[ 30.810990][ T115] bridge0: port 2(bridge_slave_1) entered disabled state
[ 30.819363][ T115] device bridge_slave_0 left promiscuous mode
[ 30.825401][ T115] bridge0: port 1(bridge_slave_0) entered disabled state
[ 30.833359][ T115] device veth1_macvtap left promiscuous mode
[ 30.839339][ T115] device veth0_vlan left promiscuous mode
[ 40.579190][ T30] kauditd_printk_skb: 71 callbacks suppressed
[ 40.579197][ T30] audit: type=1400 audit(1685771673.520:147): avc: denied { transition } for pid=325 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 40.607306][ T30] audit: type=1400 audit(1685771673.530:148): avc: denied { noatsecure } for pid=325 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 40.626510][ T30] audit: type=1400 audit(1685771673.530:149): avc: denied { rlimitinh } for pid=325 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 40.645446][ T30] audit: type=1400 audit(1685771673.530:150): avc: denied { siginh } for pid=325 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
Warning: Permanently added '10.128.1.165' (ECDSA) to the list of known hosts.
2023/06/03 05:54:40 ignoring optional flag "sandboxArg"="0"
2023/06/03 05:54:40 parsed 1 programs
2023/06/03 05:54:40 executed programs: 0
[ 47.552029][ T30] audit: type=1400 audit(1685771680.490:151): avc: denied { mounton } for pid=346 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 47.577603][ T30] audit: type=1400 audit(1685771680.500:152): avc: denied { mount } for pid=346 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[ 47.615714][ T349] bridge0: port 1(bridge_slave_0) entered blocking state
[ 47.622778][ T349] bridge0: port 1(bridge_slave_0) entered disabled state
[ 47.631670][ T349] device bridge_slave_0 entered promiscuous mode
[ 47.638775][ T349] bridge0: port 2(bridge_slave_1) entered blocking state
[ 47.646172][ T349] bridge0: port 2(bridge_slave_1) entered disabled state
[ 47.653400][ T349] device bridge_slave_1 entered promiscuous mode
[ 47.682916][ T30] audit: type=1400 audit(1685771680.620:153): avc: denied { write } for pid=349 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 47.688247][ T349] bridge0: port 2(bridge_slave_1) entered blocking state
[ 47.703747][ T30] audit: type=1400 audit(1685771680.630:154): avc: denied { read } for pid=349 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 47.710594][ T349] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 47.710697][ T349] bridge0: port 1(bridge_slave_0) entered blocking state
[ 47.745791][ T349] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 47.761596][ T61] bridge0: port 1(bridge_slave_0) entered disabled state
[ 47.768972][ T61] bridge0: port 2(bridge_slave_1) entered disabled state
[ 47.776817][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 47.784019][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 47.793001][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 47.801372][ T42] bridge0: port 1(bridge_slave_0) entered blocking state
[ 47.808689][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 47.823265][ T349] device veth0_vlan entered promiscuous mode
[ 47.830686][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 47.839363][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 47.847373][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 47.854597][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 47.861962][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 47.869986][ T42] bridge0: port 2(bridge_slave_1) entered blocking state
[ 47.876834][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 47.884045][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 47.891786][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 47.903097][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 47.911872][ T349] device veth1_macvtap entered promiscuous mode
