][ C0] ? _raw_spin_lock_bh+0x110/0x110
[ 40.071420][ C0] ? filemap_check_errors+0x56/0xf0
[ 40.076635][ C0] ? __kasan_check_read+0x11/0x20
[ 40.081534][ C0] ? call_rcu+0x43c/0x1420
[ 40.085742][ C0] ? __kasan_check_read+0x11/0x20
[ 40.090781][ C0] ? __fget_light+0x57/0x550
[ 40.095483][ C0] ? __call_rcu_nocb_wake+0xe0/0xe0
[ 40.101389][ C0] ? security_file_free+0x91/0xb0
[ 40.106353][ C0] ? __fdget+0xe/0x10
[ 40.110676][ C0] ? sockfd_lookup_light+0x1c/0x150
[ 40.115708][ C0] __sys_sendmsg+0xc3/0x160
[ 40.120051][ C0] ? __sys_sendmsg_sock+0x20/0x20
[ 40.125004][ C0] ? __fput+0x46b/0x960
[ 40.129257][ C0] ? f2fs_release_decomp_mem+0x100/0x2c0
[ 40.135251][ C0] ? task_work_run+0xc2/0x150
[ 40.140130][ C0] ? debug_smp_processor_id+0x17/0x20
[ 40.145334][ C0] __x64_sys_sendmsg+0x73/0xb0
[ 40.150155][ C0] ? syscall_exit_to_user_mode+0x2f/0x40
[ 40.156241][ C0] do_syscall_64+0x35/0xb0
[ 40.160657][ C0] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 40.166743][ C0] RIP: 0033:0x7fb7a7556a4b
[ 40.171005][ C0] Code: ff 89 ef 48 89 04 24 e8 22 56 f9 ff 48 8b 04 24 48 83 c4 20 5d c3 c3 64 8b 04 25 18 00 00 00 85 c0 75 20 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 6d 48 8b 15 ae c3 0c 00 f7 d8 64 89 02 48 83
[ 40.191601][ C0] RSP: 002b:00007fff6e0fcc28 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 40.200280][ C0] RAX: ffffffffffffffda RBX: 0000556014b16de0 RCX: 00007fb7a7556a4b
[ 40.208852][ C0] RDX: 0000000000000000 RSI: 00007fff6e0fcc38 RDI: 000000000000000c
[ 40.217473][ C0] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
[ 40.225992][ C0] R10: 000000000000010f R11: 0000000000000246 R12: 0000000000000000
[ 40.234361][ C0] R13: 00000000000000b0 R14: 0000000000000000 R15: 0000556014b072c0
[ 40.242576][ C0]
[ 40.245692][ C0]
[ 40.248096][ C0]
[ 40.251986][ C0] Memory state around the buggy address:
[ 40.258798][ C0] ffffc90000007a80: 00 00 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00
[ 40.270185][ C0] ffffc90000007b00: 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00
[ 40.279784][ C0] >ffffc90000007b80: 00 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00
[ 40.289170][ C0] ^
[ 40.293749][ C0] ffffc90000007c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 40.302967][ C0] ffffc90000007c80: 00 00 00 00 00 f1 f1 f1 f1 00 f3 f3 f3 00 00 00
[ 40.313409][ C0] ==================================================================
[ 40.322123][ C0] Disabling lock debugging due to kernel taint
2023/09/21 04:04:58 executed programs: 600
2023/09/21 04:05:03 executed programs: 1324