Warning: Permanently added '10.128.1.147' (ED25519) to the list of known hosts.
2024/02/28 11:38:24 ignoring optional flag "sandboxArg"="0"
2024/02/28 11:38:24 parsed 1 programs
2024/02/28 11:38:24 executed programs: 0
[ 41.060530][ T29] kauditd_printk_skb: 74 callbacks suppressed
[ 41.060538][ T29] audit: type=1400 audit(1709120304.268:150): avc: denied { mounton } for pid=337 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 41.092295][ T29] audit: type=1400 audit(1709120304.278:151): avc: denied { mount } for pid=337 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[ 41.115797][ T29] audit: type=1400 audit(1709120304.278:152): avc: denied { setattr } for pid=337 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 41.139271][ T29] audit: type=1400 audit(1709120304.308:153): avc: denied { mounton } for pid=342 comm="syz-executor.0" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[ 41.172839][ T342] bridge0: port 1(bridge_slave_0) entered blocking state
[ 41.179675][ T342] bridge0: port 1(bridge_slave_0) entered disabled state
[ 41.187296][ T342] device bridge_slave_0 entered promiscuous mode
[ 41.194275][ T342] bridge0: port 2(bridge_slave_1) entered blocking state
[ 41.201469][ T342] bridge0: port 2(bridge_slave_1) entered disabled state
[ 41.208769][ T342] device bridge_slave_1 entered promiscuous mode
[ 41.249347][ T342] bridge0: port 2(bridge_slave_1) entered blocking state
[ 41.256419][ T342] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 41.263710][ T342] bridge0: port 1(bridge_slave_0) entered blocking state
[ 41.270724][ T342] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 41.288852][ T291] bridge0: port 1(bridge_slave_0) entered disabled state
[ 41.296441][ T291] bridge0: port 2(bridge_slave_1) entered disabled state
[ 41.304605][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 41.311783][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 41.320463][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 41.329089][ T38] bridge0: port 1(bridge_slave_0) entered blocking state
[ 41.336170][ T38] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 41.353201][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 41.362127][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 41.370219][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 41.377771][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 41.385843][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 41.393892][ T38] bridge0: port 2(bridge_slave_1) entered blocking state
[ 41.400709][ T38] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 41.407896][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 41.415892][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 41.424608][ T342] device veth0_vlan entered promiscuous mode
[ 41.434745][ T342] device veth1_macvtap entered promiscuous mode
[ 41.442752][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 41.451685][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 41.464602][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 41.483461][ T29] audit: type=1400 audit(1709120304.698:154): avc: denied { write } for pid=347 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 41.503969][ T29] audit: type=1400 audit(1709120304.698:155): avc: denied { nlmsg_write } for pid=347 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 41.525264][ T29] audit: type=1400 audit(1709120304.698:156): avc: denied { prog_load } for pid=347 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 42.242487][ C1] ==================================================================
