Warning: Permanently added '10.128.1.147' (ED25519) to the list of known hosts. 2024/02/14 08:07:38 ignoring optional flag "sandboxArg"="0" 2024/02/14 08:07:38 parsed 1 programs [ 41.617563][ T23] kauditd_printk_skb: 72 callbacks suppressed [ 41.617575][ T23] audit: type=1400 audit(1707898058.660:148): avc: denied { mounton } for pid=403 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 41.648520][ T23] audit: type=1400 audit(1707898058.660:149): avc: denied { mount } for pid=403 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 41.671813][ T23] audit: type=1400 audit(1707898058.700:150): avc: denied { unlink } for pid=403 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" 2024/02/14 08:07:38 executed programs: 0 [ 41.745004][ T403] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 41.817890][ T409] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.825275][ T409] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.833181][ T409] device bridge_slave_0 entered promiscuous mode [ 41.840040][ T409] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.847006][ T409] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.854755][ T409] device bridge_slave_1 entered promiscuous mode [ 41.901342][ T23] audit: type=1400 audit(1707898058.950:151): avc: denied { create } for pid=409 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 41.918748][ T409] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.923685][ T23] audit: type=1400 audit(1707898058.960:152): avc: denied { write } for pid=409 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 41.930918][ T409] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.931036][ T409] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.952479][ T23] audit: type=1400 audit(1707898058.960:153): avc: denied { read } for pid=409 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 41.959273][ T409] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.011167][ T107] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.018495][ T107] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.026331][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 42.034284][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.051009][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 42.059322][ T107] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.066728][ T107] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.074044][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 42.082209][ T107] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.089204][ T107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.096640][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 42.106519][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 42.131769][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 42.139977][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 42.150093][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 42.168251][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 42.176563][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 42.190606][ T23] audit: type=1400 audit(1707898059.240:154): avc: denied { mounton } for pid=409 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=781 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 42.224002][ T415] kernel profiling enabled (shift: 0) [ 44.800309][ C1] ================================================================== [ 44.808499][ C1] BUG: KASAN: stack-out-of-bounds in profile_pc+0xa4/0xe0 [ 44.815516][ C1] Read of size 8 at addr ffff8881ec93f8a0 by task udevd/162 [ 44.822826][ C1] [ 44.824997][ C1] CPU: 1 PID: 162 Comm: udevd Not tainted 5.4.265-syzkaller-04843-g1b3143b9b166 #0 [ 44.834271][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 44.844637][ C1] Call Trace: [ 44.847752][ C1] [ 44.850753][ C1] dump_stack+0x1d8/0x241 [ 44.854984][ C1] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 44.860721][ C1] ? printk+0xd1/0x111 [ 44.864842][ C1] ? profile_pc+0xa4/0xe0 [ 44.869384][ C1] ? wake_up_klogd+0xb2/0xf0 [ 44.873827][ C1] ? profile_pc+0xa4/0xe0 [ 44.877991][ C1] print_address_description+0x8c/0x600 [ 44.883535][ C1] ? panic+0x896/0x896 [ 44.887430][ C1] ? profile_pc+0xa4/0xe0 [ 44.891603][ C1] __kasan_report+0xf3/0x120 [ 44.896272][ C1] ? profile_pc+0xa4/0xe0 [ 44.900442][ C1] ? _raw_spin_lock+0x8a/0x1b0 [ 44.905130][ C1] kasan_report+0x30/0x60 [ 44.909385][ C1] profile_pc+0xa4/0xe0 [ 44.913469][ C1] profile_tick+0xb9/0x100 [ 44.917722][ C1] tick_sched_timer+0x237/0x3c0 [ 44.922419][ C1] ? tick_setup_sched_timer+0x460/0x460 [ 44.927790][ C1] __hrtimer_run_queues+0x3e9/0xb90 [ 44.932817][ C1] ? _raw_spin_unlock_irqrestore+0x57/0x80 [ 44.938467][ C1] ? swake_up_one+0x7e/0x140 [ 44.942890][ C1] ? hrtimer_interrupt+0x890/0x890 [ 44.947924][ C1] ? kvm_sched_clock_read+0x14/0x40 [ 44.953166][ C1] ? sched_clock+0x36/0x40 [ 44.957610][ C1] ? ktime_get+0xf9/0x130 [ 44.961772][ C1] ? ktime_get_update_offsets_now+0x26c/0x280 [ 44.967958][ C1] hrtimer_interrupt+0x38a/0x890 [ 44.972819][ C1] smp_apic_timer_interrupt+0x110/0x460 [ 44.978190][ C1] apic_timer_interrupt+0xf/0x20 [ 44.982960][ C1] [ 44.985738][ C1] ? dput+0xb0/0x2f0 [ 44.989468][ C1] ? _raw_spin_lock+0x8a/0x1b0 [ 44.994069][ C1] ? _raw_spin_trylock_bh+0x190/0x190 [ 44.999373][ C1] ? walk_component+0x4fd/0x590 [ 45.004077][ C1] ? lockref_put_return+0xbf/0xe0 [ 45.008922][ C1] ? dput+0xf1/0x2f0 [ 45.012643][ C1] ? terminate_walk+0x192/0x450 [ 45.017468][ C1] ? path_lookupat+0x27c/0x3f0 [ 45.022222][ C1] ? filename_lookup+0x253/0x6e0 [ 45.027081][ C1] ? hashlen_string+0x110/0x110 [ 45.031979][ C1] ? getname_flags+0x1ec/0x4e0 [ 45.036739][ C1] ? vfs_statx+0x115/0x210 [ 45.040985][ C1] ? vfs_statx_fd+0xb0/0xb0 [ 45.045322][ C1] ? hashlen_string+0x110/0x110 [ 45.050012][ C1] ? __se_sys_newfstatat+0xce/0x770 [ 45.055037][ C1] ? __x64_sys_newfstatat+0xa0/0xa0 [ 45.060271][ C1] ? mntput_no_expire+0x108/0x6d0 [ 45.065311][ C1] ? vfs_submount+0xb0/0xb0 [ 45.069744][ C1] ? dput+0x29b/0x2f0 [ 45.073640][ C1] ? _raw_spin_unlock_irq+0x4a/0x60 [ 45.078670][ C1] ? do_syscall_64+0xca/0x1c0 [ 45.083188][ C1] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 45.089081][ C1] [ 45.091248][ C1] The buggy address belongs to the page: [ 45.096718][ C1] page:ffffea0007b24fc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 45.105669][ C1] flags: 0x8000000000000000() [ 45.110215][ C1] raw: 8000000000000000 ffffea0007b24fc8 ffffea0007b24fc8 0000000000000000 [ 45.119031][ C1] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 45.127524][ C1] page dumped because: kasan: bad access detected [ 45.133782][ C1] page_owner tracks the page as allocated [ 45.139340][ C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO) [ 45.150882][ C1] prep_new_page+0x18f/0x370 [ 45.155307][ C1] get_page_from_freelist+0x2d13/0x2d90 [ 45.160691][ C1] __alloc_pages_nodemask+0x393/0x840 [ 45.165989][ C1] dup_task_struct+0x85/0x600 [ 45.170497][ C1] copy_process+0x56d/0x3230 [ 45.175296][ C1] _do_fork+0x197/0x900 [ 45.179283][ C1] __x64_sys_clone+0x26b/0x2c0 [ 45.183915][ C1] do_syscall_64+0xca/0x1c0 [ 45.188310][ C1] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 45.194030][ C1] page_owner free stack trace missing [ 45.199233][ C1] [ 45.201410][ C1] addr ffff8881ec93f8a0 is located in stack of task udevd/162 at offset 0 in frame: [ 45.211710][ C1] _raw_spin_lock+0x0/0x1b0 [ 45.216208][ C1] [ 45.218389][ C1] this frame has 1 object: [ 45.222723][ C1] [32, 36) 'val.i.i.i' [ 45.222726][ C1] [ 45.229061][ C1] Memory state around the buggy address: [ 45.234632][ C1] ffff8881ec93f780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.242964][ C1] ffff8881ec93f800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.251200][ C1] >ffff8881ec93f880: 00 00 00 00 f1 f1 f1 f1 04 f3 f3 f3 00 00 00 00 [ 45.259090][ C1] ^ [ 45.264126][ C1] ffff8881ec93f900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.272307][ C1] ffff8881ec93f980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.280277][ C1] ================================================================== [ 45.288527][ C1] Disabling lock debugging due to kernel taint 2024/02/14 08:07:43 executed programs: 460 2024/02/14 08:07:48 executed programs: 998