Warning: Permanently added '10.128.1.170' (ECDSA) to the list of known hosts.
2023/02/02 20:38:37 ignoring optional flag "sandboxArg"="0"
2023/02/02 20:38:37 parsed 1 programs
2023/02/02 20:38:37 executed programs: 0
[ 47.465921][ T30] kauditd_printk_skb: 65 callbacks suppressed
[ 47.465931][ T30] audit: type=1400 audit(1675370317.309:137): avc: denied { mounton } for pid=378 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 47.496924][ T30] audit: type=1400 audit(1675370317.309:138): avc: denied { mount } for pid=378 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[ 47.528386][ T381] bridge0: port 1(bridge_slave_0) entered blocking state
[ 47.535612][ T381] bridge0: port 1(bridge_slave_0) entered disabled state
[ 47.545113][ T381] device bridge_slave_0 entered promiscuous mode
[ 47.552930][ T381] bridge0: port 2(bridge_slave_1) entered blocking state
[ 47.560127][ T381] bridge0: port 2(bridge_slave_1) entered disabled state
[ 47.567737][ T381] device bridge_slave_1 entered promiscuous mode
[ 47.601886][ T381] bridge0: port 2(bridge_slave_1) entered blocking state
[ 47.609312][ T381] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 47.616923][ T381] bridge0: port 1(bridge_slave_0) entered blocking state
[ 47.623871][ T381] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 47.639620][ T20] bridge0: port 1(bridge_slave_0) entered disabled state
[ 47.647505][ T20] bridge0: port 2(bridge_slave_1) entered disabled state
[ 47.654968][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 47.662460][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 47.673131][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 47.682809][ T332] bridge0: port 1(bridge_slave_0) entered blocking state
[ 47.690416][ T332] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 47.704424][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 47.712493][ T20] bridge0: port 2(bridge_slave_1) entered blocking state
[ 47.719571][ T20] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 47.727298][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 47.737726][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 47.750480][ T381] device veth0_vlan entered promiscuous mode
[ 47.756897][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 47.765583][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 47.773546][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 47.781320][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 47.792556][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 47.801762][ T381] device veth1_macvtap entered promiscuous mode
[ 47.810512][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 47.821959][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 47.833958][ T30] audit: type=1400 audit(1675370317.679:139): avc: denied { mount } for pid=381 comm="syz-executor.0" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[ 47.862638][ T388] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 47.874420][ T30] audit: type=1400 audit(1675370317.719:140): avc: denied { write } for pid=387 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 47.894837][ C0] ==================================================================
[ 47.894845][ C0] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x28b1/0x2e20
[ 47.894870][ C0] Read of size 4 at addr ffffc90000007a78 by task kauditd/30
[ 47.894876][ C0]
[ 47.894880][ C0] CPU: 0 PID: 30 Comm: kauditd Not tainted 5.15.91-syzkaller #0
[ 47.894893][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[ 47.894897][ C0] Call Trace:
[ 47.894908][ C0]
[ 47.894911][ C0] dump_stack_lvl+0x105/0x148
[ 47.894921][ C0] ? io_uring_drop_tctx_refs+0x14e/0x14e
