Warning: Permanently added '10.128.10.32' (ECDSA) to the list of known hosts. 2023/03/24 15:32:59 ignoring optional flag "sandboxArg"="0" 2023/03/24 15:32:59 parsed 1 programs [ 67.759284][ T26] audit: type=1400 audit(1679671979.484:188): avc: denied { mounton } for pid=5426 comm="syz-executor" path="/syzcgroup/unified" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 67.761504][ T5426] cgroup: Unknown subsys name 'net' [ 67.794723][ T5426] cgroup: Unknown subsys name 'rlimit' 2023/03/24 15:32:59 executed programs: 0 [ 67.808098][ T26] audit: type=1400 audit(1679671979.524:189): avc: denied { mounton } for pid=5426 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 67.858259][ T26] audit: type=1400 audit(1679671979.524:190): avc: denied { mount } for pid=5426 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 67.883873][ T26] audit: type=1400 audit(1679671979.534:191): avc: denied { create } for pid=5426 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 67.906249][ T26] audit: type=1400 audit(1679671979.534:192): avc: denied { write } for pid=5426 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 67.927530][ T26] audit: type=1400 audit(1679671979.534:193): avc: denied { read } for pid=5426 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 67.948691][ T26] audit: type=1400 audit(1679671979.564:194): avc: denied { getattr } for pid=5429 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/ntp.conf/eth0.dhcp" dev="tmpfs" ino=1447 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 67.975595][ T26] audit: type=1400 audit(1679671979.614:195): avc: denied { create } for pid=5437 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 67.997524][ T26] audit: type=1400 audit(1679671979.614:196): avc: denied { read } for pid=5436 comm="sed" name="eth0.dhcp" dev="tmpfs" ino=1447 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 68.022123][ T26] audit: type=1400 audit(1679671979.614:197): avc: denied { open } for pid=5436 comm="sed" path="/run/dhcpcd/hook-state/ntp.conf/eth0.dhcp" dev="tmpfs" ino=1447 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 71.006913][ T5034] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 71.568887][ T2284] cfg80211: failed to load regulatory.db [ 75.166855][ T5034] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 79.326847][ T5034] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 83.486843][ T5034] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 87.647134][ T5034] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 91.806851][ T5034] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 95.966968][ T5034] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 98.066056][ T26] kauditd_printk_skb: 4 callbacks suppressed [ 98.066065][ T26] audit: type=1400 audit(1679672009.784:202): avc: denied { ioctl } for pid=5507 comm="syz-executor.0" path="socket:[30995]" dev="sockfs" ino=30995 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 98.066080][ T4353] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 98.107201][ T4353] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 98.114983][ T4353] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 98.123974][ T4353] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 98.132934][ T4353] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 98.140374][ T4353] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 98.151038][ T26] audit: type=1400 audit(1679672009.874:203): avc: denied { read } for pid=5507 comm="syz-executor.0" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 98.172734][ T26] audit: type=1400 audit(1679672009.894:204): avc: denied { open } for pid=5507 comm="syz-executor.0" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 98.196802][ T26] audit: type=1400 audit(1679672009.894:205): avc: denied { mounton } for pid=5507 comm="syz-executor.0" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 98.241186][ T5507] chnl_net:caif_netlink_parms(): no params data found [ 98.277036][ T5507] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.284187][ T5507] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.291741][ T5507] bridge_slave_0: entered allmulticast mode [ 98.298390][ T5507] bridge_slave_0: entered promiscuous mode [ 98.306019][ T5507] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.313824][ T5507] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.321280][ T5507] bridge_slave_1: entered allmulticast mode [ 98.328876][ T5507] bridge_slave_1: entered promiscuous mode [ 98.348176][ T5507] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 98.359335][ T5507] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 98.380509][ T5507] team0: Port device team_slave_0 added [ 98.387864][ T5507] team0: Port device team_slave_1 added [ 98.405435][ T5507] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 98.412752][ T5507] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.439431][ T5507] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 98.454995][ T5507] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 98.462021][ T5507] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.488766][ T5507] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.512628][ T5507] hsr_slave_0: entered promiscuous mode [ 98.518807][ T5507] hsr_slave_1: entered promiscuous mode [ 98.574471][ T5507] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.581722][ T5507] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.589142][ T5507] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.596333][ T5507] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.630742][ T5507] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.641859][ T2284] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 98.650825][ T2284] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.659434][ T2284] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.667969][ T2284] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 98.681806][ T5507] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.691380][ T5042] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 98.700613][ T5042] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.707847][ T5042] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.718540][ T4754] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 98.728134][ T4754] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.735295][ T4754] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.752440][ T5042] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 98.761011][ T5042] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 98.773548][ T5044] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 98.790758][ T5507] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 98.801614][ T5507] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 98.813294][ T2284] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 98.822055][ T2284] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 98.831281][ T2284] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 98.847050][ T2284] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 98.854601][ T2284] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 98.863918][ T5507] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.039062][ T5044] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 99.054085][ T5042] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 99.063920][ T5042] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 99.072053][ T5042] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 99.083343][ T5507] veth0_vlan: entered promiscuous mode [ 99.093804][ T5507] veth1_vlan: entered promiscuous mode [ 99.112258][ T5042] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 99.121011][ T5042] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 99.129316][ T5042] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 99.139341][ T5507] veth0_macvtap: entered promiscuous mode [ 99.148206][ T5507] veth1_macvtap: entered promiscuous mode [ 99.161777][ T5507] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.169753][ T5042] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 99.180104][ T5042] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 99.191350][ T5507] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.200101][ T5042] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 99.254732][ T33] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.271038][ T33] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.281359][ T3793] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.281534][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 99.290646][ T3793] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.307459][ T5044] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 99.319339][ T26] audit: type=1400 audit(1679672011.034:206): avc: denied { mounton } for pid=5507 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=2319 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 99.366814][ T26] audit: type=1400 audit(1679672011.094:207): avc: denied { bind } for pid=5526 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 2023/03/24 15:33:31 executed programs: 1 [ 99.517975][ T33] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN [ 99.530686][ T33] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] [ 99.539345][ T33] CPU: 0 PID: 33 Comm: kworker/u4:2 Not tainted 6.3.0-rc3-syzkaller #0 [ 99.547580][ T33] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 99.557996][ T33] Workqueue: pencrypt_parallel padata_parallel_worker [ 99.564768][ T33] RIP: 0010:scatterwalk_copychunks+0x2b9/0x570 [ 99.571268][ T33] Code: ff ff 4c 89 ff e8 f7 e3 2d 00 49 89 c7 48 8b 44 24 10 80 38 00 0f 85 30 02 00 00 49 8d 77 08 4d 89 7d 00 48 89 f0 48 c1 e8 03 <42> 0f b6 04 30 84 c0 74 08 3c 03 0f 8e f9 01 00 00 48 8b 54 24 08 [ 99.590860][ T33] RSP: 0018:ffffc90000caf6d0 EFLAGS: 00010202 [ 99.597296][ T33] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000000 [ 99.605614][ T33] RDX: 1ffff1100506ca4b RSI: 0000000000000008 RDI: ffff888028365258 [ 99.613680][ T33] RBP: ffff88807b5c7440 R08: 0000000000000001 R09: ffffffff8f5bab67 [ 99.621639][ T33] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000001 [ 99.629620][ T33] R13: ffffc90000caf8c8 R14: dffffc0000000000 R15: 0000000000000000 [ 99.637594][ T33] FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 [ 99.646671][ T33] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 99.653348][ T33] CR2: 00007f62b3fa0000 CR3: 000000001f979000 CR4: 00000000003506f0 [ 99.661389][ T33] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 99.669532][ T33] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 99.677670][ T33] Call Trace: [ 99.680952][ T33] [ 99.683863][ T33] ? __kmalloc+0xee/0x190 [ 99.689062][ T33] skcipher_walk_next+0x620/0x1760 [ 99.694323][ T33] skcipher_walk_aead_common+0x7e6/0xc40 [ 99.700068][ T33] gcmaes_crypt_by_sg+0x27e/0x600 [ 99.705084][ T33] ? ecb_encrypt+0x150/0x150 [ 99.709843][ T33] ? print_usage_bug.part.0+0x660/0x660 [ 99.715729][ T33] ? mark_lock.part.0+0xee/0x1970 [ 99.720825][ T33] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 99.727050][ T33] ? mark_lock.part.0+0xee/0x1970 [ 99.732072][ T33] ? __lock_acquire+0x18bc/0x5d40 [ 99.737339][ T33] gcmaes_encrypt+0xcd/0x200 [ 99.741914][ T33] ? gcmaes_crypt_by_sg+0x600/0x600 [ 99.747083][ T33] generic_gcmaes_encrypt+0x128/0x190 [ 99.752718][ T33] ? gcmaes_encrypt+0x200/0x200 [ 99.757665][ T33] ? cryptd_aead_queued+0x16/0x60 [ 99.762760][ T33] ? simd_aead_encrypt+0x1f2/0x260 [ 99.767866][ T33] pcrypt_aead_enc+0x11/0x60 [ 99.772437][ T33] padata_parallel_worker+0x56/0xa0 [ 99.777997][ T33] process_one_work+0x865/0x13f0 [ 99.783085][ T33] ? lock_release+0x670/0x670 [ 99.787827][ T33] ? pwq_dec_nr_in_flight+0x230/0x230 [ 99.793173][ T33] ? spin_bug+0x1c0/0x1c0 [ 99.797560][ T33] worker_thread+0x598/0xec0 [ 99.802213][ T33] ? process_one_work+0x13f0/0x13f0 [ 99.807381][ T33] kthread+0x294/0x330 [ 99.811513][ T33] ? kthread_complete_and_exit+0x20/0x20 [ 99.817140][ T33] ret_from_fork+0x1f/0x30 [ 99.821532][ T33] [ 99.824526][ T33] Modules linked in: [ 99.828454][ T33] ---[ end trace 0000000000000000 ]--- [ 99.834085][ T33] RIP: 0010:scatterwalk_copychunks+0x2b9/0x570 [ 99.840284][ T33] Code: ff ff 4c 89 ff e8 f7 e3 2d 00 49 89 c7 48 8b 44 24 10 80 38 00 0f 85 30 02 00 00 49 8d 77 08 4d 89 7d 00 48 89 f0 48 c1 e8 03 <42> 0f b6 04 30 84 c0 74 08 3c 03 0f 8e f9 01 00 00 48 8b 54 24 08 [ 99.860007][ T33] RSP: 0018:ffffc90000caf6d0 EFLAGS: 00010202 [ 99.866321][ T33] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000000 [ 99.874431][ T33] RDX: 1ffff1100506ca4b RSI: 0000000000000008 RDI: ffff888028365258 [ 99.882536][ T33] RBP: ffff88807b5c7440 R08: 0000000000000001 R09: ffffffff8f5bab67 [ 99.890864][ T33] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000001 [ 99.898875][ T33] R13: ffffc90000caf8c8 R14: dffffc0000000000 R15: 0000000000000000 [ 99.907228][ T33] FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 [ 99.916414][ T33] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 99.923018][ T33] CR2: 00007f62b3fa0000 CR3: 000000001f979000 CR4: 00000000003506f0 [ 99.931258][ T33] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 99.939290][ T33] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 99.947576][ T33] Kernel panic - not syncing: Fatal exception in interrupt [ 99.955246][ T33] Kernel Offset: disabled [ 99.959567][ T33] Rebooting in 86400 seconds..