Warning: Permanently added '10.128.1.75' (ED25519) to the list of known hosts. 2023/09/28 17:26:34 ignoring optional flag "sandboxArg"="0" 2023/09/28 17:26:34 parsed 1 programs [ 102.053607][ T27] kauditd_printk_skb: 76 callbacks suppressed [ 102.053622][ T27] audit: type=1400 audit(1695921994.328:205): avc: denied { getattr } for pid=5382 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 102.083593][ T27] audit: type=1400 audit(1695921994.328:206): avc: denied { read } for pid=5382 comm="syz-execprog" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 102.106521][ T27] audit: type=1400 audit(1695921994.328:207): avc: denied { open } for pid=5382 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 102.143784][ T27] audit: type=1400 audit(1695921994.418:208): avc: denied { mounton } for pid=5387 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 102.172350][ T27] audit: type=1400 audit(1695921994.428:209): avc: denied { mount } for pid=5387 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 102.196623][ T27] audit: type=1400 audit(1695921994.448:210): avc: denied { read write } for pid=5387 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 102.224513][ T27] audit: type=1400 audit(1695921994.448:211): avc: denied { open } for pid=5387 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 102.251006][ T27] audit: type=1400 audit(1695921994.508:212): avc: denied { unlink } for pid=5387 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 102.753824][ T27] audit: type=1400 audit(1695921995.028:213): avc: denied { relabelto } for pid=5389 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" 2023/09/28 17:26:36 executed programs: 0 [ 104.134953][ T5387] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 104.196863][ T4438] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 104.207154][ T4438] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 104.214902][ T4438] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 104.222799][ T4438] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 104.230141][ T4438] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 104.237780][ T4438] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 104.253334][ T27] audit: type=1400 audit(1695921996.518:214): avc: denied { mounton } for pid=5393 comm="syz-executor.0" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 104.407289][ T5393] chnl_net:caif_netlink_parms(): no params data found [ 104.479946][ T5393] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.487320][ T5393] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.494515][ T5393] bridge_slave_0: entered allmulticast mode [ 104.501477][ T5393] bridge_slave_0: entered promiscuous mode [ 104.509979][ T5393] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.517218][ T5393] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.524424][ T5393] bridge_slave_1: entered allmulticast mode [ 104.531356][ T5393] bridge_slave_1: entered promiscuous mode [ 104.566593][ T5393] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.579410][ T5393] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.614423][ T5393] team0: Port device team_slave_0 added [ 104.623215][ T5393] team0: Port device team_slave_1 added [ 104.653507][ T5393] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 104.660462][ T5393] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.686901][ T5393] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.699739][ T5393] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 104.706879][ T5393] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.733178][ T5393] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 104.778318][ T5393] hsr_slave_0: entered promiscuous mode [ 104.784885][ T5393] hsr_slave_1: entered promiscuous mode [ 105.842934][ T5393] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 105.856211][ T5393] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 105.878614][ T5393] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 105.891159][ T5393] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 