[ 31.305164][ T53] bridge0: port 2(bridge_slave_1) entered disabled state
[ 31.312664][ T53] device bridge_slave_0 left promiscuous mode
[ 31.318877][ T53] bridge0: port 1(bridge_slave_0) entered disabled state
[ 31.326380][ T53] device veth1_macvtap left promiscuous mode
[ 31.332784][ T53] device veth0_vlan left promiscuous mode
[ 41.169889][ T30] kauditd_printk_skb: 71 callbacks suppressed
[ 41.169897][ T30] audit: type=1400 audit(1683178634.489:147): avc: denied { transition } for pid=325 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 41.197756][ T30] audit: type=1400 audit(1683178634.489:148): avc: denied { noatsecure } for pid=325 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 41.216545][ T30] audit: type=1400 audit(1683178634.489:149): avc: denied { rlimitinh } for pid=325 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 41.235397][ T30] audit: type=1400 audit(1683178634.489:150): avc: denied { siginh } for pid=325 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
Warning: Permanently added '10.128.10.56' (ECDSA) to the list of known hosts.
2023/05/04 05:37:21 ignoring optional flag "sandboxArg"="0"
2023/05/04 05:37:21 parsed 1 programs
2023/05/04 05:37:21 executed programs: 0
[ 48.134634][ T30] audit: type=1400 audit(1683178641.449:151): avc: denied { mounton } for pid=346 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 48.159612][ T30] audit: type=1400 audit(1683178641.449:152): avc: denied { mount } for pid=346 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[ 48.189921][ T350] bridge0: port 1(bridge_slave_0) entered blocking state
[ 48.196797][ T350] bridge0: port 1(bridge_slave_0) entered disabled state
[ 48.204075][ T350] device bridge_slave_0 entered promiscuous mode
[ 48.210633][ T350] bridge0: port 2(bridge_slave_1) entered blocking state
[ 48.217449][ T350] bridge0: port 2(bridge_slave_1) entered disabled state
[ 48.224939][ T350] device bridge_slave_1 entered promiscuous mode
[ 48.251480][ T30] audit: type=1400 audit(1683178641.569:153): avc: denied { write } for pid=350 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 48.255069][ T350] bridge0: port 2(bridge_slave_1) entered blocking state
[ 48.272192][ T30] audit: type=1400 audit(1683178641.569:154): avc: denied { read } for pid=350 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 48.279083][ T350] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 48.279166][ T350] bridge0: port 1(bridge_slave_0) entered blocking state
[ 48.313828][ T350] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 48.327984][ T6] bridge0: port 1(bridge_slave_0) entered disabled state
[ 48.335392][ T6] bridge0: port 2(bridge_slave_1) entered disabled state
[ 48.342904][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 48.350161][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 48.358217][ T59] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 48.366117][ T59] bridge0: port 1(bridge_slave_0) entered blocking state
[ 48.373073][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 48.387655][ T350] device veth0_vlan entered promiscuous mode
[ 48.394100][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 48.402258][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 48.409877][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 48.417241][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 48.424853][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 48.432713][ T6] bridge0: port 2(bridge_slave_1) entered blocking state
[ 48.439779][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 48.447080][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 48.454779][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 48.465340][ T350] device veth1_macvtap entered promiscuous mode
