Warning: Permanently added '10.128.0.122' (ED25519) to the list of known hosts. 2023/09/08 09:18:24 ignoring optional flag "sandboxArg"="0" 2023/09/08 09:18:24 parsed 1 programs 2023/09/08 09:18:24 executed programs: 0 [ 40.624850][ T23] kauditd_printk_skb: 68 callbacks suppressed [ 40.624858][ T23] audit: type=1400 audit(1694164704.159:144): avc: denied { mounton } for pid=401 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 40.656828][ T23] audit: type=1400 audit(1694164704.159:145): avc: denied { mount } for pid=401 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 40.691129][ T405] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.698075][ T405] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.705633][ T405] device bridge_slave_0 entered promiscuous mode [ 40.712669][ T405] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.719577][ T405] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.727416][ T405] device bridge_slave_1 entered promiscuous mode [ 40.761263][ T23] audit: type=1400 audit(1694164704.299:146): avc: denied { create } for pid=405 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 40.776989][ T405] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.789054][ T405] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.789120][ T23] audit: type=1400 audit(1694164704.309:147): avc: denied { write } for pid=405 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 40.796645][ T405] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.824263][ T405] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.824457][ T23] audit: type=1400 audit(1694164704.309:148): avc: denied { read } for pid=405 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 40.852049][ T124] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.859190][ T124] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.866893][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 40.874962][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 40.893657][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 40.902394][ T363] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.909929][ T363] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.917396][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 40.926210][ T363] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.933171][ T363] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.940814][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 40.948770][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 40.960652][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 40.970711][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 40.983915][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 40.998999][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 41.007531][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 41.021016][ T23] audit: type=1400 audit(1694164704.559:149): avc: denied { mounton } for pid=405 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=997 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 41.052764][ T412] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 41.064147][ T23] audit: type=1400 audit(1694164704.599:150): avc: denied { write } for pid=411 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 41.085227][ T23] audit: type=1400 audit(1694164704.599:151): avc: denied { nlmsg_write } for pid=411 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 41.095538][ T414] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 41.106095][ C0] ================================================================== [ 41.123518][ C0] BUG: KASAN: stack-out-of-bounds in __xfrm_dst_hash+0x355/0x430 [ 41.131058][ C0] Read of size 4 at addr ffff8881f6e09a78 by