Warning: Permanently added '10.128.1.147' (ED25519) to the list of known hosts.
2024/02/28 11:38:24 ignoring optional flag "sandboxArg"="0"
2024/02/28 11:38:24 parsed 1 programs
2024/02/28 11:38:24 executed programs: 0
[   41.060530][   T29] kauditd_printk_skb: 74 callbacks suppressed
[   41.060538][   T29] audit: type=1400 audit(1709120304.268:150): avc:  denied  { mounton } for  pid=337 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   41.092295][   T29] audit: type=1400 audit(1709120304.278:151): avc:  denied  { mount } for  pid=337 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   41.115797][   T29] audit: type=1400 audit(1709120304.278:152): avc:  denied  { setattr } for  pid=337 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   41.139271][   T29] audit: type=1400 audit(1709120304.308:153): avc:  denied  { mounton } for  pid=342 comm="syz-executor.0" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[   41.172839][  T342] bridge0: port 1(bridge_slave_0) entered blocking state
[   41.179675][  T342] bridge0: port 1(bridge_slave_0) entered disabled state
[   41.187296][  T342] device bridge_slave_0 entered promiscuous mode
[   41.194275][  T342] bridge0: port 2(bridge_slave_1) entered blocking state
[   41.201469][  T342] bridge0: port 2(bridge_slave_1) entered disabled state
[   41.208769][  T342] device bridge_slave_1 entered promiscuous mode
[   41.249347][  T342] bridge0: port 2(bridge_slave_1) entered blocking state
[   41.256419][  T342] bridge0: port 2(bridge_slave_1) entered forwarding state
[   41.263710][  T342] bridge0: port 1(bridge_slave_0) entered blocking state
[   41.270724][  T342] bridge0: port 1(bridge_slave_0) entered forwarding state
[   41.288852][  T291] bridge0: port 1(bridge_slave_0) entered disabled state
[   41.296441][  T291] bridge0: port 2(bridge_slave_1) entered disabled state
[   41.304605][  T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   41.311783][  T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   41.320463][   T38] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   41.329089][   T38] bridge0: port 1(bridge_slave_0) entered blocking state
[   41.336170][   T38] bridge0: port 1(bridge_slave_0) entered forwarding state
[   41.353201][   T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   41.362127][   T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   41.370219][   T38] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   41.377771][   T38] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   41.385843][   T38] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   41.393892][   T38] bridge0: port 2(bridge_slave_1) entered blocking state
[   41.400709][   T38] bridge0: port 2(bridge_slave_1) entered forwarding state
[   41.407896][   T38] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   41.415892][   T38] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   41.424608][  T342] device veth0_vlan entered promiscuous mode
[   41.434745][  T342] device veth1_macvtap entered promiscuous mode
[   41.442752][   T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   41.451685][  T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   41.464602][   T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   41.483461][   T29] audit: type=1400 audit(1709120304.698:154): avc:  denied  { write } for  pid=347 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   41.503969][   T29] audit: type=1400 audit(1709120304.698:155): avc:  denied  { nlmsg_write } for  pid=347 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   41.525264][   T29] audit: type=1400 audit(1709120304.698:156): avc:  denied  { prog_load } for  pid=347 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   42.242487][    C1] ==================================================================
