Warning: Permanently added '10.128.1.117' (ED25519) to the list of known hosts. 2023/07/22 23:53:16 ignoring optional flag "sandboxArg"="0" 2023/07/22 23:53:16 parsed 1 programs 2023/07/22 23:53:16 executed programs: 0 [ 57.325214][ T2623] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 58.876352][ T2629] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 58.887273][ T2629] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 58.897547][ T2629] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 58.909534][ T2629] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 64.936520][ T21] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.944696][ T21] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.958685][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.968306][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.040413][ T3351] netlink: 'syz-executor.0': attribute type 8 has an invalid length. [ 65.048733][ T3351] ================================================================== [ 65.056956][ T3351] BUG: KASAN: stack-out-of-bounds in __nla_validate_parse+0x13c/0x2c90 [ 65.065751][ T3351] Write of size 32 at addr ffffc90001df6d00 by task syz-executor.0/3351 [ 65.074234][ T3351] [ 65.076725][ T3351] CPU: 0 PID: 3351 Comm: syz-executor.0 Not tainted 6.4.0-syzkaller #0 [ 65.084957][ T3351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 65.095177][ T3351] Call Trace: [ 65.098620][ T3351] [ 65.101532][ T3351] dump_stack_lvl+0x214/0x300 [ 65.106461][ T3351] ? nf_tcp_handle_invalid+0x5d0/0x5d0 [ 65.112013][ T3351] ? panic+0x580/0x580 [ 65.116076][ T3351] ? _printk+0xd5/0x120 [ 65.120234][ T3351] print_report+0x163/0x540 [ 65.124832][ T3351] ? __virt_addr_valid+0xa1/0x2a0 [ 65.129933][ T3351] ? __nla_validate_parse+0x13c/0x2c90 [ 65.135468][ T3351] kasan_report+0x175/0x1b0 [ 65.139973][ T3351] ? __nla_validate_parse+0x13c/0x2c90 [ 65.145636][ T3351] kasan_check_range+0x27e/0x290 [ 65.150588][ T3351] __asan_memset+0x23/0x40 [ 65.155003][ T3351] __nla_validate_parse+0x13c/0x2c90 [ 65.160374][ T3351] ? _raw_spin_unlock_irqrestore+0xcf/0x130 [ 65.166545][ T3351] ? __nla_validate+0x50/0x50 [ 65.171228][ T3351] ? stack_trace_save+0x117/0x1c0 [ 65.176239][ T3351] ? stack_trace_snprint+0xe0/0xe0 [ 65.181333][ T3351] ? __stack_depot_save+0x358/0x430 [ 65.186513][ T3351] __nla_parse+0x40/0x50 [ 65.190757][ T3351] fl_set_key_cfm+0x1e3/0x440 [ 65.195593][ T3351] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 65.201943][ T3351] ? fl_set_key+0x6790/0x6790 [ 65.206703][ T3351] fl_set_key+0x21de/0x6790 [ 65.211426][ T3351] ? fl_uninit_mask_free_work+0x20/0x20 [ 65.216976][ T3351] fl_tmplt_create+0x1fe/0x510 [ 65.221749][ T3351] ? __lock_acquire+0xbe0/0xbe0 [ 65.226607][ T3351] ? fl_bind_class+0x220/0x220 [ 65.231471][ T3351] ? __raw_spin_lock_init+0x45/0x100 [ 65.236865][ T3351] ? nla_strscpy+0xfa/0x160 [ 65.241455][ T3351] ? do_raw_read_unlock+0x3c/0x80 [ 65.246514][ T3351] ? _raw_read_unlock+0x28/0x40 [ 65.251635][ T3351] ? tcf_proto_lookup_ops+0xd1/0x280 [ 65.257099][ T3351] ? fl_bind_class+0x220/0x220 [ 65.261868][ T3351] tc_ctl_chain+0x130e/0x19d0 [ 65.266981][ T3351] ? __mutex_lock+0x5bb/0x1980 [ 65.272143][ T3351] ? tc_dump_tfilter+0x15a0/0x15a0 [ 65.277264][ T3351] ? __lock_acquire+0xbe0/0xbe0 [ 65.282309][ T3351] ? security_capable+0x8a/0xb0 [ 65.287175][ T3351] ? try_module_get+0x13d/0x290 [ 65.292028][ T3351] ? tc_dump_tfilter+0x15a0/0x15a0 [ 65.297149][ T3351] rtnetlink_rcv_msg+0xbdc/0xe00 [ 65.302079][ T3351] ? __module_address+0x32/0x4d0 [ 65.307096][ T3351] ? stack_trace_save+0x1c0/0x1c0 [ 65.312130][ T3351] ? rtnetlink_bind+0x80/0x80 [ 65.316891][ T3351] ? __kernel_text_address+0xd/0x40 [ 65.322223][ T3351] ? unwind_get_return_address+0x4d/0x90 [ 65.327862][ T3351] ? arch_stack_walk+0xf7/0x140 [ 65.332708][ T3351] ? stack_trace_save+0x117/0x1c0 [ 65.337807][ T3351] ? stack_trace_snprint+0xe0/0xe0 [ 65.343023][ T3351] ? stack_trace_save+0x117/0x1c0 [ 65.348215][ T3351] ? __stack_depot_save+0x1e/0x430 [ 65.353442][ T3351] ? kasan_set_track+0x61/0x70 [ 65.358307][ T3351] ? kasan_set_track+0x4f/0x70 [ 65.363063][ T3351] ? __kasan_slab_alloc+0x66/0x70 [ 65.368259][ T3351] ? slab_post_alloc_hook+0x66/0x3c0 [ 65.373550][ T3351] ? kmem_cache_alloc_node+0x149/0x2f0 [ 65.379036][ T3351] ? kmalloc_reserve+0x8a/0x240 [ 65.384180][ T3351] ? __alloc_skb+0x28d/0x5b0 [ 65.389988][ T3351] ? netlink_sendmsg+0x6e1/0xcf0 [ 65.394918][ T3351] ? ____sys_sendmsg+0x592/0x890 [ 65.399954][ T3351] ? ___sys_sendmsg+0x27a/0x300 [ 65.404801][ T3351] ? __se_sys_sendmsg+0x1b3/0x290 [ 65.409920][ T3351] ? do_syscall_64+0x41/0xc0 [ 65.414580][ T3351] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 65.420727][ T3351] ? __lock_acquire+0x5c3/0xbe0 [ 65.425674][ T3351] netlink_rcv_skb+0x1df/0x430 [ 65.430460][ T3351] ? rtnetlink_bind+0x80/0x80 [ 65.435441][ T3351] ? netlink_ack+0x1140/0x1140 [ 65.440235][ T3351] ? __netlink_lookup+0x36c/0x390 [ 65.445261][ T3351] netlink_unicast+0x79d/0x960 [ 65.450030][ T3351] ? netlink_detachskb+0x90/0x90 [ 65.454966][ T3351] ? __virt_addr_valid+0x211/0x2a0 [ 65.460245][ T3351] ? __phys_addr_symbol+0x2f/0x70 [ 65.465535][ T3351] ? __check_object_size+0x4ca/0xa10 [ 65.471251][ T3351] netlink_sendmsg+0x93a/0xcf0 [ 65.476555][ T3351] ? netlink_getsockopt+0x5b0/0x5b0 [ 65.481937][ T3351] ? do_raw_spin_unlock+0x13b/0x8b0 [ 65.487144][ T3351] ? smack_socket_sendmsg+0xd2/0x260 [ 65.492613][ T3351] ? security_socket_sendmsg+0x81/0xa0 [ 65.498250][ T3351] ? netlink_getsockopt+0x5b0/0x5b0 [ 65.503562][ T3351] ____sys_sendmsg+0x592/0x890 [ 65.508413][ T3351] ? __sys_sendmsg_sock+0x30/0x30 [ 65.513805][ T3351] ___sys_sendmsg+0x27a/0x300 [ 65.518565][ T3351] ? __lock_acquire+0x5c3/0xbe0 [ 65.523509][ T3351] ? __sys_sendmsg+0x290/0x290 [ 65.528438][ T3351] ? finish_task_switch+0x11b/0x580 [ 65.533845][ T3351] ? __fdget+0x186/0x210 [ 65.538189][ T3351] __se_sys_sendmsg+0x1b3/0x290 [ 65.543328][ T3351] ? xfd_validate_state+0x5e/0x70 [ 65.548899][ T3351] ? __x64_sys_sendmsg+0x80/0x80 [ 65.553874][ T3351] ? switch_fpu_return+0x10e/0x170 [ 65.559097][ T3351] do_syscall_64+0x41/0xc0 [ 65.563612][ T3351] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 65.569960][ T3351] RIP: 0033:0x7f424516db29 [ 65.574464][ T3351] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 65.594502][ T3351] RSP: 002b:00007f4244cf00c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 65.602927][ T3351] RAX: ffffffffffffffda RBX: 00007f424528cf80 RCX: 00007f424516db29 [ 65.611072][ T3351] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 65.619138][ T3351] RBP: 00007f42451b947a R08: 0000000000000000 R09: 0000000000000000 [ 65.627186][ T3351] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 65.635247][ T3351] R13: 0000000000000006 R14: 00007f424528cf80 R15: 00007ffd0e008618 [ 