Warning: Permanently added '10.128.1.148' (ED25519) to the list of known hosts.
2024/01/30 19:50:22 ignoring optional flag "sandboxArg"="0"
2024/01/30 19:50:22 parsed 1 programs
[   43.310473][   T23] kauditd_printk_skb: 74 callbacks suppressed
[   43.310486][   T23] audit: type=1400 audit(1706644222.390:150): avc:  denied  { mounton } for  pid=405 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   43.342674][   T23] audit: type=1400 audit(1706644222.390:151): avc:  denied  { mount } for  pid=405 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   43.366521][   T23] audit: type=1400 audit(1706644222.430:152): avc:  denied  { unlink } for  pid=405 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
2024/01/30 19:50:22 executed programs: 0
[   43.422821][  T405] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   43.496082][  T410] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.508442][  T410] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.516639][  T410] device bridge_slave_0 entered promiscuous mode
[   43.523814][  T410] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.531034][  T410] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.538215][  T410] device bridge_slave_1 entered promiscuous mode
[   43.584658][   T23] audit: type=1400 audit(1706644222.660:153): avc:  denied  { create } for  pid=410 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   43.593044][  T410] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.605155][   T23] audit: type=1400 audit(1706644222.660:154): avc:  denied  { write } for  pid=410 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   43.611935][  T410] bridge0: port 2(bridge_slave_1) entered forwarding state
[   43.612064][  T410] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.633038][   T23] audit: type=1400 audit(1706644222.660:155): avc:  denied  { read } for  pid=410 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   43.639598][  T410] bridge0: port 1(bridge_slave_0) entered forwarding state
[   43.690800][  T107] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.698173][  T107] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.705919][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   43.713624][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   43.730413][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   43.738416][  T363] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.745746][  T363] bridge0: port 1(bridge_slave_0) entered forwarding state
[   43.753205][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   43.761512][  T363] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.768335][  T363] bridge0: port 2(bridge_slave_1) entered forwarding state
[   43.776067][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   43.785783][  T368] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   43.802842][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   43.820014][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   43.837897][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   43.846171][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   43.856376][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   43.870154][   T23] audit: type=1400 audit(1706644222.950:156): avc:  denied  { mounton } for  pid=410 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=10839 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[   43.903070][  T416] kernel profiling enabled (shift: 0)
[   44.499536][    C0] ==================================================================
[   44.507426][    C0] BUG: KASAN: stack-out-of-bounds in profile_pc+0xa4/0xe0
[   44.514366][    C0] Read of size 8 at addr ffff8881ec2e7e00 by task syz-executor.0/469
[   44.522257][    C0] 
[   44.524430][    C0] CPU: 0 PID: 469 Comm: syz-executor.0 Not tainted 5.4.265-syzkaller-04838-gc84a70203fff #0
[   44.534495][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[   44.544397][    C0] Call Trace:
[   44.547531][    C0]  <IRQ>
[   44.550219][    C0]  dump_stack+0x1d8/0x241
[   44.554376][    C0]  ? nf_ct_l4proto_log_invalid+0x258/0x258
[   44.560014][    C0]  ? printk+0xd1/0x111
[   44.563930][    C0]  ? profile_pc+0xa4/0xe0
[   44.568088][    C0]  ? wake_up_klogd+0xb2/0xf0
[   44.572530][    C0]  ? profile_pc+0xa4/0xe0
[   44.576689][    C0]  print_address_description+0x8c/0x600
[   44.582072][    C0]  ? panic+0x896/0x896
[   44.585969][    C0]  ? profile_pc+0xa4/0xe0
