Warning: Permanently added '10.128.1.132' (ED25519) to the list of known hosts. 2024/02/14 07:50:30 ignoring optional flag "sandboxArg"="0" 2024/02/14 07:50:30 parsed 1 programs 2024/02/14 07:50:30 executed programs: 0 [ 47.419027][ T23] kauditd_printk_skb: 68 callbacks suppressed [ 47.419040][ T23] audit: type=1400 audit(1707897030.250:144): avc: denied { mounton } for pid=408 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 47.449836][ T23] audit: type=1400 audit(1707897030.250:145): avc: denied { mount } for pid=408 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 47.503549][ T412] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.510715][ T412] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.518003][ T412] device bridge_slave_0 entered promiscuous mode [ 47.525249][ T412] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.532284][ T412] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.540120][ T412] device bridge_slave_1 entered promiscuous mode [ 47.587295][ T23] audit: type=1400 audit(1707897030.410:146): avc: denied { create } for pid=412 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 47.595634][ T412] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.607885][ T23] audit: type=1400 audit(1707897030.410:147): avc: denied { write } for pid=412 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 47.614907][ T412] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.615028][ T412] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.635951][ T23] audit: type=1400 audit(1707897030.410:148): avc: denied { read } for pid=412 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 47.642641][ T412] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.689927][ T108] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.697319][ T108] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.704749][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 47.712349][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.728963][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.737023][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.744030][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.752700][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.761361][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.768415][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.776018][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 47.785820][ T126] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 47.809429][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 47.817647][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 47.829291][ T126] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 47.847409][ T369] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 47.855945][ T369] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 47.870710][ T23] audit: type=1400 audit(1707897030.700:149): avc: denied { mounton } for pid=412 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=10815 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 47.904739][ T419] kernel profiling enabled (shift: 0) [ 52.428121][ C0] ================================================================== [ 52.436022][ C0] BUG: KASAN: stack-out-of-bounds in profile_pc+0xa4/0xe0 [ 52.443266][ C0] Read of size 8 at addr ffff8881dc5b7940 by task syz-executor.0/412 [ 52.451217][ C0] [ 52.453473][ C0] CPU: 0 PID: 412 Comm: syz-executor.0 Not tainted 5.4.265-syzkaller-04843-g1b3143b9b166 #0 [ 52.463363][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 52.473432][ C0] Call Trace: [ 52.476555][ C0] [ 52.479256][ C0] dump_stack+0x1d8/0x241 [ 52.483502][ C0] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 52.489145][ C0] ? printk+0xd1/0x111 [ 52.493051][ C0] ? profile_pc+0xa4/0xe0 [ 52.497337][ C0] ? wake_up_klogd+0xb2/0xf0 [ 52.501775][ C0] ? profile_pc+0xa4/0xe0 [ 52.505922][ C0] print_address_description+0x8c/0x600 [ 52.511312][ C0] ? panic+0x896/0x896 [ 52.515212][ C0] ? profile_pc+0xa4/0xe0 [ 52.519374][ C0] __kasan_report+0xf3/0x120 [ 52.523800][ C0] ? profile_pc+0xa4/0xe0 [ 52.527989][ C0] ? _raw_spin_lock+0xc0/0x1b0 [ 52.532657][ C0] kasan_report+0x30/0x60 [ 52.536842][ C0] profile_pc+0xa4/0xe0 [ 52.540827][ C0] profile_tick+0xb9/0x100 [ 52.545075][ C0] tick_sched_timer+0x237/0x3c0 [ 52.549760][ C0] ? tick_setup_sched_timer+0x460/0x460 [ 52.555274][ C0] __hrtimer_run_queues+0x3e9/0xb90 [ 52.560268][ C0] ? hrtimer_interrupt+0x890/0x890 [ 52.565213][ C0] ? kvm_sched_clock_read+0x14/0x40 [ 52.570504][ C0] ? sched_clock+0x36/0x40 [ 52.574843][ C0] ? ktime_get+0xf9/0x130 [ 52.579099][ C0] ? ktime_get_update_offsets_now+0x26c/0x280 [ 52.585001][ C0] hrtimer_interrupt+0x38a/0x890 [ 52.589779][ C0] smp_apic_timer_interrupt+0x110/0x460 [ 52.595362][ C0] apic_timer_interrupt+0xf/0x20 [ 52.600094][ C0] [ 52.602904][ C0] ? _raw_spin_lock+0xc0/0x1b0 [ 52.607479][ C0] ? _raw_spin_trylock_bh+0x190/0x190 [ 52.612802][ C0] ? kmem_cache_alloc+0xd9/0x250 [ 52.617752][ C0] ? dup_fd+0x20b/0xaa0 [ 52.621747][ C0] ? avc_has_perm+0xd2/0x260 [ 52.626250][ C0] ? avc_has_perm+0x16f/0x260 [ 52.630781][ C0] ? copy_files+0xe1/0x1f0 [ 52.635314][ C0] ? perf_event_attrs+0x20/0x20 [ 52.639972][ C0] ? dup_task_struct+0x600/0x600 [ 52.644792][ C0] ? sched_fork+0x5e4/0xd70 [ 52.649483][ C0] ? copy_process+0x11e3/0x3230 [ 52.654553][ C0] ? ptep_set_access_flags+0x60/0x90 [ 52.660349][ C0] ? do_wp_page+0x751/0xae0 [ 52.664852][ C0] ? fork_idle+0x290/0x290 [ 52.669273][ C0] ? handle_mm_fault+0x1c76/0x4840 [ 52.674222][ C0] ? _do_fork+0x197/0x900 [ 52.678561][ C0] ? finish_fault+0x230/0x230 [ 52.683333][ C0] ? __fsnotify_parent+0x310/0x310 [ 52.688569][ C0] ? copy_process+0x3230/0x3230 [ 52.693712][ C0] ? __x64_sys_clone+0x26b/0x2c0 [ 52.698474][ C0] ? down_write_trylock+0x130/0x130 [ 52.703605][ C0] ? __ia32_sys_vfork+0x110/0x110 [ 52.708578][ C0] ? __do_page_fault+0x725/0xbb0 [ 52.713467][ C0] ? do_syscall_64+0xca/0x1c0 [ 52.717975][ C0] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 52.723871][ C0] [ 52.726039][ C0] The buggy address belongs to the page: [ 52.731523][ C0] page:ffffea0007716dc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 52.740461][ C0] flags: 0x8000000000000000() [ 52.745056][ C0] raw: 8000000000000000 ffffea0007716e08 ffffea0007716d88 0000000000000000 [ 52.753917][ C0] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 52.762420][ C0] page dumped because: kasan: bad access detected [ 52.769022][ C0] page_owner tracks the page as allocated [ 52.774573][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT) [ 52.786831][ C0] prep_new_page+0x18f/0x370 [ 52.791262][ C0] get_page_from_freelist+0x2d13/0x2d90 [ 52.796762][ C0] __alloc_pages_nodemask+0x393/0x840 [ 52.801954][ C0] dup_task_struct+0x85/0x600 [ 52.806617][ C0] copy_process+0x56d/0x3230 [ 52.811167][ C0] _do_fork+0x197/0x900 [ 52.815394][ C0] __x64_sys_clone+0x26b/0x2c0 [ 52.819977][ C0] do_syscall_64+0xca/0x1c0 [ 52.824322][ C0] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 52.830037][ C0] page last free stack trace: [ 52.834563][ C0] free_unref_page_prepare+0x297/0x380 [ 52.840124][ C0] __free_pages+0xaf/0x140 [ 52.844533][ C0] __vunmap+0x75b/0x890 [ 52.848530][ C0] kcov_close+0x27/0x50 [ 52.852524][ C0] __fput+0x262/0x680 [ 52.856569][ C0] task_work_run+0x140/0x170 [ 52.861085][ C0] do_exit+0xcaf/0x2bc0 [ 52.865078][ C0] do_group_exit+0x138/0x300 [ 52.869503][ C0] get_signal+0xdb1/0x1440 [ 52.873745][ C0] do_signal+0xb0/0x11f0 [ 52.877821][ C0] exit_to_usermode_loop+0xc0/0x1a0 [ 52.882946][ C0] prepare_exit_to_usermode+0x199/0x200 [ 52.888472][ C0] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 52.894182][ C0] [ 52.896555][ C0] addr ffff8881dc5b7940 is located in stack of task syz-executor.0/412 at offset 0 in frame: [ 52.906615][ C0] _raw_spin_lock+0x0/0x1b0 [ 52.910948][ C0] [ 52.913188][ C0] this frame has 1 object: [ 52.917660][ C0] [32, 36) 'val.i.i.i' [ 52.917663][ C0] [ 52.923801][ C0] Memory state around the buggy address: [ 52.929367][ C0] ffff8881dc5b7800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 52.937602][ C0] ffff8881dc5b7880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 52.946368][ C0] >ffff8881dc5b7900: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f3 f3 f3 [ 52.954279][ C0] ^ [ 52.960263][ C0] ffff8881dc5b7980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 52.968155][ C0] ffff8881dc5b7a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2024/02/14 07:50:35 executed programs: 383 [ 52.976246][ C0] ================================================================== [ 52.984831][ C0] Disabling lock debugging due to kernel taint 2024/02/14 07:50:40 executed programs: 860