[   31.973835][  T351] device veth1_macvtap entered promiscuous mode
[   31.984151][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   31.992352][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   32.043044][  T351] syz-executor.0 (351) used greatest stack depth: 20832 bytes left
[   32.470484][  T318] device bridge_slave_1 left promiscuous mode
[   32.476389][  T318] bridge0: port 2(bridge_slave_1) entered disabled state
[   32.483736][  T318] device bridge_slave_0 left promiscuous mode
[   32.489638][  T318] bridge0: port 1(bridge_slave_0) entered disabled state
[   32.497133][  T318] device veth1_macvtap left promiscuous mode
[   32.502970][  T318] device veth0_vlan left promiscuous mode
Warning: Permanently added '10.128.10.29' (ECDSA) to the list of known hosts.
2023/04/03 23:11:03 ignoring optional flag "sandboxArg"="0"
2023/04/03 23:11:03 parsed 1 programs
2023/04/03 23:11:03 executed programs: 0
[   49.060391][   T30] kauditd_printk_skb: 65 callbacks suppressed
[   49.060399][   T30] audit: type=1400 audit(1680563463.419:137): avc:  denied  { mounton } for  pid=394 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   49.091465][   T30] audit: type=1400 audit(1680563463.419:138): avc:  denied  { mount } for  pid=394 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   49.121675][  T398] bridge0: port 1(bridge_slave_0) entered blocking state
[   49.128755][  T398] bridge0: port 1(bridge_slave_0) entered disabled state
[   49.136104][  T398] device bridge_slave_0 entered promiscuous mode
[   49.142633][  T398] bridge0: port 2(bridge_slave_1) entered blocking state
[   49.149448][  T398] bridge0: port 2(bridge_slave_1) entered disabled state
[   49.156744][  T398] device bridge_slave_1 entered promiscuous mode
[   49.188226][  T398] bridge0: port 2(bridge_slave_1) entered blocking state
[   49.195076][  T398] bridge0: port 2(bridge_slave_1) entered forwarding state
[   49.202156][  T398] bridge0: port 1(bridge_slave_0) entered blocking state
[   49.208948][  T398] bridge0: port 1(bridge_slave_0) entered forwarding state
[   49.223883][  T349] bridge0: port 1(bridge_slave_0) entered disabled state
[   49.231061][  T349] bridge0: port 2(bridge_slave_1) entered disabled state
[   49.238146][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   49.245703][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   49.253913][   T58] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   49.261785][   T58] bridge0: port 1(bridge_slave_0) entered blocking state
[   49.268651][   T58] bridge0: port 1(bridge_slave_0) entered forwarding state
[   49.280632][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   49.288522][  T349] bridge0: port 2(bridge_slave_1) entered blocking state
[   49.295295][  T349] bridge0: port 2(bridge_slave_1) entered forwarding state
[   49.302451][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   49.310622][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   49.322190][  T398] device veth0_vlan entered promiscuous mode
[   49.330183][   T58] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   49.338489][   T58] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   49.346454][   T58] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   49.353926][   T58] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   49.362554][   T58] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   49.371470][  T398] device veth1_macvtap entered promiscuous mode
[   49.380147][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   49.389261][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   49.403163][   T30] audit: type=1400 audit(1680563463.759:139): avc:  denied  { mount } for  pid=398 comm="syz-executor.0" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[   49.431752][  T404] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[   49.443086][   T30] audit: type=1400 audit(1680563463.799:140): avc:  denied  { write } for  pid=403 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   49.463559][   T30] audit: type=1400 audit(1680563463.799:141): avc:  denied  { nlmsg_write } for  pid=403 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   49.471972][  T406] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[   49.484526][    C0] ==================================================================
