Warning: Permanently added '10.128.0.4' (ED25519) to the list of known hosts. 2024/02/14 08:23:15 ignoring optional flag "sandboxArg"="0" 2024/02/14 08:23:15 parsed 1 programs 2024/02/14 08:23:15 executed programs: 0 [ 43.398048][ T23] kauditd_printk_skb: 68 callbacks suppressed [ 43.398061][ T23] audit: type=1400 audit(1707898995.610:144): avc: denied { mounton } for pid=404 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 43.431124][ T23] audit: type=1400 audit(1707898995.610:145): avc: denied { mount } for pid=404 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 43.513255][ T408] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.520626][ T408] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.528319][ T408] device bridge_slave_0 entered promiscuous mode [ 43.535137][ T408] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.542380][ T408] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.550049][ T408] device bridge_slave_1 entered promiscuous mode [ 43.598215][ T23] audit: type=1400 audit(1707898995.810:146): avc: denied { create } for pid=408 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 43.615511][ T408] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.619405][ T23] audit: type=1400 audit(1707898995.820:147): avc: denied { write } for pid=408 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 43.626201][ T408] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.647998][ T23] audit: type=1400 audit(1707898995.820:148): avc: denied { read } for pid=408 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 43.654498][ T408] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.681936][ T408] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.705773][ T368] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.713247][ T368] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.721421][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 43.729779][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 43.747822][ T359] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 43.755815][ T359] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.762677][ T359] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.770121][ T359] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 43.778582][ T359] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.785397][ T359] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.792685][ T359] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 43.800509][ T359] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 43.817362][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 43.838668][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 43.846631][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 43.863371][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 43.872165][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 43.883927][ T23] audit: type=1400 audit(1707898996.090:149): avc: denied { mounton } for pid=408 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=10686 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 43.917845][ T415] kernel profiling enabled (shift: 0) [ 44.746862][ C0] ================================================================== [ 44.755050][ C0] BUG: KASAN: stack-out-of-bounds in profile_pc+0xa4/0xe0 [ 44.762194][ C0] Read of size 8 at addr ffff8881eb7cf7e0 by task syz-executor.0/504 [ 44.770127][ C0] [ 44.772317][ C0] CPU: 0 PID: 504 Comm: syz-executor.0 Not tainted 5.4.265-syzkaller-04843-g1b3143b9b166 #0 [ 44.782280][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 44.792793][ C0] Call Trace: [ 44.795917][ C0] [ 44.798947][ C0] dump_stack+0x1d8/0x241 [ 44.803117][ C0] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 44.808939][ C0] ? printk+0xd1/0x111 [ 44.812837][ C0] ? profile_pc+0xa4/0xe0 [ 44.816997][ C0] ? wake_up_klogd+0xb2/0xf0 [ 44.821505][ C0] ? profile_pc+0xa4/0xe0 [ 44.825674][ C0] print_address_description+0x8c/0x600 [ 44.831075][ C0] ? panic+0x896/0x896 [ 44.834961][ C0] ? profile_pc+0xa4/0xe0 [ 44.839139][ C0] __kasan_report+0xf3/0x120 [ 44.843817][ C0] ? profile_pc+0xa4/0xe0 [ 44.847979][ C0] ? _raw_spin_lock+0xc0/0x1b0 [ 44.852676][ C0] kasan_report+0x30/0x60 [ 44.857214][ C0] profile_pc+0xa4/0xe0 [ 44.861287][ C0] profile_tick+0xb9/0x100 [ 44.865518][ C0] tick_sched_timer+0x237/0x3c0 [ 44.870462][ C0] ? tick_setup_sched_timer+0x460/0x460 [ 44.875942][ C0] __hrtimer_run_queues+0x3e9/0xb90 [ 