[   42.250786][    C1] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x4f95/0x5b20
[   42.259024][    C1] Read of size 4 at addr ffffc900001c0b88 by task udevd/346
[   42.266221][    C1] 
[   42.268406][    C1] CPU: 1 PID: 346 Comm: udevd Not tainted 5.15.148-syzkaller #0
[   42.275941][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   42.285937][    C1] Call Trace:
[   42.289060][    C1]  <IRQ>
[   42.291749][    C1]  dump_stack_lvl+0x38/0x49
[   42.296102][    C1]  print_address_description.constprop.0+0x24/0x160
[   42.302513][    C1]  ? xfrm_state_find+0x4f95/0x5b20
[   42.307663][    C1]  kasan_report.cold+0x82/0xdb
[   42.312260][    C1]  ? netlink_has_listeners+0xf0/0x170
[   42.317458][    C1]  ? xfrm_state_find+0x4f95/0x5b20
[   42.322406][    C1]  __asan_report_load4_noabort+0x14/0x20
[   42.328021][    C1]  xfrm_state_find+0x4f95/0x5b20
[   42.332787][    C1]  ? __note_gp_changes+0x422/0x910
[   42.337847][    C1]  ? xfrm_state_migrate+0x2180/0x2180
[   42.343041][    C1]  ? dst_release+0x44/0x60
[   42.347300][    C1]  ? xfrm4_get_saddr+0x12b/0x1a0
[   42.352416][    C1]  ? xfrm4_fill_dst+0x690/0x690
[   42.357101][    C1]  ? update_stack_state+0x12c/0x4d0
[   42.362224][    C1]  xfrm_tmpl_resolve+0x271/0xb40
[   42.367079][    C1]  ? xfrm_tmpl_resolve+0x271/0xb40
[   42.372030][    C1]  ? unwind_get_return_address+0x58/0xa0
[   42.377920][    C1]  ? __xfrm_dst_lookup+0xe0/0xe0
[   42.382616][    C1]  ? __stack_depot_save+0x36/0x440
[   42.387581][    C1]  xfrm_resolve_and_create_bundle+0x125/0x20c0
[   42.393561][    C1]  ? policy_hash_bysel+0xdf0/0xdf0
[   42.398507][    C1]  ? xfrm_policy_find_inexact_candidates.part.0+0x11f/0x1c0
[   42.405875][    C1]  ? xdst_queue_output+0x5e0/0x5e0
[   42.410818][    C1]  ? xfrm_sk_policy_lookup+0x380/0x380
[   42.416445][    C1]  ? __kmalloc_track_caller+0x2d4/0x4f0
[   42.421826][    C1]  ? __alloc_skb+0x8b/0x250
[   42.426169][    C1]  ? igmpv3_newpack+0x1b1/0xde0
[   42.430855][    C1]  ? add_grec+0xbef/0xec0
[   42.435012][    C1]  ? __kasan_check_write+0x14/0x20
[   42.439974][    C1]  xfrm_lookup_with_ifid+0x408/0x1c50
[   42.445180][    C1]  ? xfrm_policy_lookup_bytype.constprop.0+0xab0/0xab0
[   42.452030][    C1]  ? __kasan_check_read+0x11/0x20
[   42.456892][    C1]  ? ip_route_output_key_hash_rcu+0x776/0x2b40
[   42.463133][    C1]  xfrm_lookup_route+0x1f/0x150
[   42.467821][    C1]  ip_route_output_flow+0x259/0x2d0
[   42.472850][    C1]  ? kasan_poison+0x55/0x60
[   42.477204][    C1]  ? inet_rtm_getroute+0x20e0/0x20e0
[   42.482431][    C1]  igmpv3_newpack+0x2a8/0xde0
[   42.487008][    C1]  ? ip_mc_find_dev+0x290/0x290
[   42.491694][    C1]  ? update_cfs_group+0x1ac/0x240
[   42.496819][    C1]  ? sched_slice.isra.0+0x156/0x2a0
[   42.502104][    C1]  ? nohz_balance_exit_idle.part.0+0x200/0x200
[   42.508105][    C1]  add_grhead+0x235/0x320
[   42.512322][    C1]  add_grec+0xbef/0xec0
[   42.516392][    C1]  ? __kasan_check_read+0x11/0x20
[   42.521364][    C1]  ? __kasan_check_write+0x14/0x20
[   42.526389][    C1]  ? igmpv3_sendpack.isra.0+0x200/0x200
[   42.531760][    C1]  ? clear_posix_cputimers_work+0xa0/0xa0
[   42.537495][    C1]  igmp_ifc_timer_expire+0x46e/0xb10
[   42.542615][    C1]  ? __kasan_check_write+0x14/0x20
[   42.547641][    C1]  ? ip_mc_check_igmp+0xe60/0xe60
[   42.552501][    C1]  call_timer_fn+0x28/0x190
[   42.556929][    C1]  __run_timers.part.0+0x45c/0x840
[   42.561875][    C1]  ? ip_mc_check_igmp+0xe60/0xe60
[   42.566822][    C1]  ? call_timer_fn+0x190/0x190
[   42.571519][    C1]  ? kvm_sched_clock_read+0x18/0x40
[   42.576791][    C1]  ? sched_clock+0x9/0x10
