Warning: Permanently added '10.128.10.43' (ED25519) to the list of known hosts. 2024/02/14 08:52:20 ignoring optional flag "sandboxArg"="0" 2024/02/14 08:52:20 parsed 1 programs 2024/02/14 08:52:20 executed programs: 0 [ 41.438329][ T23] kauditd_printk_skb: 68 callbacks suppressed [ 41.438339][ T23] audit: type=1400 audit(1707900740.949:144): avc: denied { mounton } for pid=401 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 41.470852][ T23] audit: type=1400 audit(1707900740.949:145): avc: denied { mount } for pid=401 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 41.525204][ T406] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.532419][ T406] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.539932][ T406] device bridge_slave_0 entered promiscuous mode [ 41.547024][ T406] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.553990][ T406] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.561145][ T406] device bridge_slave_1 entered promiscuous mode [ 41.597226][ T23] audit: type=1400 audit(1707900741.109:146): avc: denied { create } for pid=406 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 41.604151][ T406] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.617963][ T23] audit: type=1400 audit(1707900741.109:147): avc: denied { write } for pid=406 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 41.624907][ T406] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.625015][ T406] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.646307][ T23] audit: type=1400 audit(1707900741.109:148): avc: denied { read } for pid=406 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 41.653043][ T406] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.700083][ T124] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.707305][ T124] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.714898][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 41.722484][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 41.740896][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 41.748816][ T124] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.755571][ T124] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.763173][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 41.771277][ T124] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.778132][ T124] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.785414][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 41.793159][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 41.804538][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 41.815008][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 41.826797][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 41.839943][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 41.848082][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 41.863452][ T23] audit: type=1400 audit(1707900741.379:149): avc: denied { mounton } for pid=406 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=727 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 41.894721][ T412] kernel profiling enabled (shift: 0) [ 42.589850][ C0] ================================================================== [ 42.597914][ C0] BUG: KASAN: stack-out-of-bounds in profile_pc+0xa4/0xe0 [ 42.604938][ C0] Read of size 8 at addr ffff8881ec96f540 by task udevd/162 [ 42.612231][ C0] [ 42.614409][ C0] CPU: 0 PID: 162 Comm: udevd Not tainted 5.4.265-syzkaller-04843-g1b3143b9b166 #0 [ 42.623616][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 42.633585][ C0] Call Trace: [ 42.636881][ C0] [ 42.639584][ C0] dump_stack+0x1d8/0x241 [ 42.643761][ C0] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 42.649535][ C0] ? printk+0xd1/0x111 [ 42.653524][ C0] ? profile_pc+0xa4/0xe0 [ 42.657701][ C0] ? wake_up_klogd+0xb2/0xf0 [ 42.662119][ C0] ? profile_pc+0xa4/0xe0 [ 42.666281][ C0] print_address_description+0x8c/0x600 [ 42.671749][ C0] ? panic+0x896/0x896 [ 42.675668][ C0] ? profile_pc+0xa4/0xe0 [ 42.679992][ C0] __kasan_report+0xf3/0x120 [ 42.684422][ C0] ? profile_pc+0xa4/0xe0 [ 42.688606][ C0] ? _raw_spin_lock+0xc0/0x1b0 [ 42.693253][ C0] kasan_report+0x30/0x60 [ 42.697452][ C0] profile_pc+0xa4/0xe0 [ 42.701443][ C0] profile_tick+0xb9/0x100 [ 42.705700][ C0] tick_sched_timer+0x237/0x3c0 [ 42.710647][ C0] ? tick_setup_sched_timer+0x460/0x460 [ 42.716037][ C0] __hrtimer_run_queues+0x3e9/0xb90 [ 42.721150][ C0] ? hrtimer_interrupt+0x890/0x890 [ 42.726131][ C0] ? debug_smp_processor_id+0x20/0x20 [ 42.731301][ C0] ? ktime_get+0xf9/0x130 [ 42.735470][ C0] ? ktime_get_update_offsets_now+0x26c/0x280 [ 42.741368][ C0] hrtimer_interrupt+0x38a/0x890 [ 42.746136][ C0] smp_apic_timer_interrupt+0x110/0x460 [ 42.751616][ C0] apic_timer_interrupt+0xf/0x20 [ 42.756480][ C0] [ 42.759246][ C0] ? _raw_spin_lock+0xc0/0x1b0 [ 42.763969][ C0] ? _raw_spin_trylock_bh+0x190/0x190 [ 42.769316][ C0] ? follow_managed+0x20f/0x600 [ 42.774175][ C0] ? __d_lookup+0xe5/0x540 [ 42.778578][ C0] ? lookup_fast+0x119/0xa40 [ 42.782959][ C0] ? handle_dots+0xf10/0xf10 [ 42.787806][ C0] ? walk_component+0x138/0x590 [ 42.792486][ C0] ? path_put_conditional+0x90/0x90 [ 42.797527][ C0] ? kernfs_refresh_inode+0x2b3/0x3d0 [ 42.802737][ C0] ? generic_permission+0x141/0x3e0 [ 42.807858][ C0] ? mutex_unlock+0x18/0x40 [ 42.812191][ C0] ? security_inode_permission+0xad/0xf0 [ 42.817660][ C0] ? link_path_walk+0x5c6/0x1040 [ 42.822452][ C0] ? memcpy+0x38/0x50 [ 42.826380][ C0] ? nd_jump_root+0x20f/0x2e0 [ 42.831115][ C0] ? handle_lookup_down+0x5b0/0x5b0 [ 42.836157][ C0] ? path_init+0x217/0xee0 [ 42.840609][ C0] ? path_lookupat+0x53/0x3f0 [ 42.845618][ C0] ? filename_lookup+0x253/0x6e0 [ 42.850395][ C0] ? hashlen_string+0x110/0x110 [ 42.855082][ C0] ? getname_flags+0x1ec/0x4e0 [ 42.859724][ C0] ? vfs_statx+0x115/0x210 [ 42.863922][ C0] ? vfs_statx_fd+0xb0/0xb0 [ 42.868275][ C0] ? __se_sys_newfstatat+0xce/0x770 [ 42.873305][ C0] ? __x64_sys_newfstatat+0xa0/0xa0 [ 42.878338][ C0] ? mntput_no_expire+0x108/0x6d0 [ 42.883635][ C0] ? touch_atime+0x14f/0x290 [ 42.888073][ C0] ? vfs_submount+0xb0/0xb0 [ 42.892409][ C0] ? dput+0x29b/0x2f0 [ 42.896384][ C0] ? vfs_write+0x4e0/0x4e0 [ 42.900643][ C0] ? getname_flags+0x1ec/0x4e0 [ 42.905515][ C0] ? do_syscall_64+0xca/0x1c0 [ 42.910015][ C0] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 42.915912][ C0] [ 42.918079][ C0] The buggy address belongs to the page: [ 42.923637][ C0] page:ffffea0007b25bc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 42.932582][ C0] flags: 0x8000000000000000() [ 42.937087][ C0] raw: 8000000000000000 ffffea0007b25bc8 ffffea0007b25bc8 0000000000000000 [ 42.945688][ C0] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 42.954271][ C0] page dumped because: kasan: bad access detected [ 42.960869][ C0] page_owner tracks the page as allocated [ 42.966437][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO) [ 42.978873][ C0] prep_new_page+0x18f/0x370 [ 42.983355][ C0] get_page_from_freelist+0x2d13/0x2d90 [ 42.988747][ C0] __alloc_pages_nodemask+0x393/0x840 [ 42.994048][ C0] dup_task_struct+0x85/0x600 [ 42.998565][ C0] copy_process+0x56d/0x3230 [ 43.002976][ C0] _do_fork+0x197/0x900 [ 43.007061][ C0] __x64_sys_clone+0x26b/0x2c0 [ 43.012004][ C0] do_syscall_64+0xca/0x1c0 [ 43.016430][ C0] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 43.022147][ C0] page_owner free stack trace missing [ 43.027363][ C0] [ 43.029640][ C0] addr ffff8881ec96f540 is located in stack of task udevd/162 at offset 0 in frame: [ 43.038950][ C0] _raw_spin_lock+0x0/0x1b0 [ 43.043558][ C0] [ 43.045892][ C0] this frame has 1 object: [ 43.050109][ C0] [32, 36) 'val.i.i.i' [ 43.050111][ C0] [ 43.056444][ C0] Memory state around the buggy address: [ 43.062021][ C0] ffff8881ec96f400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 43.070099][ C0] ffff8881ec96f480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 43.078390][ C0] >ffff8881ec96f500: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f3 f3 f3 [ 43.086721][ C0] ^ [ 43.093052][ C0] ffff8881ec96f580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 43.101132][ C0] ffff8881ec96f600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 43.109143][ C0] ================================================================== [ 43.117033][ C0] Disabling lock debugging due to kernel taint 2024/02/14 08:52:25 executed programs: 601 2024/02/14 08:52:30 executed programs: 1289