[ 47.923107][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 47.931569][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 47.943516][ T30] audit: type=1400 audit(1685771680.880:155): avc: denied { mounton } for pid=349 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=360 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[ 47.976927][ T357] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 47.987803][ T30] audit: type=1400 audit(1685771680.930:156): avc: denied { write } for pid=356 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 48.009629][ T30] audit: type=1400 audit(1685771680.930:157): avc: denied { nlmsg_write } for pid=356 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 48.029467][ T359] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 48.031775][ C1] ==================================================================
[ 48.048740][ C1] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x445a/0x5930
[ 48.056717][ C1] Read of size 4 at addr ffffc900001d0b90 by task kauditd/30
[ 48.064177][ C1]
[ 48.066619][ C1] CPU: 1 PID: 30 Comm: kauditd Not tainted 5.15.106-syzkaller #0
[ 48.074594][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[ 48.084750][ C1] Call Trace:
[ 48.088048][ C1]
[ 48.090738][ C1] dump_stack_lvl+0x38/0x49
[ 48.095164][ C1] print_address_description.constprop.0+0x24/0x160
[ 48.102368][ C1] ? xfrm_state_find+0x445a/0x5930
[ 48.107323][ C1] kasan_report.cold+0x82/0xdb
[ 48.112272][ C1] ? netlink_has_listeners+0x90/0x170
[ 48.117483][ C1] ? xfrm_state_find+0x445a/0x5930
[ 48.122424][ C1] __asan_report_load4_noabort+0x14/0x20
[ 48.127892][ C1] xfrm_state_find+0x445a/0x5930
[ 48.132666][ C1] ? print_cpu_stall_info+0x3e2/0x860
[ 48.137876][ C1] ? xfrm_state_migrate+0x1f70/0x1f70
[ 48.143267][ C1] ? dst_release+0x44/0x90
[ 48.147517][ C1] ? xfrm4_get_saddr+0x12b/0x1a0
[ 48.152659][ C1] ? xfrm4_fill_dst+0x690/0x690
[ 48.157800][ C1] xfrm_tmpl_resolve+0x271/0xbb0
[ 48.162970][ C1] ? xfrm_tmpl_resolve+0x271/0xbb0
[ 48.167951][ C1] ? __xfrm_dst_lookup+0x120/0x120
[ 48.173341][ C1] ? __stack_depot_save+0x36/0x500
[ 48.179019][ C1] xfrm_resolve_and_create_bundle+0x125/0x21b0
[ 48.185187][ C1] ? policy_hash_bysel+0xf10/0xf10
[ 48.190215][ C1] ? xfrm_policy_find_inexact_candidates.part.0+0x11f/0x1c0
[ 48.199641][ C1] ? xfrm_policy_byid+0x5e0/0x5e0
[ 48.205194][ C1] ? xfrm_sk_policy_lookup+0x3b0/0x3b0
[ 48.210584][ C1] ? __kmalloc_track_caller+0x1a9/0x390
[ 48.215887][ C1] ? __alloc_skb+0x8b/0x250
[ 48.220330][ C1] ? igmpv3_newpack+0x1a0/0xdd0
[ 48.225001][ C1] ? add_grec+0xbef/0xec0
[ 48.229164][ C1] ? __kasan_check_write+0x14/0x20
[ 48.234212][ C1] xfrm_lookup_with_ifid+0x413/0x1a30
[ 48.239588][ C1] ? xfrm_policy_lookup_bytype.constprop.0+0xae0/0xae0
[ 48.247314][ C1] ? __kasan_check_read+0x11/0x20
[ 48.252393][ C1] ? ip_route_output_key_hash_rcu+0x776/0x2b40
[ 48.258549][ C1] xfrm_lookup_route+0x21/0x170
[ 48.263495][ C1] ip_route_output_flow+0x259/0x2d0
[ 48.269057][ C1] ? kasan_poison+0x54/0x60
[ 48.273518][ C1] ? inet_rtm_getroute+0x20a0/0x20a0
[ 48.278600][ C1] igmpv3_newpack+0x297/0xdd0
[ 48.283190][ C1] ? ip_mc_find_dev+0x290/0x290
[ 48.288061][ C1] ? ttwu_do_activate.isra.0+0x11c/0x280
[ 48.294916][ C1] add_grhead+0x235/0x320
[ 48.299449][ C1] add_grec+0xbef/0xec0
[ 48.304537][ C1] ? sched_setscheduler+0x190/0x190
[ 48.310125][ C1] ? __kasan_check_write+0x14/0x20
[ 48.316090][ C1] ? igmpv3_sendpack.isra.0+0x200/0x200
[ 48.321938][ C1] ? insert_work+0x28a/0x380
[ 48.326445][ C1] igmp_ifc_timer_expire+0x46e/0xb10
[ 48.331536][ C1] ? __kasan_check_write+0x14/0x20
[ 48.336647][ C1] ? _raw_spin_lock_bh+0x110/0x110
[ 48.341941][ C1] ? igmp_start_timer+0x100/0x100
[ 48.346975][ C1] call_timer_fn+0x28/0x1c0
[ 48.351330][ C1] __run_timers.part.0+0x559/0x930
[ 48.356367][ C1] ? igmp_start_timer+0x100/0x100
[ 48.361222][ C1] ? call_timer_fn+0x1c0/0x1c0
[ 48.366425][ C1] ? kvm_sched_clock_read+0x18/0x40
[ 48.371642][ C1] ? sched_clock+0x9/0x10
[ 48.376247][ C1] ? sched_clock_cpu+0x18/0x1e0
[ 48.381374][ C1] run_timer_softirq+0xa2/0x1a0
[ 48.386042][ C1] __do_softirq+0x1cb/0x66f
[ 48.390477][ C1] ? irqtime_account_irq+0x2e1/0x4a0
[ 48.396331][ C1] irq_exit_rcu+0x64/0x110
[ 48.400590][ C1] sysvec_apic_timer_interrupt+0x9d/0xc0
[ 48.406672][ C1]
[ 48.409537][ C1]
[ 48.412320][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 48.418574][ C1] RIP: 0010:console_unlock+0x435/0x810
[ 48.423870][ C1] Code: 00 00 80 e7 02 74 01 fb 48 8b 3d c6 40 6f 04 31 d2 4c 89 e6 e8 7c 6f 00 00 84 c0 74 0d e8 03 d2 ff ff 85 c0 0f 85 91 fc ff ff <48> b8 00 00 00 00 00 fc ff df 48 03 85 90 fe ff ff 48 c7 00 00 00