[ 47.894927][ C0] ? panic+0x4fc/0x4fc
[ 47.894934][ C0] print_address_description+0x87/0x3d0
[ 47.894944][ C0] kasan_report+0x1a6/0x1f0
[ 47.894949][ C0] ? xfrm_state_find+0x28b1/0x2e20
[ 47.894955][ C0] ? xfrm_state_find+0x28b1/0x2e20
[ 47.894960][ C0] __asan_report_load4_noabort+0x14/0x20
[ 47.894967][ C0] xfrm_state_find+0x28b1/0x2e20
[ 47.894971][ C0] ? rcu_gp_kthread_wake+0x90/0x90
[ 47.894982][ C0] ? xfrm_sad_getinfo+0x170/0x170
[ 47.894987][ C0] ? dst_release+0x43/0xa0
[ 47.895002][ C0] ? xfrm4_get_saddr+0x191/0x2c0
[ 47.895026][ C0] xfrm_resolve_and_create_bundle+0x5b1/0x28b0
[ 47.895032][ C0] ? ip_route_output_key_hash_rcu+0x78f/0xff0
[ 47.895037][ C0] ? ip_route_output_flow+0x129/0x2e0
[ 47.895044][ C0] ? xfrm_lookup_with_ifid+0x1cb0/0x1cb0
[ 47.895051][ C0] ? _raw_spin_unlock_bh+0x51/0x60
[ 47.895058][ C0] xfrm_lookup_with_ifid+0xba7/0x1cb0
[ 47.895063][ C0] ? __do_softirq+0x27e/0x5dc
[ 47.895069][ C0] ? invoke_softirq+0xb/0x50
[ 47.895078][ C0] ? __xfrm_sk_clone_policy+0xb10/0xb10
[ 47.895083][ C0] ? ip_route_output_key_hash_rcu+0x78f/0xff0
[ 47.895086][ C0] xfrm_lookup_route+0x1d/0x120
[ 47.895090][ C0] ip_route_output_flow+0x1bb/0x2e0
[ 47.895093][ C0] ? ipv4_sk_update_pmtu+0x1f50/0x1f50
[ 47.895096][ C0] ? __put_user_ns+0x50/0x50
[ 47.895102][ C0] ? __alloc_skb+0x276/0x480
[ 47.895106][ C0] igmpv3_newpack+0x3fb/0xf40
[ 47.895112][ C0] ? igmpv3_sendpack+0x190/0x190
[ 47.895116][ C0] ? kauditd_thread+0x492/0x6d0
[ 47.895121][ C0] ? _raw_spin_unlock_irqrestore+0x5c/0x80
[ 47.895128][ C0] add_grhead+0x70/0x300
[ 47.895132][ C0] add_grec+0xffb/0x1280
[ 47.895137][ C0] ? _raw_spin_lock_bh+0xa3/0x1b0
[ 47.895141][ C0] ? igmpv3_send_report+0x380/0x380
[ 47.895146][ C0] igmp_ifc_timer_expire+0x79f/0xd90
[ 47.895150][ C0] ? _raw_spin_trylock_bh+0x1d0/0x1d0
[ 47.895154][ C0] ? igmp_gq_timer_expire+0x90/0x90
[ 47.895158][ C0] call_timer_fn+0x2b/0x1c0
[ 47.895163][ C0] ? igmp_gq_timer_expire+0x90/0x90
[ 47.895166][ C0] expire_timers+0x1ea/0x310
[ 47.895170][ C0] __run_timers+0x4c5/0x5d0
[ 47.895173][ C0] ? calc_index+0x210/0x210
[ 47.895177][ C0] run_timer_softirq+0x4a/0xb0
[ 47.895181][ C0] __do_softirq+0x27e/0x5dc
[ 47.895185][ C0] invoke_softirq+0xb/0x50
[ 47.895188][ C0] __irq_exit_rcu+0x4f/0xb0
[ 47.895191][ C0] irq_exit_rcu+0x9/0x10
[ 47.895194][ C0] sysvec_apic_timer_interrupt+0x9a/0xc0
[ 47.895200][ C0]
[ 47.895201][ C0]
[ 47.895203][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 47.895207][ C0] RIP: 0010:console_unlock+0x7ae/0x9c0
[ 47.895213][ C0] Code: e8 57 61 17 03 84 db 74 07 c6 05 cc 69 10 05 00 e8 87 52 00 00 f7 44 24 58 00 02 00 00 4c 8d ac 24 80 01 00 00 74 01 fb 84 db <0f> 94 c0 22 44 24 1b 3c 01 0f 84 b3 fa ff ff 0f b6 c3 85 c0 0f 84
[ 47.895217][ C0] RSP: 0018:ffffc900001ff900 EFLAGS: 00000246
[ 47.895223][ C0] RAX: 0000000080000001 RBX: dffffc0000000000 RCX: 0000000000000002
[ 47.895230][ C0] RDX: 0000000000000001 RSI: 0000000000000004 RDI: 0000000000000001
[ 47.895235][ C0] RBP: ffffc900001ffb10 R08: dffffc0000000000 R09: 0000000000000003
[ 47.895237][ C0] R10: fffff5200003ff11 R11: 1ffff9200003ff10 R12: dffffc0000000000
[ 47.895243][ C0] R13: ffffc900001ffa80 R14: 0000000000000000 R15: 00000000000000e6
[ 47.895247][ C0] ? vprintk_emit+0x260/0x260
[ 47.895252][ C0] ? newidle_balance+0x9bf/0x1070
[ 47.895257][ C0] ? console_trylock+0xc4/0x1a0
[ 47.895261][ C0] ? resume_console+0x30/0x30
[ 47.895265][ C0] ? __switch_to+0x617/0x1170
[ 47.895271][ C0] ? __kasan_check_read+0x11/0x20
[ 47.895275][ C0] vprintk_emit+0xd1/0x260
[ 47.895279][ C0] ? vprintk_store+0x12c0/0x12c0
[ 47.895283][ C0] ? __kasan_check_write+0x14/0x20
[ 47.895287][ C0] ? _raw_spin_trylock+0xe2/0x1e0