[ 48.472249][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 48.484650][ T59] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 48.492717][ T59] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 48.503806][ T30] audit: type=1400 audit(1683178641.819:155): avc: denied { mounton } for pid=350 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=360 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[ 48.531467][ T356] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 48.541950][ T30] audit: type=1400 audit(1683178641.859:156): avc: denied { write } for pid=355 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 48.550104][ T359] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 48.563821][ T30] audit: type=1400 audit(1683178641.859:157): avc: denied { nlmsg_write } for pid=355 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 48.571411][ C0] ==================================================================
[ 48.571416][ C0] BUG: KASAN: stack-out-of-bounds in __xfrm_dst_hash+0x3dd/0x4d0
[ 48.571430][ C0] Read of size 4 at addr ffffc90000007ab8 by task syz-executor.0/359
[ 48.571436][ C0]
[ 48.571440][ C0] CPU: 0 PID: 359 Comm: syz-executor.0 Not tainted 5.15.106-syzkaller #0
[ 48.571447][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 48.571451][ C0] Call Trace:
[ 48.571454][ C0]
[ 48.571457][ C0] dump_stack_lvl+0x105/0x148
[ 48.571465][ C0] ? io_uring_drop_tctx_refs+0x14e/0x14e
[ 48.571471][ C0] ? panic+0x4f8/0x4f8
[ 48.571476][ C0] ? __se_sys_sendmsg+0x162/0x1f0
[ 48.571485][ C0] print_address_description+0x87/0x3b0
[ 48.571493][ C0] kasan_report+0x179/0x1c0
[ 48.571500][ C0] ? __xfrm_dst_hash+0x3dd/0x4d0
[ 48.571506][ C0] ? __xfrm_dst_hash+0x3dd/0x4d0
[ 48.592316][ T30] audit: type=1400 audit(1683178641.859:158): avc: denied { prog_load } for pid=355 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 48.600273][ C0] __asan_report_load4_noabort+0x14/0x20
[ 48.600287][ C0] __xfrm_dst_hash+0x3dd/0x4d0
[ 48.709649][ C0] xfrm_state_find+0x2fb/0x2c80
[ 48.714331][ C0] ? xfrm_sad_getinfo+0x170/0x170
[ 48.719193][ C0] ? dst_release+0x41/0x90
[ 48.723447][ C0] ? xfrm4_get_saddr+0x17c/0x290
[ 48.728241][ C0] ? rhashtable_lookup+0x240/0x460
[ 48.733245][ C0] ? stack_trace_snprint+0xf0/0xf0
[ 48.738144][ C0] xfrm_resolve_and_create_bundle+0x57c/0x28e0
[ 48.744193][ C0] ? xfrm_sk_policy_lookup+0x430/0x430
[ 48.749481][ C0] ? xfrm_policy_lookup+0xdea/0xe70
[ 48.754515][ C0] ? _printk+0xca/0x10a
[ 48.758508][ C0] ? __nla_validate_parse+0x2234/0x27f0
[ 48.763890][ C0] ? __nla_parse+0x27/0x30
[ 48.768188][ C0] xfrm_lookup_with_ifid+0x7dd/0x1900
[ 48.773439][ C0] ? _raw_spin_unlock_bh+0x51/0x60
[ 48.778384][ C0] ? __xfrm_sk_clone_policy+0x8d0/0x8d0
[ 48.783968][ C0] ? ip_route_output_key_hash_rcu+0x10c0/0x1d40
[ 48.790121][ C0] xfrm_lookup_route+0x1d/0x120
[ 48.794892][ C0] ip_route_output_flow+0x1c3/0x2f0
[ 48.800014][ C0] ? ipv4_sk_update_pmtu+0x1fa0/0x1fa0
[ 48.805332][ C0] ? __put_user_ns+0x50/0x50
[ 48.810166][ C0] ? __alloc_skb+0x27c/0x490
[ 48.814683][ C0] igmpv3_newpack+0x40a/0xf70
[ 48.819195][ C0] ? call_timer_fn+0x28/0x1c0
[ 48.823811][ C0] ? __run_timers+0x69c/0x850
[ 48.828413][ C0] ? igmpv3_sendpack+0x190/0x190
[ 48.833186][ C0] ? __se_sys_sendmsg+0x162/0x1f0
[ 48.838096][ C0] ? __x64_sys_sendmsg+0x76/0x80
[ 48.842824][ C0] ? do_syscall_64+0x3d/0xb0
[ 48.847262][ C0] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 48.853231][ C0] add_grhead+0x70/0x310
[ 48.857315][ C0] add_grec+0x104b/0x1340
[ 48.861479][ C0] ? try_invoke_on_locked_down_task+0x2a0/0x2a0
[ 48.867561][ C0] ? _raw_spin_lock_bh+0xa4/0x1b0
[ 48.872420][ C0] ? igmpv3_send_report+0x380/0x380
[ 48.877447][ C0] ? __queue_work+0x732/0x990
[ 48.881962][ C0] igmp_ifc_timer_expire+0x735/0xd20
[ 48.887082][ C0] ? _raw_spin_lock+0xa4/0x1b0
[ 48.891777][ C0] ? _raw_spin_trylock_bh+0x190/0x190
[ 48.897246][ C0] ? igmp_gq_timer_expire+0x90/0x90