task kauditd/23 [ 41.138258][ C0] [ 41.140437][ C0] CPU: 0 PID: 23 Comm: kauditd Not tainted 5.4.249-syzkaller-04712-g50533a8b511b #0 [ 41.149629][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 41.159898][ C0] Call Trace: [ 41.163022][ C0] [ 41.165720][ C0] dump_stack+0x1d8/0x241 [ 41.169882][ C0] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 41.175907][ C0] ? printk+0xd1/0x111 [ 41.179783][ C0] ? __xfrm_dst_hash+0x355/0x430 [ 41.184549][ C0] print_address_description+0x8c/0x600 [ 41.189938][ C0] ? __xfrm_dst_hash+0x355/0x430 [ 41.194965][ C0] __kasan_report+0xf3/0x120 [ 41.199404][ C0] ? __xfrm_dst_hash+0x355/0x430 [ 41.204427][ C0] kasan_report+0x30/0x60 [ 41.208613][ C0] __xfrm_dst_hash+0x355/0x430 [ 41.213296][ C0] xfrm_state_find+0x2cc/0x2dc0 [ 41.218140][ C0] ? apic_timer_interrupt+0xf/0x20 [ 41.223172][ C0] ? call_rcu+0x10/0x10 [ 41.227165][ C0] ? xfrm_sad_getinfo+0x170/0x170 [ 41.232125][ C0] ? xfrm4_get_saddr+0x18c/0x2a0 [ 41.236884][ C0] ? stack_trace_save+0x118/0x1c0 [ 41.241831][ C0] ? xfrm_pol_bin_key+0x21/0x1c0 [ 41.246692][ C0] xfrm_resolve_and_create_bundle+0x6aa/0x31d0 [ 41.252682][ C0] ? xfrm_pol_bin_obj+0x1c0/0x1c0 [ 41.257546][ C0] ? xfrm_sk_policy_lookup+0x5c0/0x5c0 [ 41.262942][ C0] ? xfrm_policy_lookup+0xe4f/0xec0 [ 41.268240][ C0] xfrm_lookup_with_ifid+0x549/0x1c90 [ 41.273459][ C0] ? rt_set_nexthop+0x21b/0x700 [ 41.278131][ C0] ? __xfrm_sk_clone_policy+0x8a0/0x8a0 [ 41.283598][ C0] ? ip_route_output_key_hash+0x230/0x230 [ 41.289166][ C0] xfrm_lookup_route+0x37/0x170 [ 41.293926][ C0] ip_route_output_flow+0x1fe/0x330 [ 41.299054][ C0] ? ipv4_sk_update_pmtu+0x1ed0/0x1ed0 [ 41.304349][ C0] ? make_kuid+0x200/0x700 [ 41.308686][ C0] ? __put_user_ns+0x50/0x50 [ 41.313123][ C0] ? __alloc_skb+0x29e/0x4d0 [ 41.317541][ C0] igmpv3_newpack+0x425/0x1030 [ 41.322235][ C0] ? asan.module_dtor+0x20/0x20 [ 41.326999][ C0] ? igmpv3_sendpack+0x190/0x190 [ 41.331773][ C0] ? check_preemption_disabled+0x9f/0x320 [ 41.337334][ C0] add_grhead+0x75/0x2c0 [ 41.341407][ C0] add_grec+0x12c9/0x15d0 [ 41.345579][ C0] ? mod_timer_pending+0x20/0x20 [ 41.350347][ C0] ? _raw_spin_lock_bh+0xa4/0x1b0 [ 41.355301][ C0] ? igmpv3_send_report+0x410/0x410 [ 41.360593][ C0] ? prandom_u32+0x236/0x270 [ 41.365107][ C0] igmp_ifc_timer_expire+0x7bc/0xea0 [ 41.370401][ C0] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 41.375348][ C0] ? _raw_spin_lock_irqsave+0x210/0x210 [ 41.380902][ C0] ? igmp_gq_timer_expire+0xd0/0xd0 [ 41.386053][ C0] call_timer_fn+0x36/0x390 [ 41.390394][ C0] ? igmp_gq_timer_expire+0xd0/0xd0 [ 41.395521][ C0] __run_timers+0x879/0xbe0 [ 41.399949][ C0] ? enqueue_timer+0x300/0x300 [ 41.404719][ C0] ? check_preemption_disabled+0x9f/0x320 [ 41.410384][ C0] ? debug_smp_processor_id+0x20/0x20 [ 41.415576][ C0] ? lapic_next_event+0x5b/0x70 [ 41.420344][ C0] run_timer_softirq+0x63/0xf0 [ 41.424948][ C0] __do_softirq+0x23b/0x6b7 [ 41.429457][ C0] ? sched_clock_cpu+0x18/0x3a0 [ 41.434358][ C0] irq_exit+0x195/0x1c0 [ 41.438500][ C0] smp_apic_timer_interrupt+0x11a/0x460 [ 41.443958][ C0] apic_timer_interrupt+0xf/0x20 [ 41.448814][ C0] [ 41.451609][ C0] ? io_serial_out+0x10/0x10 [ 41.456138][ C0] ? console_unlock+0xf7c/0xfa0 [ 41.460801][ C0] ? sched_clock+0x36/0x40 [ 41.465422][ C0] ? sched_clock_cpu+0x18/0x3a0 [ 41.470181][ C0] ? vprintk_emit+0x3f0/0x3f0 [ 41.474690][ C0] ? down_trylock+0x53/0xa0 [ 41.479031][ C0] ? __printk_safe_exit+0x5/0x10 [ 41.483797][ C0] ? console_trylock+0x166/0x1c0 [ 41.488665][ C0] ? resume_console+0x40/0x40 [ 41.493396][ C0] ? vprintk_store+0x4f6/0x570 [ 41.498072][ C0] ? vprintk_emit+0x1e0/0x3f0 [ 41.502581][ C0] ? vprintk_store+0x570/0x570 [ 41.507184][ C0] ? _raw_spin_trylock+0xcd/0x1a0 [ 41.512051][ C0] ? __lock_text_start+0x8/0x8 [ 41.516641][ C0] ? printk+0xd1/0x111 [ 41.520550][ C0] ? kauditd_hold_skb+0xe3/0x200 [ 41.525333][ C0] ? panic+0x896/0x896 [ 41.529228][ C0] ? kauditd_hold_skb+0x1b3/0x200 [ 41.534086][ C0] ? kauditd_send_queue+0x2f0/0x2f0 [ 41.539119][ C0] ? auditd_conn_free+0xd0/0xd0 [ 41.543817][ C0] ? kauditd_send_queue+0x297/0x2f0 [ 41.548839][ C0] ? kauditd_send_queue+0x2f0/0x2f0 [ 41.553873][ C0] ? auditd_conn_free+0xd0/0xd0 [ 41.558561][ C0] ? kauditd_thread+0x4ff/0x860 [ 41.563333][ C0] ? cpus_share_cache+0x110/0x110 [ 41.568194][ C0] ? _raw_spin_lock+0x1b0/0x1b0 [ 41.572965][ C0] ? audit_log+0x150/0x150 [ 41.577395][ C0] ? init_wait_entry+0xd0/0xd0 [ 41.581992][ C0] ? __wake_up_locked+0xb7/0x110 [ 41.586848][ C0] ? __kthread_parkme+0xb0/0x1b0 [ 41.591719][ C0] ? kthread+0x2da/0x360 [ 41.595875][ C0] ? audit_log+0x150/0x150 [ 41.600128][ C0] ? kthread_blkcg+0xd0/0xd0 [ 41.604646][ C0] ? ret_from_fork+0x1f/0x30 [ 41.609250][ C0] [ 41.611683][ C0] The buggy address belongs to the page: [ 41.617268][ C0] page:ffffea0007db8240 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 41.626285][ C0] flags: 0x8000000000001000(reserved) [ 41.631495][ C0] raw: 8000000000001000 ffffea0007db8248 ffffea0007db8248 0000000000000000 [ 41.640002][ C0] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 41.648760][ C0] page dumped because: kasan: bad access detected [ 41.655096][ C0] page_owner info is not present (never set?) [ 41.661270][ C0] [ 41.663426][ C0] Memory state around the buggy address: [ 41.668899][ C0] ffff8881f6e09900: 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 00 00 00 00 [ 41.676796][ C0] ffff8881f6e09980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.684782][ C0] >ffff8881f6e09a00: 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00 f3 [ 41.692775][ C0] ^ [ 41.700682][ C0] ffff8881f6e09a80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.709439][ C0] ffff8881f6e09b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.717336][ C0] ================================================================== [ 41.725249][ C0] Disabling lock debugging due to kernel taint [ 41.783166][ T418] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 41.892831][ T421] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 41.950512][ T424] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 41.987713][ T427] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 42.046367][ T430] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 42.114077][ T433] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 42.182876][ T436] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 42.252463][ T438] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 2023/09/08 09:18:29 executed programs: 64 [ 46.067838][ T595] __nla_validate_parse: 60 callbacks suppressed [ 46.067842][ T595] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 46.129302][ T598] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 46.188794][ T601] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 46.258446][ T604] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 46.316896][ T606] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 46.357199][ T608] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 46.406966][ T610] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 46.464053][ T613] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 46.533920][ T616] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 46.612908][ T619] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 2023/09/08 09:18:34 executed programs: 145 [ 51.074287][ T811] __nla_validate_parse: 71 callbacks suppressed [ 51.074291][ T811] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.