[ 42.250786][ C1] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x4f95/0x5b20
[ 42.259024][ C1] Read of size 4 at addr ffffc900001c0b88 by task udevd/346
[ 42.266221][ C1]
[ 42.268406][ C1] CPU: 1 PID: 346 Comm: udevd Not tainted 5.15.148-syzkaller #0
[ 42.275941][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 42.285937][ C1] Call Trace:
[ 42.289060][ C1]
[ 42.291749][ C1] dump_stack_lvl+0x38/0x49
[ 42.296102][ C1] print_address_description.constprop.0+0x24/0x160
[ 42.302513][ C1] ? xfrm_state_find+0x4f95/0x5b20
[ 42.307663][ C1] kasan_report.cold+0x82/0xdb
[ 42.312260][ C1] ? netlink_has_listeners+0xf0/0x170
[ 42.317458][ C1] ? xfrm_state_find+0x4f95/0x5b20
[ 42.322406][ C1] __asan_report_load4_noabort+0x14/0x20
[ 42.328021][ C1] xfrm_state_find+0x4f95/0x5b20
[ 42.332787][ C1] ? __note_gp_changes+0x422/0x910
[ 42.337847][ C1] ? xfrm_state_migrate+0x2180/0x2180
[ 42.343041][ C1] ? dst_release+0x44/0x60
[ 42.347300][ C1] ? xfrm4_get_saddr+0x12b/0x1a0
[ 42.352416][ C1] ? xfrm4_fill_dst+0x690/0x690
[ 42.357101][ C1] ? update_stack_state+0x12c/0x4d0
[ 42.362224][ C1] xfrm_tmpl_resolve+0x271/0xb40
[ 42.367079][ C1] ? xfrm_tmpl_resolve+0x271/0xb40
[ 42.372030][ C1] ? unwind_get_return_address+0x58/0xa0
[ 42.377920][ C1] ? __xfrm_dst_lookup+0xe0/0xe0
[ 42.382616][ C1] ? __stack_depot_save+0x36/0x440
[ 42.387581][ C1] xfrm_resolve_and_create_bundle+0x125/0x20c0
[ 42.393561][ C1] ? policy_hash_bysel+0xdf0/0xdf0
[ 42.398507][ C1] ? xfrm_policy_find_inexact_candidates.part.0+0x11f/0x1c0
[ 42.405875][ C1] ? xdst_queue_output+0x5e0/0x5e0
[ 42.410818][ C1] ? xfrm_sk_policy_lookup+0x380/0x380
[ 42.416445][ C1] ? __kmalloc_track_caller+0x2d4/0x4f0
[ 42.421826][ C1] ? __alloc_skb+0x8b/0x250
[ 42.426169][ C1] ? igmpv3_newpack+0x1b1/0xde0
[ 42.430855][ C1] ? add_grec+0xbef/0xec0
[ 42.435012][ C1] ? __kasan_check_write+0x14/0x20
[ 42.439974][ C1] xfrm_lookup_with_ifid+0x408/0x1c50
[ 42.445180][ C1] ? xfrm_policy_lookup_bytype.constprop.0+0xab0/0xab0
[ 42.452030][ C1] ? __kasan_check_read+0x11/0x20
[ 42.456892][ C1] ? ip_route_output_key_hash_rcu+0x776/0x2b40
[ 42.463133][ C1] xfrm_lookup_route+0x1f/0x150
[ 42.467821][ C1] ip_route_output_flow+0x259/0x2d0
[ 42.472850][ C1] ? kasan_poison+0x55/0x60
[ 42.477204][ C1] ? inet_rtm_getroute+0x20e0/0x20e0
[ 42.482431][ C1] igmpv3_newpack+0x2a8/0xde0
[ 42.487008][ C1] ? ip_mc_find_dev+0x290/0x290
[ 42.491694][ C1] ? update_cfs_group+0x1ac/0x240
[ 42.496819][ C1] ? sched_slice.isra.0+0x156/0x2a0
[ 42.502104][ C1] ? nohz_balance_exit_idle.part.0+0x200/0x200
[ 42.508105][ C1] add_grhead+0x235/0x320
[ 42.512322][ C1] add_grec+0xbef/0xec0
[ 42.516392][ C1] ? __kasan_check_read+0x11/0x20
[ 42.521364][ C1] ? __kasan_check_write+0x14/0x20
[ 42.526389][ C1] ? igmpv3_sendpack.isra.0+0x200/0x200
[ 42.531760][ C1] ? clear_posix_cputimers_work+0xa0/0xa0
[ 42.537495][ C1] igmp_ifc_timer_expire+0x46e/0xb10
[ 42.542615][ C1] ? __kasan_check_write+0x14/0x20
[ 42.547641][ C1] ? ip_mc_check_igmp+0xe60/0xe60
[ 42.552501][ C1] call_timer_fn+0x28/0x190
[ 42.556929][ C1] __run_timers.part.0+0x45c/0x840
[ 42.561875][ C1] ? ip_mc_check_igmp+0xe60/0xe60
[ 42.566822][ C1] ? call_timer_fn+0x190/0x190
[ 42.571519][ C1] ? kvm_sched_clock_read+0x18/0x40
[ 42.576791][ C1] ? sched_clock+0x9/0x10
