Warning: Permanently added '10.128.1.67' (ED25519) to the list of known hosts. 2023/10/05 20:36:31 ignoring optional flag "sandboxArg"="0" 2023/10/05 20:36:31 parsed 1 programs 2023/10/05 20:36:31 executed programs: 0 [ 43.450551][ T23] kauditd_printk_skb: 68 callbacks suppressed [ 43.450560][ T23] audit: type=1400 audit(1696538191.410:144): avc: denied { mounton } for pid=404 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 43.481645][ T23] audit: type=1400 audit(1696538191.430:145): avc: denied { mount } for pid=404 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 43.551980][ T410] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.558991][ T410] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.567160][ T410] device bridge_slave_0 entered promiscuous mode [ 43.574097][ T410] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.581023][ T410] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.588603][ T410] device bridge_slave_1 entered promiscuous mode [ 43.635124][ T23] audit: type=1400 audit(1696538191.600:146): avc: denied { create } for pid=410 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 43.643510][ T410] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.655944][ T23] audit: type=1400 audit(1696538191.600:147): avc: denied { write } for pid=410 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 43.662982][ T410] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.663106][ T410] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.684436][ T23] audit: type=1400 audit(1696538191.600:148): avc: denied { read } for pid=410 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 43.691113][ T410] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.743943][ T364] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.751928][ T364] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.759239][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 43.767358][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 43.781799][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 43.790080][ T364] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.797387][ T364] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.805003][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 43.813273][ T364] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.820196][ T364] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.842622][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 43.852189][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 43.860249][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 43.870564][ T125] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 43.885344][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 43.901533][ T125] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 43.909955][ T125] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 43.925313][ T23] audit: type=1400 audit(1696538191.890:149): avc: denied { mounton } for pid=410 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=10526 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 43.958826][ T416] kernel profiling enabled (shift: 0) [ 44.521154][ C1] ================================================================== [ 44.529134][ C1] BUG: KASAN: stack-out-of-bounds in profile_pc+0xa4/0xe0 [ 44.536276][ C1] Read of size 8 at addr ffff8881d84a74c0 by task syz-executor.0/410 [ 44.544614][ C1] [ 44.546785][ C1] CPU: 1 PID: 410 Comm: syz-executor.0 Not tainted 5.4.254-syzkaller-04732-g5f1cbd78af59 #0 [ 44.556840][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 44.566996][ C1] Call Trace: [ 44.570314][ C1] [ 44.573012][ C1] dump_stack+0x1d8/0x241 [ 44.577295][ C1] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 44.582973][ C1] ? printk+0xd1/0x111 [ 44.586968][ C1] ? profile_pc+0xa4/0xe0 [ 44.591302][ C1] ? wake_up_klogd+0xb2/0xf0 [ 44.595699][ C1] ? profile_pc+0xa4/0xe0 [ 44.599808][ C1] print_address_description+0x8c/0x600 [ 44.605193][ C1] ? panic+0x896/0x896 [ 44.609251][ C1] ? profile_pc+0xa4/0xe0 [ 44.613386][ C1] __kasan_report+0xf3/0x120 [ 44.618047][ C1] ? profile_pc+0xa4/0xe0 [ 44.622642][ C1] ? _raw_spin_lock+0xc0/0x1b0 [ 44.627241][ C1] kasan_report+0x30/0x60 [ 44.631406][ C1] profile_pc+0xa4/0xe0 [ 44.635400][ C1] profile_tick+0xb9/0x100 [ 44.639648][ C1] tick_sched_timer+0x237/0x3c0 [ 44.644338][ C1] ? tick_setup_sched_timer+0x460/0x460 [ 