Warning: Permanently added '10.128.1.163' (ED25519) to the list of known hosts.
2024/01/30 20:07:06 ignoring optional flag "sandboxArg"="0"
2024/01/30 20:07:06 parsed 1 programs
[   44.418885][   T23] kauditd_printk_skb: 72 callbacks suppressed
[   44.418897][   T23] audit: type=1400 audit(1706645226.290:148): avc:  denied  { mounton } for  pid=405 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   44.450380][   T23] audit: type=1400 audit(1706645226.290:149): avc:  denied  { mount } for  pid=405 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   44.477268][   T23] audit: type=1400 audit(1706645226.330:150): avc:  denied  { unlink } for  pid=405 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
2024/01/30 20:07:06 executed programs: 0
[   44.537446][  T405] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   44.609134][  T411] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.616597][  T411] bridge0: port 1(bridge_slave_0) entered disabled state
[   44.624368][  T411] device bridge_slave_0 entered promiscuous mode
[   44.631665][  T411] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.638764][  T411] bridge0: port 2(bridge_slave_1) entered disabled state
[   44.646322][  T411] device bridge_slave_1 entered promiscuous mode
[   44.696199][   T23] audit: type=1400 audit(1706645226.570:151): avc:  denied  { create } for  pid=411 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   44.708201][  T411] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.716703][   T23] audit: type=1400 audit(1706645226.580:152): avc:  denied  { write } for  pid=411 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   44.723461][  T411] bridge0: port 2(bridge_slave_1) entered forwarding state
[   44.723600][  T411] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.723609][  T411] bridge0: port 1(bridge_slave_0) entered forwarding state
[   44.766212][  T365] bridge0: port 1(bridge_slave_0) entered disabled state
[   44.766260][   T23] audit: type=1400 audit(1706645226.580:153): avc:  denied  { read } for  pid=411 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   44.796509][  T365] bridge0: port 2(bridge_slave_1) entered disabled state
[   44.804636][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   44.813031][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   44.830963][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   44.839109][  T108] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.846263][  T108] bridge0: port 1(bridge_slave_0) entered forwarding state
[   44.853815][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   44.862298][  T108] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.870927][  T108] bridge0: port 2(bridge_slave_1) entered forwarding state
[   44.881110][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   44.892476][  T125] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   44.910984][  T125] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   44.930109][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   44.938074][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   44.958352][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   44.967572][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   44.981684][   T23] audit: type=1400 audit(1706645226.860:154): avc:  denied  { mounton } for  pid=411 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=902 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[   45.019213][  T418] kernel profiling enabled (shift: 0)
[   46.639289][    C0] ==================================================================
[   46.647322][    C0] BUG: KASAN: stack-out-of-bounds in profile_pc+0xa4/0xe0
[   46.654399][    C0] Read of size 8 at addr ffff8881ef1a7c80 by task syz-executor.0/411
[   46.663204][    C0] 
[   46.666129][    C0] CPU: 0 PID: 411 Comm: syz-executor.0 Not tainted 5.4.265-syzkaller-04838-gc84a70203fff #0
[   46.676974][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[   46.686829][    C0] Call Trace:
[   46.690109][    C0]  <IRQ>
[   46.693183][    C0]  dump_stack+0x1d8/0x241
[   46.697339][    C0]  ? nf_ct_l4proto_log_invalid+0x258/0x258
[   46.703266][    C0]  ? printk+0xd1/0x111
[   46.707162][    C0]  ? profile_pc+0xa4/0xe0
[   46.711324][    C0]  ? wake_up_klogd+0xb2/0xf0
[   46.715747][    C0]  ? profile_pc+0xa4/0xe0
[   46.719915][    C0]  print_address_description+0x8c/0x600
[   46.725297][    C0]  ? panic+0x896/0x896
