[   65.273837][   T74] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.0.172' (ED25519) to the list of known hosts.
2025/05/04 16:36:13 ignoring optional flag "sandboxArg"="0"
2025/05/04 16:36:14 parsed 1 programs
[   69.184830][   T23] kauditd_printk_skb: 31 callbacks suppressed
[   69.184841][   T23] audit: type=1400 audit(1746376575.130:122): avc:  denied  { create } for  pid=449 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   69.212026][   T23] audit: type=1400 audit(1746376575.130:123): avc:  denied  { write } for  pid=449 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   69.232624][   T23] audit: type=1400 audit(1746376575.130:124): avc:  denied  { read } for  pid=449 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   69.253213][   T23] audit: type=1400 audit(1746376575.160:125): avc:  denied  { unlink } for  pid=449 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   69.309531][  T449] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   69.675950][   T23] audit: type=1400 audit(1746376575.620:126): avc:  denied  { mounton } for  pid=453 comm="syz-executor" path="/root/syzkaller.gxrF8N/syz-tmp/newroot/dev" dev="tmpfs" ino=12287 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   70.227687][   T23] audit: type=1401 audit(1746376576.170:127): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
[   70.333924][  T489] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.340959][  T489] bridge0: port 1(bridge_slave_0) entered disabled state
[   70.348544][  T489] device bridge_slave_0 entered promiscuous mode
[   70.355785][  T489] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.362897][  T489] bridge0: port 2(bridge_slave_1) entered disabled state
[   70.370601][  T489] device bridge_slave_1 entered promiscuous mode
[   70.410392][  T489] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.417467][  T489] bridge0: port 2(bridge_slave_1) entered forwarding state
[   70.424757][  T489] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.431773][  T489] bridge0: port 1(bridge_slave_0) entered forwarding state
[   70.453759][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   70.461516][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   70.468916][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   70.478160][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   70.486561][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.493904][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   70.502661][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   70.511102][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.518692][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   70.531728][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   70.541119][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   70.556821][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   70.568038][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   70.580862][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   70.593298][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   70.604267][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   70.682064][   T23] audit: type=1400 audit(1746376576.620:128): avc:  denied  { create } for  pid=500 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
2025/05/04 16:36:16 executed programs: 0
[   70.989752][  T509] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.996839][  T509] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.004432][  T509] device bridge_slave_0 entered promiscuous mode
[   71.011435][  T509] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.018750][  T509] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.026228][  T509] device bridge_slave_1 entered promiscuous mode
[   71.080304][  T509] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.087585][  T509] bridge0: port 2(bridge_slave_1) entered forwarding state
[   71.094883][  T509] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.101905][  T509] bridge0: port 1(bridge_slave_0) entered forwarding state
