Warning: Permanently added '10.128.10.59' (ED25519) to the list of known hosts. 2024/01/30 19:59:06 ignoring optional flag "sandboxArg"="0" 2024/01/30 19:59:06 parsed 1 programs [ 47.677488][ T23] kauditd_printk_skb: 72 callbacks suppressed [ 47.677499][ T23] audit: type=1400 audit(1706644746.620:148): avc: denied { mounton } for pid=409 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 47.709827][ T23] audit: type=1400 audit(1706644746.630:149): avc: denied { mount } for pid=409 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 47.733035][ T23] audit: type=1400 audit(1706644746.650:150): avc: denied { unlink } for pid=409 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" 2024/01/30 19:59:06 executed programs: 0 [ 47.791459][ T409] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 47.873027][ T415] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.880465][ T415] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.887921][ T415] device bridge_slave_0 entered promiscuous mode [ 47.895207][ T415] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.902437][ T415] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.911647][ T415] device bridge_slave_1 entered promiscuous mode [ 47.962930][ T23] audit: type=1400 audit(1706644746.910:151): avc: denied { create } for pid=415 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 47.971617][ T415] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.983765][ T23] audit: type=1400 audit(1706644746.910:152): avc: denied { write } for pid=415 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 47.990941][ T415] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.991090][ T415] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.011694][ T23] audit: type=1400 audit(1706644746.910:153): avc: denied { read } for pid=415 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 48.018409][ T415] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.071064][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.078481][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.086269][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 48.094404][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.111960][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.121006][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.128106][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.135865][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.144093][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.150941][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.158178][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.170319][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.190517][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 48.199061][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 48.210861][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 48.228504][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 48.237459][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 48.252874][ T23] audit: type=1400 audit(1706644747.200:154): avc: denied { mounton } for pid=415 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=787 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 2024/01/30 19:59:11 executed programs: 562 2024/01/30 19:59:16 executed programs: 1141 2024/01/30 19:59:21 executed programs: 1687 [ 66.422999][ T74] cfg80211: failed to load regulatory.db 2024/01/30 19:59:26 executed programs: 2246 2024/01/30 19:59:31 executed programs: 2801 2024/01/30 19:59:36 executed programs: 3385 [ 82.046974][ T8193] kernel profiling enabled (shift: 0) 2024/01/30 19:59:41 executed programs: 3916 [ 83.320146][ C0] ================================================================== [ 83.328213][ C0] BUG: KASAN: stack-out-of-bounds in profile_pc+0xa4/0xe0 [ 83.335153][ C0] Read of size 8 at addr ffff8881ec94f520 by task udevd/162 [ 83.342265][ C0] [ 83.344459][ C0] CPU: 0 PID: 162 Comm: udevd Not tainted 5.4.265-syzkaller-04838-gc84a70203fff #0 [ 83.353726][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 83.363974][ C0] Call Trace: [ 83.367088][ C0] [ 83.369994][ C0] dump_stack+0x1d8/0x241 [ 83.374133][ C0] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 83.379796][ C0] ? printk+0xd1/0x111 [ 83.383680][ C0] ? profile_pc+0xa4/0xe0 [ 83.387961][ C0] ? wake_up_klogd+0xb2/0xf0 [ 83.392829][ C0] ? profile_pc+0xa4/0xe0 [ 83.396986][ C0] print_address_description+0x8c/0x600 [ 83.402371][ C0] ? panic+0x896/0x896 [ 83.406347][ C0] ? profile_pc+0xa4/0xe0 [ 83.410649][ C0] __kasan_report+0xf3/0x120 [ 83.415348][ C0] ? profile_pc+0xa4/0xe0 [ 83.419681][ C0] ? _raw_spin_lock+0xc0/0x1b0 [ 83.424375][ C0] kasan_report+0x30/0x60 [ 83.428536][ C0] profile_pc+0xa4/0xe0 [ 83.432527][ C0] profile_tick+0xb9/0x100 [ 83.436872][ C0] tick_sched_timer+0x237/0x3c0 [ 83.441558][ C0] ? tick_setup_sched_timer+0x460/0x460 [ 83.447027][ C0] __hrtimer_run_queues+0x3e9/0xb90 [ 83.452065][ C0] ? _raw_spin_unlock_irqrestore+0x57/0x80 [ 83.457786][ C0] ? swake_up_one+0x7e/0x140 [ 83.462225][ C0] ? hrtimer_interrupt+0x890/0x890 [ 83.467161][ C0] ? kvm_sched_clock_read+0x14/0x40 [ 83.472192][ C0] ? sched_clock+0x36/0x40 [ 83.476437][ C0] ? ktime_get+0xf9/0x130 [ 83.480618][ C0] ? ktime_get_update_offsets_now+0x26c/0x280 [ 83.486604][ C0] hrtimer_interrupt+0x38a/0x890 [ 83.491376][ C0] smp_apic_timer_interrupt+0x110/0x460 [ 83.496920][ C0] apic_timer_interrupt+0xf/0x20 [ 83.502032][ C0] [ 83.504815][ C0] ? _raw_spin_lock+0xc0/0x1b0 [ 83.509761][ C0] ? _raw_spin_trylock_bh+0x190/0x190 [ 83.515063][ C0] ? read_word_at_a_time+0x16/0x20 [ 83.520102][ C0] ? __d_lookup+0xe5/0x540 [ 83.524343][ C0] ? lookup_fast+0x119/0xa40 [ 83.528772][ C0] ? handle_dots+0xf10/0xf10 [ 83.533627][ C0] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 83.539533][ C0] ? walk_component+0x138/0x590 [ 83.544220][ C0] ? path_put_conditional+0x90/0x90 [ 83.549255][ C0] ? kernfs_refresh_inode+0x2b3/0x3d0 [ 83.554459][ C0] ? generic_permission+0x141/0x3e0 [ 83.560313][ C0] ? mutex_unlock+0x18/0x40 [ 83.564797][ C0] ? security_inode_permission+0xad/0xf0 [ 83.570447][ C0] ? link_path_walk+0x5c6/0x1040 [ 83.575221][ C0] ? set_root+0x30e/0x370 [ 83.579491][ C0] ? handle_lookup_down+0x5b0/0x5b0 [ 83.584807][ C0] ? path_init+0x217/0xee0 [ 83.589072][ C0] ? path_openat+0x1a3/0x3480 [ 83.593580][ C0] ? stack_trace_snprint+0x170/0x170 [ 83.598695][ C0] ? hashlen_string+0x110/0x110 [ 83.603392][ C0] ? __kasan_kmalloc+0x1d9/0x210 [ 83.608586][ C0] ? do_filp_open+0x450/0x450 [ 83.613425][ C0] ? do_sys_open+0x357/0x810 [ 83.617913][ C0] ? do_syscall_64+0xca/0x1c0 [ 83.622438][ C0] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 83.628433][ C0] ? do_filp_open+0x20b/0x450 [ 83.632944][ C0] ? vfs_tmpfile+0x280/0x280 [ 83.637365][ C0] ? _raw_spin_unlock+0x49/0x60 [ 83.642490][ C0] ? __alloc_fd+0x4c1/0x560 [ 83.646915][ C0] ? do_sys_open+0x39c/0x810 [ 83.651693][ C0] ? check_preemption_disabled+0x153/0x320 [ 83.657514][ C0] ? file_open_root+0x490/0x490 [ 83.662286][ C0] ? do_syscall_64+0xca/0x1c0 [ 83.666816][ C0] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 83.672697][ C0] [ 83.674852][ C0] The buggy address belongs to the page: [ 83.680411][ C0] page:ffffea0007b253c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 83.689436][ C0] flags: 0x8000000000000000() [ 83.694043][ C0] raw: 8000000000000000 ffffea0007b253c8 ffffea0007b253c8 0000000000000000 [ 83.703077][ C0] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 83.711491][ C0] page dumped because: kasan: bad access detected [ 83.717934][ C0] page_owner tracks the page as allocated [ 83.723493][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO) [ 83.734953][ C0] prep_new_page+0x18f/0x370 [ 83.739388][ C0] get_page_from_freelist+0x2d13/0x2d90 [ 83.744839][ C0] __alloc_pages_nodemask+0x393/0x840 [ 83.750227][ C0] dup_task_struct+0x85/0x600 [ 83.754911][ C0] copy_process+0x56d/0x3230 [ 83.759426][ C0] _do_fork+0x197/0x900 [ 83.763418][ C0] __x64_sys_clone+0x26b/0x2c0 [ 83.768125][ C0] do_syscall_64+0xca/0x1c0 [ 83.772526][ C0] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 83.778246][ C0] page_owner free stack trace missing [ 83.783553][ C0] [ 83.785716][ C0] addr ffff8881ec94f520 is located in stack of task udevd/162 at offset 0 in frame: [ 83.795098][ C0] _raw_spin_lock+0x0/0x1b0 [ 83.799423][ C0] [ 83.801630][ C0] this frame has 1 object: [ 83.805848][ C0] [32, 36) 'val.i.i.i' [ 83.805849][ C0] [ 83.812093][ C0] Memory state around the buggy address: [ 83.817570][ C0] ffff8881ec94f400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 83.825466][ C0] ffff8881ec94f480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 83.833460][ C0] >ffff8881ec94f500: 00 00 00 00 f1 f1 f1 f1 04 f3 f3 f3 00 00 00 00 [ 83.841356][ C0] ^ [ 83.846308][ C0] ffff8881ec94f580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 83.854204][ C0] ffff8881ec94f600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 83.862099][ C0] ================================================================== [ 83.870093][ C0] Disabling lock debugging due to kernel taint 2024/01/30 19:59:46 executed programs: 4433 2024/01/30 19:59:51 executed programs: 4992