Warning: Permanently added '10.128.1.62' (ED25519) to the list of known hosts. 2024/07/18 01:40:15 ignoring optional flag "sandboxArg"="0" 2024/07/18 01:40:15 parsed 1 programs [ 50.680458][ T23] kauditd_printk_skb: 19 callbacks suppressed [ 50.680470][ T23] audit: type=1400 audit(1721266815.650:95): avc: denied { unlink } for pid=414 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" 2024/07/18 01:40:15 executed programs: 0 [ 50.790196][ T414] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 50.864905][ T420] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.871920][ T420] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.879541][ T420] device bridge_slave_0 entered promiscuous mode [ 50.886431][ T420] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.893382][ T420] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.900803][ T420] device bridge_slave_1 entered promiscuous mode [ 50.954448][ T420] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.961400][ T420] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.968533][ T420] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.975550][ T420] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.999890][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.007247][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.015503][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.024036][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.038449][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.046448][ T124] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.053517][ T124] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.060804][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.068896][ T124] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.075723][ T124] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.086271][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 51.095760][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 51.113295][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 51.128457][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 51.139944][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 51.158801][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 51.167571][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 51.192845][ T426] kernel profiling enabled (shift: 0) [ 55.297962][ C1] ================================================================== [ 55.306049][ C1] BUG: KASAN: stack-out-of-bounds in profile_pc+0xa4/0xe0 [ 55.313049][ C1] Read of size 8 at addr ffff8881e633fbe0 by task syz-executor.0/1293 [ 55.321128][ C1] [ 55.323293][ C1] CPU: 1 PID: 1293 Comm: syz-executor.0 Not tainted 5.4.276-syzkaller-04920-g3ffe89ed1bf9 #0 [ 55.333352][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 55.343354][ C1] Call Trace: [ 55.346458][ C1] [ 55.349156][ C1] dump_stack+0x1d8/0x241 [ 55.353315][ C1] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 55.359070][ C1] ? printk+0xd1/0x111 [ 55.362981][ C1] ? profile_pc+0xa4/0xe0 [ 55.367143][ C1] ? wake_up_klogd+0xb2/0xf0 [ 55.371711][ C1] ? profile_pc+0xa4/0xe0 [ 55.375918][ C1] print_address_description+0x8c/0x600 [ 55.381398][ C1] ? panic+0x89d/0x89d [ 55.385409][ C1] ? profile_pc+0xa4/0xe0 [ 55.389736][ C1] __kasan_report+0xf3/0x120 [ 55.394772][ C1] ? profile_pc+0xa4/0xe0 [ 55.398945][ C1] ? _raw_spin_lock+0x8a/0x1b0 [ 55.403548][ C1] kasan_report+0x30/0x60 [ 55.407746][ C1] profile_pc+0xa4/0xe0 [ 55.411691][ C1] profile_tick+0xb9/0x100 [ 55.416050][ C1] tick_sched_timer+0x237/0x3c0 [ 55.420724][ C1] ? tick_setup_sched_timer+0x460/0x460 [ 55.426096][ C1] __hrtimer_run_queues+0x3e9/0xb90 [ 55.431144][ C1] ? hrtimer_interrupt+0x890/0x890 [ 55.436101][ C1] ? kvm_sched_clock_read+0x14/0x40 [ 55.441306][ C1] ? sched_clock+0x36/0x40 [ 55.445625][ C1] ? ktime_get+0xf9/0x130 [ 55.449896][ C1] ? ktime_get_update_offsets_now+0x26c/0x280 [ 55.456124][ C1] hrtimer_interrupt+0x38a/0x890 [ 55.461074][ C1] smp_apic_timer_interrupt+0x110/0x460 [ 55.466544][ C1] apic_timer_interrupt+0xf/0x20 [ 55.471550][ C1] [ 55.474657][ C1] RIP: 0010:_raw_spin_lock+0x8a/0x1b0 [ 55.479839][ C1] Code: 4a 89 04 23 bf 01 00 00 00 e8 d2 c9 f3 fc 4d 89 fe 49 c1 ee 03 43 0f b6 04 26 84 c0 0f 85 bb 00 00 00 c7 44 24 20 00 00 00 00 <4c> 89 ef be 04 00 00 00 e8 29 dc 42 fd 4c 89 ff be 04 00 00 00 e8 [ 55.499609][ C1] RSP: 0018:ffff8881e633fbe0 EFLAGS: 00000297 ORIG_RAX: ffffffffffffff13 [ 55.507875][ C1] RAX: 0000000000000004 RBX: 1ffff1103cc67f7c RCX: 00000000e633fc03 [ 55.515788][ C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 55.523774][ C1] RBP: ffff8881e633fc80 R08: ffffffff82093f15 R09: ffffed103d0669c6 [ 55.531577][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 55.539980][ C1] R13: ffff8881dabbc188 R14: 1ffff1103cc67f80 R15: ffff8881e633fc00 [ 55.547819][ C1] ? inode_doinit_with_dentry+0x105/0x1050 [ 55.553527][ C1] ? _raw_spin_trylock_bh+0x190/0x190 [ 55.558739][ C1] d_instantiate_new+0x68/0x110 [ 55.563676][ C1] ext4_symlink+0x906/0xef0 [ 55.568218][ C1] ? ext4_unlink+0xc50/0xc50 [ 55.572819][ C1] ? security_inode_symlink+0xaf/0xf0 [ 55.578021][ C1] vfs_symlink+0x36c/0x500 [ 55.582275][ C1] do_symlinkat+0x19b/0x400 [ 55.586611][ C1] ? vfs_symlink+0x500/0x500 [ 55.591127][ C1] do_syscall_64+0xca/0x1c0 [ 55.595602][ C1] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 55.601437][ C1] RIP: 0033:0x7f4ecdb4c427 [ 55.605740][ C1] Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 0a 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 55.625530][ C1] RSP: 002b:00007ffefd0a8da8 EFLAGS: 00000202 ORIG_RAX: 000000000000010a [ 55.633959][ C1] RAX: ffffffffffffffda RBX: 00007ffefd0a8e70 RCX: 00007f4ecdb4c427 [ 55.641774][ C1] RDX: 00007f4ecdb98540 RSI: 00000000ffffff9c RDI: 00007ffefd0a8e70 [ 55.649709][ C1] RBP: 0000000000000001 R08: 0000000000000013 R09: 00007ffefd0a8af7 [ 55.657482][ C1] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 55.665561][ C1] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000 [ 55.673443][ C1] [ 55.675874][ C1] The buggy address belongs to the page: [ 55.681384][ C1] page:ffffea000798cfc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 55.690815][ C1] flags: 0x8000000000000000() [ 55.695353][ C1] raw: 8000000000000000 0000000000000000 ffffea000798cfc8 0000000000000000 [ 55.704370][ C1] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 55.713032][ C1] page dumped because: kasan: bad access detected [ 55.719606][ C1] page_owner tracks the page as allocated [ 55.725475][ C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT) [ 55.737320][ C1] prep_new_page+0x18f/0x370 [ 55.741967][ C1] get_page_from_freelist+0x2d13/0x2d90 [ 55.747487][ C1] __alloc_pages_nodemask+0x393/0x840 [ 55.752774][ C1] dup_task_struct+0x85/0x600 [ 55.757294][ C1] copy_process+0x56d/0x3230 [ 55.761848][ C1] _do_fork+0x197/0x900 [ 55.765954][ C1] __x64_sys_clone+0x26b/0x2c0 [ 55.771341][ C1] do_syscall_64+0xca/0x1c0 [ 55.775687][ C1] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 55.781400][ C1] page last free stack trace: [ 55.785918][ C1] __free_pages_ok+0x847/0x950 [ 55.790520][ C1] __free_pages+0x91/0x140 [ 55.794867][ C1] __free_slab+0x221/0x2e0 [ 55.799453][ C1] unfreeze_partials+0x14e/0x180 [ 55.804458][ C1] put_cpu_partial+0x44/0x180 [ 55.808974][ C1] __slab_free+0x297/0x360 [ 55.813288][ C1] qlist_free_all+0x43/0xb0 [ 55.817654][ C1] quarantine_reduce+0x1d9/0x210 [ 55.822500][ C1] __kasan_kmalloc+0x41/0x210 [ 55.827336][ C1] __kmalloc+0x105/0x2e0 [ 55.831551][ C1] kernfs_fop_write+0x120/0x3e0 [ 55.836225][ C1] __vfs_write+0x103/0x750 [ 55.840866][ C1] vfs_write+0x206/0x4e0 [ 55.845184][ C1] ksys_write+0x199/0x2c0 [ 55.849385][ C1] do_syscall_64+0xca/0x1c0 [ 55.853909][ C1] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 55.859683][ C1] [ 55.862307][ C1] addr ffff8881e633fbe0 is located in stack of task syz-executor.0/1293 at offset 0 in frame: [ 55.872389][ C1] _raw_spin_lock+0x0/0x1b0 [ 55.876712][ C1] [ 55.878892][ C1] this frame has 1 object: [ 55.883137][ C1] [32, 36) 'val.i.i.i' [ 55.883139][ C1] [ 55.889303][ C1] Memory state around the buggy address: [ 55.894956][ C1] ffff8881e633fa80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 55.902853][ C1] ffff8881e633fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 55.910959][ C1] >ffff8881e633fb80: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 [ 55.919096][ C1] ^ [ 55.926214][ C1] ffff8881e633fc00: 04 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 [ 55.934218][ C1] ffff8881e633fc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 55.942223][ C1] ================================================================== 2024/07/18 01:40:20 executed programs: 432 [ 55.950376][ C1] Disabling lock debugging due to kernel taint 2024/07/18 01:40:25 executed programs: 1021