106.026950][ T5393] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.056206][ T5393] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.076802][ T777] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.084156][ T777] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.105088][ T777] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.112309][ T777] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.187626][ T5393] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 106.339114][ T4438] Bluetooth: hci0: command 0x0409 tx timeout [ 106.407075][ T5393] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 106.478611][ T5393] veth0_vlan: entered promiscuous mode [ 106.495096][ T5393] veth1_vlan: entered promiscuous mode [ 106.544663][ T5393] veth0_macvtap: entered promiscuous mode [ 106.556912][ T5393] veth1_macvtap: entered promiscuous mode [ 106.589833][ T5393] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 106.610831][ T5393] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 106.629323][ T5393] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.641088][ T5393] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.651474][ T5393] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.663826][ T5393] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.789374][ T777] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.821795][ T777] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.868682][ T5051] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.879521][ T5051] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.043281][ T5460] loop0: detected capacity change from 0 to 8192 [ 107.063684][ T5460] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 107.080023][ T5460] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 107.091657][ T5460] REISERFS (device loop0): using ordered data mode [ 107.099268][ T5460] reiserfs: using flush barriers [ 107.108404][ T5460] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 107.127513][ T5460] REISERFS (device loop0): checking transaction log (loop0) [ 107.141916][ T5460] REISERFS (device loop0): Using r5 hash to sort names [ 107.153802][ T27] kauditd_printk_skb: 4 callbacks suppressed [ 107.153816][ T27] audit: type=1400 audit(1695921999.428:219): avc: denied { mount } for pid=5459 comm="syz-executor.0" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 107.183877][ T5460] reiserfs: enabling write barrier flush mode [ 107.195439][ T27] audit: type=1400 audit(1695921999.458:220): avc: denied { remount } for pid=5459 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 107.277660][ T5378] general p[ 107.277660][ T5378] general protection fault, probably for non-canonical address 0xdffffcc020008009: 0000 [#1] PREEMPT SMP KASAN [ 107.279865][ T5378] ================================================================== [ 107.279875][ T5378] BUG: KASAN: out-of-bounds in page_fault_oops+0xa25/0xad0 [ 107.279904][ T5378] Read of size 8 at addr ffffc9000366f590 by task udevd/5378 [ 107.279921][ T5378] [ 107.279926][ T5378] CPU: 0 PID: 5378 Comm: udevd Not tainted 6.6.0-rc3-syzkaller-00044-g633b47cb009d #0 [ 107.279948][ T5378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 107.279966][ T5378] Call Trace: [ 107.279973][ T5378] [ 107.279980][ T5378] dump_stack_lvl+0xd9/0x1b0 [ 107.280002][ T5378] print_report+0xc4/0x620 [ 107.280025][ T5378] ? __virt_addr_valid+0x5e/0x2d0 [ 107.280050][ T5378] kasan_report+0xda/0x110 [ 107.280071][ T5378] ? page_fault_oops+0xa25/0xad0 [ 107.280092][ T5378] ? page_fault_oops+0xa25/0xad0 [ 107.280114][ T5378] page_fault_oops+0xa25/0xad0 [ 107.280136][ T5378] ? dump_pagetable+0x530/0x530 [ 107.280161][ T5378] do_user_addr_fault+0x53d/0x1000 [ 107.280183][ T5378] ? irqentry_enter+0x2c/0x50 [ 107.280210][ T5378] ? rcu_is_watching+0x12/0xb0 [ 107.280242][ T5378] exc_page_fault+0x5c/0xd0 [ 107.280269][ T5378] asm_exc_page_fault+0x26/0x30 [ 107.280294][ T5378] RIP: 0010:0x60100040048 [ 107.280308][ T5378] Code: Unable to access opcode bytes at 0x6010004001e. [ 107.280317][ T5378] RSP: 0018:ffffc9000366f5b8 EFLAGS: 