Warning: Permanently added '10.128.1.161' (ECDSA) to the list of known hosts. 2023/04/21 06:15:40 ignoring optional flag "sandboxArg"="0" 2023/04/21 06:15:40 parsed 1 programs 2023/04/21 06:15:40 executed programs: 0 [ 37.998398][ T22] kauditd_printk_skb: 64 callbacks suppressed [ 37.998406][ T22] audit: type=1400 audit(1682057740.339:147): avc: denied { mounton } for pid=333 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 38.030281][ T22] audit: type=1400 audit(1682057740.339:148): avc: denied { mount } for pid=333 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 38.054602][ T22] audit: type=1400 audit(1682057740.359:149): avc: denied { module_request } for pid=337 comm="syz-executor.0" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 38.069238][ T337] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.084173][ T337] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.091742][ T337] device bridge_slave_0 entered promiscuous mode [ 38.098703][ T337] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.105950][ T337] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.113451][ T337] device bridge_slave_1 entered promiscuous mode [ 38.150025][ T337] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.157071][ T337] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.164373][ T337] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.171548][ T337] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.191086][ T315] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.198854][ T315] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.207037][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 38.214715][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 38.223771][ T101] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 38.232242][ T101] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.239522][ T101] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.261757][ T101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 38.270158][ T101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 38.278579][ T101] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 38.287566][ T101] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.294630][ T101] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.302073][ T101] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 38.309978][ T101] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 38.322521][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 38.338028][ T118] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 38.347395][ T118] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 38.359742][ T22] audit: type=1400 audit(1682057740.699:150): avc: denied { mount } for pid=337 comm="syz-executor.0" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 38.394567][ T343] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 38.406020][ T22] audit: type=1400 audit(1682057740.749:151): avc: denied { write } for pid=342 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 38.426431][ T22] audit: type=1400 audit(1682057740.749:152): avc: denied { nlmsg_write } for pid=342 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 38.431478][ C1] ================================================================== [ 38.450525][ T345] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 38.456170][ C1] BUG: KASAN: stack-out-of-bounds in __xfrm_dst_hash+0x355/0x430 [ 38.456177][ C1] Read of size 4 at addr ffff8881f6f09a78 by task udevd/155 [ 38.456178][ C1] [ 38.456188][ C1] CPU: 1 PID: 155 Comm: udevd Not tainted 5.4.233-syzkaller-00011-g0108362f3305 #0 [ 38.456191][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023 [ 38.456193][ C1] Call Trace: [ 38.456199][ C1] [ 38.456208][ C1] dump_stack+0x1d8/0x241 [ 38.456221][ C1] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 38.519862][ C1] ? printk+0xd1/0x111 [ 38.523998][ C1] ? __xfrm_dst_hash+0x355/0x430 [ 38.529005][ C1] print_address_description+0x8c/0x600 [ 38.534786][ C1] ? __xfrm_dst_hash+0x355/0x430 [ 38.540073][ C1] __kasan_report+0xf3/0x120 [ 38.544722][ C1] ? __xfrm_dst_hash+0x355/0x430 [ 38.549901][ C1] kasan_report+0x30/0x60 [ 38.554231][ C1] __xfrm_dst_hash+0x355/0x430 [ 38.558990][ C1] xfrm_state_find+0x2cc/0x2dc0 [ 38.563899][ C1] ? call_rcu+0x10/0x10 [ 38.568026][ C1] ? stack_trace_save+0x1c0/0x1c0 [ 38.573133][ C1] ? xfrm_sad_getinfo+0x170/0x170 [ 38.578265][ C1] ? xfrm4_get_saddr+0x18c/0x2a0 [ 38.583333][ C1] ? apic_timer_interrupt+0xf/0x20 [ 38.588433][ C1] ? rhashtable_lookup+0x4b4/0x530 [ 38.593539][ C1] ? stack_trace_snprint+0x170/0x170 [ 38.598915][ C1] xfrm_resolve_and_create_bundle+0x60f/0x2dd0 [ 38.605130][ C1] ? xfrm_sk_policy_lookup+0x570/0x570 [ 38.610565][ C1] ? xfrm_policy_lookup+0x1233/0x12a0 [ 38.615914][ C1] xfrm_lookup_with_ifid+0x993/0x1ac0 [ 38.621265][ C1] ? rt_set_nexthop+0x21b/0x700 [ 38.626096][ C1] ? __local_bh_enable_ip+0x4f/0x70 [ 38.631374][ C1] ? __xfrm_sk_clone_policy+0xa00/0xa00 [ 38.636911][ C1] ? ip_route_output_key_hash+0x230/0x230 [ 38.642619][ C1] xfrm_lookup_route+0x37/0x170 [ 38.647443][ C1] ip_route_output_flow+0x1fe/0x330 [ 