Warning: Permanently added '10.128.0.67' (ED25519) to the list of known hosts.
2024/03/29 21:26:49 ignoring optional flag "sandboxArg"="0"
2024/03/29 21:26:49 parsed 1 programs
2024/03/29 21:26:49 executed programs: 0
[ 41.220038][ T29] kauditd_printk_skb: 74 callbacks suppressed
[ 41.220045][ T29] audit: type=1400 audit(1711747609.305:150): avc: denied { mounton } for pid=336 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 41.251118][ T29] audit: type=1400 audit(1711747609.315:151): avc: denied { mount } for pid=336 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[ 41.276117][ T29] audit: type=1400 audit(1711747609.315:152): avc: denied { setattr } for pid=336 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 41.301830][ T29] audit: type=1400 audit(1711747609.345:153): avc: denied { mounton } for pid=340 comm="syz-executor.0" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[ 41.336385][ T340] bridge0: port 1(bridge_slave_0) entered blocking state
[ 41.343893][ T340] bridge0: port 1(bridge_slave_0) entered disabled state
[ 41.351502][ T340] device bridge_slave_0 entered promiscuous mode
[ 41.358932][ T340] bridge0: port 2(bridge_slave_1) entered blocking state
[ 41.365935][ T340] bridge0: port 2(bridge_slave_1) entered disabled state
[ 41.373218][ T340] device bridge_slave_1 entered promiscuous mode
[ 41.414068][ T340] bridge0: port 2(bridge_slave_1) entered blocking state
[ 41.421108][ T340] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 41.428723][ T340] bridge0: port 1(bridge_slave_0) entered blocking state
[ 41.435639][ T340] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 41.452433][ T38] bridge0: port 1(bridge_slave_0) entered disabled state
[ 41.459601][ T38] bridge0: port 2(bridge_slave_1) entered disabled state
[ 41.467449][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 41.475000][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 41.483571][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 41.491646][ T37] bridge0: port 1(bridge_slave_0) entered blocking state
[ 41.498559][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 41.515482][ T340] device veth0_vlan entered promiscuous mode
[ 41.522011][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 41.530036][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 41.538582][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 41.546219][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 41.553612][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 41.561676][ T37] bridge0: port 2(bridge_slave_1) entered blocking state
[ 41.568776][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 41.576844][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 41.586823][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 41.599361][ T340] device veth1_macvtap entered promiscuous mode
[ 41.606329][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 41.619597][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 41.627990][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 41.645160][ T29] audit: type=1400 audit(1711747609.735:154): avc: denied { write } for pid=345 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 41.665745][ T29] audit: type=1400 audit(1711747609.735:155): avc: denied { nlmsg_write } for pid=345 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 41.687141][ T29] audit: type=1400 audit(1711747609.735:156): avc: denied { prog_load } for pid=345 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 41.700357][ C0] ==================================================================
[ 41.714887][ C0] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x4f95/0x5b20
[ 41.722791][ C0] Read of size 4 at addr ffffc90000007b88 by task kworker/0:1/38
[ 41.730733][ C0]
[ 41.733233][ C0] CPU: 0 PID: 38 Comm: kworker/0:1 Not tainted 5.15.148-syzkaller #0
[ 41.741370][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 41.751394][ C0] Workqueue: rcu_gp process_srcu
[ 41.756428][ C0] Call Trace:
[ 41.759537][ C0]
[ 41.762402][ C0] dump_stack_lvl+0x38/0x49
[ 41.766837][ C0] print_address_description.constprop.0+0x24/0x160
[ 41.773261][ C0] ? xfrm_state_find+0x4f95/0x5b20
[ 41.778195][ C0] kasan_report.cold+0x82/0xdb
[ 41.783127][ C0] ? netlink_has_listeners+0xf0/0x170
[ 41.788879][ C0] ? xfrm_state_find+0x4f95/0x5b20
[ 41.794358][ C0] __asan_report_load4_noabort+0x14/0x20
[ 41.799819][ C0] xfrm_state_find+0x4f95/0x5b20
[ 41.804856][ C0] ? __note_gp_changes+0x422/0x910
[ 41.810353][ C0] ? xfrm_state_migrate+0x2180/0x2180
[ 41.815566][ C0] ? dst_release+0x44/0x60
[ 41.820265][ C0] ? xfrm4_get_saddr+0x12b/0x1a0
