forked to background, child pid 192
Starting sshd: OK

syzkaller
syzkaller login: [   17.708253][   T22] kauditd_printk_skb: 60 callbacks suppressed
[   17.708261][   T22] audit: type=1400 audit(1640999212.979:71): avc:  denied  { transition } for  pid=265 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   17.713290][   T22] audit: type=1400 audit(1640999212.979:72): avc:  denied  { write } for  pid=265 comm="sh" path="pipe:[572]" dev="pipefs" ino=572 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1
[   18.591996][  T269] sshd (269) used greatest stack depth: 26056 bytes left
Warning: Permanently added '10.128.0.241' (ECDSA) to the list of known hosts.
[   24.207851][   T22] audit: type=1400 audit(1640999219.479:73): avc:  denied  { execmem } for  pid=298 comm="syz-executor999" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   24.228714][   T22] audit: type=1400 audit(1640999219.509:74): avc:  denied  { mounton } for  pid=298 comm="syz-executor999" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   24.257402][   T22] audit: type=1400 audit(1640999219.509:75): avc:  denied  { mount } for  pid=298 comm="syz-executor999" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   24.280965][   T22] audit: type=1400 audit(1640999219.509:76): avc:  denied  { setattr } for  pid=298 comm="syz-executor999" name="raw-gadget" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   24.304614][   T22] audit: type=1400 audit(1640999219.539:77): avc:  denied  { mounton } for  pid=299 comm="syz-executor999" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[   24.310206][  T299] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.328571][   T22] audit: type=1400 audit(1640999219.539:78): avc:  denied  { mount } for  pid=299 comm="syz-executor999" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[   24.328584][   T22] audit: type=1400 audit(1640999219.539:79): avc:  denied  { mounton } for  pid=299 comm="syz-executor999" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[   24.328598][   T22] audit: type=1400 audit(1640999219.539:80): avc:  denied  { module_request } for  pid=299 comm="syz-executor999" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[   24.401579][  T299] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.409104][  T299] device bridge_slave_0 entered promiscuous mode
[   24.416162][  T299] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.423221][  T299] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.430521][  T299] device bridge_slave_1 entered promiscuous mode
[   24.462238][   T22] audit: type=1400 audit(1640999219.729:81): avc:  denied  { create } for  pid=299 comm="syz-executor999" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   24.479469][  T299] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.483013][   T22] audit: type=1400 audit(1640999219.749:82): avc:  denied  { write } for  pid=299 comm="syz-executor999" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   24.490049][  T299] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.518862][  T299] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.525925][  T299] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.546891][   T67] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.554914][   T67] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.562178][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   24.570068][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   24.579434][  T118] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   24.587605][  T118] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.594633][  T118] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.603115][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   24.611288][   T67] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.618314][   T67] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.634318][  T118] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   24.642390][  T118] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
executing program
[   24.663927][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   24.672262][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   24.680924][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   24.690222][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   24.698815][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   24.715970][  T306] ==================================================================
[   24.724045][  T306] BUG: KASAN: slab-out-of-bounds in legacy_parse_param+0x4c1/0x720
[   24.731902][  T306] Write of size 92 at addr ffff8881ddd77000 by task syz-executor999/306
[   24.740192][  T306] 
[   24.742494][  T306] CPU: 1 PID: 306 Comm: syz-executor999 Not tainted 5.4.147-syzkaller-00015-g5b673be0c6b0 #0
[   24.752607][  T306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   24.762903][  T306] Call Trace:
[   24.766171][  T306]  dump_stack+0x18e/0x1de
[   24.770470][  T306]  ? vprintk_emit+0x385/0x400
[   24.775115][  T306]  print_address_description+0x9b/0x650
[   24.780629][  T306]  ? printk+0x76/0xa4
[   24.784587][  T306]  ? vprintk_emit+0x37c/0x400
[   24.789243][  T306]  __kasan_report+0x182/0x260
[   24.793893][  T306]  ? legacy_parse_param+0x4c1/0x720
[   24.799065][  T306]  kasan_report+0x30/0x60
[   24.803368][  T306]  check_memory_region+0x2a5/0x2e0
[   24.808470][  T306]  ? legacy_parse_param+0x4c1/0x720
[   24.813723][  T306]  memcpy+0x38/0x50
[   24.817512][  T306]  legacy_parse_param+0x4c1/0x720
[   24.822512][  T306]  vfs_parse_fs_param+0x20f/0x430
[   24.824165][  T299] syz-executor999 (299) used greatest stack depth: 25048 bytes left
[   24.827513][  T306]  __se_sys_fsconfig+0xc6b/0xf40
[   24.840365][  T306]  do_syscall_64+0xcb/0x1e0
[   24.844843][  T306]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   24.850701][  T306] RIP: 0033:0x7fc100c69939
[   24.855086][  T306] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[   24.874654][  T306] RSP: 002b:00007fc100c17208 EFLAGS: 00000246 ORIG_RAX: 00000000000001af
[   24.883041][  T306] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fc100c69939
[   24.891356][  T306] RDX: 0000000020000280 RSI: 0000000000000001 RDI: 0000000000000003
[   24.899311][  T306] RBP: 00007fc100cf24a0 R08: 0000000000000000 R09: 00007fc100cf24a8
[   24.907261][  T306] R10: 00000000200000c0 R11: 0000000000000246 R12: 00007fc100cf24ac
[   24.915229][  T306] R13: 00007ffe217a312f R14: 00007fc100c17300 R15: 0000000000022000
[   24.923280][  T306] 
[   24.925584][  T306] Allocated by task 307:
[   24.929810][  T306]  __kasan_kmalloc+0x137/0x1e0
[   24.934560][  T306]  kmem_cache_alloc_trace+0x139/0x2b0
[   24.939910][  T306]  legacy_parse_param+0x421/0x720
[   24.944919][  T306]  vfs_parse_fs_param+0x20f/0x430
[   24.949925][  T306]  __se_sys_fsconfig+0xc6b/0xf40
[   24.955108][  T306]  do_syscall_64+0xcb/0x1e0
[   24.959588][  T306]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   24.965444][  T306] 
[   24.967745][  T306] Freed by task 0:
[   24.971431][  T306] (stack is not available)
[   24.975814][  T306] 
[   24.978112][  T306] The buggy address belongs to the object at ffff8881ddd76000
[   24.978112][  T306]  which belongs to the cache kmalloc-4k of size 4096
[   24.992138][  T306] The buggy address is located 0 bytes to the right of
[   24.992138][  T306]  4096-byte region [ffff8881ddd76000, ffff8881ddd77000)
[   25.006089][  T306] The buggy address belongs to the page:
[   25.011698][  T306] page:ffffea0007775c00 refcount:1 mapcount:0 mapping:ffff8881f5c0c280 index:0x0 compound_mapcount: 0
[   25.022837][  T306] flags: 0x8000000000010200(slab|head)
[   25.028269][  T306] raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881f5c0c280
[   25.036826][  T306] raw: 0000000000000000 0000000080040004 00000001ffffffff 0000000000000000
[   25.045382][  T306] page dumped because: kasan: bad access detected
[   25.051774][  T306] page_owner tracks the page as allocated
[   25.057904][  T306] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC)
[   25.072884][  T306]  prep_new_page+0x19a/0x380
[   25.077468][  T306]  get_page_from_freelist+0x550/0x8b0
[   25.082810][  T306]  __alloc_pages_nodemask+0x2d6/0x740
[   25.088237][  T306]  alloc_slab_page+0x39/0x3e0
[   25.092880][  T306]  new_slab+0x97/0x460
[   25.096933][  T306]  ___slab_alloc+0x330/0x4c0
[   25.101493][  T306]  __kmalloc_track_caller+0x1d1/0x2e0
[   25.106959][  T306]  __alloc_skb+0xaf/0x4d0
[   25.111271][  T306]  rtmsg_ifinfo_build_skb+0x81/0x180
[   25.116531][  T306]  rtmsg_ifinfo+0x73/0x120
[   25.120918][  T306]  netdev_state_change+0x11a/0x1a0
[   25.126007][  T306]  linkwatch_do_dev+0xca/0x120
[   25.130753][  T306]  __linkwatch_run_queue+0x49e/0x7a0
[   25.136013][  T306]  linkwatch_event+0x48/0x50
[   25.140586][  T306]  process_one_work+0x679/0x1030
[   25.145592][  T306]  worker_thread+0xa6f/0x1400
[   25.150239][  T306] page_owner free stack trace missing
[   25.155581][  T306] 
[   25.157882][  T306] Memory state around the buggy address:
[   25.163485][  T306]  ffff8881ddd76f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.171527][  T306]  ffff8881ddd76f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.179652][  T306] >ffff8881ddd77000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.187687][  T306]                    ^
[   25.191737][  T306]  ffff8881ddd77080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.199961][  T306]  ffff8881ddd77100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.207995][  T306] ==================================================================
[   25.216024][  T306] Disabling lock debugging due to kernel taint