Warning: Permanently added '10.128.1.146' (ECDSA) to the list of known hosts. 2023/06/30 08:52:47 ignoring optional flag "sandboxArg"="0" 2023/06/30 08:52:47 parsed 1 programs [ 39.478042][ T23] kauditd_printk_skb: 69 callbacks suppressed [ 39.478050][ T23] audit: type=1400 audit(1688115167.930:145): avc: denied { mounton } for pid=401 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 2023/06/30 08:52:47 executed programs: 0 [ 39.509132][ T23] audit: type=1400 audit(1688115167.930:146): avc: denied { mount } for pid=401 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 39.573436][ T405] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.580487][ T405] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.587751][ T405] device bridge_slave_0 entered promiscuous mode [ 39.594288][ T405] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.601417][ T405] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.608827][ T405] device bridge_slave_1 entered promiscuous mode [ 39.645963][ T405] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.652814][ T405] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.659910][ T405] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.666672][ T405] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.685924][ T107] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.693174][ T107] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.700937][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 39.708631][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 39.717397][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 39.725649][ T18] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.732402][ T18] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.747260][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 39.755249][ T107] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.762053][ T107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.769240][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 39.777169][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 39.789940][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 39.808002][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 39.816707][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 39.824553][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 39.840175][ T23] audit: type=1400 audit(1688115168.290:147): avc: denied { mounton } for pid=405 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=708 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 39.864616][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 39.880843][ T411] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 39.892049][ T23] audit: type=1400 audit(1688115168.340:148): avc: denied { write } for pid=410 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 39.917072][ C1] ================================================================== [ 39.925129][ C1] BUG: KASAN: stack-out-of-bounds in __xfrm_dst_hash+0x355/0x430 [ 39.929102][ T23] audit: type=1400 audit(1688115168.340:149): avc: denied { nlmsg_write } for pid=410 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 39.932760][ C1] Read of size 4 at addr ffff8881f6f09a78 by task udevd/407 [ 39.932761][ C1] [ 39.932770][ C1] CPU: 1 PID: 407 Comm: udevd Not tainted 5.4.242-syzkaller-00082-g487daef44f9f #0 [ 39.932774][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 39.932784][ C1] Call Trace: [ 39.958721][ T413] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 39.960612][ C1] [ 39.960626][ C1] dump_stack+0x1d8/0x241 [ 39.960640][ C1] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 40.007255][ C1] ? printk+0xd1/0x111 [ 40.011672][ C1] ? __xfrm_dst_hash+0x355/0x430 [ 40.016424][ C1] print_address_description+0x8c/0x600 [ 40.021807][ C1] ? __xfrm_dst_hash+0x355/0x430 [ 40.026574][ C1] __kasan_report+0xf3/0x120 [ 40.031002][ C1] ? __xfrm_dst_hash+0x355/0x430 [ 40.035773][ C1] kasan_report+0x30/0x60 [ 40.039940][ C1] __xfrm_dst_hash+0x355/0x430 [ 40.044546][ C1] xfrm_state_find+0x2cc/0x2dc0 [ 40.049418][ C1] ? call_rcu+0x10/0x10 [ 40.053401][ C1] ? xfrm_sad_getinfo+0x170/0x170 [ 40.058287][ C1] ? xfrm4_get_saddr+0x18c/0x2a0 [ 40.063027][ C1] ? stack_trace_save+0x118/0x1c0 [ 40.067899][ C1] ? xfrm_pol_bin_key+0x21/0x1c0 [ 40.072748][ C1] xfrm_resolve_and_create_bundle+0x6aa/0x31d0 [ 40.078734][ C1] ? xfrm_pol_bin_obj+0x1c0/0x1c0 [ 40.083699][ C1] ? xfrm_sk_policy_lookup+0x5c0/0x5c0 [ 40.088980][ C1] ? xfrm_policy_lookup+0xe4f/0xec0 [ 40.094014][ C1] xfrm_lookup_with_ifid+0x549/0x1c90 [ 40.099263][ C1] ? rt_set_nexthop+0x21b/0x700 [ 40.104252][ C1] ? __xfrm_sk_clone_policy+0x8a0/0x8a0 [ 40.109644][ C1] ? ip_route_output_key_hash+0x230/0x230 [ 40.115201][ C1] xfrm_lookup_route+0x37/0x170 [ 40.119889][ C1] ip_route_output_flow+0x1fe/0x330 [ 40.125360][ C1] ? ipv4_sk_update_pmtu+0x1ed0/0x1ed0 [ 40.130647][ C1] ? make_kuid+0x200/0x700 [ 40.134907][ C1] ? __put_user_ns+0x50/0x50 [ 40.139327][ C1] ? __alloc_skb+0x29e/0x4d0 [ 40.143761][ C1] igmpv3_newpack+0x425/0x1030 [ 40.148357][ C1] ? asan.module_dtor+0x20/0x20 [ 40.153053][ C1] ? igmpv3_sendpack+0x190/0x190 [ 40.157824][ C1] ? check_preemption_disabled+0x9f/0x320 [ 40.163377][ C1] add_grhead+0x75/0x2c0 [ 40.167535][ C1] add_grec+0x12c9/0x15d0 [ 40.171705][ C1] ? mod_timer_pending+0x20/0x20 [ 40.176479][ C1] ? _raw_spin_lock_bh+0xa4/0x1b0 [ 40.181331][ C1] ? igmpv3_send_report+0x410/0x410 [ 40.186567][ C1] ? prandom_u32+0x236/0x270 [ 40.190981][ C1] igmp_ifc_timer_expire+0x7bc/0xea0 [ 40.196137][ C1] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 40.201048][ C1] ? _raw_spin_lock_irqsave+0x210/0x210 [ 40.206429][ C1] ? igmp_gq_timer_expire+0xd0/0xd0 [ 40.211467][ C1] call_timer_fn+0x36/0x390 [ 40.215896][ C1] ? igmp_gq_timer_expire+0xd0/0xd0 [ 40.221011][ C1] __run_timers+0x879/0xbe0 [ 40.225360][ C1] ? enqueue_timer+0x300/0x300 [ 40.229960][ C1] ? check_preemption_disabled+0x9f/0x320 [ 40.235516][ C1] ? debug_smp_processor_id+0x20/0x20 [ 40.240821][ C1] ? lapic_next_event+0x5b/0x70 [ 40.245493][ C1] run_timer_softirq+0x63/0xf0 [ 40.250351][ C1] __do_softirq+0x23b/0x6b7 [ 40.254696][ C1] irq_exit+0x195/0x1c0 [ 40.258769][ C1] smp_apic_timer_interrupt+0x11a/0x460 [ 40.264163][ C1] apic_timer_interrupt+0xf/0x20 [ 40.269010][ C1] [ 40.271785][ C1] ? avc_has_perm_noaudit+0xa5/0x3d0 [ 40.276928][ C1] ? avc_has_perm_noaudit+0x115/0x3d0 [ 40.282206][ C1] ? avc_denied+0x1d0/0x1d0 [ 40.286722][ C1] ? avc_has_perm+0xd2/0x260 [ 40.291158][ C1] ? avc_has_perm_noaudit+0x3d0/0x3d0 [ 40.296439][ C1] ? security_transition_sid+0x78/0x90 [ 40.301905][ C1] ? may_create+0x6d0/0x970 [ 40.306242][ C1] ? show_sid+0x250/0x250 [ 40.311102][ C1] ? from_kgid+0x1a3/0x730 [ 40.315532][ C1] ? __d_lookup+0x4cd/0x540 [ 40.319953][ C1] ? generic_permission+0x141/0x3e0 [ 40.325439][ C1] ? security_inode_create+0xa4/0x100 [ 40.330634][ C1] ? path_openat+0x1255/0x3480 [ 40.335316][ C1] ? do_filp_open+0x450/0x450 [ 40.339836][ C1] ? do_sys_open+0x357/0x810 [ 40.344349][ C1] ? do_syscall_64+0xca/0x1c0 [ 40.348875][ C1] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 40.354878][ C1] ? do_filp_open+0x20b/0x450 [ 40.359459][ C1] ? vfs_tmpfile+0x280/0x280 [ 40.363982][ C1] ? _raw_spin_unlock+0x49/0x60 [ 40.368668][ C1] ? __alloc_fd+0x4c1/0x560 [ 40.373024][ C1] ? do_sys_open+0x39c/0x810 [ 40.377427][ C1] ? check_preemption_disabled+0x153/0x320 [ 40.383167][ C1] ? file_open_root+0x490/0x490 [ 40.387839][ C1] ? getname_flags+0x1ec/0x4e0 [ 40.392439][ C1] ? do_syscall_64+0xca/0x1c0 [ 40.397050][ C1] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 40.403028][ C1] [ 40.405280][ C1] The buggy address belongs to the page: [ 40.411190][ C1] page:ffffea0007dbc240 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 40.420397][ C1] flags: 0x8000000000001000(reserved) [ 40.425689][ C1] raw: 8000000000001000 ffffea0007dbc248 ffffea0007dbc248 0000000000000000 [ 40.434201][ C1] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 40.442697][ C1] page dumped because: kasan: bad access detected [ 40.449163][ C1] page_owner info is not present (never set?) [ 40.455279][ C1] [ 40.457710][ C1] Memory state around the buggy address: [ 40.463269][ C1] ffff8881f6f09900: 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 00 00 00 00 [ 40.471299][ C1] ffff8881f6f09980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 40.479200][ C1] >ffff8881f6f09a00: 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00 f3 [ 40.487081][ C1] ^ [ 40.495033][ C1] ffff8881f6f09a80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 [ 40.502885][ C1] ffff8881f6f09b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 40.510841][ C1] ================================================================== [ 40.518759][ C1] Disabling lock debugging due to kernel taint [ 40.557309][ T418] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 40.616267][ T420] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 40.688015][ T423] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 40.716433][ T425] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 40.775967][ T428] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 40.834240][ T430] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 40.893792][ T433] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 40.937794][ T435] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 2023/06/30 08:52:52 executed programs: 69 [ 44.934061][ T603] __nla_validate_parse: 66 callbacks suppressed [ 44.934066][ T603] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 44.992730][ T606] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 45.035549][ T608] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 45.094436][ T610] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 45.134769][ T612] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 45.194256][ T615] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 45.252150][ T618] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 45.310243][ T621] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 45.358423][ T623] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 45.405075][ T625] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 2023/06/30 08:52:58 executed programs: 152