Warning: Permanently added '10.128.0.112' (ED25519) to the list of known hosts. 2024/01/26 10:21:56 ignoring optional flag "sandboxArg"="0" 2024/01/26 10:21:56 parsed 1 programs 2024/01/26 10:21:56 executed programs: 0 [ 44.122526][ T23] kauditd_printk_skb: 68 callbacks suppressed [ 44.122540][ T23] audit: type=1400 audit(1706264516.920:144): avc: denied { mounton } for pid=404 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 44.154734][ T23] audit: type=1400 audit(1706264516.920:145): avc: denied { mount } for pid=404 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 44.221064][ T408] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.228749][ T408] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.237166][ T408] device bridge_slave_0 entered promiscuous mode [ 44.244659][ T408] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.251954][ T408] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.260012][ T408] device bridge_slave_1 entered promiscuous mode [ 44.309731][ T23] audit: type=1400 audit(1706264517.110:146): avc: denied { create } for pid=408 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 44.319366][ T408] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.330770][ T23] audit: type=1400 audit(1706264517.110:147): avc: denied { write } for pid=408 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 44.337662][ T408] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.359221][ T23] audit: type=1400 audit(1706264517.110:148): avc: denied { read } for pid=408 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 44.365982][ T408] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.395098][ T408] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.419771][ T107] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.427094][ T107] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.435475][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 44.443214][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.460191][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.468531][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.476342][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.483767][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.492006][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.499151][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.507389][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.517472][ T357] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.539332][ T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 44.547938][ T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 44.561935][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 44.580774][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 44.589814][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 44.604250][ T23] audit: type=1400 audit(1706264517.400:149): avc: denied { mounton } for pid=408 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=839 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 44.639456][ T23] audit: type=1400 audit(1706264517.430:150): avc: denied { write } for pid=414 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 44.661573][ T23] audit: type=1400 audit(1706264517.430:151): avc: denied { nlmsg_write } for pid=414 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 44.839170][ C0] ================================================================== [ 44.847607][ C0] BUG: KASAN: stack-out-of-bounds in __xfrm_dst_hash+0x355/0x430 [ 44.856196][ C0] Read of size 4 at addr ffff8881f6e09a78 by task udevd/410 [ 44.863739][ C0] [ 44.866005][ C0] CPU: 0 PID: 410 Comm: udevd Not tainted 5.4.265-syzkaller-04832-g4d7b888b5774 #0 [ 44.875403][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 44.885616][ C0] Call Trace: [ 44.889203][ C0] [ 44.892491][ C0] dump_stack+0x1d8/0x241 [ 44.896595][ C0] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 44.902321][ C0] ? printk+0xd1/0x111 [ 44.906348][ C0] ? __xfrm_dst_hash+0x355/0x430 [ 44.911253][ C0] print_address_description+0x8c/0x600 [ 44.917005][ C0] ? __xfrm_dst_hash+0x355/0x430 [ 44.921865][ C0] __kasan_report+0xf3/0x120 [ 44.926468][ C0] ? __xfrm_dst_hash+0x355/0x430 [ 44.931689][ C0] kasan_report+0x30/0x60 [ 44.936300][ C0] __xfrm_dst_hash+0x355/0x430 [ 44.940900][ C0] xfrm_state_find+0x2cc/0x2dc0 [ 44.945674][ C0] ? apic_timer_interrupt+0xf/0x20 [ 44.950693][ C0] ? call_rcu+0x10/0x10 [ 44.954790][ C0] ? xfrm_sad_getinfo+0x170/0x170 [ 44.959987][ C0] ? xfrm4_get_saddr+0x18c/0x2a0 [ 44.964946][ C0] ? stack_trace_save+0x118/0x1c0 [ 44.970004][ C0] ? xfrm_pol_bin_key+0x21/0x1c0 [ 44.974786][ C0] xfrm_resolve_and_create_bundle+0x6aa/0x31d0 [ 44.981360][ C0] ? xfrm_pol_bin_obj+0x1c0/0x1c0 [ 44.986383][ C0] ? xfrm_sk_policy_lookup+0x5c0/0x5c0 [ 44.991943][ C0] ? xfrm_policy_lookup+0xe4f/0xec0 [ 44.996986][ C0] xfrm_lookup_with_ifid+0x549/0x1c90 [ 45.002204][ C0] ? rt_set_nexthop+0x21b/0x700 [ 45.006971][ C0] ? __xfrm_sk_clone_policy+0x8a0/0x8a0 [ 45.013230][ C0] ? ip_route_output_key_hash+0x230/0x230 [ 45.018878][ C0] xfrm_lookup_route+0x37/0x170 [ 45.023683][ C0] ip_route_output_flow+0x1fe/0x330 [ 45.029208][ C0] ? ipv4_sk_update_pmtu+0x1ed0/0x1ed0 [ 45.034769][ C0] ? make_kuid+0x200/0x700 [ 45.039082][ C0] ? __put_user_ns+0x50/0x50 [ 45.043680][ C0] ? __alloc_skb+0x29e/0x4d0 [ 45.048390][ C0] igmpv3_newpack+0x437/0x1070 [ 45.052976][ C0] ? igmpv3_sendpack+0x190/0x190 [ 45.057830][ C0] add_grhead+0x75/0x2c0 [ 45.062000][ C0] add_grec+0x12c9/0x15d0 [ 45.066371][ C0] ? cpus_share_cache+0x110/0x110 [ 45.071404][ C0] ? _raw_spin_lock_bh+0xa4/0x1b0 [ 45.076554][ C0] ? igmpv3_send_report+0x410/0x410 [ 45.081708][ C0] ? insert_work+0x279/0x330 [ 45.086288][ C0] igmp_ifc_timer_expire+0x7bc/0xea0 [ 45.091765][ C0] ? _raw_spin_lock+0xa4/0x1b0 [ 45.096539][ C0] ? _raw_spin_trylock_bh+0x190/0x190 [ 45.101971][ C0] ? igmp_gq_timer_expire+0xd0/0xd0 [ 45.107000][ C0] call_timer_fn+0x36/0x390 [ 45.111430][ C0] ? igmp_gq_timer_expire+0xd0/0xd0 [ 45.116468][ C0] __run_timers+0x879/0xbe0 [ 45.120890][ C0] ? enqueue_timer+0x300/0x300 [ 45.126235][ C0] ? check_preemption_disabled+0x9f/0x320 [ 45.131808][ C0] ? debug_smp_processor_id+0x20/0x20 [ 45.137145][ C0] ? lapic_next_event+0x5b/0x70 [ 45.141997][ C0] run_timer_softirq+0x63/0xf0 [ 45.146588][ C0] __do_softirq+0x23b/0x6b7 [ 45.150927][ C0] irq_exit+0x195/0x1c0 [ 45.155095][ C0] smp_apic_timer_interrupt+0x11a/0x460 [ 45.160808][ C0] apic_timer_interrupt+0xf/0x20 [ 45.166265][ C0] [ 45.169050][ C0] ? security_context_to_sid_core+0xfe/0x720 [ 45.174853][ C0] ? security_context_to_sid_core+0x609/0x720 [ 45.181015][ C0] ? security_context_to_sid+0x50/0x50 [ 45.186409][ C0] ? avc_has_perm_noaudit+0x3d0/0x3d0 [ 45.191692][ C0] ? stack_trace_save+0x118/0x1c0 [ 45.196725][ C0] ? security_context_to_sid+0x35/0x50 [ 45.202024][ C0] ? selinux_inode_setxattr+0x737/0xcf0 [ 45.207407][ C0] ? selinux_inode_getattr+0x3e0/0x3e0 [ 45.212966][ C0] ? __kasan_kmalloc+0x171/0x210 [ 45.217828][ C0] ? kvmalloc_node+0x7e/0xf0 [ 45.222463][ C0] ? setxattr+0x204/0x3f0 [ 45.226628][ C0] ? path_setxattr+0x169/0x240 [ 45.231579][ C0] ? __x64_sys_lsetxattr+0xb4/0xd0 [ 45.236571][ C0] ? do_syscall_64+0xca/0x1c0 [ 45.241244][ C0] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 45.247294][ C0] ? security_inode_setxattr+0xc9/0x190 [ 45.252767][ C0] ? __vfs_setxattr_locked+0x96/0x230 [ 45.258095][ C0] ? vfs_setxattr+0x112/0x2c0 [ 45.262570][ C0] ? xattr_permission+0x340/0x340 [ 45.267529][ C0] ? __virt_addr_valid+0x20e/0x2a0 [ 45.272661][ C0] ? setxattr+0x1ea/0x3f0 [ 45.276919][ C0] ? path_setxattr+0x240/0x240 [ 45.281493][ C0] ? preempt_count_add+0x8f/0x180 [ 45.286351][ C0] ? __mnt_want_write+0x1e6/0x260 [ 45.291210][ C0] ? path_setxattr+0x169/0x240 [ 45.295811][ C0] ? simple_xattr_list_add+0xf0/0xf0 [ 45.301112][ C0] ? __x64_sys_lsetxattr+0xb4/0xd0 [ 45.306054][ C0] ? do_syscall_64+0xca/0x1c0 [ 45.310746][ C0] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 45.316733][ C0] [ 45.318987][ C0] The buggy address belongs to the page: [ 45.324580][ C0] page:ffffea0007db8240 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 45.333705][ C0] flags: 0x8000000000001000(reserved) [ 45.338899][ C0] raw: 8000000000001000 ffffea0007db8248 ffffea0007db8248 0000000000000000 [ 45.347445][ C0] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 45.355996][ C0] page dumped because: kasan: bad access detected [ 45.362245][ C0] page_owner info is not present (never set?) [ 45.368595][ C0] [ 45.370850][ C0] Memory state around the buggy address: [ 45.376586][ C0] ffff8881f6e09900: 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 00 00 00 00 [ 45.385025][ C0] ffff8881f6e09980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.393041][ C0] >ffff8881f6e09a00: 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00 f3 [ 45.401109][ C0] ^ [ 45.409529][ C0] ffff8881f6e09a80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.418486][ C0] ffff8881f6e09b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.426726][ C0] ================================================================== [ 45.434624][ C0] Disabling lock debugging due to kernel taint 2024/01/26 10:22:01 executed programs: 450 2024/01/26 10:22:06 executed programs: 998