Warning: Permanently added '10.128.0.196' (ED25519) to the list of known hosts.
2024/01/30 20:15:06 ignoring optional flag "sandboxArg"="0"
2024/01/30 20:15:06 parsed 1 programs
[   43.031966][   T23] kauditd_printk_skb: 72 callbacks suppressed
[   43.031976][   T23] audit: type=1400 audit(1706645706.630:148): avc:  denied  { mounton } for  pid=404 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   43.065157][   T23] audit: type=1400 audit(1706645706.640:149): avc:  denied  { mount } for  pid=404 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   43.089452][   T23] audit: type=1400 audit(1706645706.660:150): avc:  denied  { unlink } for  pid=404 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
2024/01/30 20:15:06 executed programs: 0
[   43.154967][  T404] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   43.231948][  T410] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.238941][  T410] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.246921][  T410] device bridge_slave_0 entered promiscuous mode
[   43.253936][  T410] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.261099][  T410] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.268512][  T410] device bridge_slave_1 entered promiscuous mode
[   43.316374][   T23] audit: type=1400 audit(1706645706.910:151): avc:  denied  { create } for  pid=410 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   43.333296][  T410] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.337733][   T23] audit: type=1400 audit(1706645706.920:152): avc:  denied  { write } for  pid=410 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   43.344485][  T410] bridge0: port 2(bridge_slave_1) entered forwarding state
[   43.344618][  T410] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.378945][  T410] bridge0: port 1(bridge_slave_0) entered forwarding state
[   43.378991][   T23] audit: type=1400 audit(1706645706.920:153): avc:  denied  { read } for  pid=410 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   43.412887][  T365] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.420806][  T365] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.428413][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   43.436362][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   43.446282][  T364] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   43.454494][  T364] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.461481][  T364] bridge0: port 1(bridge_slave_0) entered forwarding state
[   43.480296][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   43.488503][  T365] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.495623][  T365] bridge0: port 2(bridge_slave_1) entered forwarding state
[   43.503954][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   43.512791][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   43.528023][  T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   43.550476][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   43.558852][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   43.575524][  T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   43.585954][  T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   43.599843][   T23] audit: type=1400 audit(1706645707.200:154): avc:  denied  { mounton } for  pid=410 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=10532 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[   43.637256][  T417] kernel profiling enabled (shift: 0)
[   47.579054][    C0] ==================================================================
[   47.586973][    C0] BUG: KASAN: stack-out-of-bounds in profile_pc+0xa4/0xe0
[   47.594622][    C0] Read of size 8 at addr ffff8881ef167e00 by task udevd/412
[   47.602224][    C0] 
[   47.604406][    C0] CPU: 0 PID: 412 Comm: udevd Not tainted 5.4.265-syzkaller-04838-gc84a70203fff #0
[   47.613795][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[   47.625066][    C0] Call Trace:
[   47.628178][    C0]  <IRQ>
[   47.630995][    C0]  dump_stack+0x1d8/0x241
[   47.635526][    C0]  ? nf_ct_l4proto_log_invalid+0x258/0x258
[   47.641240][    C0]  ? printk+0xd1/0x111
[   47.645227][    C0]  ? profile_pc+0xa4/0xe0
[   47.649408][    C0]  ? wake_up_klogd+0xb2/0xf0
[   47.653992][    C0]  ? profile_pc+0xa4/0xe0
[   47.658358][    C0]  print_address_description+0x8c/0x600
[   47.663913][    C0]  ? panic+0x896/0x896
[   47.667908][    C0]  ? profile_pc+0xa4/0xe0
[   47.672165][    C0]  __kasan_report+0xf3/0x120