[   49.501718][    C0] BUG: KASAN: stack-out-of-bounds in __xfrm_dst_hash+0x3dd/0x4d0
[   49.509250][    C0] Read of size 4 at addr ffffc90000007ab8 by task kauditd/30
[   49.516454][    C0] 
[   49.518625][    C0] CPU: 0 PID: 30 Comm: kauditd Not tainted 5.15.98-syzkaller #0
[   49.526541][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[   49.536536][    C0] Call Trace:
[   49.539646][    C0]  <IRQ>
[   49.543588][    C0]  dump_stack_lvl+0x105/0x148
[   49.548076][    C0]  ? io_uring_drop_tctx_refs+0x14e/0x14e
[   49.553619][    C0]  ? panic+0x4f8/0x4f8
[   49.557526][    C0]  print_address_description+0x87/0x3b0
[   49.563079][    C0]  kasan_report+0x179/0x1c0
[   49.567533][    C0]  ? __xfrm_dst_hash+0x3dd/0x4d0
[   49.572496][    C0]  ? __xfrm_dst_hash+0x3dd/0x4d0
[   49.577263][    C0]  __asan_report_load4_noabort+0x14/0x20
[   49.582739][    C0]  __xfrm_dst_hash+0x3dd/0x4d0
[   49.587329][    C0]  xfrm_state_find+0x2fb/0x2c80
[   49.592453][    C0]  ? xfrm_sad_getinfo+0x170/0x170
[   49.597667][    C0]  ? dst_release+0x41/0x90
[   49.601909][    C0]  ? xfrm4_get_saddr+0x17c/0x290
[   49.606855][    C0]  ? ret_from_fork+0x1f/0x30
[   49.611286][    C0]  ? rhashtable_lookup+0x240/0x460
[   49.616514][    C0]  ? stack_trace_snprint+0xf0/0xf0
[   49.621678][    C0]  xfrm_resolve_and_create_bundle+0x57c/0x28e0
[   49.627843][    C0]  ? xfrm_sk_policy_lookup+0x430/0x430
[   49.633133][    C0]  ? xfrm_policy_lookup+0xdea/0xe70
[   49.638270][    C0]  ? _printk+0xca/0x10a
[   49.642511][    C0]  ? kauditd_hold_skb+0x103/0x150
[   49.647498][    C0]  ? kauditd_send_queue+0x1ab/0x1d0
[   49.652487][    C0]  xfrm_lookup_with_ifid+0x7dd/0x1900
[   49.657954][    C0]  ? _raw_spin_unlock_bh+0x51/0x60
[   49.662897][    C0]  ? __xfrm_sk_clone_policy+0x8d0/0x8d0
[   49.668281][    C0]  ? ip_route_output_key_hash_rcu+0x10c0/0x1d40
[   49.674368][    C0]  xfrm_lookup_route+0x1d/0x120
[   49.679215][    C0]  ip_route_output_flow+0x1c3/0x2f0
[   49.684596][    C0]  ? ipv4_sk_update_pmtu+0x1fa0/0x1fa0
[   49.690042][    C0]  ? __put_user_ns+0x50/0x50
[   49.694406][    C0]  ? __alloc_skb+0x27c/0x490
[   49.699173][    C0]  igmpv3_newpack+0x40a/0xf70
[   49.703701][    C0]  ? igmpv3_sendpack+0x190/0x190
[   49.708465][    C0]  ? ttwu_do_activate+0x14a/0x220
[   49.713331][    C0]  add_grhead+0x70/0x310
[   49.717559][    C0]  add_grec+0x104b/0x1340
[   49.721687][    C0]  ? try_invoke_on_locked_down_task+0x2a0/0x2a0
[   49.727764][    C0]  ? _raw_spin_lock_bh+0xa4/0x1b0
[   49.732663][    C0]  ? igmpv3_send_report+0x380/0x380
[   49.737829][    C0]  ? __queue_work+0x732/0x990
[   49.742344][    C0]  igmp_ifc_timer_expire+0x735/0xd20
[   49.747471][    C0]  ? _raw_spin_lock+0xa4/0x1b0
[   49.752156][    C0]  ? _raw_spin_trylock_bh+0x190/0x190
[   49.757360][    C0]  ? igmp_gq_timer_expire+0x90/0x90
[   49.762399][    C0]  call_timer_fn+0x28/0x1c0
[   49.766858][    C0]  ? igmp_gq_timer_expire+0x90/0x90
[   49.771912][    C0]  __run_timers+0x675/0x850
[   49.776340][    C0]  ? calc_index+0x210/0x210
[   49.780774][    C0]  run_timer_softirq+0x4a/0xb0
[   49.785373][    C0]  __do_softirq+0x26d/0x5bf
[   49.789713][    C0]  __irq_exit_rcu+0x50/0xf0
[   49.794069][    C0]  irq_exit_rcu+0x9/0x10
[   49.798379][    C0]  sysvec_apic_timer_interrupt+0x9a/0xc0
[   49.803976][    C0]  </IRQ>
[   49.806829][    C0]  <TASK>
[   49.809612][    C0]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[   49.815476][    C0] RIP: 0010:console_unlock+0x97d/0xcc0
[   49.820726][    C0] Code: e8 98 e8 07 03 84 db 74 07 c6 05 fd fd f2 04 00 e8 68 4a 00 00 f7 44 24 30 00 02 00 00 4c 8d a4 24 d0 01 00 00 74 01 fb 84 db <0f> 94 c0 22 44 24 07 3c 01 0f 84 00 f9 ff ff 0f b6 c3 85 c0 0f 84
[   49.840334][    C0] RSP: 0018:ffffc900001ff8c0 EFLAGS: 00000202
[   49.846232][    C0] RAX: 0000000080000001 RBX: 0000000000000001 RCX: 0000000000000002
[   49.854051][    C0] RDX: 0000000000000001 RSI: 0000000000000004 RDI: 0000000000000001
[   49.862070][    C0] RBP: ffffc900001ffb30 R08: dffffc0000000000 R09: 0000000000000003