[ 42.581076][ C1] ? sched_clock_cpu+0x18/0x1b0
[ 42.585916][ C1] run_timer_softirq+0x9c/0x180
[ 42.591054][ C1] __do_softirq+0x1c1/0x5c8
[ 42.595540][ C1] irq_exit_rcu+0x64/0x110
[ 42.599794][ C1] sysvec_apic_timer_interrupt+0x9d/0xc0
[ 42.605366][ C1]
[ 42.608240][ C1]
[ 42.611263][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 42.617217][ C1] RIP: 0010:call_rcu+0x35f/0x1420
[ 42.622145][ C1] Code: f0 00 00 00 a8 02 0f 84 2e 02 00 00 e8 aa cc fe ff 84 c0 0f 84 38 02 00 00 48 f7 85 18 ff ff ff 00 02 00 00 0f 85 a6 00 00 00 <48> b8 00 00 00 00 00 fc ff df 48 03 85 20 ff ff ff 48 c7 00 00 00
[ 42.641927][ C1] RSP: 0018:ffffc900006b7d08 EFLAGS: 00000287
[ 42.647990][ C1] RAX: 0000000000002710 RBX: 00000000000000a9 RCX: ffffffff814d971c
[ 42.656070][ C1] RDX: 1ffff1103eea701f RSI: 0000000000000008 RDI: ffff8881f75380c8
[ 42.664422][ C1] RBP: ffffc900006b7e10 R08: ffff8881f75380f8 R09: ffff8881f75380cf
[ 42.672485][ C1] R10: ffffed103eea7019 R11: ffff8881f7538020 R12: ffff88810f2d2480
[ 42.681457][ C1] R13: ffff8881f7538000 R14: ffff8881f7538080 R15: ffff8881f75380c8
[ 42.689650][ C1] ? call_rcu+0x43c/0x1420
[ 42.693890][ C1] ? call_rcu+0x43c/0x1420
[ 42.698441][ C1] ? __kasan_slab_free+0x11c/0x150
[ 42.703374][ C1] ? get_max_files+0x10/0x10
[ 42.708242][ C1] ? __call_rcu_nocb_wake+0xe0/0xe0
[ 42.713821][ C1] ? security_file_free+0x91/0xb0
[ 42.719024][ C1] ? kmem_cache_free+0x105/0x250
[ 42.724192][ C1] ? percpu_counter_add_batch+0x82/0x160
[ 42.729950][ C1] __fput+0x46b/0x960
[ 42.734298][ C1] ____fput+0x9/0x10
[ 42.738269][ C1] task_work_run+0xc2/0x150
[ 42.742599][ C1] exit_to_user_mode_prepare+0x140/0x150
[ 42.748376][ C1] syscall_exit_to_user_mode+0x21/0x40
[ 42.753875][ C1] do_syscall_64+0x42/0xb0
[ 42.758306][ C1] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 42.764373][ C1] RIP: 0033:0x7f10afdeb0a8
[ 42.768621][ C1] Code: 48 8b 05 83 9d 0d 00 64 c7 00 16 00 00 00 83 c8 ff 48 83 c4 20 5b c3 64 8b 04 25 18 00 00 00 85 c0 75 20 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 5b 48 8b 15 51 9d 0d 00 f7 d8 64 89 02 48 83
[ 42.789139][ C1] RSP: 002b:00007ffd8c1f28f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[ 42.798067][ C1] RAX: 0000000000000000 RBX: 00007f10afcbfae0 RCX: 00007f10afdeb0a8
[ 42.806076][ C1] RDX: 00005594ef68bfa2 RSI: 00007ffd8c1f20f8 RDI: 0000000000000008
[ 42.814445][ C1] RBP: 00005591b67382e0 R08: 0000000000000005 R09: 7c9a59d2077773a0
[ 42.822637][ C1] R10: 000000000000010f R11: 0000000000000246 R12: 0000000000000002
[ 42.830944][ C1] R13: 00005591b671f990 R14: 0000000000000008 R15: 00005591b67012c0
[ 42.838837][ C1]
[ 42.841869][ C1]
[ 42.844075][ C1]
[ 42.846379][ C1] Memory state around the buggy address:
[ 42.851849][ C1] ffffc900001c0a80: 00 00 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00
[ 42.860187][ C1] ffffc900001c0b00: 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00
[ 42.868874][ C1] >ffffc900001c0b80: 00 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00
[ 42.876849][ C1] ^
[ 42.881821][ C1] ffffc900001c0c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 42.889963][ C1] ffffc900001c0c80: 00 00 00 00 00 f1 f1 f1 f1 00 f3 f3 f3 00 00 00
[ 42.897990][ C1] ==================================================================
[ 42.906421][ C1] Disabling lock debugging due to kernel taint
2024/02/28 11:38:29 executed programs: 682
2024/02/28 11:38:34 executed programs: 1587