[ 23.795228][ T294] device veth1_macvtap entered promiscuous mode
[ 23.803393][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 23.814865][ T298] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 23.873432][ T294] syz-executor.0 (294) used greatest stack depth: 23152 bytes left
[ 24.439044][ T10] device bridge_slave_1 left promiscuous mode
[ 24.444969][ T10] bridge0: port 2(bridge_slave_1) entered disabled state
[ 24.452802][ T10] device bridge_slave_0 left promiscuous mode
[ 24.458791][ T10] bridge0: port 1(bridge_slave_0) entered disabled state
[ 24.466471][ T10] device veth1_macvtap left promiscuous mode
[ 24.472420][ T10] device veth0_vlan left promiscuous mode
Warning: Permanently added '10.128.0.242' (ED25519) to the list of known hosts.
2023/11/23 21:30:26 ignoring optional flag "sandboxArg"="0"
2023/11/23 21:30:26 parsed 1 programs
2023/11/23 21:30:26 executed programs: 0
[ 41.727402][ T29] kauditd_printk_skb: 74 callbacks suppressed
[ 41.727410][ T29] audit: type=1400 audit(1700775026.801:150): avc: denied { mounton } for pid=337 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 41.758074][ T29] audit: type=1400 audit(1700775026.801:151): avc: denied { mount } for pid=337 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[ 41.781450][ T29] audit: type=1400 audit(1700775026.801:152): avc: denied { setattr } for pid=337 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 41.804648][ T29] audit: type=1400 audit(1700775026.821:153): avc: denied { mounton } for pid=341 comm="syz-executor.0" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[ 41.831903][ T341] bridge0: port 1(bridge_slave_0) entered blocking state
[ 41.839439][ T341] bridge0: port 1(bridge_slave_0) entered disabled state
[ 41.846815][ T341] device bridge_slave_0 entered promiscuous mode
[ 41.853676][ T341] bridge0: port 2(bridge_slave_1) entered blocking state
[ 41.861468][ T341] bridge0: port 2(bridge_slave_1) entered disabled state
[ 41.868787][ T341] device bridge_slave_1 entered promiscuous mode
[ 41.908810][ T341] bridge0: port 2(bridge_slave_1) entered blocking state
[ 41.915825][ T341] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 41.922964][ T341] bridge0: port 1(bridge_slave_0) entered blocking state
[ 41.929731][ T341] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 41.946259][ T298] bridge0: port 1(bridge_slave_0) entered disabled state
[ 41.953374][ T298] bridge0: port 2(bridge_slave_1) entered disabled state
[ 41.960750][ T298] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 41.968356][ T298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 41.976813][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 41.984922][ T38] bridge0: port 1(bridge_slave_0) entered blocking state
[ 41.991842][ T38] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 42.008039][ T341] device veth0_vlan entered promiscuous mode
[ 42.014962][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 42.023162][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 42.030947][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 42.038034][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 42.045289][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 42.053938][ T38] bridge0: port 2(bridge_slave_1) entered blocking state
[ 42.060821][ T38] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 42.068016][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 42.076145][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 42.088218][ T341] device veth1_macvtap entered promiscuous mode