65.643209][ T3351] [ 65.646231][ T3351] [ 65.648624][ T3351] The buggy address belongs to stack of task syz-executor.0/3351 [ 65.656323][ T3351] and is located at offset 32 in frame: [ 65.661940][ T3351] fl_set_key_cfm+0x0/0x440 [ 65.666426][ T3351] [ 65.668738][ T3351] This frame has 1 object: [ 65.673130][ T3351] [32, 56) 'nla_cfm_opt' [ 65.673137][ T3351] [ 65.679746][ T3351] The buggy address belongs to the virtual mapping at [ 65.679746][ T3351] [ffffc90001df0000, ffffc90001df9000) created by: [ 65.679746][ T3351] copy_process+0x5bc/0x3a00 [ 65.697626][ T3351] [ 65.699982][ T3351] The buggy address belongs to the physical page: [ 65.706479][ T3351] page:ffffea0004119cc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104673 [ 65.716717][ T3351] memcg:ffff88810ead8c82 [ 65.720949][ T3351] flags: 0x200000000000000(node=0|zone=2) [ 65.726944][ T3351] page_type: 0xffffffff() [ 65.731386][ T3351] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 65.740051][ T3351] raw: 0000000000000000 0000000000000000 00000001ffffffff ffff88810ead8c82 [ 65.748809][ T3351] page dumped because: kasan: bad access detected [ 65.755325][ T3351] page_owner tracks the page as allocated [ 65.761208][ T3351] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102dc2(GFP_HIGHUSER|__GFP_NOWARN|__GFP_ZERO), pid 3350, tgid 3350 (syz-executor.0), ts 65038340943, free_ts 64847026574 [ 65.780041][ T3351] post_alloc_hook+0x26e/0x290 [ 65.784802][ T3351] get_page_from_freelist+0x2dbd/0x2f40 [ 65.790452][ T3351] __alloc_pages+0x255/0x650 [ 65.795047][ T3351] __vmalloc_node_range+0x992/0x1460 [ 65.800422][ T3351] dup_task_struct+0x67d/0xa80 [ 65.805180][ T3351] copy_process+0x5bc/0x3a00 [ 65.809769][ T3351] kernel_clone+0x21a/0x830 [ 65.814373][ T3351] __se_sys_clone3+0x2cb/0x340 [ 65.819218][ T3351] do_syscall_64+0x41/0xc0 [ 65.823976][ T3351] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 65.830115][ T3351] page last free stack trace: [ 65.834897][ T3351] free_unref_page_prepare+0x800/0x920 [ 65.840709][ T3351] free_unref_page_list+0x54b/0x7e0 [ 65.845930][ T3351] release_pages+0x2015/0x2300 [ 65.851144][ T3351] tlb_flush_mmu+0x100/0x200 [ 65.855827][ T3351] tlb_finish_mmu+0xd4/0x1f0 [ 65.860524][ T3351] exit_mmap+0x3d3/0x900 [ 65.864766][ T3351] __mmput+0xc9/0x360 [ 65.868739][ T3351] exit_mm+0x131/0x200 [ 65.873233][ T3351] do_exit+0x91c/0x29c0 [ 65.877463][ T3351] do_group_exit+0x206/0x2c0 [ 65.882047][ T3351] __x64_sys_exit_group+0x3f/0x40 [ 65.887173][ T3351] do_syscall_64+0x41/0xc0 [ 65.891684][ T3351] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 65.897658][ T3351] [ 65.899970][ T3351] Memory state around the buggy address: [ 65.905633][ T3351] ffffc90001df6c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 65.914218][ T3351] ffffc90001df6c80: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 [ 65.922625][ T3351] >ffffc90001df6d00: 00 00 00 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00 [ 65.930954][ T3351] ^ [ 65.936171][ T3351] ffffc90001df6d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 65.944868][ T3351] ffffc90001df6e00: 00 00 00 00 f1 f1 f1 f1 00 00 f3 f3 00 00 00 00 [ 65.953015][ T3351] ================================================================== [ 65.962172][ T3351] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 65.969833][ T3351] Kernel Offset: disabled [ 65.974249][ T3351] Rebooting in 86400 seconds..