38.652625][ C1] ? ipv4_sk_update_pmtu+0x1ed0/0x1ed0 [ 38.658064][ C1] ? make_kuid+0x200/0x700 [ 38.662463][ C1] ? __put_user_ns+0x50/0x50 [ 38.667024][ C1] ? __alloc_skb+0x29e/0x4d0 [ 38.671588][ C1] igmpv3_newpack+0x425/0x1030 [ 38.676327][ C1] ? asan.module_dtor+0x20/0x20 [ 38.681292][ C1] ? igmpv3_sendpack+0x190/0x190 [ 38.687704][ C1] ? check_preemption_disabled+0x9f/0x320 [ 38.693411][ C1] add_grhead+0x75/0x2c0 [ 38.697624][ C1] add_grec+0x12c9/0x15d0 [ 38.701965][ C1] ? mod_timer_pending+0x20/0x20 [ 38.706983][ C1] ? _raw_spin_lock_bh+0xa4/0x1b0 [ 38.712005][ C1] ? igmpv3_send_report+0x410/0x410 [ 38.717176][ C1] ? prandom_u32+0x21a/0x240 [ 38.721737][ C1] igmp_ifc_timer_expire+0x7bc/0xea0 [ 38.726993][ C1] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 38.732249][ C1] ? _raw_spin_lock_irqsave+0x210/0x210 [ 38.738216][ C1] ? igmp_gq_timer_expire+0xd0/0xd0 [ 38.743400][ C1] call_timer_fn+0x36/0x390 [ 38.747890][ C1] ? igmp_gq_timer_expire+0xd0/0xd0 [ 38.753218][ C1] __run_timers+0x7c2/0xae0 [ 38.758214][ C1] ? enqueue_timer+0x2d0/0x2d0 [ 38.763035][ C1] ? check_preemption_disabled+0x9f/0x320 [ 38.768912][ C1] ? debug_smp_processor_id+0x20/0x20 [ 38.774648][ C1] run_timer_softirq+0x46/0x80 [ 38.779562][ C1] __do_softirq+0x22e/0x630 [ 38.784034][ C1] irq_exit+0x195/0x1c0 [ 38.788195][ C1] smp_apic_timer_interrupt+0x111/0x440 [ 38.793709][ C1] apic_timer_interrupt+0xf/0x20 [ 38.798612][ C1] [ 38.801523][ C1] ? do_sys_open+0x383/0x810 [ 38.806078][ C1] ? do_filp_open+0x8e/0x450 [ 38.810825][ C1] ? memset+0x3/0x40 [ 38.814691][ C1] ? do_filp_open+0x9d/0x450 [ 38.819423][ C1] ? vfs_tmpfile+0x280/0x280 [ 38.824066][ C1] ? __alloc_fd+0x560/0x560 [ 38.828547][ C1] ? _raw_spin_lock+0xa4/0x1b0 [ 38.833368][ C1] ? _raw_spin_trylock_bh+0x190/0x190 [ 38.838804][ C1] ? __check_object_size+0x2bd/0x3a0 [ 38.844092][ C1] ? find_next_zero_bit+0x7e/0x100 [ 38.849174][ C1] ? _raw_spin_unlock+0x49/0x60 [ 38.854004][ C1] ? __alloc_fd+0x4c1/0x560 [ 38.858475][ C1] ? do_sys_open+0x39c/0x810 [ 38.863031][ C1] ? check_preemption_disabled+0x153/0x320 [ 38.868810][ C1] ? file_open_root+0x490/0x490 [ 38.873635][ C1] ? task_work_run+0x158/0x170 [ 38.878397][ C1] ? do_syscall_64+0xca/0x1c0 [ 38.883058][ C1] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 38.889097][ C1] [ 38.891393][ C1] The buggy address belongs to the page: [ 38.896995][ C1] page:ffffea0007dbc240 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 38.906255][ C1] flags: 0x8000000000001000(reserved) [ 38.911684][ C1] raw: 8000000000001000 ffffea0007dbc248 ffffea0007dbc248 0000000000000000 [ 38.920234][ C1] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 38.928787][ C1] page dumped because: kasan: bad access detected [ 38.935166][ C1] page_owner info is not present (never set?) [ 38.941203][ C1] [ 38.943525][ C1] Memory state around the buggy address: [ 38.949217][ C1] ffff8881f6f09900: 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 00 00 00 00 [ 38.957250][ C1] ffff8881f6f09980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.965399][ C1] >ffff8881f6f09a00: 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00 f3 [ 38.973426][ C1] ^ [ 38.981473][ C1] ffff8881f6f09a80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.989619][ C1] ffff8881f6f09b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.997852][ C1] ================================================================== [ 39.006070][ C1] Disabling lock debugging due to kernel taint [ 39.013340][ T22] audit: type=1400 audit(1682057741.359:153): avc: denied { read } for pid=137 comm="syslogd" name="log" dev="sda1" ino=1125 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 39.070201][ T348] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 39.129669][ T351] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 39.159045][ T353] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 39.208647][ T355] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 39.289024][ T358] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 39.348188][ T361] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 39.399398][ T363] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 39.456503][ T366] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 2023/04/21 06:15:45 executed programs: 68 [ 43.430328][ T545] __nla_validate_parse: 65 callbacks suppressed [ 43.430333][ T545] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 43.500390][ T548] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 43.580502][ T551] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 43.638477][ T554] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 43.758790][ T557] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 43.879820][ T560] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 43.939759][ T563] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 43.998539][ T566] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 44.058176][ T569] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 44.115668][ T572] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 2023/04/21 06:15:50 executed programs: 148