[ 48.902273][ C0] call_timer_fn+0x28/0x1c0
[ 48.907220][ C0] ? igmp_gq_timer_expire+0x90/0x90
[ 48.912431][ C0] __run_timers+0x675/0x850
[ 48.916858][ C0] ? calc_index+0x210/0x210
[ 48.921284][ C0] run_timer_softirq+0x4a/0xb0
[ 48.926673][ C0] __do_softirq+0x26d/0x5bf
[ 48.931125][ C0] __irq_exit_rcu+0x50/0xf0
[ 48.935548][ C0] irq_exit_rcu+0x9/0x10
[ 48.939732][ C0] sysvec_apic_timer_interrupt+0x9a/0xc0
[ 48.945199][ C0]
[ 48.947991][ C0]
[ 48.950846][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 48.956658][ C0] RIP: 0010:console_unlock+0x97d/0xcc0
[ 48.962108][ C0] Code: e8 08 ce 08 03 84 db 74 07 c6 05 bd fe f2 04 00 e8 68 4a 00 00 f7 44 24 30 00 02 00 00 4c 8d a4 24 d0 01 00 00 74 01 fb 84 db <0f> 94 c0 22 44 24 07 3c 01 0f 84 00 f9 ff ff 0f b6 c3 85 c0 0f 84
[ 48.983068][ C0] RSP: 0018:ffffc900006d6740 EFLAGS: 00000202
[ 48.988968][ C0] RAX: 0000000000000001 RBX: 0000000000000001 RCX: 0000000000000002
[ 48.998348][ C0] RDX: 0000000000000001 RSI: 0000000000000004 RDI: 0000000000000001
[ 49.006847][ C0] RBP: ffffc900006d69b0 R08: dffffc0000000000 R09: 0000000000000003
[ 49.014793][ C0] R10: fffff520000dacd8 R11: dffffc0000000001 R12: ffffc900006d6910
[ 49.022736][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000068
[ 49.030555][ C0] ? vprintk_emit+0x250/0x250
[ 49.035167][ C0] ? __kasan_check_write+0x14/0x20
[ 49.040122][ C0] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 49.045418][ C0] ? _raw_spin_lock+0x1b0/0x1b0
[ 49.050094][ C0] ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 49.055844][ C0] vprintk_emit+0xd1/0x250
[ 49.060074][ C0] ? vprintk_store+0x12c0/0x12c0
[ 49.065017][ C0] ? __kasan_check_write+0x14/0x20
[ 49.070054][ C0] ? _raw_spin_trylock+0xcd/0x1a0
[ 49.074913][ C0] ? __cpuidle_text_end+0x5/0x5
[ 49.079600][ C0] vprintk_default+0x18/0x20
[ 49.084044][ C0] vprintk+0x49/0x50
[ 49.087857][ C0] _printk+0xca/0x10a
[ 49.091842][ C0] ? panic+0x4f8/0x4f8
[ 49.095742][ C0] ? netlink_unicast+0x6eb/0x930
[ 49.100781][ C0] ? ____sys_sendmsg+0x492/0x790
[ 49.105552][ C0] ? ___sys_sendmsg+0x215/0x2a0
[ 49.110238][ C0] ? __se_sys_sendmsg+0x162/0x1f0
[ 49.115376][ C0] __nla_validate_parse+0x2234/0x27f0
[ 49.120746][ C0] ? __nla_validate+0x20/0x20
[ 49.125253][ C0] ? __kasan_kmalloc+0x9/0x10
[ 49.129767][ C0] __nla_parse+0x27/0x30
[ 49.133938][ C0] rtnl_newlink+0x54b/0x1b30
[ 49.138358][ C0] ? rtnl_setlink+0x460/0x460
[ 49.142875][ C0] ? memcpy+0x56/0x70
[ 49.146694][ C0] ? kvm_sched_clock_read+0x18/0x40
[ 49.151724][ C0] ? __kasan_check_write+0x14/0x20
[ 49.156676][ C0] ? mutex_lock+0xb6/0x1e0
[ 49.160931][ C0] ? security_capable+0x3c/0x90
[ 49.165723][ C0] ? wait_for_completion_killable_timeout+0x10/0x10
[ 49.172235][ C0] ? ns_capable+0x5b/0xc0
[ 49.176373][ C0] ? netlink_net_capable+0x105/0x140
[ 49.181582][ C0] rtnetlink_rcv_msg+0x5e8/0xa70
[ 49.186360][ C0] ? rtnetlink_bind+0x50/0x50
[ 49.190867][ C0] ? stack_trace_save+0x1c0/0x1c0
[ 49.195728][ C0] ? __kernel_text_address+0x9b/0x110
[ 49.200940][ C0] ? unwind_get_return_address+0x4d/0x90
[ 49.206404][ C0] ? avc_has_perm_noaudit+0x2a2/0x370
[ 49.211612][ C0] ? memcpy+0x56/0x70
[ 49.215451][ C0] ? avc_has_perm_noaudit+0x23e/0x370
[ 49.220997][ C0] ? avc_denied+0x1c0/0x1c0
[ 49.225521][ C0] ? avc_has_perm+0xcb/0x210
[ 49.229948][ C0] ? ____kasan_kmalloc+0xed/0x110
[ 49.234894][ C0] ? ____kasan_kmalloc+0xdb/0x110
[ 49.239858][ C0] ? avc_has_perm_noaudit+0x370/0x370
[ 49.245064][ C0] ? do_syscall_64+0x3d/0xb0
[ 49.249494][ C0] netlink_rcv_skb+0x1c7/0x3c0
[ 49.254092][ C0] ? rtnetlink_bind+0x50/0x50
[ 49.258700][ C0] ? netlink_ack+0xa20/0xa20
[ 49.263128][ C0] ? __netlink_lookup+0x2d5/0x2f0
[ 49.268683][ C0] rtnetlink_rcv+0x10/0x20
[ 49.272924][ C0] netlink_unicast+0x6eb/0x930
[ 49.277552][ C0] ? netlink_detachskb+0x60/0x60
[ 49.282304][ C0] ? security_netlink_send+0x30/0x80