[   46.729422][    C0]  ? profile_pc+0xa4/0xe0
[   46.733580][    C0]  __kasan_report+0xf3/0x120
[   46.737997][    C0]  ? profile_pc+0xa4/0xe0
[   46.742167][    C0]  ? _raw_spin_lock+0xc0/0x1b0
[   46.746998][    C0]  kasan_report+0x30/0x60
[   46.751271][    C0]  profile_pc+0xa4/0xe0
[   46.755333][    C0]  profile_tick+0xb9/0x100
[   46.759583][    C0]  tick_sched_timer+0x237/0x3c0
[   46.764571][    C0]  ? tick_setup_sched_timer+0x460/0x460
[   46.770725][    C0]  __hrtimer_run_queues+0x3e9/0xb90
[   46.775887][    C0]  ? hrtimer_interrupt+0x890/0x890
[   46.780826][    C0]  ? debug_smp_processor_id+0x20/0x20
[   46.786036][    C0]  ? ktime_get+0xf9/0x130
[   46.790187][    C0]  ? ktime_get_update_offsets_now+0x26c/0x280
[   46.796833][    C0]  hrtimer_interrupt+0x38a/0x890
[   46.801715][    C0]  smp_apic_timer_interrupt+0x110/0x460
[   46.807268][    C0]  apic_timer_interrupt+0xf/0x20
[   46.812279][    C0]  </IRQ>
[   46.815008][    C0]  ? _raw_spin_lock+0xc0/0x1b0
[   46.819817][    C0]  ? _raw_spin_trylock_bh+0x190/0x190
[   46.825043][    C0]  ? asan.module_dtor+0x20/0x20
[   46.829699][    C0]  ? up_write+0xa6/0x270
[   46.833921][    C0]  ? evict+0x3e2/0x6a0
[   46.837784][    C0]  ? do_unlinkat+0x48e/0x8b0
[   46.842210][    C0]  ? fsnotify_link_count+0x80/0x80
[   46.847426][    C0]  ? getname_flags+0x1ec/0x4e0
[   46.852173][    C0]  ? do_syscall_64+0xca/0x1c0
[   46.856871][    C0]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   46.862834][    C0] 
[   46.865001][    C0] The buggy address belongs to the page:
[   46.870657][    C0] page:ffffea0007bc69c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0
[   46.879942][    C0] flags: 0x8000000000000000()
[   46.884449][    C0] raw: 8000000000000000 0000000000000000 ffffea0007bc69c8 0000000000000000
[   46.892903][    C0] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   46.901286][    C0] page dumped because: kasan: bad access detected
[   46.907622][    C0] page_owner tracks the page as allocated
[   46.913442][    C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT)
[   46.924996][    C0]  prep_new_page+0x18f/0x370
[   46.929405][    C0]  get_page_from_freelist+0x2d13/0x2d90
[   46.934864][    C0]  __alloc_pages_nodemask+0x393/0x840
[   46.940186][    C0]  dup_task_struct+0x85/0x600
[   46.944836][    C0]  copy_process+0x56d/0x3230
[   46.949265][    C0]  _do_fork+0x197/0x900
[   46.953248][    C0]  __x64_sys_clone+0x26b/0x2c0
[   46.958109][    C0]  do_syscall_64+0xca/0x1c0
[   46.963371][    C0]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   46.969878][    C0] page last free stack trace:
[   46.974396][    C0]  __free_pages_ok+0x847/0x950
[   46.979318][    C0]  __free_pages+0x91/0x140
[   46.983801][    C0]  __free_slab+0x221/0x2e0
[   46.988038][    C0]  unfreeze_partials+0x14e/0x180
[   46.992811][    C0]  put_cpu_partial+0x44/0x180
[   46.997592][    C0]  __slab_free+0x297/0x360
[   47.001916][    C0]  qlist_free_all+0x43/0xb0
[   47.006257][    C0]  quarantine_reduce+0x1d9/0x210
[   47.011261][    C0]  __kasan_kmalloc+0x41/0x210
[   47.015755][    C0]  kmem_cache_alloc+0xd9/0x250
[   47.021863][    C0]  getname_flags+0xb8/0x4e0
[   47.026275][    C0]  do_sys_open+0x357/0x810
[   47.031851][    C0]  do_syscall_64+0xca/0x1c0
[   47.037681][    C0]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   47.043622][    C0] 
[   47.046296][    C0] addr ffff8881ef1a7c80 is located in stack of task syz-executor.0/411 at offset 0 in frame:
[   47.056985][    C0]  _raw_spin_lock+0x0/0x1b0
[   47.061310][    C0] 
[   47.063480][    C0] this frame has 1 object:
[   47.067736][    C0]  [32, 36) 'val.i.i.i'
[   47.067739][    C0] 
[   47.073887][    C0] Memory state around the buggy address:
[   47.079373][    C0]  ffff8881ef1a7b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   47.087268][    C0]  ffff8881ef1a7c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   47.095381][    C0] >ffff8881ef1a7c80: f1 f1 f1 f1 04 f3 f3 f3 00 00 00 00 00 00 00 00
[   47.103918][    C0]                    ^
[   47.107791][    C0]  ffff8881ef1a7d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   47.115913][    C0]  ffff8881ef1a7d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   47.124390][    C0] ==================================================================
[   47.132275][    C0] Disabling lock debugging due to kernel taint
2024/01/30 20:07:11 executed programs: 416
2024/01/30 20:07:16 executed programs: 994