[ 31.973835][ T351] device veth1_macvtap entered promiscuous mode
[ 31.984151][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 31.992352][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 32.043044][ T351] syz-executor.0 (351) used greatest stack depth: 20832 bytes left
[ 32.470484][ T318] device bridge_slave_1 left promiscuous mode
[ 32.476389][ T318] bridge0: port 2(bridge_slave_1) entered disabled state
[ 32.483736][ T318] device bridge_slave_0 left promiscuous mode
[ 32.489638][ T318] bridge0: port 1(bridge_slave_0) entered disabled state
[ 32.497133][ T318] device veth1_macvtap left promiscuous mode
[ 32.502970][ T318] device veth0_vlan left promiscuous mode
Warning: Permanently added '10.128.10.29' (ECDSA) to the list of known hosts.
2023/04/03 23:11:03 ignoring optional flag "sandboxArg"="0"
2023/04/03 23:11:03 parsed 1 programs
2023/04/03 23:11:03 executed programs: 0
[ 49.060391][ T30] kauditd_printk_skb: 65 callbacks suppressed
[ 49.060399][ T30] audit: type=1400 audit(1680563463.419:137): avc: denied { mounton } for pid=394 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 49.091465][ T30] audit: type=1400 audit(1680563463.419:138): avc: denied { mount } for pid=394 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[ 49.121675][ T398] bridge0: port 1(bridge_slave_0) entered blocking state
[ 49.128755][ T398] bridge0: port 1(bridge_slave_0) entered disabled state
[ 49.136104][ T398] device bridge_slave_0 entered promiscuous mode
[ 49.142633][ T398] bridge0: port 2(bridge_slave_1) entered blocking state
[ 49.149448][ T398] bridge0: port 2(bridge_slave_1) entered disabled state
[ 49.156744][ T398] device bridge_slave_1 entered promiscuous mode
[ 49.188226][ T398] bridge0: port 2(bridge_slave_1) entered blocking state
[ 49.195076][ T398] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 49.202156][ T398] bridge0: port 1(bridge_slave_0) entered blocking state
[ 49.208948][ T398] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 49.223883][ T349] bridge0: port 1(bridge_slave_0) entered disabled state
[ 49.231061][ T349] bridge0: port 2(bridge_slave_1) entered disabled state
[ 49.238146][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 49.245703][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 49.253913][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 49.261785][ T58] bridge0: port 1(bridge_slave_0) entered blocking state
[ 49.268651][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 49.280632][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 49.288522][ T349] bridge0: port 2(bridge_slave_1) entered blocking state
[ 49.295295][ T349] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 49.302451][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 49.310622][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 49.322190][ T398] device veth0_vlan entered promiscuous mode
[ 49.330183][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 49.338489][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 49.346454][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 49.353926][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 49.362554][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 49.371470][ T398] device veth1_macvtap entered promiscuous mode
[ 49.380147][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 49.389261][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 49.403163][ T30] audit: type=1400 audit(1680563463.759:139): avc: denied { mount } for pid=398 comm="syz-executor.0" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[ 49.431752][ T404] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 49.443086][ T30] audit: type=1400 audit(1680563463.799:140): avc: denied { write } for pid=403 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 49.463559][ T30] audit: type=1400 audit(1680563463.799:141): avc: denied { nlmsg_write } for pid=403 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 49.471972][ T406] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 49.484526][ C0] ==================================================================