[ 42.094781][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 42.105306][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 42.116568][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 42.134239][ T29] audit: type=1400 audit(1700775027.211:154): avc: denied { write } for pid=346 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 42.155791][ T29] audit: type=1400 audit(1700775027.211:155): avc: denied { nlmsg_write } for pid=346 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 42.176949][ T29] audit: type=1400 audit(1700775027.211:156): avc: denied { prog_load } for pid=346 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 42.208196][ C1] ==================================================================
[ 42.216077][ C1] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x4f95/0x5b20
[ 42.223800][ C1] Read of size 4 at addr ffffc900001c0b88 by task syz-executor.0/341
[ 42.231695][ C1]
[ 42.233879][ C1] CPU: 1 PID: 341 Comm: syz-executor.0 Not tainted 5.15.137-syzkaller #0
[ 42.242126][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
[ 42.252034][ C1] Call Trace:
[ 42.255127][ C1]
[ 42.257907][ C1] dump_stack_lvl+0x38/0x49
[ 42.262263][ C1] print_address_description.constprop.0+0x24/0x160
[ 42.268695][ C1] ? xfrm_state_find+0x4f95/0x5b20
[ 42.273615][ C1] kasan_report.cold+0x82/0xdb
[ 42.278222][ C1] ? netlink_has_listeners+0x60/0x170
[ 42.283423][ C1] ? xfrm_state_find+0x4f95/0x5b20
[ 42.288371][ C1] __asan_report_load4_noabort+0x14/0x20
[ 42.293837][ C1] xfrm_state_find+0x4f95/0x5b20
[ 42.298732][ C1] ? rcu_gp_cleanup+0x152/0xa10
[ 42.303414][ C1] ? xfrm_state_migrate+0x2180/0x2180
[ 42.308817][ C1] ? dst_release+0x44/0x60
[ 42.313055][ C1] ? xfrm4_get_saddr+0x12b/0x1a0
[ 42.317817][ C1] ? xfrm4_fill_dst+0x690/0x690
[ 42.322506][ C1] ? update_stack_state+0x12c/0x4d0
[ 42.327607][ C1] xfrm_tmpl_resolve+0x271/0xb40
[ 42.332311][ C1] ? xfrm_tmpl_resolve+0x271/0xb40
[ 42.337256][ C1] ? unwind_get_return_address+0x58/0xa0
[ 42.342730][ C1] ? __xfrm_dst_lookup+0xe0/0xe0
[ 42.347501][ C1] ? __stack_depot_save+0x36/0x440
[ 42.352449][ C1] xfrm_resolve_and_create_bundle+0x125/0x20c0
[ 42.358435][ C1] ? policy_hash_bysel+0xdf0/0xdf0
[ 42.363384][ C1] ? xfrm_policy_find_inexact_candidates.part.0+0x11f/0x1c0
[ 42.370499][ C1] ? xdst_queue_output+0x5e0/0x5e0
[ 42.375450][ C1] ? xfrm_sk_policy_lookup+0x380/0x380
[ 42.380740][ C1] ? __kmalloc_track_caller+0x2d4/0x4f0
[ 42.386121][ C1] ? __alloc_skb+0x8b/0x250
[ 42.390461][ C1] ? igmpv3_newpack+0x1b1/0xde0
[ 42.395158][ C1] ? add_grec+0xbef/0xec0
[ 42.399490][ C1] ? __kasan_check_write+0x14/0x20
[ 42.404532][ C1] xfrm_lookup_with_ifid+0x408/0x1c50
[ 42.409733][ C1] ? xfrm_policy_lookup_bytype.constprop.0+0xab0/0xab0
[ 42.416422][ C1] ? __kasan_check_read+0x11/0x20
[ 42.421317][ C1] ? ip_route_output_key_hash_rcu+0x776/0x2b40
[ 42.427263][ C1] xfrm_lookup_route+0x1f/0x150
[ 42.432035][ C1] ip_route_output_flow+0x259/0x2d0
[ 42.437165][ C1] ? kasan_poison+0x55/0x60
[ 42.441506][ C1] ? inet_rtm_getroute+0x20e0/0x20e0
[ 42.446623][ C1] igmpv3_newpack+0x2a8/0xde0
[ 42.451136][ C1] ? ip_mc_find_dev+0x290/0x290
[ 42.455836][ C1] ? update_cfs_group+0x1ac/0x240
[ 42.460870][ C1] ? reweight_entity+0x328/0x440
[ 42.465626][ C1] add_grhead+0x235/0x320
[ 42.469792][ C1] add_grec+0xbef/0xec0
[ 42.473783][ C1] ? __kasan_check_read+0x11/0x20
[ 42.478732][ C1] ? __kasan_check_write+0x14/0x20
[ 42.483676][ C1] ? igmpv3_sendpack.isra.0+0x200/0x200
[ 42.489067][ C1] ? clear_posix_cputimers_work+0xa0/0xa0
[ 42.494739][ C1] igmp_ifc_timer_expire+0x46e/0xb10
[ 42.499849][ C1] ? __kasan_check_write+0x14/0x20
[ 42.504805][ C1] ? igmp_start_timer+0x100/0x100
[ 42.509663][ C1] call_timer_fn+0x28/0x190
