Warning: Permanently added '10.128.1.183' (ED25519) to the list of known hosts. 2025/02/23 08:10:39 ignoring optional flag "sandboxArg"="0" 2025/02/23 08:10:40 parsed 1 programs [ 54.201831][ T23] kauditd_printk_skb: 29 callbacks suppressed [ 54.201843][ T23] audit: type=1400 audit(1740298240.980:105): avc: denied { unlink } for pid=500 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 54.281391][ T500] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 54.693708][ T23] audit: type=1400 audit(1740298241.470:106): avc: denied { mounton } for pid=505 comm="syz-executor" path="/root/syzkaller.QyrfM2/syz-tmp/newroot/dev" dev="tmpfs" ino=13115 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 54.995413][ T23] audit: type=1401 audit(1740298241.770:107): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768" [ 55.563093][ T548] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.570404][ T548] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.577960][ T548] device bridge_slave_0 entered promiscuous mode [ 55.585055][ T548] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.592091][ T548] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.599587][ T548] device bridge_slave_1 entered promiscuous mode [ 55.652612][ T548] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.659586][ T548] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.666849][ T548] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.673895][ T548] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.699988][ T375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.707473][ T375] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.714578][ T375] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.724245][ T375] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.733141][ T375] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.740030][ T375] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.749564][ T375] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.757669][ T375] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.764818][ T375] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.779647][ T375] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.789877][ T375] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.807814][ T375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 55.820734][ T375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 55.835689][ T375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 55.849526][ T375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 55.860698][ T375] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2025/02/23 08:10:42 executed programs: 0 [ 56.161621][ T562] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.168548][ T562] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.176435][ T562] device bridge_slave_0 entered promiscuous mode [ 56.183380][ T562] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.190216][ T562] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.197809][ T562] device bridge_slave_1 entered promiscuous mode [ 56.258450][ T562] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.265322][ T562] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.272467][ T562] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.279322][ T562] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.309896][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.317413][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.324685][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.343998][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.352370][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.359243][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.366701][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.375181][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.382126][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.392988][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.403505][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.432458][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 56.452431][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 56.469547][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 56.486303][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 56.501635][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 56.535830][ T23] audit: type=1400 audit(1740298243.310:108): avc: denied { read } for pid=567 comm="syz.2.16" name="msr" dev="devtmpfs" ino=9406 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 56.579145][ T23] audit: type=1400 audit(1740298243.310:109): avc: denied { open } for pid=567 comm="syz.2.16" path="/dev/cpu/0/msr" dev="devtmpfs" ino=9406 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 57.320818][ T103] device bridge_slave_1 left promiscuous mode [ 57.326782][ T103] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.335300][ T103] device bridge_slave_0 left promiscuous mode [ 57.341682][ T103] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.309848][ T643] ================================================================== [ 60.317905][ T643] BUG: KASAN: out-of-bounds in unwind_next_frame+0x1cd/0x1ea0 [ 60.325174][ T643] Read of size 8 at addr ffff8881df5e79f0 by task syz.2.41/643 [ 60.332536][ T643] [ 60.334842][ T643] CPU: 0 PID: 643 Comm: syz.2.41 Not tainted 5.4.290-syzkaller-05051-g6b07fcd94a6a #0 [ 60.344260][ T643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 60.354241][ T643] Call Trace: [ 60.357380][ T643] dump_stack+0x1d8/0x241 [ 60.361577][ T643] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 60.367263][ T643] ? printk+0xd1/0x111 [ 60.371188][ T643] ? memset_erms+0xb/0x10 [ 60.375333][ T643] ? unwind_next_frame+0x1cd/0x1ea0 [ 60.380376][ T643] print_address_description+0x8c/0x600 [ 60.385794][ T643] ? widen_string+0x3a/0x310 [ 60.390272][ T643] ? get_reg+0x105/0x220 [ 60.394353][ T643] ? memset_erms+0xb/0x10 [ 60.398519][ T643] ? unwind_next_frame+0x1cd/0x1ea0 [ 60.403581][ T643] __kasan_report+0xf3/0x120 [ 60.407979][ T643] ? unwind_next_frame+0x1cd/0x1ea0 [ 60.413011][ T643] kasan_report+0x30/0x60 [ 60.417180][ T643] ? preempt_count_add+0x8f/0x180 [ 60.422041][ T643] unwind_next_frame+0x1cd/0x1ea0 [ 60.426901][ T643] ? memset_erms+0xb/0x10 [ 60.431062][ T643] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 60.436875][ T643] ? arch_stack_walk+0xf5/0x140 [ 60.441563][ T643] ? memset_erms+0xb/0x10 [ 60.445727][ T643] ? retint_kernel+0x1b/0x1b [ 60.450153][ T643] ? stack_trace_save+0x118/0x1c0 [ 60.455029][ T643] ? stack_trace_snprint+0x170/0x170 [ 60.460139][ T643] ? get_stack_info+0x35/0x200 [ 60.464741][ T643] ? __unwind_start+0x583/0x890 [ 60.469423][ T643] ? deref_stack_reg+0x1f0/0x1f0 [ 60.474196][ T643] ? proc_pid_stack+0x8d/0x1e0 [ 60.478806][ T643] ? proc_single_show+0xda/0x160 [ 60.483581][ T643] ? seq_read+0x4df/0xe60 [ 60.487742][ T643] ? do_preadv+0x20e/0x350 [ 60.491990][ T643] ? in_sched_functions+0x9/0x40 [ 60.496850][ T643] ? stack_trace_save_tsk+0x4b0/0x4b0 [ 60.502056][ T643] arch_stack_walk+0x111/0x140 [ 60.506657][ T643] ? memset_erms+0xb/0x10 [ 60.510821][ T643] stack_trace_save_tsk+0x309/0x4b0 [ 60.515867][ T643] ? stack_trace_consume_entry+0x240/0x240 [ 60.521498][ T643] ? _raw_spin_lock+0xa4/0x1b0 [ 60.526333][ T643] ? down_read_interruptible+0x220/0x220 [ 60.531852][ T643] proc_pid_stack+0x125/0x1e0 [ 60.536354][ T643] proc_single_show+0xda/0x160 [ 60.541056][ T643] seq_read+0x4df/0xe60 [ 60.545048][ T643] do_iter_read+0x3e8/0x580 [ 60.549467][ T643] do_preadv+0x20e/0x350 [ 60.553643][ T643] ? vfs_writev+0x350/0x350 [ 60.558017][ T643] ? schedule+0x143/0x1d0 [ 60.562151][ T643] do_syscall_64+0xca/0x1c0 [ 60.566491][ T643] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 60.572242][ T643] RIP: 0033:0x7fe92cbb4de9 [ 60.576478][ T643] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 60.596035][ T643] RSP: 002b:00007fe92c606038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 60.604365][ T643] RAX: ffffffffffffffda RBX: 00007fe92cdce080 RCX: 00007fe92cbb4de9 [ 60.613822][ T643] RDX: 0000000000000332 RSI: 00004000000017c0 RDI: 0000000000000004 [ 60.621637][ T643] RBP: 00007fe92cc362a0 R08: 0000000000000000 R09: 0000000000000000 [ 60.629617][ T643] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 60.637722][ T643] R13: 0000000000000000 R14: 00007fe92cdce080 R15: 00007ffe76fbf1d8 [ 60.645548][ T643] [ 60.647707][ T643] The buggy address belongs to the page: [ 60.653184][ T643] page:ffffea00077d79c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 60.662118][ T643] flags: 0x8000000000000000() [ 60.666632][ T643] raw: 8000000000000000 0000000000000000 ffffea00077d79c8 0000000000000000 [ 60.675060][ T643] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 60.683467][ T643] page dumped because: kasan: bad access detected [ 60.689717][ T643] page_owner tracks the page as allocated [ 60.695267][ T643] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT) [ 60.706816][ T643] prep_new_page+0x18f/0x370 [ 60.711237][ T643] get_page_from_freelist+0x2d13/0x2d90 [ 60.716627][ T643] __alloc_pages_nodemask+0x393/0x840 [ 60.721833][ T643] dup_task_struct+0x85/0x600 [ 60.726438][ T643] copy_process+0x56d/0x3230 [ 60.730862][ T643] _do_fork+0x197/0x900 [ 60.734848][ T643] __x64_sys_clone+0x26b/0x2c0 [ 60.739451][ T643] do_syscall_64+0xca/0x1c0 [ 60.743786][ T643] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 60.749518][ T643] page last free stack trace: [ 60.754031][ T643] __free_pages_ok+0x847/0x950 [ 60.758637][ T643] __free_pages+0x91/0x140 [ 60.762880][ T643] __free_slab+0x221/0x2e0 [ 60.767164][ T643] unfreeze_partials+0x14e/0x180 [ 60.771906][ T643] put_cpu_partial+0x44/0x180 [ 60.776423][ T643] __slab_free+0x297/0x360 [ 60.780676][ T643] qlist_free_all+0x43/0xb0 [ 60.785020][ T643] quarantine_reduce+0x1d9/0x210 [ 60.789785][ T643] __kasan_kmalloc+0x41/0x210 [ 60.794307][ T643] kmem_cache_alloc_trace+0xdc/0x260 [ 60.799428][ T643] proc_pid_stack+0x8d/0x1e0 [ 60.803844][ T643] proc_single_show+0xda/0x160 [ 60.808444][ T643] seq_read+0x4df/0xe60 [ 60.812439][ T643] do_iter_read+0x3e8/0x580 [ 60.816778][ T643] do_preadv+0x20e/0x350 [ 60.820856][ T643] do_syscall_64+0xca/0x1c0 [ 60.825305][ T643] [ 60.827448][ T643] Memory state around the buggy address: [ 60.833042][ T643] ffff8881df5e7880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 60.840924][ T643] ffff8881df5e7900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 60.848815][ T643] >ffff8881df5e7980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 60.856844][ T643] ^ [ 60.864412][ T643] ffff8881df5e7a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 60.872278][ T643] ffff8881df5e7a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 60.880172][ T643] ================================================================== [ 60.888076][ T643] Disabling lock debugging due to kernel taint 2025/02/23 08:10:47 executed programs: 29 2025/02/23 08:10:52 executed programs: 59 [ 66.399791][ T24] cfg80211: failed to load regulatory.db