Warning: Permanently added '10.128.0.188' (ED25519) to the list of known hosts. 2023/10/05 20:48:29 ignoring optional flag "sandboxArg"="0" 2023/10/05 20:48:29 parsed 1 programs [ 47.064269][ T23] kauditd_printk_skb: 72 callbacks suppressed [ 47.064275][ T23] audit: type=1400 audit(1696538909.360:148): avc: denied { mounton } for pid=410 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 47.095098][ T23] audit: type=1400 audit(1696538909.380:149): avc: denied { mount } for pid=410 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 47.118194][ T23] audit: type=1400 audit(1696538909.400:150): avc: denied { unlink } for pid=410 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" 2023/10/05 20:48:29 executed programs: 0 [ 47.164413][ T410] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 47.219137][ T416] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.226129][ T416] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.233749][ T416] device bridge_slave_0 entered promiscuous mode [ 47.240380][ T416] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.248052][ T416] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.255457][ T416] device bridge_slave_1 entered promiscuous mode [ 47.289310][ T23] audit: type=1400 audit(1696538909.580:151): avc: denied { create } for pid=416 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 47.295728][ T416] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.309984][ T23] audit: type=1400 audit(1696538909.580:152): avc: denied { write } for pid=416 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 47.316778][ T416] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.316873][ T416] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.342737][ T23] audit: type=1400 audit(1696538909.580:153): avc: denied { read } for pid=416 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 47.349847][ T416] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.397226][ T355] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.404388][ T355] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.412087][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 47.419622][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.429557][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.437772][ T107] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.444650][ T107] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.461543][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.469571][ T107] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.476510][ T107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.484330][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 47.492132][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 47.511168][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 47.519459][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 47.527444][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 47.541055][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 47.549998][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 47.561429][ T23] audit: type=1400 audit(1696538909.860:154): avc: denied { mounton } for pid=416 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=10749 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 47.592717][ T423] kernel profiling enabled (shift: 0) [ 49.070874][ C1] ================================================================== [ 49.079039][ C1] BUG: KASAN: stack-out-of-bounds in profile_pc+0xa4/0xe0 [ 49.085949][ C1] Read of size 8 at addr ffff8881ec977860 by task udevd/162 [ 49.093137][ C1] [ 49.095310][ C1] CPU: 1 PID: 162 Comm: udevd Not tainted 5.4.254-syzkaller-04732-g5f1cbd78af59 #0 [ 49.104506][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 49.114402][ C1] Call Trace: [ 49.117525][ C1] [ 49.120228][ C1] dump_stack+0x1d8/0x241 [ 49.124397][ C1] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 49.130459][ C1] ? printk+0xd1/0x111 [ 49.134367][ C1] ? profile_pc+0xa4/0xe0 [ 49.138531][ C1] ? wake_up_klogd+0xb2/0xf0 [ 49.142972][ C1] ? profile_pc+0xa4/0xe0 [ 49.147140][ C1] print_address_description+0x8c/0x600 [ 49.152520][ C1] ? panic+0x896/0x896 [ 49.156414][ C1] ? profile_pc+0xa4/0xe0 [ 49.160576][ C1] __kasan_report+0xf3/0x120 [ 49.165005][ C1] ? profile_pc+0xa4/0xe0 [ 49.169171][ C1] ? _raw_spin_lock+0xc0/0x1b0 [ 49.173773][ C1] kasan_report+0x30/0x60 [ 49.177941][ C1] profile_pc+0xa4/0xe0 [ 49.181949][ C1] profile_tick+0xb9/0x100 [ 49.186238][ C1] tick_sched_timer+0x237/0x3c0 [ 49.190898][ C1] ? tick_setup_sched_timer+0x460/0x460 [ 49.196350][ C1] __hrtimer_run_queues+0x3e9/0xb90 [ 49.201385][ C1] ? hrtimer_interrupt+0x890/0x890 [ 49.206494][ C1] ? debug_smp_processor_id+0x20/0x20 [ 49.211873][ C1] ? ktime_get+0xf9/0x130 [ 49.216041][ C1] ? ktime_get_update_offsets_now+0x26c/0x280 [ 49.222056][ C1] hrtimer_interrupt+0x38a/0x890 [ 49.226806][ C1] smp_apic_timer_interrupt+0x110/0x460 [ 49.232206][ C1] apic_timer_interrupt+0xf/0x20 [ 49.237224][ C1] [ 49.240007][ C1] ? _raw_spin_lock+0xc0/0x1b0 [ 49.244615][ C1] ? _raw_spin_trylock_bh+0x190/0x190 [ 49.249889][ C1] ? lockref_mark_dead+0xa0/0xa0 [ 49.254838][ C1] ? legitimize_links+0x25b/0x350 [ 49.259956][ C1] ? d_hash_and_lookup+0x1e0/0x1e0 [ 49.265214][ C1] ? handle_dots+0xf10/0xf10 [ 49.269591][ C1] ? __d_add+0x2f/0x7f0 [ 49.273598][ C1] ? unlazy_walk+0x387/0x610 [ 49.278025][ C1] ? d_set_d_op+0x281/0x3a0 [ 49.282372][ C1] ? simple_lookup+0xba/0xf0 [ 49.286955][ C1] ? __lookup_slow+0x306/0x460 [ 49.291641][ C1] ? lookup_one_len+0x2c0/0x2c0 [ 49.296325][ C1] ? handle_dots+0xf10/0xf10 [ 49.300750][ C1] ? lookup_slow+0x53/0x70 [ 49.305020][ C1] ? walk_component+0x2dc/0x590 [ 49.309806][ C1] ? path_put_conditional+0x90/0x90 [ 49.314817][ C1] ? handle_lookup_down+0x5b0/0x5b0 [ 49.319937][ C1] ? path_init+0x217/0xee0 [ 49.324278][ C1] ? path_lookupat+0x182/0x3f0 [ 49.328874][ C1] ? filename_lookup+0x253/0x6e0 [ 49.333647][ C1] ? hashlen_string+0x110/0x110 [ 49.338420][ C1] ? getname_flags+0x1ec/0x4e0 [ 49.344397][ C1] ? do_readlinkat+0x114/0x3a0 [ 49.349152][ C1] ? cp_old_stat+0x900/0x900 [ 49.354385][ C1] ? vfs_write+0x4e0/0x4e0 [ 49.358737][ C1] ? __x64_sys_readlink+0x7b/0x90 [ 49.363772][ C1] ? do_syscall_64+0xca/0x1c0 [ 49.368263][ C1] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 49.374165][ C1] [ 49.376326][ C1] The buggy address belongs to the page: [ 49.381889][ C1] page:ffffea0007b25dc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 49.390837][ C1] flags: 0x8000000000000000() [ 49.395349][ C1] raw: 8000000000000000 ffffea0007b25dc8 ffffea0007b25dc8 0000000000000000 [ 49.404032][ C1] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 49.412526][ C1] page dumped because: kasan: bad access detected [ 49.418959][ C1] page_owner tracks the page as allocated [ 49.424723][ C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO) [ 49.436943][ C1] prep_new_page+0x18f/0x370 [ 49.441739][ C1] get_page_from_freelist+0x2d13/0x2d90 [ 49.447397][ C1] __alloc_pages_nodemask+0x393/0x840 [ 49.452596][ C1] dup_task_struct+0x85/0x600 [ 49.457125][ C1] copy_process+0x56d/0x3230 [ 49.461641][ C1] _do_fork+0x197/0x900 [ 49.465696][ C1] __x64_sys_clone+0x26b/0x2c0 [ 49.470296][ C1] do_syscall_64+0xca/0x1c0 [ 49.474751][ C1] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 49.480533][ C1] page_owner free stack trace missing [ 49.485830][ C1] [ 49.488007][ C1] addr ffff8881ec977860 is located in stack of task udevd/162 at offset 0 in frame: [ 49.497203][ C1] _raw_spin_lock+0x0/0x1b0 [ 49.501893][ C1] [ 49.504056][ C1] this frame has 1 object: [ 49.508318][ C1] [32, 36) 'val.i.i.i' [ 49.508321][ C1] [ 49.514471][ C1] Memory state around the buggy address: [ 49.519944][ C1] ffff8881ec977700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 49.527848][ C1] ffff8881ec977780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 49.535844][ C1] >ffff8881ec977800: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 [ 49.544243][ C1] ^ [ 49.551379][ C1] ffff8881ec977880: 04 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 [ 49.559444][ C1] ffff8881ec977900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 49.567419][ C1] ================================================================== [ 49.575460][ C1] Disabling lock debugging due to kernel taint 2023/10/05 20:48:34 executed programs: 563 2023/10/05 20:48:39 executed programs: 1284