[ 49.501718][ C0] BUG: KASAN: stack-out-of-bounds in __xfrm_dst_hash+0x3dd/0x4d0
[ 49.509250][ C0] Read of size 4 at addr ffffc90000007ab8 by task kauditd/30
[ 49.516454][ C0]
[ 49.518625][ C0] CPU: 0 PID: 30 Comm: kauditd Not tainted 5.15.98-syzkaller #0
[ 49.526541][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 49.536536][ C0] Call Trace:
[ 49.539646][ C0]
[ 49.543588][ C0] dump_stack_lvl+0x105/0x148
[ 49.548076][ C0] ? io_uring_drop_tctx_refs+0x14e/0x14e
[ 49.553619][ C0] ? panic+0x4f8/0x4f8
[ 49.557526][ C0] print_address_description+0x87/0x3b0
[ 49.563079][ C0] kasan_report+0x179/0x1c0
[ 49.567533][ C0] ? __xfrm_dst_hash+0x3dd/0x4d0
[ 49.572496][ C0] ? __xfrm_dst_hash+0x3dd/0x4d0
[ 49.577263][ C0] __asan_report_load4_noabort+0x14/0x20
[ 49.582739][ C0] __xfrm_dst_hash+0x3dd/0x4d0
[ 49.587329][ C0] xfrm_state_find+0x2fb/0x2c80
[ 49.592453][ C0] ? xfrm_sad_getinfo+0x170/0x170
[ 49.597667][ C0] ? dst_release+0x41/0x90
[ 49.601909][ C0] ? xfrm4_get_saddr+0x17c/0x290
[ 49.606855][ C0] ? ret_from_fork+0x1f/0x30
[ 49.611286][ C0] ? rhashtable_lookup+0x240/0x460
[ 49.616514][ C0] ? stack_trace_snprint+0xf0/0xf0
[ 49.621678][ C0] xfrm_resolve_and_create_bundle+0x57c/0x28e0
[ 49.627843][ C0] ? xfrm_sk_policy_lookup+0x430/0x430
[ 49.633133][ C0] ? xfrm_policy_lookup+0xdea/0xe70
[ 49.638270][ C0] ? _printk+0xca/0x10a
[ 49.642511][ C0] ? kauditd_hold_skb+0x103/0x150
[ 49.647498][ C0] ? kauditd_send_queue+0x1ab/0x1d0
[ 49.652487][ C0] xfrm_lookup_with_ifid+0x7dd/0x1900
[ 49.657954][ C0] ? _raw_spin_unlock_bh+0x51/0x60
[ 49.662897][ C0] ? __xfrm_sk_clone_policy+0x8d0/0x8d0
[ 49.668281][ C0] ? ip_route_output_key_hash_rcu+0x10c0/0x1d40
[ 49.674368][ C0] xfrm_lookup_route+0x1d/0x120
[ 49.679215][ C0] ip_route_output_flow+0x1c3/0x2f0
[ 49.684596][ C0] ? ipv4_sk_update_pmtu+0x1fa0/0x1fa0
[ 49.690042][ C0] ? __put_user_ns+0x50/0x50
[ 49.694406][ C0] ? __alloc_skb+0x27c/0x490
[ 49.699173][ C0] igmpv3_newpack+0x40a/0xf70
[ 49.703701][ C0] ? igmpv3_sendpack+0x190/0x190
[ 49.708465][ C0] ? ttwu_do_activate+0x14a/0x220
[ 49.713331][ C0] add_grhead+0x70/0x310
[ 49.717559][ C0] add_grec+0x104b/0x1340
[ 49.721687][ C0] ? try_invoke_on_locked_down_task+0x2a0/0x2a0
[ 49.727764][ C0] ? _raw_spin_lock_bh+0xa4/0x1b0
[ 49.732663][ C0] ? igmpv3_send_report+0x380/0x380
[ 49.737829][ C0] ? __queue_work+0x732/0x990
[ 49.742344][ C0] igmp_ifc_timer_expire+0x735/0xd20
[ 49.747471][ C0] ? _raw_spin_lock+0xa4/0x1b0
[ 49.752156][ C0] ? _raw_spin_trylock_bh+0x190/0x190
[ 49.757360][ C0] ? igmp_gq_timer_expire+0x90/0x90
[ 49.762399][ C0] call_timer_fn+0x28/0x1c0
[ 49.766858][ C0] ? igmp_gq_timer_expire+0x90/0x90
[ 49.771912][ C0] __run_timers+0x675/0x850
[ 49.776340][ C0] ? calc_index+0x210/0x210
[ 49.780774][ C0] run_timer_softirq+0x4a/0xb0
[ 49.785373][ C0] __do_softirq+0x26d/0x5bf
[ 49.789713][ C0] __irq_exit_rcu+0x50/0xf0
[ 49.794069][ C0] irq_exit_rcu+0x9/0x10
[ 49.798379][ C0] sysvec_apic_timer_interrupt+0x9a/0xc0
[ 49.803976][ C0]
[ 49.806829][ C0]
[ 49.809612][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 49.815476][ C0] RIP: 0010:console_unlock+0x97d/0xcc0
[ 49.820726][ C0] Code: e8 98 e8 07 03 84 db 74 07 c6 05 fd fd f2 04 00 e8 68 4a 00 00 f7 44 24 30 00 02 00 00 4c 8d a4 24 d0 01 00 00 74 01 fb 84 db <0f> 94 c0 22 44 24 07 3c 01 0f 84 00 f9 ff ff 0f b6 c3 85 c0 0f 84
[ 49.840334][ C0] RSP: 0018:ffffc900001ff8c0 EFLAGS: 00000202
[ 49.846232][ C0] RAX: 0000000080000001 RBX: 0000000000000001 RCX: 0000000000000002
[ 49.854051][ C0] RDX: 0000000000000001 RSI: 0000000000000004 RDI: 0000000000000001