[   44.590129][    C0]  __kasan_report+0xf3/0x120
[   44.594643][    C0]  ? profile_pc+0xa4/0xe0
[   44.598811][    C0]  ? _raw_spin_lock+0xc0/0x1b0
[   44.603416][    C0]  kasan_report+0x30/0x60
[   44.607575][    C0]  profile_pc+0xa4/0xe0
[   44.611571][    C0]  profile_tick+0xb9/0x100
[   44.615823][    C0]  tick_sched_timer+0x237/0x3c0
[   44.620507][    C0]  ? tick_setup_sched_timer+0x460/0x460
[   44.625887][    C0]  __hrtimer_run_queues+0x3e9/0xb90
[   44.630926][    C0]  ? hrtimer_interrupt+0x890/0x890
[   44.635868][    C0]  ? kvm_sched_clock_read+0x14/0x40
[   44.640905][    C0]  ? sched_clock+0x36/0x40
[   44.645158][    C0]  ? sched_clock_cpu+0x18/0x3a0
[   44.649842][    C0]  ? ktime_get_update_offsets_now+0x26c/0x280
[   44.656091][    C0]  hrtimer_interrupt+0x38a/0x890
[   44.660872][    C0]  smp_apic_timer_interrupt+0x110/0x460
[   44.666341][    C0]  apic_timer_interrupt+0xf/0x20
[   44.671101][    C0]  </IRQ>
[   44.673884][    C0]  ? _raw_spin_lock+0xc0/0x1b0
[   44.678483][    C0]  ? _raw_spin_trylock_bh+0x190/0x190
[   44.683697][    C0]  ? check_preemption_disabled+0x153/0x320
[   44.689331][    C0]  ? debug_smp_processor_id+0x20/0x20
[   44.694546][    C0]  ? __close_fd+0x32/0x2c0
[   44.698809][    C0]  ? __x64_sys_close+0x61/0xb0
[   44.703393][    C0]  ? do_syscall_64+0xca/0x1c0
[   44.707994][    C0]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   44.713892][    C0] 
[   44.716061][    C0] The buggy address belongs to the page:
[   44.721535][    C0] page:ffffea0007b0b9c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0
[   44.730473][    C0] flags: 0x8000000000000000()
[   44.734986][    C0] raw: 8000000000000000 0000000000000000 ffffea0007b0b9c8 0000000000000000
[   44.743405][    C0] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   44.751815][    C0] page dumped because: kasan: bad access detected
[   44.758072][    C0] page_owner tracks the page as allocated
[   44.763629][    C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT)
[   44.775174][    C0]  prep_new_page+0x18f/0x370
[   44.779602][    C0]  get_page_from_freelist+0x2d13/0x2d90
[   44.784977][    C0]  __alloc_pages_nodemask+0x393/0x840
[   44.790185][    C0]  dup_task_struct+0x85/0x600
[   44.794697][    C0]  copy_process+0x56d/0x3230
[   44.799312][    C0]  _do_fork+0x197/0x900
[   44.803293][    C0]  __x64_sys_clone+0x26b/0x2c0
[   44.807985][    C0]  do_syscall_64+0xca/0x1c0
[   44.812494][    C0]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   44.818305][    C0] page last free stack trace:
[   44.822829][    C0]  __free_pages_ok+0x847/0x950
[   44.827420][    C0]  __free_pages+0x91/0x140
[   44.831674][    C0]  __free_slab+0x221/0x2e0
[   44.835927][    C0]  unfreeze_partials+0x14e/0x180
[   44.840702][    C0]  put_cpu_partial+0x44/0x180
[   44.845212][    C0]  __slab_free+0x297/0x360
[   44.849463][    C0]  qlist_free_all+0x43/0xb0
[   44.853813][    C0]  quarantine_reduce+0x1d9/0x210
[   44.858669][    C0]  __kasan_kmalloc+0x41/0x210
[   44.863227][    C0]  kmem_cache_alloc+0xd9/0x250
[   44.867783][    C0]  getname_flags+0xb8/0x4e0
[   44.872121][    C0]  __x64_sys_unlink+0x38/0x50
[   44.876740][    C0]  do_syscall_64+0xca/0x1c0
[   44.881074][    C0]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   44.886893][    C0] 
[   44.889070][    C0] addr ffff8881ec2e7e00 is located in stack of task syz-executor.0/469 at offset 0 in frame:
[   44.899141][    C0]  _raw_spin_lock+0x0/0x1b0
[   44.903463][    C0] 
[   44.905633][    C0] this frame has 1 object:
[   44.909893][    C0]  [32, 36) 'val.i.i.i'
[   44.909895][    C0] 
[   44.916051][    C0] Memory state around the buggy address:
[   44.921523][    C0]  ffff8881ec2e7d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   44.929418][    C0]  ffff8881ec2e7d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   44.937318][    C0] >ffff8881ec2e7e00: f1 f1 f1 f1 04 f3 f3 f3 00 00 00 00 00 00 00 00
[   44.945298][    C0]                    ^
[   44.949207][    C0]  ffff8881ec2e7e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   44.957113][    C0]  ffff8881ec2e7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   44.965093][    C0] ==================================================================
[   44.972982][    C0] Disabling lock debugging due to kernel taint
2024/01/30 19:50:27 executed programs: 461
2024/01/30 19:50:32 executed programs: 1118