[   71.127560][  T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   71.144165][  T354] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.153887][  T354] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.168974][  T354] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   71.177227][  T354] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.184267][  T354] bridge0: port 1(bridge_slave_0) entered forwarding state
[   71.191997][  T354] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   71.200970][  T354] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.208158][  T354] bridge0: port 2(bridge_slave_1) entered forwarding state
[   71.219210][  T354] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   71.228910][  T354] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   71.246817][  T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   71.258903][  T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   71.271957][  T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   71.285058][  T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   71.295916][  T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   71.321604][   T23] audit: type=1400 audit(1746376577.260:129): avc:  denied  { read } for  pid=526 comm="syz.2.16" name="msr" dev="devtmpfs" ino=9404 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[   71.347803][   T23] audit: type=1400 audit(1746376577.260:130): avc:  denied  { open } for  pid=526 comm="syz.2.16" path="/dev/cpu/0/msr" dev="devtmpfs" ino=9404 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[   72.043913][  T103] device bridge_slave_1 left promiscuous mode
[   72.050323][  T103] bridge0: port 2(bridge_slave_1) entered disabled state
[   72.058984][  T103] device bridge_slave_0 left promiscuous mode
[   72.065452][  T103] bridge0: port 1(bridge_slave_0) entered disabled state
2025/05/04 16:36:21 executed programs: 31
2025/05/04 16:36:27 executed programs: 59
2025/05/04 16:36:32 executed programs: 92
2025/05/04 16:36:37 executed programs: 120
2025/05/04 16:36:42 executed programs: 155
2025/05/04 16:36:47 executed programs: 185
[  102.634265][  T987] ==================================================================
[  102.642496][  T987] BUG: KASAN: stack-out-of-bounds in unwind_next_frame+0x97/0x760
[  102.650280][  T987] Read of size 8 at addr ffff8881e1a3fd10 by task syz.2.203/987
[  102.658006][  T987] 
[  102.660358][  T987] CPU: 0 PID: 987 Comm: syz.2.203 Not tainted 5.4.292-syzkaller-05062-gcd8e74fa0fa3 #0
[  102.670137][  T987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  102.680209][  T987] Call Trace:
[  102.683578][  T987]  __dump_stack+0x1e/0x20
[  102.687905][  T987]  dump_stack+0x15b/0x1b8
[  102.692349][  T987]  ? show_regs_print_info+0x18/0x18
[  102.697544][  T987]  ? vprintk_func+0x19a/0x1e0
[  102.702320][  T987]  ? printk+0xcc/0x110
[  102.706378][  T987]  ? unwind_next_frame+0x97/0x760
[  102.711400][  T987]  print_address_description+0x8d/0x4c0
[  102.716938][  T987]  ? thaw_kernel_threads+0x220/0x220
[  102.722219][  T987]  ? unwind_next_frame+0x97/0x760
[  102.727254][  T987]  ? unwind_next_frame+0x97/0x760
[  102.732588][  T987]  __kasan_report+0xef/0x120
[  102.737213][  T987]  ? unwind_next_frame+0x97/0x760
[  102.742223][  T987]  kasan_report+0x30/0x60
[  102.746544][  T987]  __asan_report_load8_noabort+0x14/0x20
[  102.752176][  T987]  unwind_next_frame+0x97/0x760
[  102.757048][  T987]  ? in_sched_functions+0xd/0x40
[  102.762085][  T987]  ? __kasan_check_write+0x14/0x20
[  102.767198][  T987]  ? stack_trace_consume_entry_nosched+0x1a3/0x280
[  102.773681][  T987]  ? __kasan_check_write+0x14/0x20
[  102.778806][  T987]  ? stack_trace_save_tsk+0x2b0/0x2b0
[  102.784183][  T987]  arch_stack_walk+0x10c/0x140
[  102.788942][  T987]  ? __kasan_check_write+0x14/0x20
[  102.794050][  T987]  stack_trace_save_tsk+0x1e8/0x2b0
[  102.799246][  T987]  ? stack_trace_consume_entry+0x250/0x250
[  102.805122][  T987]  ? _raw_spin_lock+0x8e/0xe0
[  102.809782][  T987]  ? __ptrace_may_access+0x2a4/0x570
[  102.815060][  T987]  ? _raw_spin_unlock+0x4d/0x70
[  102.820019][  T987]  proc_pid_stack+0x12e/0x200
[  102.824696][  T987]  proc_single_show+0xdc/0x170
