Warning: Permanently added '10.128.1.147' (ED25519) to the list of known hosts.
2023/10/30 13:20:54 ignoring optional flag "sandboxArg"="0"
2023/10/30 13:20:54 parsed 1 programs
2023/10/30 13:20:54 executed programs: 0
[   43.743731][   T23] kauditd_printk_skb: 68 callbacks suppressed
[   43.743741][   T23] audit: type=1400 audit(1698672054.700:144): avc:  denied  { mounton } for  pid=404 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   43.774349][   T23] audit: type=1400 audit(1698672054.710:145): avc:  denied  { mount } for  pid=404 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   43.844470][  T409] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.851440][  T409] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.858906][  T409] device bridge_slave_0 entered promiscuous mode
[   43.865722][  T409] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.872674][  T409] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.880289][  T409] device bridge_slave_1 entered promiscuous mode
[   43.926148][   T23] audit: type=1400 audit(1698672054.880:146): avc:  denied  { create } for  pid=409 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   43.945273][  T409] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.947210][   T23] audit: type=1400 audit(1698672054.900:147): avc:  denied  { write } for  pid=409 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   43.954085][  T409] bridge0: port 2(bridge_slave_1) entered forwarding state
[   43.974821][   T23] audit: type=1400 audit(1698672054.900:148): avc:  denied  { read } for  pid=409 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   43.982088][  T409] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.009816][  T409] bridge0: port 1(bridge_slave_0) entered forwarding state
[   44.033289][   T18] bridge0: port 1(bridge_slave_0) entered disabled state
[   44.040611][   T18] bridge0: port 2(bridge_slave_1) entered disabled state
[   44.048211][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   44.055451][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   44.078031][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   44.086048][   T18] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.093216][   T18] bridge0: port 1(bridge_slave_0) entered forwarding state
[   44.101324][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   44.109547][   T18] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.116459][   T18] bridge0: port 2(bridge_slave_1) entered forwarding state
[   44.123799][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   44.131659][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   44.146747][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   44.156395][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   44.170746][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   44.186641][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   44.195056][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   44.211296][   T23] audit: type=1400 audit(1698672055.170:149): avc:  denied  { mounton } for  pid=409 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=10763 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[   44.245645][  T416] kernel profiling enabled (shift: 0)
[   45.226533][    C1] ==================================================================
[   45.234725][    C1] BUG: KASAN: stack-out-of-bounds in profile_pc+0xa4/0xe0
[   45.241657][    C1] Read of size 8 at addr ffff8881ef1873e0 by task udevd/411
[   45.248851][    C1] 
[   45.251028][    C1] CPU: 1 PID: 411 Comm: udevd Not tainted 5.4.254-syzkaller-04740-g65fc90b61bc7 #0
[   45.260238][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[   45.270123][    C1] Call Trace:
[   45.273261][    C1]  <IRQ>
[   45.275991][    C1]  dump_stack+0x1d8/0x241
[   45.280121][    C1]  ? nf_ct_l4proto_log_invalid+0x258/0x258
[   45.285746][    C1]  ? printk+0xd1/0x111
[   45.289654][    C1]  ? profile_pc+0xa4/0xe0
[   45.293824][    C1]  ? wake_up_klogd+0xb2/0xf0
[   45.298506][    C1]  ? profile_pc+0xa4/0xe0
[   45.302667][    C1]  print_address_description+0x8c/0x600
[   45.308053][    C1]  ? panic+0x896/0x896
[   45.311960][    C1]  ? profile_pc+0xa4/0xe0
[   45.316122][    C1]  __kasan_report+0xf3/0x120
[   45.320549][    C1]  ? profile_pc+0xa4/0xe0
[   45.324838][    C1]  ? _raw_spin_lock+0xc0/0x1b0
[   45.329421][    C1]  kasan_report+0x30/0x60
[   45.333571][    C1]  profile_pc+0xa4/0xe0
[   45.337564][    C1]  profile_tick+0xb9/0x100
[   45.341817][    C1]  tick_sched_timer+0x237/0x3c0
[   45.346518][    C1]  ? tick_setup_sched_timer+0x460/0x460
[   45.352015][    C1]  __hrtimer_run_queues+0x3e9/0xb90
[   45.357008][    C1]  ? scsi_run_host_queues+0x80/0x80
[   45.362148][    C1]  ? hrtimer_interrupt+0x890/0x890
[   45.367343][    C1]  ? sched_clock+0x36/0x40
[   45.371721][    C1]  ? sched_clock_cpu+0x18/0x3a0
[   45.376935][    C1]  ? ktime_get+0xf9/0x130
[   45.381204][    C1]  ? ktime_get_update_offsets_now+0x26c/0x280
[   45.387120][    C1]  hrtimer_interrupt+0x38a/0x890
[   45.391985][    C1]  smp_apic_timer_interrupt+0x110/0x460