[ 49.862070][ C0] RBP: ffffc900001ffb30 R08: dffffc0000000000 R09: 0000000000000003
[ 49.869881][ C0] R10: fffff5200003ff08 R11: dffffc0000000001 R12: ffffc900001ffa90
[ 49.877710][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: 00000000000000ec
[ 49.885506][ C0] ? vprintk_emit+0x250/0x250
[ 49.890014][ C0] ? __kasan_check_write+0x14/0x20
[ 49.895052][ C0] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 49.900529][ C0] ? _raw_spin_lock+0x1b0/0x1b0
[ 49.905297][ C0] ? kthread+0x3a1/0x480
[ 49.909375][ C0] ? console_trylock+0xc4/0x1a0
[ 49.914065][ C0] vprintk_emit+0xd1/0x250
[ 49.918750][ C0] ? vprintk_store+0x12c0/0x12c0
[ 49.923609][ C0] ? __kasan_check_write+0x14/0x20
[ 49.928554][ C0] ? _raw_spin_trylock+0xcd/0x1a0
[ 49.933421][ C0] ? __cpuidle_text_end+0x5/0x5
[ 49.938102][ C0] vprintk_default+0x18/0x20
[ 49.942540][ C0] vprintk+0x49/0x50
[ 49.946454][ C0] _printk+0xca/0x10a
[ 49.950488][ C0] ? panic+0x4f8/0x4f8
[ 49.954343][ C0] kauditd_hold_skb+0x103/0x150
[ 49.959123][ C0] ? kauditd_send_queue+0x1d0/0x1d0
[ 49.964242][ C0] kauditd_send_queue+0x1ab/0x1d0
[ 49.969103][ C0] ? kauditd_send_queue+0x1d0/0x1d0
[ 49.974327][ C0] ? auditd_conn_free+0xb0/0xb0
[ 49.979021][ C0] kauditd_thread+0x427/0x670
[ 49.983525][ C0] ? audit_log+0x130/0x130
[ 49.987778][ C0] ? io_schedule+0x120/0x120
[ 49.992292][ C0] ? __kthread_parkme+0x76/0x1c0
[ 49.997063][ C0] ? schedule+0x136/0x1e0
[ 50.001232][ C0] kthread+0x3a1/0x480
[ 50.005136][ C0] ? audit_log+0x130/0x130
[ 50.009390][ C0] ? kthread_blkcg+0xa0/0xa0
[ 50.014735][ C0] ret_from_fork+0x1f/0x30
[ 50.019004][ C0]
[ 50.021865][ C0]
[ 50.024036][ C0]
[ 50.026293][ C0] Memory state around the buggy address:
[ 50.031995][ C0] ffffc90000007980: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[ 50.040115][ C0] ffffc90000007a00: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
[ 50.048165][ C0] >ffffc90000007a80: 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 00 00 00 00
[ 50.056175][ C0] ^
[ 50.061984][ C0] ffffc90000007b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 50.069967][ C0] ffffc90000007b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 50.078211][ C0] ==================================================================
[ 50.086111][ C0] Disabling lock debugging due to kernel taint
[ 50.092842][ T30] audit: type=1400 audit(1680563463.799:142): avc: denied { prog_load } for pid=403 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 50.127242][ T410] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 50.175341][ T412] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 50.215381][ T414] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 50.272493][ T418] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 50.331679][ T420] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 50.374445][ T422] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 50.430556][ T425] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 50.476789][ T427] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
2023/04/03 23:11:08 executed programs: 77
[ 54.476271][ T613] __nla_validate_parse: 75 callbacks suppressed
[ 54.476280][ T613] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 54.532092][ T616] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 54.555756][ T618] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 54.610396][ T620] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 54.661800][ T622] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 54.704625][ T624] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 54.751744][ T626] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 54.796006][ T628] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 54.851657][ T630] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 54.906503][ T632] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
2023/04/03 23:11:13 executed programs: 176