[ 47.895291][ C0] ? __cpuidle_text_end+0x6/0x6
[ 47.895296][ C0] vprintk_default+0x18/0x20
[ 47.895300][ C0] vprintk+0x49/0x50
[ 47.895303][ C0] _printk+0xca/0x10a
[ 47.895307][ C0] ? panic+0x4fc/0x4fc
[ 47.895310][ C0] ? _raw_spin_lock_irqsave+0xf8/0x210
[ 47.895315][ C0] ? _raw_spin_lock+0x1b0/0x1b0
[ 47.895320][ C0] kauditd_hold_skb+0x103/0x150
[ 47.895324][ C0] ? kauditd_send_queue+0x1f0/0x1f0
[ 47.895328][ C0] kauditd_send_queue+0x1c5/0x1f0
[ 47.895331][ C0] ? kauditd_send_queue+0x1f0/0x1f0
[ 47.895335][ C0] ? auditd_conn_free+0xb0/0xb0
[ 47.895339][ C0] kauditd_thread+0x492/0x6d0
[ 47.895343][ C0] ? __kasan_check_write+0x14/0x20
[ 47.895347][ C0] ? _raw_spin_lock_irqsave+0xf8/0x210
[ 47.895352][ C0] ? __sched_text_start+0x8/0x8
[ 47.895356][ C0] ? audit_log+0x130/0x130
[ 47.895360][ C0] ? io_schedule+0x120/0x120
[ 47.895364][ C0] ? __kthread_parkme+0x76/0x1d0
[ 47.895367][ C0] ? schedule+0x142/0x1f0
[ 47.895371][ C0] kthread+0x39c/0x480
[ 47.895374][ C0] ? audit_log+0x130/0x130
[ 47.895377][ C0] ? kthread_blkcg+0xa0/0xa0
[ 47.895381][ C0] ret_from_fork+0x1f/0x30
[ 47.895387][ C0]
[ 47.895389][ C0]
[ 47.895390][ C0]
[ 47.895391][ C0] Memory state around the buggy address:
[ 47.895394][ C0] ffffc90000007900: 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 00 00 00 00
[ 47.895397][ C0] ffffc90000007980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 47.895400][ C0] >ffffc90000007a00: 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00 f3
[ 47.895402][ C0] ^
[ 47.895405][ C0] ffffc90000007a80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[ 47.895408][ C0] ffffc90000007b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 47.895413][ C0] ==================================================================
[ 47.895415][ C0] Disabling lock debugging due to kernel taint
[ 47.926712][ T391] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 47.928904][ T30] audit: type=1400 audit(1675370317.719:141): avc: denied { nlmsg_write } for pid=387 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 48.541009][ T30] audit: type=1400 audit(1675370317.719:142): avc: denied { prog_load } for pid=387 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 48.573481][ T394] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 48.636052][ T397] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 48.692554][ T400] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 48.751268][ T404] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 48.778441][ T406] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 48.819858][ T408] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 48.878850][ T411] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 48.935472][ T414] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
2023/02/02 20:38:42 executed programs: 80
[ 52.891486][ T605] __nla_validate_parse: 77 callbacks suppressed
[ 52.891494][ T605] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 52.930182][ T607] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 52.980791][ T609] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 53.031463][ T611] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 53.061164][ T613] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 53.118563][ T616] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 53.150924][ T618] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 53.179275][ T620] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 53.235149][ T623] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 53.269153][ T625] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
2023/02/02 20:38:47 executed programs: 178