44.880980][ C0] ? hrtimer_interrupt+0x890/0x890 [ 44.886272][ C0] ? kvm_sched_clock_read+0x14/0x40 [ 44.891360][ C0] ? sched_clock+0x36/0x40 [ 44.895540][ C0] ? ktime_get+0xf9/0x130 [ 44.900228][ C0] ? ktime_get_update_offsets_now+0x26c/0x280 [ 44.906304][ C0] hrtimer_interrupt+0x38a/0x890 [ 44.911104][ C0] smp_apic_timer_interrupt+0x110/0x460 [ 44.916647][ C0] apic_timer_interrupt+0xf/0x20 [ 44.921497][ C0] [ 44.924367][ C0] ? _raw_spin_lock+0xc0/0x1b0 [ 44.929060][ C0] ? _raw_spin_trylock_bh+0x190/0x190 [ 44.934350][ C0] ? __tlb_remove_page_size+0x112/0x2f0 [ 44.939834][ C0] ? unmap_page_range+0xaf4/0x2620 [ 44.944855][ C0] ? copy_page_range+0x26f0/0x26f0 [ 44.949801][ C0] ? lru_add_page_tail+0x770/0x770 [ 44.954744][ C0] ? unmap_vmas+0x355/0x4b0 [ 44.959168][ C0] ? unmap_page_range+0x2620/0x2620 [ 44.964397][ C0] ? tlb_gather_mmu+0x273/0x340 [ 44.969191][ C0] ? exit_mmap+0x2bc/0x520 [ 44.973531][ C0] ? vm_brk+0x20/0x20 [ 44.977356][ C0] ? mutex_unlock+0x18/0x40 [ 44.981700][ C0] ? uprobe_clear_state+0x297/0x300 [ 44.986742][ C0] ? mm_update_next_owner+0x4ce/0x5d0 [ 44.991940][ C0] ? __mmput+0x8e/0x2c0 [ 44.995922][ C0] ? do_exit+0xc08/0x2bc0 [ 45.000530][ C0] ? put_task_struct+0x80/0x80 [ 45.005122][ C0] ? cpus_share_cache+0x110/0x110 [ 45.009991][ C0] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 45.014929][ C0] ? _raw_spin_lock_irqsave+0x210/0x210 [ 45.020309][ C0] ? zap_other_threads+0x22d/0x270 [ 45.025257][ C0] ? do_group_exit+0x138/0x300 [ 45.030034][ C0] ? __x64_sys_exit_group+0x3b/0x40 [ 45.035066][ C0] ? do_syscall_64+0xca/0x1c0 [ 45.039579][ C0] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 45.045661][ C0] [ 45.047826][ C0] The buggy address belongs to the page: [ 45.053382][ C0] page:ffffea0007adf3c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 45.062412][ C0] flags: 0x8000000000000000() [ 45.067017][ C0] raw: 8000000000000000 0000000000000000 ffffea0007adf3c8 0000000000000000 [ 45.075660][ C0] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 45.084283][ C0] page dumped because: kasan: bad access detected [ 45.090524][ C0] page_owner tracks the page as allocated [ 45.096411][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT) [ 45.108120][ C0] prep_new_page+0x18f/0x370 [ 45.112715][ C0] get_page_from_freelist+0x2d13/0x2d90 [ 45.118180][ C0] __alloc_pages_nodemask+0x393/0x840 [ 45.123582][ C0] dup_task_struct+0x85/0x600 [ 45.128081][ C0] copy_process+0x56d/0x3230 [ 45.132712][ C0] _do_fork+0x197/0x900 [ 45.136688][ C0] __x64_sys_clone+0x26b/0x2c0 [ 45.141375][ C0] do_syscall_64+0xca/0x1c0 [ 45.146933][ C0] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 45.152737][ C0] page last free stack trace: [ 45.157336][ C0] __free_pages_ok+0x847/0x950 [ 45.161946][ C0] __free_pages+0x91/0x140 [ 45.166192][ C0] __free_slab+0x221/0x2e0 [ 45.170614][ C0] unfreeze_partials+0x14e/0x180 [ 45.175471][ C0] put_cpu_partial+0x44/0x180 [ 45.179986][ C0] __slab_free+0x297/0x360 [ 45.184335][ C0] qlist_free_all+0x43/0xb0 [ 45.188693][ C0] quarantine_reduce+0x1d9/0x210 [ 45.193440][ C0] __kasan_kmalloc+0x41/0x210 [ 45.198056][ C0] kmem_cache_alloc+0xd9/0x250 [ 45.202738][ C0] anon_vma_fork+0x1ed/0x560 [ 45.207252][ C0] copy_mm+0x842/0x10d0 [ 45.211240][ C0] copy_process+0x1291/0x3230 [ 45.215753][ C0] _do_fork+0x197/0x900 [ 45.219750][ C0] __x64_sys_clone+0x26b/0x2c0 [ 45.225530][ C0] do_syscall_64+0xca/0x1c0 [ 45.230202][ C0] [ 45.232332][ C0] addr ffff8881eb7cf7e0 is located in stack of task syz-executor.0/504 at offset 0 in frame: [ 45.242776][ C0] _raw_spin_lock+0x0/0x1b0 [ 45.247080][ C0] [ 45.249263][ C0] this frame has 1 object: [ 45.253505][ C0] [32, 36) 'val.i.i.i' [ 45.253506][ C0] [ 45.259786][ C0] Memory state around the buggy address: [ 45.265615][ C0] ffff8881eb7cf680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.273513][ C0] ffff8881eb7cf700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.281395][ C0] >ffff8881eb7cf780: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 [ 45.289737][ C0] ^ [ 45.297003][ C0] ffff8881eb7cf800: 04 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.304924][ C0] ffff8881eb7cf880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.312898][ C0] ================================================================== [ 45.320940][ C0] Disabling lock debugging due to kernel taint 2024/02/14 08:23:20 executed programs: 396 2024/02/14 08:23:25 executed programs: 946