Warning: Permanently added '[localhost]:1504' (ED25519) to the list of known hosts. 1970/01/01 00:02:42 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:02:45 parsed 1 programs [ 165.743746][ T29] kauditd_printk_skb: 23 callbacks suppressed [ 165.743859][ T29] audit: type=1400 audit(165.690:131): avc: denied { mounton } for pid=3512 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 165.746488][ T29] audit: type=1400 audit(165.690:132): avc: denied { mount } for pid=3512 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 165.792700][ T29] audit: type=1400 audit(165.740:133): avc: denied { unlink } for pid=3512 comm="syz-executor" name="swap-file" dev="vda" ino=686 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 173.910964][ T3512] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 1970/01/01 00:02:53 executed programs: 0 [ 175.863439][ T3518] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 175.870870][ T3518] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 176.592166][ T3518] hsr_slave_0: entered promiscuous mode [ 176.595077][ T3518] hsr_slave_1: entered promiscuous mode [ 177.357174][ T3518] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 177.370565][ T3518] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 177.376760][ T3518] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 177.391406][ T3518] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 179.565510][ T3518] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.871264][ T3518] veth0_vlan: entered promiscuous mode [ 187.974621][ T3518] veth1_vlan: entered promiscuous mode [ 188.256133][ T3518] veth0_macvtap: entered promiscuous mode [ 188.300599][ T3518] veth1_macvtap: entered promiscuous mode [ 188.578735][ T3518] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 188.580355][ T3518] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 188.580705][ T3518] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 188.581128][ T3518] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.391155][ T3917] usercopy: Kernel memory overwrite attempt detected to SLUB object 'task_struct' (offset 80, size 140)! [ 189.419603][ T3917] ------------[ cut here ]------------ [ 189.421434][ T3917] kernel BUG at mm/usercopy.c:102! [ 189.428082][ T3917] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM [ 189.432348][ T3917] Modules linked in: [ 189.434086][ T3917] CPU: 1 PID: 3917 Comm: syz-executor.0 Not tainted 6.8.0-rc7-syzkaller #0 [ 189.435741][ T3917] Hardware name: ARM-Versatile Express [ 189.436181][ T3917] PC is at usercopy_abort+0x98/0x9c [ 189.437138][ T3917] LR is at __wake_up_klogd.part.0+0x7c/0xac [ 189.437406][ T3917] pc : [<8183e740>] lr : [<802b7f34>] psr: 60000113 [ 189.437636][ T3917] sp : df9d5e50 ip : df9d5d98 fp : df9d5e74 [ 189.438240][ T3917] r10: 0000001a r9 : 83d59800 r8 : 84ccd450 [ 189.438494][ T3917] r7 : ddea5c20 r6 : 00000000 r5 : 0000008c r4 : 00000050 [ 189.438760][ T3917] r3 : 83d59800 r2 : 00000000 r1 : 00000000 r0 : 00000066 [ 189.439338][ T3917] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none [ 189.440059][ T3917] Control: 30c5387d Table: 84b822c0 DAC: 00000000 [ 189.441268][ T3917] Register r0 information: non-paged memory [ 189.445907][ T3917] Register r1 information: NULL pointer [ 189.446162][ T3917] Register r2 information: NULL pointer [ 189.446520][ T3917] Register r3 information: slab task_struct start 83d59800 pointer offset 0 size 3072 [ 189.448151][ T3917] Register r4 information: non-paged memory [ 189.448737][ T3917] Register r5 information: non-paged memory [ 189.449215][ T3917] Register r6 information: NULL pointer [ 189.449435][ T3917] Register r7 information: non-slab/vmalloc memory [ 189.453314][ T3917] Register r8 information: slab task_struct start 84ccd400 pointer offset 80 size 3072 [ 189.454753][ T3917] Register r9 information: slab task_struct start 83d59800 pointer offset 0 size 3072 [ 189.457691][ T3917] Register r10 information: non-paged memory [ 189.459265][ T3917] Register r11 information: 2-page vmalloc region starting at 0xdf9d4000 allocated at kernel_clone+0xac/0x3c8 [ 189.459960][ T3917] Register r12 information: 2-page vmalloc region starting at 0xdf9d4000 allocated at kernel_clone+0xac/0x3c8 [ 189.462379][ T3917] Process syz-executor.0 (pid: 3917, stack limit = 0xdf9d4000) [ 189.465591][ T3917] Stack: (0xdf9d5e50 to 0xdf9d6000) [ 189.466034][ T3917] 5e40: 81fda684 81fadca8 81fc2424 00000050 [ 189.468279][ T3917] 5e60: 0000008c 83d59800 df9d5ea4 df9d5e78 804a922c 8183e6b4 0000008c df9d5e88 [ 189.468554][ T3917] 5e80: 80216278 84ccd450 0000008c 00000000 84ccd4dc ddea5c20 df9d5edc df9d5ea8 [ 189.468837][ T3917] 5ea0: 804e1c20 804a9160 0000008c 00000001 df9d5ecc 84ccd450 0000008c 00000001 [ 189.473414][ T3917] 5ec0: 00000000 00000000 83d59800 0000001a df9d5ef4 df9d5ee0 8020a090 804e1a40 [ 189.473728][ T3917] 5ee0: 00000000 0000000c df9d5f6c df9d5ef8 8020a680 8020a01c 00000000 00000000 [ 189.474153][ T3917] 5f00: df9d5f1c df9d5f10 81862d34 802798b0 df9d5f6c df9d5f20 8027f524 81862d10 [ 189.474427][ T3917] 5f20: df9d5f54 00000000 8027b25c 60000013 818110f0 81827f88 df9d5f54 b2f514c9 [ 189.474688][ T3917] 5f40: 0000000f 84ccd400 0000000f b2f514c9 84ccd400 0000000f 00000001 00000000 [ 189.474960][ T3917] 5f60: df9d5fa4 df9d5f70 80253494 8020a398 8020301c b2f514c9 df9d5fac 00000000 [ 189.475232][ T3917] 5f80: 00000000 0014c2cc 0000001a 80200288 83d59800 0000001a 00000000 df9d5fa8 [ 189.475499][ T3917] 5fa0: 80200060 80253268 00000000 00000000 0000000f 00000004 00000001 00000000 [ 189.475751][ T3917] 5fc0: 00000000 00000000 0014c2cc 0000001a 7e8da326 7e8da327 003d0f00 76bf70fc [ 189.476003][ T3917] 5fe0: 76bf6f08 76bf6ef8 000167e8 00050bd0 60000010 0000000f 00000000 00000000 [ 189.476434][ T3917] Backtrace: [ 189.476874][ T3917] [<8183e6a8>] (usercopy_abort) from [<804a922c>] (__check_heap_object+0xd8/0xf4) [ 