Warning: Permanently added '10.128.0.172' (ED25519) to the list of known hosts. 2023/10/30 13:46:12 ignoring optional flag "sandboxArg"="0" 2023/10/30 13:46:12 parsed 1 programs 2023/10/30 13:46:12 executed programs: 0 [ 42.756849][ T23] kauditd_printk_skb: 67 callbacks suppressed [ 42.756859][ T23] audit: type=1400 audit(1698673572.590:143): avc: denied { mounton } for pid=404 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 42.789448][ T23] audit: type=1400 audit(1698673572.620:144): avc: denied { mount } for pid=404 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 42.812750][ T408] cgroup1: Unknown subsys name 'perf_event' [ 42.812819][ T23] audit: type=1400 audit(1698673572.620:145): avc: denied { mounton } for pid=408 comm="syz-executor.0" path="/syzcgroup/unified" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 42.819189][ T408] cgroup1: Unknown subsys name 'net_cls' [ 42.842771][ T23] audit: type=1400 audit(1698673572.620:146): avc: denied { mounton } for pid=408 comm="syz-executor.0" path="/syzcgroup/cpu" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 42.904721][ T408] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.911770][ T408] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.919942][ T408] device bridge_slave_0 entered promiscuous mode [ 42.928967][ T408] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.936078][ T408] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.943355][ T408] device bridge_slave_1 entered promiscuous mode [ 42.994432][ T408] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.001274][ T408] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.008545][ T408] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.015390][ T408] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.039839][ T362] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.047815][ T362] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.055687][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 43.063264][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 43.073152][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 43.081600][ T361] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.088581][ T361] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.105218][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 43.113302][ T362] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.120343][ T362] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.127713][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 43.135666][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 43.154601][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 43.175509][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 43.184279][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 43.201660][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 43.210039][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 43.232058][ T415] kernel profiling enabled (shift: 7) [ 43.473834][ C0] ================================================================== [ 43.481758][ C0] BUG: KASAN: stack-out-of-bounds in profile_pc+0xa4/0xe0 [ 43.488766][ C0] Read of size 8 at addr ffff8881ec92fce0 by task udevd/162 [ 43.496000][ C0] [ 43.498361][ C0] CPU: 0 PID: 162 Comm: udevd Not tainted 5.4.254-syzkaller-04740-g65fc90b61bc7 #0 [ 43.507776][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 43.517749][ C0] Call Trace: [ 43.520872][ C0] [ 43.523681][ C0] dump_stack+0x1d8/0x241 [ 43.527840][ C0] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 43.533505][ C0] ? printk+0xd1/0x111 [ 43.537556][ C0] ? profile_pc+0xa4/0xe0 [ 43.541805][ C0] ? wake_up_klogd+0xb2/0xf0 [ 43.546237][ C0] ? profile_pc+0xa4/0xe0 [ 43.550393][ C0] print_address_description+0x8c/0x600 [ 43.555865][ C0] ? panic+0x896/0x896 [ 43.559774][ C0] ? profile_pc+0xa4/0xe0 [ 43.564027][ C0] __kasan_report+0xf3/0x120 [ 43.568463][ C0] ? profile_pc+0xa4/0xe0 [ 43.572827][ C0] ? _raw_spin_lock+0xc0/0x1b0 [ 43.577925][ C0] kasan_report+0x30/0x60 [ 43.582696][ C0] profile_pc+0xa4/0xe0 [ 43.586930][ C0] profile_tick+0xb9/0x100 [ 43.591281][ C0] tick_sched_timer+0x237/0x3c0 [ 43.595966][ C0] ? tick_setup_sched_timer+0x460/0x460 [ 43.601349][ C0] __hrtimer_run_queues+0x3e9/0xb90 [ 43.606390][ C0] ? hrtimer_interrupt+0x890/0x890 [ 43.611422][ C0] ? kvm_sched_clock_read+0x14/0x40 [ 43.616437][ C0] ? sched_clock+0x36/0x40 [ 43.620784][ C0] ? sched_clock_cpu+0x18/0x3a0 [ 43.625746][ C0] ? ktime_get_update_offsets_now+0x26c/0x280 [ 43.631722][ C0] hrtimer_interrupt+0x38a/0x890 [ 43.636594][ C0] smp_apic_timer_interrupt+0x110/0x460 [ 43.641968][ C0] apic_timer_interrupt+0xf/0x20 [ 43.646821][ C0] [ 43.649955][ C0] ? _raw_spin_lock+0xc0/0x1b0 [ 43.654730][ C0] ? _raw_spin_trylock_bh+0x190/0x190 [ 43.660111][ C0] ? __check_object_size+0x2bd/0x3a0 [ 43.665233][ C0] ? __alloc_fd+0x3c/0x560 [ 43.669597][ C0] ? do_sys_open+0x374/0x810 [ 43.674022][ C0] ? check_preemption_disabled+0x153/0x320 [ 43.679651][ C0] ? file_open_root+0x490/0x490 [ 43.684432][ C0] ? switch_fpu_return+0x1d4/0x410 [ 43.689386][ C0] ? getname_flags+0x1ec/0x4e0 [ 43.693980][ C0] ? do_syscall_64+0xca/0x1c0 [ 43.698485][ C0] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 43.704391][ C0] [ 43.706810][ C0] The buggy address belongs to the page: [ 43.713168][ C0] page:ffffea0007b24bc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 43.722183][ C0] flags: 0x8000000000000000() [ 43.726702][ C0] raw: 8000000000000000 ffffea0007b24bc8 ffffea0007b24bc8 0000000000000000 [ 43.735116][ C0] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 43.743618][ C0] page dumped because: kasan: bad access detected [ 43.749862][ C0] page_owner tracks the page as allocated [ 43.755425][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO) [ 43.766628][ C0] prep_new_page+0x18f/0x370 [ 43.771329][ C0] get_page_from_freelist+0x2d13/0x2d90 [ 43.776912][ C0] __alloc_pages_nodemask+0x393/0x840 [ 43.782301][ C0] dup_task_struct+0x85/0x600 [ 43.786806][ C0] copy_process+0x56d/0x3230 [ 43.791224][ C0] _do_fork+0x197/0x900 [ 43.795216][ C0] __x64_sys_clone+0x26b/0x2c0 [ 43.799813][ C0] do_syscall_64+0xca/0x1c0 [ 43.804145][ C0] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 43.809876][ C0] page_owner free stack trace missing [ 43.815093][ C0] [ 43.817258][ C0] addr ffff8881ec92fce0 is located in stack of task udevd/162 at offset 0 in frame: [ 43.826753][ C0] _raw_spin_lock+0x0/0x1b0 [ 43.831243][ C0] [ 43.833501][ C0] this frame has 1 object: [ 43.837842][ C0] [32, 36) 'val.i.i.i' [ 43.837845][ C0] [ 43.844876][ C0] Memory state around the buggy address: [ 43.851061][ C0] ffff8881ec92fb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 43.859201][ C0] ffff8881ec92fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 43.867617][ C0] >ffff8881ec92fc80: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 [ 43.875672][ C0] ^ [ 43.882795][ C0] ffff8881ec92fd00: 04 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 [ 43.890784][ C0] ffff8881ec92fd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 43.898676][ C0] ================================================================== [ 43.907210][ C0] Disabling lock debugging due to kernel taint 2023/10/30 13:46:17 executed programs: 597 2023/10/30 13:46:22 executed programs: 1221