[ 48.443780][ C1] RSP: 0018:ffffc900001ffad0 EFLAGS: 00000206
[ 48.450292][ C1] RAX: 0000000080000001 RBX: 0000000000000001 RCX: 0000000000000000
[ 48.458364][ C1] RDX: 0000000000000002 RSI: 0000000000000004 RDI: 0000000000000001
[ 48.466466][ C1] RBP: ffffc900001ffc40 R08: 0000000000000001 R09: 0000000000000003
[ 48.474340][ C1] R10: fffff5200003ff4d R11: 74203a7469647561 R12: 0000000000000200
[ 48.482382][ C1] R13: ffffc900001ffb38 R14: dffffc0000000000 R15: ffffc900001ffc18
[ 48.490369][ C1] ? devkmsg_read+0x680/0x680
[ 48.495167][ C1] ? io_schedule_timeout+0x150/0x150
[ 48.500294][ C1] ? __kasan_check_write+0x14/0x20
[ 48.505204][ C1] ? _raw_spin_lock_irqsave+0x8c/0x120
[ 48.510681][ C1] ? _raw_spin_unlock_irqrestore+0x4d/0x80
[ 48.517210][ C1] ? down_trylock+0x58/0x80
[ 48.521552][ C1] vprintk_emit+0xc6/0x1c0
[ 48.526312][ C1] vprintk_default+0x18/0x20
[ 48.530734][ C1] vprintk+0x49/0x60
[ 48.534465][ C1] _printk+0xad/0xde
[ 48.538209][ C1] ? wakeup_reason_pm_event.cold+0xd8/0xd8
[ 48.544041][ C1] ? _raw_spin_unlock_irqrestore+0x4d/0x80
[ 48.550005][ C1] ? ___ratelimit+0x1b0/0x3b0
[ 48.554954][ C1] kauditd_hold_skb.cold+0x3a/0x49
[ 48.559947][ C1] kauditd_send_queue+0x149/0x1a0
[ 48.564800][ C1] ? kauditd_retry_skb+0xd0/0xd0
[ 48.569622][ C1] ? audit_net_exit+0xa0/0xa0
[ 48.574133][ C1] kauditd_thread+0x47f/0x5a0
[ 48.578606][ C1] ? auditd_reset+0x90/0x90
[ 48.582942][ C1] ? wait_woken+0x160/0x160
[ 48.587284][ C1] ? __kasan_check_read+0x11/0x20
[ 48.592149][ C1] ? __kthread_parkme+0x8b/0x160
[ 48.597004][ C1] ? schedule+0x12d/0x240
[ 48.601170][ C1] ? auditd_reset+0x90/0x90
[ 48.605518][ C1] kthread+0x35d/0x430
[ 48.609424][ C1] ? set_kthread_struct+0x100/0x100
[ 48.614448][ C1] ret_from_fork+0x1f/0x30
[ 48.619332][ C1]
[ 48.622445][ C1]
[ 48.624700][ C1]
[ 48.626872][ C1] Memory state around the buggy address:
[ 48.632344][ C1] ffffc900001d0a80: 00 00 00 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00
[ 48.640587][ C1] ffffc900001d0b00: 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00
[ 48.648480][ C1] >ffffc900001d0b80: 00 00 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00
[ 48.656380][ C1] ^
[ 48.660895][ C1] ffffc900001d0c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 48.668790][ C1] ffffc900001d0c80: 00 00 00 00 00 00 f1 f1 f1 f1 00 f3 f3 f3 00 00
[ 48.676776][ C1] ==================================================================
[ 48.684678][ C1] Disabling lock debugging due to kernel taint
[ 48.693357][ T30] audit: type=1400 audit(1685771680.930:158): avc: denied { prog_load } for pid=356 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 48.721528][ T363] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 48.786138][ T366] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 48.839416][ T368] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 48.890023][ T370] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 48.939910][ T372] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 48.996187][ T374] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 49.035844][ T377] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 49.085979][ T379] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
2023/06/03 05:54:45 executed programs: 77
[ 53.009785][ T570] __nla_validate_parse: 74 callbacks suppressed
[ 53.009792][ T570] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 53.050623][ T572] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 53.110838][ T575] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 53.168315][ T578] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 53.225782][ T580] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 53.240403][ T582] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 53.296332][ T585] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 53.328328][ T587] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 53.383226][ T590] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 53.425724][ T592] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
2023/06/03 05:54:50 executed programs: 174