Warning: Permanently added '10.128.1.32' (ED25519) to the list of known hosts. 2024/04/05 14:47:12 ignoring optional flag "sandboxArg"="0" 2024/04/05 14:47:12 parsed 1 programs 2024/04/05 14:47:12 executed programs: 0 [ 44.139333][ T23] kauditd_printk_skb: 68 callbacks suppressed [ 44.139341][ T23] audit: type=1400 audit(1712328432.589:144): avc: denied { mounton } for pid=405 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 44.171209][ T23] audit: type=1400 audit(1712328432.589:145): avc: denied { mount } for pid=405 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 44.226679][ T409] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.233530][ T409] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.241029][ T409] device bridge_slave_0 entered promiscuous mode [ 44.247744][ T409] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.254561][ T409] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.261889][ T409] device bridge_slave_1 entered promiscuous mode [ 44.296518][ T23] audit: type=1400 audit(1712328432.749:146): avc: denied { create } for pid=409 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 44.302920][ T409] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.317196][ T23] audit: type=1400 audit(1712328432.749:147): avc: denied { write } for pid=409 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 44.324052][ T409] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.324161][ T409] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.346235][ T23] audit: type=1400 audit(1712328432.749:148): avc: denied { read } for pid=409 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 44.352487][ T409] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.399624][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.406749][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.414350][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 44.422227][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.431130][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.439088][ T74] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.446047][ T74] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.466260][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 44.474499][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.482679][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.489516][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.497281][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.505050][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.526423][ T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 44.534920][ T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 44.543578][ T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 44.552460][ T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 44.565593][ T23] audit: type=1400 audit(1712328433.019:149): avc: denied { mounton } for pid=409 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=748 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 44.598461][ T23] audit: type=1400 audit(1712328433.049:150): avc: denied { write } for pid=416 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 44.619265][ T23] audit: type=1400 audit(1712328433.049:151): avc: denied { nlmsg_write } for pid=416 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 45.315731][ C0] ================================================================== [ 45.323657][ C0] BUG: KASAN: stack-out-of-bounds in __xfrm_dst_hash+0x355/0x430 [ 45.331373][ C0] Read of size 4 at addr ffff8881f6e09a78 by task swapper/0/0 [ 45.338679][ C0] [ 45.341004][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.4.268-syzkaller-04870-gd0d34dcb02cc #0 [ 45.350385][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 45.360400][ C0] Call Trace: [ 45.363535][ C0] [ 45.366316][ C0] dump_stack+0x1d8/0x241 [ 45.370829][ C0] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 45.376479][ C0] ? printk+0xd1/0x111 [ 45.380388][ C0] ? __xfrm_dst_hash+0x355/0x430 [ 45.385278][ C0] print_address_description+0x8c/0x600 [ 45.390675][ C0] ? __xfrm_dst_hash+0x355/0x430 [ 45.395517][ C0] __kasan_report+0xf3/0x120 [ 45.400151][ C0] ? __xfrm_dst_hash+0x355/0x430 [ 45.404890][ C0] kasan_report+0x30/0x60 [ 45.409061][ C0] __xfrm_dst_hash+0x355/0x430 [ 45.413685][ C0] xfrm_state_find+0x2cc/0x2dc0 [ 45.418351][ C0] ? apic_timer_interrupt+0xf/0x20 [ 45.423461][ C0] ? call_rcu+0x10/0x10 [ 45.427467][ C0] ? xfrm_sad_getinfo+0x170/0x170 [ 45.432628][ C0] ? xfrm4_get_saddr+0x18c/0x2a0 [ 45.437354][ C0] ? stack_trace_save+0x118/0x1c0 [ 45.442211][ C0] ? xfrm_pol_bin_key+0x21/0x1c0 [ 45.446989][ C0] xfrm_resolve_and_create_bundle+0x6aa/0x31d0 [ 45.453163][ C0] ? xfrm_pol_bin_obj+0x1c0/0x1c0 [ 45.458020][ C0] ? xfrm_sk_policy_lookup+0x5c0/0x5c0 [ 45.463405][ C0] ? xfrm_policy_lookup+0xe4f/0xec0 [ 45.468448][ C0] xfrm_lookup_with_ifid+0x549/0x1c90 [ 45.473819][ C0] ? rt_set_nexthop+0x21b/0x700 [ 45.478512][ C0] ? __xfrm_sk_clone_policy+0x8a0/0x8a0 [ 45.484018][ C0] ? ip_route_output_key_hash+0x230/0x230 [ 45.489652][ C0] xfrm_lookup_route+0x37/0x170 [ 45.494422][ C0] ip_route_output_flow+0x1fe/0x330 [ 45.499456][ C0] ? ipv4_sk_update_pmtu+0x1ed0/0x1ed0 [ 45.504854][ C0] ? make_kuid+0x200/0x700 [ 45.509114][ C0] ? __put_user_ns+0x50/0x50 [ 45.513532][ C0] ? __alloc_skb+0x29e/0x4d0 [ 45.517971][ C0] igmpv3_newpack+0x437/0x1070 [ 45.522579][ C0] ? __do_softirq+0x23b/0x6b7 [ 45.527212][ C0] ? igmpv3_sendpack+0x190/0x190 [ 45.531977][ C0] ? _raw_spin_lock+0x1b0/0x1b0 [ 45.536883][ C0] ? resched_curr+0x9b/0x200 [ 45.541303][ C0] add_grhead+0x75/0x2c0 [ 45.545499][ C0] add_grec+0x12c9/0x15d0 [ 45.549778][ C0] ? cpus_share_cache+0x110/0x110 [ 45.554941][ C0] ? _raw_spin_lock_bh+0xa4/0x1b0 [ 45.559786][ C0] ? igmpv3_send_report+0x410/0x410 [ 45.564927][ C0] ? insert_work+0x279/0x330 [ 45.569354][ C0] igmp_ifc_timer_expire+0x7bc/0xea0 [ 45.574474][ C0] ? _raw_spin_lock+0xa4/0x1b0 [ 45.579164][ C0] ? _raw_spin_trylock_bh+0x190/0x190 [ 45.584375][ C0] ? igmp_gq_timer_expire+0xd0/0xd0 [ 45.589491][ C0] call_timer_fn+0x36/0x390 [ 45.593868][ C0] ? igmp_gq_timer_expire+0xd0/0xd0 [ 45.598959][ C0] __run_timers+0x879/0xbe0 [ 45.603307][ C0] ? enqueue_timer+0x300/0x300 [ 45.607987][ C0] ? check_preemption_disabled+0x9f/0x320 [ 45.613539][ C0] ? debug_smp_processor_id+0x20/0x20 [ 45.618747][ C0] ? lapic_next_event+0x5b/0x70 [ 45.623447][ C0] run_timer_softirq+0x63/0xf0 [ 45.628145][ C0] __do_softirq+0x23b/0x6b7 [ 45.632482][ C0] ? sched_clock_cpu+0x18/0x3a0 [ 45.637171][ C0] irq_exit+0x195/0x1c0 [ 45.641165][ C0] smp_apic_timer_interrupt+0x11a/0x460 [ 45.646549][ C0] apic_timer_interrupt+0xf/0x20 [ 45.651398][ C0] [ 45.654181][ C0] ? check_preemption_disabled+0x91/0x320 [ 45.659998][ C0] ? default_idle+0x1f/0x30 [ 45.664431][ C0] ? default_idle+0x11/0x30 [ 45.668763][ C0] ? do_idle+0x248/0x660 [ 45.672845][ C0] ? check_preemption_disabled+0x9f/0x320 [ 45.678406][ C0] ? idle_inject_timer_fn+0x60/0x60 [ 45.683541][ C0] ? cpu_startup_entry+0x14/0x20 [ 45.688391][ C0] ? time_init+0x33/0x33 [ 45.692468][ C0] ? start_kernel+0x6d9/0x81d [ 45.696979][ C0] ? arch_call_rest_init+0xa/0xa [ 45.701765][ C0] ? kasan_early_init+0x22d/0x27d [ 45.706622][ C0] ? check_loader_disabled_bsp+0x95/0x16c [ 45.712343][ C0] ? load_ucode_bsp+0xde/0x105 [ 45.716943][ C0] ? secondary_startup_64+0xa4/0xb0 [ 45.721969][ C0] [ 45.724133][ C0] The buggy address belongs to the page: [ 45.729628][ C0] page:ffffea0007db8240 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 45.738636][ C0] flags: 0x8000000000001000(reserved) [ 45.743838][ C0] raw: 8000000000001000 ffffea0007db8248 ffffea0007db8248 0000000000000000 [ 45.752261][ C0] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 45.760687][ C0] page dumped because: kasan: bad access detected [ 45.766931][ C0] page_owner info is not present (never set?) [ 45.772912][ C0] [ 45.775116][ C0] Memory state around the buggy address: [ 45.780909][ C0] ffff8881f6e09900: 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 00 00 00 00 [ 45.789060][ C0] ffff8881f6e09980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.797062][ C0] >ffff8881f6e09a00: 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00 f3 [ 45.805032][ C0] ^ [ 45.812861][ C0] ffff8881f6e09a80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.820953][ C0] ffff8881f6e09b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.829129][ C0] ================================================================== [ 45.837201][ C0] Disabling lock debugging due to kernel taint 2024/04/05 14:47:17 executed programs: 567 2024/04/05 14:47:22 executed programs: 1550