[   42.581076][    C1]  ? sched_clock_cpu+0x18/0x1b0
[   42.585916][    C1]  run_timer_softirq+0x9c/0x180
[   42.591054][    C1]  __do_softirq+0x1c1/0x5c8
[   42.595540][    C1]  irq_exit_rcu+0x64/0x110
[   42.599794][    C1]  sysvec_apic_timer_interrupt+0x9d/0xc0
[   42.605366][    C1]  </IRQ>
[   42.608240][    C1]  <TASK>
[   42.611263][    C1]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[   42.617217][    C1] RIP: 0010:call_rcu+0x35f/0x1420
[   42.622145][    C1] Code: f0 00 00 00 a8 02 0f 84 2e 02 00 00 e8 aa cc fe ff 84 c0 0f 84 38 02 00 00 48 f7 85 18 ff ff ff 00 02 00 00 0f 85 a6 00 00 00 <48> b8 00 00 00 00 00 fc ff df 48 03 85 20 ff ff ff 48 c7 00 00 00
[   42.641927][    C1] RSP: 0018:ffffc900006b7d08 EFLAGS: 00000287
[   42.647990][    C1] RAX: 0000000000002710 RBX: 00000000000000a9 RCX: ffffffff814d971c
[   42.656070][    C1] RDX: 1ffff1103eea701f RSI: 0000000000000008 RDI: ffff8881f75380c8
[   42.664422][    C1] RBP: ffffc900006b7e10 R08: ffff8881f75380f8 R09: ffff8881f75380cf
[   42.672485][    C1] R10: ffffed103eea7019 R11: ffff8881f7538020 R12: ffff88810f2d2480
[   42.681457][    C1] R13: ffff8881f7538000 R14: ffff8881f7538080 R15: ffff8881f75380c8
[   42.689650][    C1]  ? call_rcu+0x43c/0x1420
[   42.693890][    C1]  ? call_rcu+0x43c/0x1420
[   42.698441][    C1]  ? __kasan_slab_free+0x11c/0x150
[   42.703374][    C1]  ? get_max_files+0x10/0x10
[   42.708242][    C1]  ? __call_rcu_nocb_wake+0xe0/0xe0
[   42.713821][    C1]  ? security_file_free+0x91/0xb0
[   42.719024][    C1]  ? kmem_cache_free+0x105/0x250
[   42.724192][    C1]  ? percpu_counter_add_batch+0x82/0x160
[   42.729950][    C1]  __fput+0x46b/0x960
[   42.734298][    C1]  ____fput+0x9/0x10
[   42.738269][    C1]  task_work_run+0xc2/0x150
[   42.742599][    C1]  exit_to_user_mode_prepare+0x140/0x150
[   42.748376][    C1]  syscall_exit_to_user_mode+0x21/0x40
[   42.753875][    C1]  do_syscall_64+0x42/0xb0
[   42.758306][    C1]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   42.764373][    C1] RIP: 0033:0x7f10afdeb0a8
[   42.768621][    C1] Code: 48 8b 05 83 9d 0d 00 64 c7 00 16 00 00 00 83 c8 ff 48 83 c4 20 5b c3 64 8b 04 25 18 00 00 00 85 c0 75 20 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 5b 48 8b 15 51 9d 0d 00 f7 d8 64 89 02 48 83
[   42.789139][    C1] RSP: 002b:00007ffd8c1f28f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[   42.798067][    C1] RAX: 0000000000000000 RBX: 00007f10afcbfae0 RCX: 00007f10afdeb0a8
[   42.806076][    C1] RDX: 00005594ef68bfa2 RSI: 00007ffd8c1f20f8 RDI: 0000000000000008
[   42.814445][    C1] RBP: 00005591b67382e0 R08: 0000000000000005 R09: 7c9a59d2077773a0
[   42.822637][    C1] R10: 000000000000010f R11: 0000000000000246 R12: 0000000000000002
[   42.830944][    C1] R13: 00005591b671f990 R14: 0000000000000008 R15: 00005591b67012c0
[   42.838837][    C1]  </TASK>
[   42.841869][    C1] 
[   42.844075][    C1] 
[   42.846379][    C1] Memory state around the buggy address:
[   42.851849][    C1]  ffffc900001c0a80: 00 00 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00
[   42.860187][    C1]  ffffc900001c0b00: 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00
[   42.868874][    C1] >ffffc900001c0b80: 00 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00
[   42.876849][    C1]                       ^
[   42.881821][    C1]  ffffc900001c0c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   42.889963][    C1]  ffffc900001c0c80: 00 00 00 00 00 f1 f1 f1 f1 00 f3 f3 f3 00 00 00
[   42.897990][    C1] ==================================================================
[   42.906421][    C1] Disabling lock debugging due to kernel taint
2024/02/28 11:38:29 executed programs: 682
2024/02/28 11:38:34 executed programs: 1587