44.649716][ C1] __hrtimer_run_queues+0x3e9/0xb90 [ 44.654757][ C1] ? hrtimer_interrupt+0x890/0x890 [ 44.659873][ C1] ? kvm_sched_clock_read+0x14/0x40 [ 44.665003][ C1] ? sched_clock+0x36/0x40 [ 44.669241][ C1] ? ktime_get+0xf9/0x130 [ 44.673512][ C1] ? ktime_get_update_offsets_now+0x26c/0x280 [ 44.679819][ C1] hrtimer_interrupt+0x38a/0x890 [ 44.684876][ C1] smp_apic_timer_interrupt+0x110/0x460 [ 44.690415][ C1] apic_timer_interrupt+0xf/0x20 [ 44.695516][ C1] [ 44.698285][ C1] ? _raw_spin_lock+0xc0/0x1b0 [ 44.703210][ C1] ? _raw_spin_trylock_bh+0x190/0x190 [ 44.708626][ C1] ? pointer+0xb10/0xb10 [ 44.712770][ C1] ? select_collect+0x95/0x430 [ 44.717364][ C1] ? d_walk+0x2a6/0x4d0 [ 44.721644][ C1] ? shrink_dcache_parent+0x330/0x330 [ 44.726850][ C1] ? shrink_dcache_parent+0x142/0x330 [ 44.732059][ C1] ? d_set_mounted+0x220/0x220 [ 44.736762][ C1] ? _raw_spin_lock+0xa4/0x1b0 [ 44.741352][ C1] ? hlist_bl_lock+0x55/0x120 [ 44.745853][ C1] ? ___d_drop+0x169/0x1e0 [ 44.750117][ C1] ? d_invalidate+0x115/0x2d0 [ 44.754622][ C1] ? do_one_tree+0xe0/0xe0 [ 44.758870][ C1] ? d_hash_and_lookup+0x15d/0x1e0 [ 44.763912][ C1] ? proc_flush_task+0x283/0x5f0 [ 44.768681][ C1] ? tgid_pidfd_to_pid+0x90/0x90 [ 44.773456][ C1] ? _raw_spin_unlock_irqrestore+0x57/0x80 [ 44.779100][ C1] ? thread_group_cputime_adjusted+0xcd/0x110 [ 44.785092][ C1] ? release_task+0xa7/0x10e0 [ 44.789608][ C1] ? _raw_spin_trylock_bh+0x190/0x190 [ 44.794808][ C1] ? check_preemption_disabled+0x9f/0x320 [ 44.800572][ C1] ? wait_consider_task+0x1964/0x2960 [ 44.805878][ C1] ? child_wait_callback+0x210/0x210 [ 44.810974][ C1] ? add_wait_queue+0x78/0x130 [ 44.815748][ C1] ? do_wait+0x30d/0x7f0 [ 44.819829][ C1] ? kernel_wait4+0x3c0/0x3c0 [ 44.824342][ C1] ? kernel_wait4+0x29b/0x3c0 [ 44.828849][ C1] ? __ia32_sys_waitid+0xc0/0xc0 [ 44.833710][ C1] ? __hrtimer_init+0x1a3/0x2a0 [ 44.838396][ C1] ? kernel_waitid+0x3b0/0x3b0 [ 44.842997][ C1] ? hrtimer_nanosleep+0x374/0x450 [ 44.847948][ C1] ? __x64_sys_wait4+0x130/0x1e0 [ 44.852716][ C1] ? __remove_hrtimer+0x3b0/0x3b0 [ 44.857578][ C1] ? do_wait+0x7f0/0x7f0 [ 44.861656][ C1] ? up_read+0x6f/0x1b0 [ 44.865651][ C1] ? fpu__clear+0x3c0/0x3c0 [ 44.869993][ C1] ? do_syscall_64+0xca/0x1c0 [ 44.874507][ C1] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 44.880403][ C1] [ 44.882567][ C1] The buggy address belongs to the page: [ 44.888052][ C1] page:ffffea00076129c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 44.896983][ C1] flags: 0x8000000000000000() [ 44.901758][ C1] raw: 8000000000000000 ffffea00076129c8 ffffea00076129c8 0000000000000000 [ 44.910446][ C1] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 44.918975][ C1] page dumped because: kasan: bad access detected [ 44.925408][ C1] page_owner tracks the page as allocated [ 44.930960][ C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT) [ 44.942838][ C1] prep_new_page+0x18f/0x370 [ 44.947217][ C1] get_page_from_freelist+0x2d13/0x2d90 [ 44.952609][ C1] __alloc_pages_nodemask+0x393/0x840 [ 44.957805][ C1] dup_task_struct+0x85/0x600 [ 44.962318][ C1] copy_process+0x56d/0x3230 [ 44.966752][ C1] _do_fork+0x197/0x900 [ 44.970886][ C1] __x64_sys_clone+0x26b/0x2c0 [ 44.975565][ C1] do_syscall_64+0xca/0x1c0 [ 44.979987][ C1] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 44.985711][ C1] page_owner free stack trace missing [ 44.991002][ C1] [ 44.993177][ C1] addr ffff8881d84a74c0 is located in stack of task syz-executor.0/410 at offset 0 in frame: [ 45.003247][ C1] _raw_spin_lock+0x0/0x1b0 [ 45.007578][ C1] [ 45.009747][ C1] this frame has 1 object: [ 45.014104][ C1] [32, 36) 'val.i.i.i' [ 45.014106][ C1] [ 45.020274][ C1] Memory state around the buggy address: [ 45.025918][ C1] ffff8881d84a7380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.033900][ C1] ffff8881d84a7400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.041848][ C1] >ffff8881d84a7480: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f3 f3 f3 [ 45.049799][ C1] ^ [ 45.055779][ C1] ffff8881d84a7500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.063762][ C1] ffff8881d84a7580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.071972][ C1] ================================================================== [ 45.079950][ C1] Disabling lock debugging due to kernel taint 2023/10/05 20:36:36 executed programs: 398 2023/10/05 20:36:41 executed programs: 954