00010082 [ 107.280336][ T5378] RAX: 0000000080000002 RBX: 0000060100040048 RCX: 0000000000000001 [ 107.280350][ T5378] RDX: 0000000000000004 RSI: ffffffff8ae90f20 RDI: 0000000000000001 [ 107.280363][ T5378] RBP: 0000000200000001 R08: 0000000000000005 R09: 0000000000000000 [ 107.280376][ T5378] R10: 00000000000026b4 R11: 205d383733355420 R12: 0000060100040048 [ 107.280390][ T5378] R13: 0000000200000001 R14: fffffbfff24ac066 R15: dffffc0000000000 [ 107.280456][ T5378] [ 107.280462][ T5378] [ 107.280465][ T5378] The buggy address belongs to stack of task udevd/5378 [ 107.280475][ T5378] and is located at offset 536 in frame: [ 107.280481][ T5378] page_fault_oops+0x0/0xad0 [ 107.280500][ T5378] [ 107.280503][ T5378] This frame has 5 objects: [ 107.280512][ T5378] [32, 34) 'ldtr' [ 107.280522][ T5378] [48, 52) 'level' [ 107.280533][ T5378] [64, 74) 'idt' [ 107.280542][ T5378] [96, 106) 'gdt' [ 107.280553][ T5378] [128, 160) 'info' [ 107.280562][ T5378] [ 107.280568][ T5378] The buggy address belongs to the virtual mapping at [ 107.280568][ T5378] [ffffc90003668000, ffffc90003671000) created by: [ 107.280568][ T5378] kernel_clone+0xfd/0x920 [ 107.280598][ T5378] [ 107.280601][ T5378] The buggy address belongs to the physical page: [ 107.280608][ T5378] page:ffffea00019a7780 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x669de [ 107.280629][ T5378] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 107.280645][ T5378] page_type: 0xffffffff() [ 107.280662][ T5378] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 107.280678][ T5378] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 107.280687][ T5378] page dumped because: kasan: bad access detected [ 107.280695][ T5378] page_owner tracks the page as allocated [ 107.280699][ T5378] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102dc2(GFP_HIGHUSER|__GFP_NOWARN|__GFP_ZERO), pid 4486, tgid 4486 (udevd), ts 99773070417, free_ts 99713782497 [ 107.280733][ T5378] post_alloc_hook+0x2cf/0x340 [ 107.280756][ T5378] get_page_from_freelist+0xee0/0x2f20 [ 107.280781][ T5378] __alloc_pages+0x1d0/0x4a0 [ 107.280805][ T5378] alloc_pages+0x1a9/0x270 [ 107.280825][ T5378] __vmalloc_node_range+0xa6e/0x1540 [ 107.280846][ T5378] copy_process+0x13e3/0x73f0 [ 107.280864][ T5378] kernel_clone+0xfd/0x920 [ 107.280882][ T5378] __do_sys_clone+0xba/0x100 [ 107.280900][ T5378] do_syscall_64+0x38/0xb0 [ 107.280920][ T5378] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 107.280943][ T5378] page last free stack trace: [ 107.280948][ T5378] free_unref_page_prepare+0x476/0xa40 [ 107.280977][ T5378] free_unref_page+0x33/0x3b0 [ 107.281000][ T5378] slabs_destroy+0x85/0xc0 [ 107.281016][ T5378] ___cache_free+0x2b7/0x420 [ 107.281033][ T5378] qlist_free_all+0x4c/0x1b0 [ 107.281058][ T5378] kasan_quarantine_reduce+0x18e/0x1d0 [ 107.281083][ T5378] __kasan_slab_alloc+0x65/0x90 [ 107.281103][ T5378] kmem_cache_alloc_node+0x173/0x540 [ 107.281121][ T5378] __alloc_skb+0x287/0x330 [ 107.281138][ T5378] alloc_skb_with_frags+0xe4/0x710 [ 107.281159][ T5378] sock_alloc_send_pskb+0x7e4/0x970 [ 107.281183][ T5378] unix_dgram_sendmsg+0x455/0x1c30 [ 107.281205][ T5378] sock_sendmsg+0xd9/0x180 [ 107.281231][ T5378] sock_write_iter+0x29b/0x3d0 [ 107.281257][ T5378] vfs_write+0x650/0xe40 [ 107.281278][ T5378] ksys_write+0x1f0/0x250 [ 107.281300][ T5378] [ 107.281303][ T5378] Memory state around the buggy address: [ 107.281312][ T5378] ffffc9000366f480: 48 00 04 00 01 06 00 00 01 00 00 00 02 00 00 00 [ 107.281326][ T5378] ffffc9000366f500: 48 00 04 00 01 06 00 00 01 00 00 00 02 00 00 00 [ 107.281341][ T5378] >ffffc9000366f580: 48 00 04 00 01 06 00 00 01 00 00 00 02 00 00 00 [ 107.281351][ T5378] ^ [ 107.281360][ T5378] ffffc9000366f600: 48 00 04 00 01 06 00 00 01 00 00 00 02 00 00 00 [ 107.281374][ T5378] ffffc9000366f680: 48 00 04 00 01 06 00 00 01 00 00 00 02 00 00 00 [ 107.281385][ T5378] ================================================================== [ 107.281394][ T5378] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 107.281598][ T5378] Kernel Offset: disabled