[ 42.513999][ C1] __run_timers.part.0+0x45c/0x840
[ 42.519139][ C1] ? igmp_start_timer+0x100/0x100
[ 42.524000][ C1] ? call_timer_fn+0x190/0x190
[ 42.528608][ C1] ? kvm_sched_clock_read+0x18/0x40
[ 42.533633][ C1] ? sched_clock+0x9/0x10
[ 42.537802][ C1] ? sched_clock_cpu+0x18/0x1b0
[ 42.542595][ C1] run_timer_softirq+0x9c/0x180
[ 42.547269][ C1] __do_softirq+0x1c1/0x5c8
[ 42.551632][ C1] irq_exit_rcu+0x64/0x110
[ 42.555861][ C1] sysvec_apic_timer_interrupt+0x9d/0xc0
[ 42.561634][ C1]
[ 42.564401][ C1]
[ 42.567176][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 42.573017][ C1] RIP: 0010:memset_erms+0x9/0x10
[ 42.577854][ C1] Code: c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 f3 48 ab 89 d1 f3 aa 4c 89 c8 c3 90 49 89 f9 40 88 f0 48 89 d1 aa 4c 89 c8 c3 90 49 89 fa 40 0f b6 ce 48 b8 01 01 01 01 01 01
[ 42.597296][ C1] RSP: 0018:ffffc900005b7b08 EFLAGS: 00010202
[ 42.603205][ C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00000000000013c0
[ 42.611009][ C1] RDX: 0000000000008000 RSI: 0000000000000000 RDI: ffffc90000686c40
[ 42.618828][ C1] RBP: ffffc900005b7b28 R08: 0000000000000001 R09: ffffc90000680000
[ 42.626636][ C1] R10: fffff520000d0fff R11: 0000000000000000 R12: ffffc90000680000
[ 42.634533][ C1] R13: 0000000000008000 R14: 0000000000000000 R15: 1ffff920000b6f88
[ 42.642471][ C1] ? memset+0x3c/0x50
[ 42.646368][ C1] copy_process+0x515/0x73e0
[ 42.650895][ C1] ? __handle_mm_fault+0xd3c/0x1380
[ 42.655918][ C1] ? __pmd_alloc+0x330/0x330
[ 42.660344][ C1] ? __cleanup_sighand+0x70/0x70
[ 42.665118][ C1] kernel_clone+0xc1/0x950
[ 42.669366][ C1] ? create_io_thread+0xe0/0xe0
[ 42.674058][ C1] ? trace_page_fault_user+0xb0/0xb0
[ 42.679182][ C1] __do_sys_clone+0xc9/0x100
[ 42.683604][ C1] ? kernel_clone+0x950/0x950
[ 42.688115][ C1] ? debug_smp_processor_id+0x17/0x20
[ 42.694031][ C1] ? fpregs_assert_state_consistent+0x3f/0x60
[ 42.700104][ C1] ? exit_to_user_mode_prepare+0x3a/0x150
[ 42.705749][ C1] __x64_sys_clone+0xb9/0x140
[ 42.710248][ C1] ? irqentry_exit+0x33/0x40
[ 42.714674][ C1] ? exc_page_fault+0x68/0xc0
[ 42.719189][ C1] do_syscall_64+0x35/0xb0
[ 42.723577][ C1] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 42.729296][ C1] RIP: 0033:0x7f093f048993
[ 42.733809][ C1] Code: 1f 84 00 00 00 00 00 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00
[ 42.753251][ C1] RSP: 002b:00007fff5454ca68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 42.761502][ C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f093f048993
[ 42.769315][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[ 42.777124][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 42.784924][ C1] R10: 0000555556bc5750 R11: 0000000000000246 R12: 0000000000000001
[ 42.792739][ C1] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000
[ 42.800652][ C1]
[ 42.803571][ C1]
[ 42.805769][ C1]
[ 42.807944][ C1] Memory state around the buggy address:
[ 42.813442][ C1] ffffc900001c0a80: 00 00 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00
[ 42.821307][ C1] ffffc900001c0b00: 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00
[ 42.829206][ C1] >ffffc900001c0b80: 00 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00
[ 42.837100][ C1] ^
[ 42.841271][ C1] ffffc900001c0c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 42.849185][ C1] ffffc900001c0c80: 00 00 00 00 00 f1 f1 f1 f1 00 f3 f3 f3 00 00 00
[ 42.857324][ C1] ==================================================================
[ 42.865312][ C1] Disabling lock debugging due to kernel taint
2023/11/23 21:30:31 executed programs: 743
2023/11/23 21:30:36 executed programs: 1929