[ 41.825170][ C0] ? xfrm4_fill_dst+0x690/0x690
[ 41.829838][ C0] ? update_stack_state+0x12c/0x4d0
[ 41.834879][ C0] xfrm_tmpl_resolve+0x271/0xb40
[ 41.839648][ C0] ? xfrm_tmpl_resolve+0x271/0xb40
[ 41.844915][ C0] ? __xfrm_dst_lookup+0xe0/0xe0
[ 41.849659][ C0] ? __stack_depot_save+0x36/0x440
[ 41.854614][ C0] xfrm_resolve_and_create_bundle+0x125/0x20c0
[ 41.860597][ C0] ? policy_hash_bysel+0xdf0/0xdf0
[ 41.865636][ C0] ? xfrm_policy_find_inexact_candidates.part.0+0x11f/0x1c0
[ 41.873029][ C0] ? xdst_queue_output+0x5e0/0x5e0
[ 41.878065][ C0] ? xfrm_sk_policy_lookup+0x380/0x380
[ 41.883643][ C0] ? __kmalloc_track_caller+0x2d4/0x4f0
[ 41.889306][ C0] ? __alloc_skb+0x8b/0x250
[ 41.893710][ C0] ? igmpv3_newpack+0x1b1/0xde0
[ 41.898929][ C0] ? add_grec+0xbef/0xec0
[ 41.903377][ C0] ? __kasan_check_write+0x14/0x20
[ 41.909073][ C0] xfrm_lookup_with_ifid+0x408/0x1c50
[ 41.914413][ C0] ? xfrm_policy_lookup_bytype.constprop.0+0xab0/0xab0
[ 41.921590][ C0] ? __kasan_check_read+0x11/0x20
[ 41.926660][ C0] ? ip_route_output_key_hash_rcu+0x776/0x2b40
[ 41.932634][ C0] ? __alloc_skb+0x14b/0x250
[ 41.937250][ C0] xfrm_lookup_route+0x1f/0x150
[ 41.942214][ C0] ip_route_output_flow+0x259/0x2d0
[ 41.947240][ C0] ? kasan_poison+0x55/0x60
[ 41.951664][ C0] ? inet_rtm_getroute+0x20e0/0x20e0
[ 41.956779][ C0] igmpv3_newpack+0x2a8/0xde0
[ 41.961379][ C0] ? ip_mc_find_dev+0x290/0x290
[ 41.966148][ C0] ? __kasan_check_write+0x14/0x20
[ 41.971144][ C0] ? sched_slice.isra.0+0x156/0x2a0
[ 41.976251][ C0] ? nohz_balance_exit_idle.part.0+0x200/0x200
[ 41.982776][ C0] add_grhead+0x235/0x320
[ 41.986961][ C0] add_grec+0xbef/0xec0
[ 41.991215][ C0] ? __kasan_check_read+0x11/0x20
[ 41.996586][ C0] ? __kasan_check_write+0x14/0x20
[ 42.002583][ C0] ? igmpv3_sendpack.isra.0+0x200/0x200
[ 42.008409][ C0] ? clear_posix_cputimers_work+0xa0/0xa0
[ 42.014117][ C0] igmp_ifc_timer_expire+0x46e/0xb10
[ 42.019334][ C0] ? __kasan_check_write+0x14/0x20
[ 42.024266][ C0] ? ip_mc_check_igmp+0xe60/0xe60
[ 42.029137][ C0] call_timer_fn+0x28/0x190
[ 42.033820][ C0] __run_timers.part.0+0x45c/0x840
[ 42.038848][ C0] ? ip_mc_check_igmp+0xe60/0xe60
[ 42.043712][ C0] ? call_timer_fn+0x190/0x190
[ 42.048327][ C0] ? kvm_sched_clock_read+0x18/0x40
[ 42.053516][ C0] ? sched_clock+0x9/0x10
[ 42.058040][ C0] ? sched_clock_cpu+0x18/0x1b0
[ 42.063066][ C0] run_timer_softirq+0x9c/0x180
[ 42.067837][ C0] __do_softirq+0x1c1/0x5c8
[ 42.072698][ C0] ? irqtime_account_irq+0x2c4/0x430
[ 42.078014][ C0] irq_exit_rcu+0x64/0x110
[ 42.082340][ C0] sysvec_apic_timer_interrupt+0x9d/0xc0
[ 42.087891][ C0]
[ 42.090667][ C0]
[ 42.093529][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 42.099347][ C0] RIP: 0010:_raw_spin_unlock_irq+0x3d/0x6a
[ 42.104984][ C0] Code: c1 e8 03 48 89 e5 53 48 89 fb 80 3c 10 00 75 39 48 83 3d f5 c2 33 01 00 74 26 48 89 df e8 1f be 6d fd 66 90 fb bf 01 00 00 00 9e c5 64 fd 65 8b 05 97 1f 29 7c 85 c0 74 08 48 8b 5d f8 c9 c3
[ 42.124520][ C0] RSP: 0018:ffffc9000027fdb0 EFLAGS: 00000246
[ 42.130501][ C0] RAX: 0000000000000001 RBX: ffff8881f7436680 RCX: ffffffff813b3168
[ 42.138832][ C0] RDX: dffffc0000000000 RSI: 0000000000000008 RDI: 0000000000000001
[ 42.146744][ C0] RBP: ffffc9000027fdb8 R08: 0000000000000001 R09: ffffffff8593306f
[ 42.154803][ C0] R10: fffffbfff0b2660d R11: ffffffff85933080 R12: ffff8881f7436680
[ 42.163048][ C0] R13: ffffffff85933068 R14: ffff888100261b18 R15: ffff888100261b00
[ 42.170961][ C0] ? process_one_work+0x5d8/0xec0
[ 42.175902][ C0] process_one_work+0x605/0xec0
[ 42.180705][ C0] ? mutex_unlock+0x7e/0x240
[ 42.185198][ C0] worker_thread+0x48e/0xdb0
[ 42.189715][ C0] ? rescuer_thread+0xc30/0xc30
[ 42.194486][ C0] kthread+0x324/0x3e0
[ 42.198485][ C0] ? set_kthread_struct+0x100/0x100
[ 42.203517][ C0] ret_from_fork+0x1f/0x30
[ 42.207767][ C0]
[ 42.210888][ C0]
[ 42.213154][ C0]
[ 42.215345][ C0] Memory state around the buggy address:
[ 42.220804][ C0] ffffc90000007a80: 00 00 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00
[ 42.229126][ C0] ffffc90000007b00: 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00
[ 42.237122][ C0] >ffffc90000007b80: 00 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00
[ 42.245092][ C0] ^
[ 42.249364][ C0] ffffc90000007c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 42.257347][ C0] ffffc90000007c80: 00 00 00 00 00 f1 f1 f1 f1 00 f3 f3 f3 00 00 00
[ 42.265335][ C0] ==================================================================
[ 42.273580][ C0] Disabling lock debugging due to kernel taint
2024/03/29 21:26:54 executed programs: 715
2024/03/29 21:26:59 executed programs: 1559