[   47.677565][    C0]  ? profile_pc+0xa4/0xe0
[   47.682009][    C0]  ? _raw_spin_lock+0x8a/0x1b0
[   47.687136][    C0]  kasan_report+0x30/0x60
[   47.691565][    C0]  profile_pc+0xa4/0xe0
[   47.695563][    C0]  profile_tick+0xb9/0x100
[   47.699815][    C0]  tick_sched_timer+0x237/0x3c0
[   47.704643][    C0]  ? tick_setup_sched_timer+0x460/0x460
[   47.710183][    C0]  __hrtimer_run_queues+0x3e9/0xb90
[   47.715221][    C0]  ? debug_smp_processor_id+0x20/0x20
[   47.720442][    C0]  ? hrtimer_interrupt+0x890/0x890
[   47.725458][    C0]  ? ktime_get+0xf9/0x130
[   47.729725][    C0]  ? ktime_get_update_offsets_now+0x26c/0x280
[   47.735616][    C0]  hrtimer_interrupt+0x38a/0x890
[   47.740400][    C0]  smp_apic_timer_interrupt+0x110/0x460
[   47.746156][    C0]  apic_timer_interrupt+0xf/0x20
[   47.751065][    C0]  </IRQ>
[   47.753809][    C0]  ? do_syscall_64+0x7f/0x1c0
[   47.758323][    C0]  ? _raw_spin_lock+0x8a/0x1b0
[   47.763056][    C0]  ? _raw_spin_trylock_bh+0x190/0x190
[   47.768264][    C0]  ? check_preemption_disabled+0x153/0x320
[   47.774215][    C0]  ? debug_smp_processor_id+0x20/0x20
[   47.779798][    C0]  ? __close_fd+0x32/0x2c0
[   47.784252][    C0]  ? __x64_sys_close+0x61/0xb0
[   47.789623][    C0]  ? do_syscall_64+0xca/0x1c0
[   47.794225][    C0]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   47.800113][    C0] 
[   47.802273][    C0] The buggy address belongs to the page:
[   47.808136][    C0] page:ffffea0007bc59c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0
[   47.817583][    C0] flags: 0x8000000000000000()
[   47.822271][    C0] raw: 8000000000000000 0000000000000000 ffffea0007bc59c8 0000000000000000
[   47.830777][    C0] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   47.839810][    C0] page dumped because: kasan: bad access detected
[   47.846405][    C0] page_owner tracks the page as allocated
[   47.852061][    C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT)
[   47.864136][    C0]  prep_new_page+0x18f/0x370
[   47.868634][    C0]  get_page_from_freelist+0x2d13/0x2d90
[   47.874132][    C0]  __alloc_pages_nodemask+0x393/0x840
[   47.880098][    C0]  dup_task_struct+0x85/0x600
[   47.885205][    C0]  copy_process+0x56d/0x3230
[   47.891071][    C0]  _do_fork+0x197/0x900
[   47.895848][    C0]  __x64_sys_clone+0x26b/0x2c0
[   47.900980][    C0]  do_syscall_64+0xca/0x1c0
[   47.905418][    C0]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   47.911158][    C0] page last free stack trace:
[   47.915746][    C0]  __free_pages_ok+0x847/0x950
[   47.920339][    C0]  __free_pages+0x91/0x140
[   47.925083][    C0]  __free_slab+0x221/0x2e0
[   47.929413][    C0]  unfreeze_partials+0x14e/0x180
[   47.934509][    C0]  put_cpu_partial+0x44/0x180
[   47.939032][    C0]  __slab_free+0x297/0x360
[   47.943299][    C0]  qlist_free_all+0x43/0xb0
[   47.947836][    C0]  quarantine_reduce+0x1d9/0x210
[   47.952895][    C0]  __kasan_kmalloc+0x41/0x210
[   47.957481][    C0]  __kmalloc_track_caller+0x100/0x2b0
[   47.962897][    C0]  kvasprintf+0xd6/0x180
[   47.967065][    C0]  kobject_set_name_vargs+0x5d/0x110
[   47.972225][    C0]  kobject_init_and_add+0xda/0x190
[   47.977307][    C0]  netdev_queue_update_kobjects+0x16b/0x3a0
[   47.983133][    C0]  netdev_register_kobject+0x263/0x310
[   47.988697][    C0]  register_netdevice+0xbc5/0x12a0
[   47.993912][    C0] 
[   47.996059][    C0] addr ffff8881ef167e00 is located in stack of task udevd/412 at offset 0 in frame:
[   48.005443][    C0]  _raw_spin_lock+0x0/0x1b0
[   48.009766][    C0] 
[   48.011971][    C0] this frame has 1 object:
[   48.016203][    C0]  [32, 36) 'val.i.i.i'
[   48.016206][    C0] 
[   48.022447][    C0] Memory state around the buggy address:
[   48.028024][    C0]  ffff8881ef167d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   48.036023][    C0]  ffff8881ef167d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   48.045131][    C0] >ffff8881ef167e00: f1 f1 f1 f1 04 f3 f3 f3 00 00 00 00 00 00 00 00
[   48.053361][    C0]                    ^
[   48.057270][    C0]  ffff8881ef167e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   48.065162][    C0]  ffff8881ef167f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   48.073464][    C0] ==================================================================
[   48.081847][    C0] Disabling lock debugging due to kernel taint
2024/01/30 20:15:11 executed programs: 477
2024/01/30 20:15:16 executed programs: 1007