[   49.869881][    C0] R10: fffff5200003ff08 R11: dffffc0000000001 R12: ffffc900001ffa90
[   49.877710][    C0] R13: dffffc0000000000 R14: 0000000000000000 R15: 00000000000000ec
[   49.885506][    C0]  ? vprintk_emit+0x250/0x250
[   49.890014][    C0]  ? __kasan_check_write+0x14/0x20
[   49.895052][    C0]  ? _raw_spin_lock_irqsave+0xf9/0x210
[   49.900529][    C0]  ? _raw_spin_lock+0x1b0/0x1b0
[   49.905297][    C0]  ? kthread+0x3a1/0x480
[   49.909375][    C0]  ? console_trylock+0xc4/0x1a0
[   49.914065][    C0]  vprintk_emit+0xd1/0x250
[   49.918750][    C0]  ? vprintk_store+0x12c0/0x12c0
[   49.923609][    C0]  ? __kasan_check_write+0x14/0x20
[   49.928554][    C0]  ? _raw_spin_trylock+0xcd/0x1a0
[   49.933421][    C0]  ? __cpuidle_text_end+0x5/0x5
[   49.938102][    C0]  vprintk_default+0x18/0x20
[   49.942540][    C0]  vprintk+0x49/0x50
[   49.946454][    C0]  _printk+0xca/0x10a
[   49.950488][    C0]  ? panic+0x4f8/0x4f8
[   49.954343][    C0]  kauditd_hold_skb+0x103/0x150
[   49.959123][    C0]  ? kauditd_send_queue+0x1d0/0x1d0
[   49.964242][    C0]  kauditd_send_queue+0x1ab/0x1d0
[   49.969103][    C0]  ? kauditd_send_queue+0x1d0/0x1d0
[   49.974327][    C0]  ? auditd_conn_free+0xb0/0xb0
[   49.979021][    C0]  kauditd_thread+0x427/0x670
[   49.983525][    C0]  ? audit_log+0x130/0x130
[   49.987778][    C0]  ? io_schedule+0x120/0x120
[   49.992292][    C0]  ? __kthread_parkme+0x76/0x1c0
[   49.997063][    C0]  ? schedule+0x136/0x1e0
[   50.001232][    C0]  kthread+0x3a1/0x480
[   50.005136][    C0]  ? audit_log+0x130/0x130
[   50.009390][    C0]  ? kthread_blkcg+0xa0/0xa0
[   50.014735][    C0]  ret_from_fork+0x1f/0x30
[   50.019004][    C0]  </TASK>
[   50.021865][    C0] 
[   50.024036][    C0] 
[   50.026293][    C0] Memory state around the buggy address:
[   50.031995][    C0]  ffffc90000007980: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[   50.040115][    C0]  ffffc90000007a00: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
[   50.048165][    C0] >ffffc90000007a80: 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 00 00 00 00
[   50.056175][    C0]                                         ^
[   50.061984][    C0]  ffffc90000007b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   50.069967][    C0]  ffffc90000007b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   50.078211][    C0] ==================================================================
[   50.086111][    C0] Disabling lock debugging due to kernel taint
[   50.092842][   T30] audit: type=1400 audit(1680563463.799:142): avc:  denied  { prog_load } for  pid=403 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   50.127242][  T410] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[   50.175341][  T412] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[   50.215381][  T414] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[   50.272493][  T418] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[   50.331679][  T420] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[   50.374445][  T422] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[   50.430556][  T425] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[   50.476789][  T427] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
2023/04/03 23:11:08 executed programs: 77
[   54.476271][  T613] __nla_validate_parse: 75 callbacks suppressed
[   54.476280][  T613] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[   54.532092][  T616] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[   54.555756][  T618] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[   54.610396][  T620] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[   54.661800][  T622] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[   54.704625][  T624] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[   54.751744][  T626] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[   54.796006][  T628] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[   54.851657][  T630] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[   54.906503][  T632] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
2023/04/03 23:11:13 executed programs: 176