[  102.829453][  T987]  seq_read+0x540/0xe50
[  102.833600][  T987]  do_iter_read+0x44b/0x5d0
[  102.838108][  T987]  do_preadv+0x1f6/0x330
[  102.842396][  T987]  ? putname+0xfe/0x150
[  102.846562][  T987]  ? vfs_writev+0x340/0x340
[  102.851151][  T987]  ? check_preemption_disabled+0x118/0x300
[  102.856965][  T987]  ? __se_sys_futex+0x2b4/0x360
[  102.861832][  T987]  ? __x64_sys_futex+0x100/0x100
[  102.866856][  T987]  ? switch_fpu_return+0x197/0x3b0
[  102.872431][  T987]  ? __kasan_check_read+0x11/0x20
[  102.877453][  T987]  __x64_sys_preadv+0x9e/0xb0
[  102.882133][  T987]  do_syscall_64+0xcf/0x170
[  102.886863][  T987]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  102.892760][  T987] RIP: 0033:0x7f64697f8de9
[  102.897447][  T987] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  102.917242][  T987] RSP: 002b:00007f646924a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  102.925638][  T987] RAX: ffffffffffffffda RBX: 00007f6469a12080 RCX: 00007f64697f8de9
[  102.933601][  T987] RDX: 0000000000000332 RSI: 00004000000017c0 RDI: 0000000000000004
[  102.941594][  T987] RBP: 00007f646987a2a0 R08: 0000000000000000 R09: 0000000000000000
[  102.949761][  T987] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  102.958093][  T987] R13: 0000000000000000 R14: 00007f6469a12080 R15: 00007ffc40f9cde8
[  102.966421][  T987] 
[  102.968727][  T987] The buggy address belongs to the page:
[  102.974356][  T987] page:ffffea0007868fc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0
[  102.983539][  T987] flags: 0x8000000000000000()
[  102.988215][  T987] raw: 8000000000000000 0000000000000000 ffffea0007868fc8 0000000000000000
[  102.996779][  T987] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  103.005335][  T987] page dumped because: kasan: bad access detected
[  103.011723][  T987] page_owner tracks the page as allocated
[  103.017531][  T987] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT)
[  103.029229][  T987]  prep_new_page+0x35e/0x370
[  103.033810][  T987]  get_page_from_freelist+0x1296/0x1310
[  103.039367][  T987]  __alloc_pages_nodemask+0x202/0x4b0
[  103.044827][  T987]  dup_task_struct+0x91/0x640
[  103.049484][  T987]  copy_process+0x503/0x2cf0
[  103.054068][  T987]  _do_fork+0x190/0x860
[  103.058428][  T987]  __x64_sys_clone+0x12e/0x160
[  103.063194][  T987]  do_syscall_64+0xcf/0x170
[  103.067683][  T987]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  103.073757][  T987] page last free stack trace:
[  103.078568][  T987]  __free_pages_ok+0x7e4/0x910
[  103.083315][  T987]  __free_pages+0x8c/0x110
[  103.087758][  T987]  __free_slab+0x218/0x2d0
[  103.092336][  T987]  unfreeze_partials+0x165/0x1a0
[  103.097369][  T987]  put_cpu_partial+0xc1/0x180
[  103.102036][  T987]  __slab_free+0x2be/0x380
[  103.106529][  T987]  ___cache_free+0xbb/0xd0
[  103.111116][  T987]  qlink_free+0x23/0x30
[  103.115269][  T987]  qlist_free_all+0x5f/0xb0
[  103.119769][  T987]  quarantine_reduce+0x1a8/0x200
[  103.124688][  T987]  __kasan_kmalloc+0x42/0x200
[  103.129347][  T987]  kasan_slab_alloc+0x12/0x20
[  103.134005][  T987]  kmem_cache_alloc_trace+0xe6/0x290
[  103.139271][  T987]  kernfs_iop_get_link+0x65/0x5a0
[  103.144712][  T987]  vfs_readlink+0x17b/0x3e0
[  103.149204][  T987]  do_readlinkat+0x23b/0x480
[  103.153776][  T987] 
[  103.156300][  T987] Memory state around the buggy address:
[  103.162035][  T987]  ffff8881e1a3fc00: 00 00 00 00 f1 f1 f1 f1 00 00 f3 f3 00 00 00 00
[  103.170312][  T987]  ffff8881e1a3fc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  103.178572][  T987] >ffff8881e1a3fd00: f1 f1 f1 f1 00 00 00 00 00 00 00 00 00 00 f3 f3
[  103.186616][  T987]                          ^
[  103.191187][  T987]  ffff8881e1a3fd80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[  103.199243][  T987]  ffff8881e1a3fe00: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 f3 f3
[  103.207289][  T987] ==================================================================
[  103.215432][  T987] Disabling lock debugging due to kernel taint
2025/05/04 16:36:52 executed programs: 211
2025/05/04 16:36:57 executed programs: 244