[ 49.287795][ C0] netlink_sendmsg+0x7a2/0xba0
[ 49.292580][ C0] ? __sys_socket+0x158/0x300
[ 49.297088][ C0] ? netlink_getsockopt+0x590/0x590
[ 49.302128][ C0] ? security_socket_sendmsg+0x37/0x90
[ 49.307613][ C0] ? netlink_getsockopt+0x590/0x590
[ 49.312930][ C0] ____sys_sendmsg+0x492/0x790
[ 49.317845][ C0] ? iovec_from_user+0x191/0x230
[ 49.322805][ C0] ? __sys_sendmsg_sock+0x20/0x20
[ 49.327656][ C0] ___sys_sendmsg+0x215/0x2a0
[ 49.332173][ C0] ? __sys_sendmsg+0x1e0/0x1e0
[ 49.336939][ C0] ? security_file_alloc+0x24/0x100
[ 49.342081][ C0] ? alloc_file+0x1c4/0x4b0
[ 49.346596][ C0] ? __fdget+0x144/0x1c0
[ 49.351045][ C0] __se_sys_sendmsg+0x162/0x1f0
[ 49.355702][ C0] ? __x64_sys_sendmsg+0x80/0x80
[ 49.360646][ C0] ? switch_fpu_return+0x1b7/0x320
[ 49.365597][ C0] __x64_sys_sendmsg+0x76/0x80
[ 49.370192][ C0] do_syscall_64+0x3d/0xb0
[ 49.374619][ C0] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 49.380344][ C0] RIP: 0033:0x7fdc0e7200a9
[ 49.384717][ C0] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 49.404331][ C0] RSP: 002b:00007fdc0e293168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 49.412720][ C0] RAX: ffffffffffffffda RBX: 00007fdc0e83ff80 RCX: 00007fdc0e7200a9
[ 49.423911][ C0] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[ 49.431809][ C0] RBP: 00007fdc0e77bae9 R08: 0000000000000000 R09: 0000000000000000
[ 49.439703][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 49.447653][ C0] R13: 00007fffa0df1aff R14: 00007fdc0e293300 R15: 0000000000022000
[ 49.455633][ C0]
[ 49.458446][ C0]
[ 49.460623][ C0]
[ 49.462787][ C0] Memory state around the buggy address:
[ 49.468443][ C0] ffffc90000007980: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[ 49.476625][ C0] ffffc90000007a00: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
[ 49.484606][ C0] >ffffc90000007a80: 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 00 00 00 00
[ 49.492758][ C0] ^
[ 49.498590][ C0] ffffc90000007b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 49.506829][ C0] ffffc90000007b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 49.514894][ C0] ==================================================================
[ 49.522797][ C0] Disabling lock debugging due to kernel taint
[ 49.560409][ T363] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 49.613577][ T365] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 49.644118][ T367] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 49.699817][ T370] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 49.753801][ T372] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 49.783832][ T374] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 49.840506][ T376] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 49.892304][ T378] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
2023/05/04 05:37:26 executed programs: 75
[ 53.543150][ T559] __nla_validate_parse: 73 callbacks suppressed
[ 53.543159][ T559] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 53.604196][ T562] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 53.652740][ T564] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 53.682688][ T566] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 53.738758][ T569] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 53.773272][ T571] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 53.830334][ T573] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 53.885146][ T576] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 53.940339][ T578] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 53.983519][ T580] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
2023/05/04 05:37:31 executed programs: 175
[ 58.590094][ T797] __nla_validate_parse: 90 callbacks suppressed
[ 58.590103][ T797] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.