189.477972][ T3917] [<804a9154>] (__check_heap_object) from [<804e1c20>] (__check_object_size+0x1ec/0x30c) [ 189.478653][ T3917] r8:ddea5c20 r7:84ccd4dc r6:00000000 r5:0000008c r4:84ccd450 [ 189.479014][ T3917] [<804e1a34>] (__check_object_size) from [<8020a090>] (fpa_set+0x80/0xa0) [ 189.480570][ T3917] r10:0000001a r9:83d59800 r8:00000000 r7:00000000 r6:00000001 r5:0000008c [ 189.487486][ T3917] r4:84ccd450 [ 189.488118][ T3917] [<8020a010>] (fpa_set) from [<8020a680>] (arch_ptrace+0x2f4/0x3e4) [ 189.488458][ T3917] r5:0000000c r4:00000000 [ 189.488787][ T3917] [<8020a38c>] (arch_ptrace) from [<80253494>] (sys_ptrace+0x238/0x4dc) [ 189.493691][ T3917] r7:00000000 r6:00000001 r5:0000000f r4:84ccd400 [ 189.497875][ T3917] [<8025325c>] (sys_ptrace) from [<80200060>] (ret_fast_syscall+0x0/0x1c) [ 189.498360][ T3917] Exception stack(0xdf9d5fa8 to 0xdf9d5ff0) [ 189.498870][ T3917] 5fa0: 00000000 00000000 0000000f 00000004 00000001 00000000 [ 189.499178][ T3917] 5fc0: 00000000 00000000 0014c2cc 0000001a 7e8da326 7e8da327 003d0f00 76bf70fc [ 189.499469][ T3917] 5fe0: 76bf6f08 76bf6ef8 000167e8 00050bd0 [ 189.499909][ T3917] r10:0000001a r9:83d59800 r8:80200288 r7:0000001a r6:0014c2cc r5:00000000 [ 189.500501][ T3917] r4:00000000 [ 189.502143][ T3917] Code: e30a0688 e34801fd e58dc000 ebfff35b (e7f001f2) [ 189.508814][ T3917] ---[ end trace 0000000000000000 ]--- [ 189.511708][ T3917] Kernel panic - not syncing: Fatal exception [ 189.515249][ C0] CPU0: stopping [ 189.516165][ C0] CPU: 0 PID: 10 Comm: kworker/0:1 Tainted: G D 6.8.0-rc7-syzkaller #0 [ 189.516267][ C0] Hardware name: ARM-Versatile Express [ 189.516640][ C0] Workqueue: events bpf_prog_free_deferred [ 189.516847][ C0] Backtrace: frame pointer underflow [ 189.516953][ C0] [<8183864c>] (dump_backtrace) from [<81838748>] (show_stack+0x18/0x1c) [ 189.517084][ C0] r7:00000014 r6:81b0f9f8 r5:600001d3 r4:81fbd958 [ 189.517104][ C0] [<81838730>] (show_stack) from [<81855c64>] (dump_stack_lvl+0x48/0x54) [ 189.517167][ C0] [<81855c1c>] (dump_stack_lvl) from [<81855c88>] (dump_stack+0x18/0x1c) [ 189.517235][ C0] r5:00000000 r4:00000004 [ 189.517249][ C0] [<81855c70>] (dump_stack) from [<8020fb18>] (do_handle_IPI+0x2ac/0x2d8) [ 189.517305][ C0] [<8020f86c>] (do_handle_IPI) from [<8020fb64>] (ipi_handler+0x20/0x28) [ 189.517371][ C0] r9:82e36c00 r8:df801f78 r7:00000014 r6:81b0f9f8 r5:82c0cc80 r4:82c96d00 [ 189.517383][ C0] [<8020fb44>] (ipi_handler) from [<802c4fcc>] (handle_percpu_devid_irq+0x9c/0x2cc) [ 189.517524][ C0] [<802c4f30>] (handle_percpu_devid_irq) from [<802be758>] (generic_handle_domain_irq+0x30/0x40) [ 189.517610][ C0] r10:00000000 r9:82e36c00 r8:00000000 r7:df80a00c r6:824b0bc0 r5:df80a000 [ 189.517629][ C0] r4:8260cd28 r3:00010000 [ 189.517640][ C0] [<802be728>] (generic_handle_domain_irq) from [<802011c4>] (gic_handle_irq+0x68/0x7c) [ 189.517739][ C0] [<8020115c>] (gic_handle_irq) from [<81856528>] (generic_handle_arch_irq+0x60/0x80) [ 189.517802][ C0] r7:df841d08 r6:8213d0ec r5:82178d04 r4:824b2224 [ 189.517819][ C0] [<818564c8>] (generic_handle_arch_irq) from [<818086c0>] (call_with_stack+0x1c/0x20) [ 189.517951][ C0] r9:82e36c00 r8:828a0c68 r7:df841d3c r6:ffffffff r5:80000113 r4:8021b30c [ 189.517966][ C0] [<818086a4>] (call_with_stack) from [<80200b84>] (__irq_svc+0x84/0xac) [ 189.518010][ C0] Exception stack(0xdf841d08 to 0xdf841d50) [ 189.518046][ C0] 1d00: a19c8000 dffe1000 00000001 8021b2f4 7f003000 82e36c00 [ 189.518083][ C0] 1d20: 7f003000 00000000 828a0c68 8270dd5c 00000000 df841d84 df841d88 df841d58 [ 189.518108][ C0] 1d40: 80210ad0 8021b30c 80000113 ffffffff [ 189.518126][ C0] [<80210a6c>] (flush_tlb_kernel_range) from [<8048d868>] (__purge_vmap_area_lazy+0xc4/0x850) [ 189.518182][ C0] r4:dffe1000 [ 189.518196][ C0] [<8048d7a4>] (__purge_vmap_area_lazy) from [<8048e27c>] (_vm_unmap_aliases+0x288/0x2e4) [ 189.518265][ C0] r10:00000000 r9:df841e38 r8:00000000 r7:df841df0 r6:00000008 r5:ddde2340 [ 189.518281][ C0] r4:df841df0 [ 189.518291][ C0] [<8048dff4>] (_vm_unmap_aliases) from [<80491bf4>] (vfree+0x170/0x1e0) [ 189.518349][ C0] r10:82c16005 r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:849954c0 [ 189.518363][ C0] r4:00000000 [ 189.518373][ C0] [<80491a84>] (vfree) from [<802ea42c>] (module_memfree+0x30/0x50) [ 189.518439][ C0] r9:82e36c00 r8:00000000 r7:00000000 r6:82c16000 r5:00001000 r4:7f037000 [ 189.518456][ C0] [<802ea3fc>] (module_memfree) from [<80388b84>] (bpf_jit_free_exec+0x10/0x14) [ 189.518510][ C0] r5:00001000 r4:dffe1000 [ 189.518522][ C0] [<80388b74>] (bpf_jit_free_exec) from [<80388d44>] (bpf_jit_free+0x68/0xe4) [ 189.518565][ C0] [<80388cdc>] (bpf_jit_free) from [<80389e24>] (bpf_prog_free_deferred+0x14c/0x164) [ 189.518613][ C0] r5:84c0b350 r4:84c0b000 [ 189.518626][ C0] [<80389cd8>] (bpf_prog_free_deferred) from [<80266fe8>] (process_one_work+0x19c/0x4a4) [ 189.518680][ C0] r7:dddd1280 r6:82c16000 r5:84c0b350 r4:82c0bc80 [ 189.518690][ C0] [<80266e4c>] (process_one_work) from [<80267530>] (worker_thread+0x240/0x48c) [ 189.519274][ C0] r10:61c88647 r9:82e36c00 r8:dddd12a0 r7:82604d40 r6:dddd1280 r5:82c0bcac [ 189.519327][ C0] r4:82c0bc80 [ 189.519350][ C0] [<802672f0>] (worker_thread) from [<8026e80c>] (kthread+0x104/0x134) [ 189.519484][ C0] r10:00000000 r9:df839e90 r8:82cb67c0 r7:82c0bc80 r6:802672f0 r5:82e36c00 [ 189.519510][ C0] r4:82cb65c0 [ 189.519520][ C0] [<8026e708>] (kthread) from [<80200104>] (ret_from_fork+0x14/0x30) [ 189.519568][ C0] Exception stack(0xdf841fb0 to 0xdf841ff8) [ 189.519598][ C0] 1fa0: 00000000 00000000 00000000 00000000 [ 189.519623][ C0] 1fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 189.519655][ C0] 1fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 189.519687][ C0] r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:8026e708 r4:82cb65c0 [ 189.530682][ T3917] Rebooting in 86400 seconds..