Warning: Permanently added '10.128.10.9' (ED25519) to the list of known hosts. 2023/10/16 10:23:50 ignoring optional flag "sandboxArg"="0" 2023/10/16 10:23:50 parsed 1 programs [ 20.278624][ T23] audit: type=1400 audit(1697451830.850:66): avc: denied { getattr } for pid=347 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 20.282010][ T23] audit: type=1400 audit(1697451830.850:67): avc: denied { read } for pid=347 comm="syz-execprog" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 20.285120][ T23] audit: type=1400 audit(1697451830.850:68): avc: denied { open } for pid=347 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 20.293675][ T23] audit: type=1400 audit(1697451830.860:69): avc: denied { read } for pid=347 comm="syz-execprog" name="raw-gadget" dev="devtmpfs" ino=113 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 20.299057][ T23] audit: type=1400 audit(1697451830.870:70): avc: denied { open } for pid=347 comm="syz-execprog" path="/dev/raw-gadget" dev="devtmpfs" ino=113 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 20.308928][ T352] cgroup1: Unknown subsys name 'net' [ 20.322621][ T23] audit: type=1400 audit(1697451830.880:71): avc: denied { mounton } for pid=352 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 20.328235][ T352] cgroup1: Unknown subsys name 'net_prio' [ 20.349781][ T23] audit: type=1400 audit(1697451830.880:72): avc: denied { mount } for pid=352 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.355997][ T352] cgroup1: Unknown subsys name 'devices' [ 20.383617][ T23] audit: type=1400 audit(1697451830.950:73): avc: denied { unmount } for pid=352 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.525839][ T23] audit: type=1400 audit(1697451831.090:74): avc: denied { read } for pid=145 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 20.579114][ T352] cgroup1: Unknown subsys name 'hugetlb' [ 20.584886][ T352] cgroup1: Unknown subsys name 'rlimit' [ 20.679489][ T23] audit: type=1400 audit(1697451831.250:75): avc: denied { mounton } for pid=352 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 20.706166][ T354] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). 2023/10/16 10:23:51 executed programs: 0 [ 20.753845][ T352] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 20.813949][ T360] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.820887][ T360] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.828303][ T360] device bridge_slave_0 entered promiscuous mode [ 20.834965][ T360] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.841995][ T360] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.849303][ T360] device bridge_slave_1 entered promiscuous mode [ 20.889890][ T360] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.896729][ T360] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.903897][ T360] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.910717][ T360] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.930385][ T74] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.937378][ T74] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.944408][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 20.952268][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 20.961722][ T125] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 20.969698][ T125] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.976544][ T125] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.984841][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 20.992979][ T74] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.999814][ T74] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.017319][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 21.025029][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 21.035319][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 21.046954][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 21.065623][ T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 21.073953][ T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 21.082341][ T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 21.106744][ T367] kernel profiling enabled (shift: 7) [ 21.316450][ C1] ================================================================== [ 21.324331][ C1] BUG: KASAN: stack-out-of-bounds in profile_pc+0xa4/0xe0 [ 21.331269][ C1] Read of size 8 at addr ffff8881dc757b60 by task udevd/359 [ 21.338480][ C1] [ 21.340653][ C1] CPU: 1 PID: 359 Comm: udevd Not tainted 5.4.254-syzkaller-00010-g5f1cbd78af59 #0 [ 21.349762][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 21.359660][ C1] Call Trace: [ 21.362779][ C1] [ 21.365479][ C1] dump_stack+0x1d8/0x241 [ 21.369746][ C1] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 21.375367][ C1] ? printk+0xd1/0x111 [ 21.379362][ C1] ? profile_pc+0xa4/0xe0 [ 21.383539][ C1] ? wake_up_klogd+0xb2/0xf0 [ 21.387959][ C1] ? profile_pc+0xa4/0xe0 [ 21.392121][ C1] print_address_description+0x8c/0x600 [ 21.397503][ C1] ? panic+0x896/0x896 [ 21.401404][ C1] ? profile_pc+0xa4/0xe0 [ 21.405569][ C1] __kasan_report+0xf3/0x120 [ 21.410000][ C1] ? profile_pc+0xa4/0xe0 [ 21.414177][ C1] ? _raw_spin_lock+0xc0/0x1b0 [ 21.418784][ C1] kasan_report+0x30/0x60 [ 21.422943][ C1] profile_pc+0xa4/0xe0 [ 21.426929][ C1] profile_tick+0xb9/0x100 [ 21.431186][ C1] tick_sched_timer+0x237/0x3c0 [ 21.435864][ C1] ? tick_setup_sched_timer+0x460/0x460 [ 21.441244][ C1] __hrtimer_run_queues+0x3e9/0xb90 [ 21.446274][ C1] ? hrtimer_interrupt+0x890/0x890 [ 21.451229][ C1] ? kvm_sched_clock_read+0x14/0x40 [ 21.456255][ C1] ? sched_clock+0x36/0x40 [ 21.460518][ C1] ? ktime_get+0xf9/0x130 [ 21.464675][ C1] ? ktime_get_update_offsets_now+0x26c/0x280 [ 21.470609][ C1] hrtimer_interrupt+0x38a/0x890 [ 21.475354][ C1] smp_apic_timer_interrupt+0x110/0x460 [ 21.480733][ C1] apic_timer_interrupt+0xf/0x20 [ 21.485504][ C1] [ 21.488284][ C1] ? _raw_spin_lock+0xc0/0x1b0 [ 21.492881][ C1] ? _raw_spin_trylock_bh+0x190/0x190 [ 21.498093][ C1] ? shmem_evict_inode+0x7f1/0x9a0 [ 21.503036][ C1] ? shmem_evict_inode+0x8df/0x9a0 [ 21.508002][ C1] ? _raw_spin_unlock+0x49/0x60 [ 21.512671][ C1] ? inode_wait_for_writeback+0x21f/0x280 [ 21.518246][ C1] ? shmem_free_in_core_inode+0xb0/0xb0 [ 21.523608][ C1] ? bit_waitqueue+0x30/0x30 [ 21.528033][ C1] ? asan.module_dtor+0x20/0x20 [ 21.532996][ C1] ? up_write+0xa6/0x270 [ 21.537063][ C1] ? shmem_free_in_core_inode+0xb0/0xb0 [ 21.542613][ C1] ? evict+0x29b/0x6a0 [ 21.546526][ C1] ? do_unlinkat+0x48e/0x8b0 [ 21.550974][ C1] ? fsnotify_link_count+0x80/0x80 [ 21.555894][ C1] ? getname_flags+0x1ec/0x4e0 [ 21.560494][ C1] ? do_syscall_64+0xca/0x1c0 [ 21.565005][ C1] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 21.571019][ C1] [ 21.573192][ C1] The buggy address belongs to the page: [ 21.578658][ C1] page:ffffea000771d5c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 21.587597][ C1] flags: 0x8000000000000000() [ 21.592113][ C1] raw: 8000000000000000 ffffea000771d5c8 ffffea000771d5c8 0000000000000000 [ 21.600531][ C1] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 21.608945][ C1] page dumped because: kasan: bad access detected [ 21.615198][ C1] page_owner tracks the page as allocated [ 21.620751][ C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO) [ 21.631953][ C1] prep_new_page+0x18f/0x370 [ 21.636374][ C1] get_page_from_freelist+0x2d13/0x2d90 [ 21.641756][ C1] __alloc_pages_nodemask+0x393/0x840 [ 21.646966][ C1] dup_task_struct+0x85/0x600 [ 21.651475][ C1] copy_process+0x56d/0x3230 [ 21.655902][ C1] _do_fork+0x197/0x900 [ 21.659894][ C1] __x64_sys_clone+0x26b/0x2c0 [ 21.664496][ C1] do_syscall_64+0xca/0x1c0 [ 21.668834][ C1] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 21.674559][ C1] page_owner free stack trace missing [ 21.679767][ C1] [ 21.681937][ C1] addr ffff8881dc757b60 is located in stack of task udevd/359 at offset 0 in frame: [ 21.691141][ C1] _raw_spin_lock+0x0/0x1b0 [ 21.695508][ C1] [ 21.697647][ C1] this frame has 1 object: [ 21.701918][ C1] [32, 36) 'val.i.i.i' [ 21.701920][ C1] [ 21.708063][ C1] Memory state around the buggy address: [ 21.713532][ C1] ffff8881dc757a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.721429][ C1] ffff8881dc757a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.729328][ C1] >ffff8881dc757b00: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 [ 21.737228][ C1] ^ [ 21.744256][ C1] ffff8881dc757b80: 04 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.752154][ C1] ffff8881dc757c00: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 [ 21.760049][ C1] ================================================================== [ 21.767947][ C1] Disabling lock debugging due to kernel taint 2023/10/16 10:23:56 executed programs: 615 2023/10/16 10:24:01 executed programs: 1350