[   45.397351][    C1]  apic_timer_interrupt+0xf/0x20
[   45.402118][    C1]  </IRQ>
[   45.404904][    C1]  ? _raw_spin_lock+0xc0/0x1b0
[   45.409668][    C1]  ? _raw_spin_trylock_bh+0x190/0x190
[   45.414875][    C1]  ? d_alloc_parallel+0x11a/0x1310
[   45.419812][    C1]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   45.425718][    C1]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   45.431616][    C1]  ? d_hash_and_lookup+0x1e0/0x1e0
[   45.436565][    C1]  ? stack_trace_save+0x118/0x1c0
[   45.441419][    C1]  ? __d_lookup+0x4cd/0x540
[   45.445789][    C1]  ? __lookup_slow+0x156/0x460
[   45.450361][    C1]  ? lookup_one_len+0x2c0/0x2c0
[   45.455054][    C1]  ? handle_dots+0xf10/0xf10
[   45.459476][    C1]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   45.465374][    C1]  ? lookup_slow+0x53/0x70
[   45.469716][    C1]  ? walk_component+0x2dc/0x590
[   45.474402][    C1]  ? path_put_conditional+0x90/0x90
[   45.479462][    C1]  ? kernfs_refresh_inode+0x2b3/0x3d0
[   45.484731][    C1]  ? generic_permission+0x141/0x3e0
[   45.489879][    C1]  ? mutex_unlock+0x18/0x40
[   45.494205][    C1]  ? security_inode_permission+0xad/0xf0
[   45.499670][    C1]  ? link_path_walk+0x5c6/0x1040
[   45.504596][    C1]  ? handle_lookup_down+0x5b0/0x5b0
[   45.509680][    C1]  ? path_init+0xaef/0xee0
[   45.513938][    C1]  ? path_openat+0x1a3/0x3480
[   45.518458][    C1]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   45.524353][    C1]  ? stack_trace_snprint+0x170/0x170
[   45.529470][    C1]  ? stack_trace_save+0x118/0x1c0
[   45.534464][    C1]  ? stack_trace_snprint+0x170/0x170
[   45.539548][    C1]  ? __kasan_kmalloc+0x1d9/0x210
[   45.544310][    C1]  ? do_filp_open+0x450/0x450
[   45.548822][    C1]  ? do_sys_open+0x357/0x810
[   45.553250][    C1]  ? do_syscall_64+0xca/0x1c0
[   45.557764][    C1]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   45.563876][    C1]  ? do_filp_open+0x20b/0x450
[   45.568375][    C1]  ? vfs_tmpfile+0x280/0x280
[   45.572815][    C1]  ? _raw_spin_unlock+0x49/0x60
[   45.577577][    C1]  ? __alloc_fd+0x4c1/0x560
[   45.581917][    C1]  ? do_sys_open+0x39c/0x810
[   45.586340][    C1]  ? check_preemption_disabled+0x153/0x320
[   45.592070][    C1]  ? file_open_root+0x490/0x490
[   45.596846][    C1]  ? security_file_ioctl+0x7d/0xa0
[   45.601803][    C1]  ? do_syscall_64+0xca/0x1c0
[   45.606302][    C1]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   45.612199][    C1] 
[   45.614367][    C1] The buggy address belongs to the page:
[   45.619846][    C1] page:ffffea0007bc61c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0
[   45.628784][    C1] flags: 0x8000000000000000()
[   45.633389][    C1] raw: 8000000000000000 0000000000000000 ffffea0007bc61c8 0000000000000000
[   45.641894][    C1] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   45.650309][    C1] page dumped because: kasan: bad access detected
[   45.656566][    C1] page_owner tracks the page as allocated
[   45.662117][    C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT)
[   45.674186][    C1]  prep_new_page+0x18f/0x370
[   45.678609][    C1]  get_page_from_freelist+0x2d13/0x2d90
[   45.684001][    C1]  __alloc_pages_nodemask+0x393/0x840
[   45.689579][    C1]  dup_task_struct+0x85/0x600
[   45.694403][    C1]  copy_process+0x56d/0x3230
[   45.698917][    C1]  _do_fork+0x197/0x900
[   45.702913][    C1]  __x64_sys_clone+0x26b/0x2c0
[   45.707684][    C1]  do_syscall_64+0xca/0x1c0
[   45.712036][    C1]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   45.717834][    C1] page last free stack trace:
[   45.722435][    C1]  __free_pages_ok+0x847/0x950
[   45.727036][    C1]  __free_pages+0x91/0x140
[   45.731291][    C1]  __free_slab+0x221/0x2e0
[   45.735540][    C1]  unfreeze_partials+0x14e/0x180
[   45.740320][    C1]  put_cpu_partial+0x44/0x180
[   45.744829][    C1]  __slab_free+0x297/0x360
[   45.749081][    C1]  qlist_free_all+0x43/0xb0
[   45.753600][    C1]  quarantine_reduce+0x1d9/0x210
[   45.758374][    C1]  __kasan_kmalloc+0x41/0x210
[   45.762891][    C1]  kmem_cache_alloc+0xd9/0x250
[   45.767484][    C1]  __kernfs_new_node+0xdb/0x6e0
[   45.772347][    C1]  kernfs_create_dir_ns+0x90/0x220
[   45.777410][    C1]  internal_create_group+0x2c2/0xf00
[   45.782528][    C1]  br_sysfs_addbr+0x24/0x140
[   45.786957][    C1]  br_device_event+0x125/0x790
[   45.791644][    C1]  raw_notifier_call_chain+0x95/0x110
[   45.796933][    C1] 
[   45.799107][    C1] addr ffff8881ef1873e0 is located in stack of task udevd/411 at offset 0 in frame:
[   45.808331][    C1]  _raw_spin_lock+0x0/0x1b0
[   45.812759][    C1] 
[   45.814902][    C1] this frame has 1 object:
[   45.819154][    C1]  [32, 36) 'val.i.i.i'
[   45.819155][    C1] 
[   45.825426][    C1] Memory state around the buggy address:
[   45.830907][    C1]  ffff8881ef187280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   45.838809][    C1]  ffff8881ef187300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   45.846696][    C1] >ffff8881ef187380: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
[   45.854777][    C1]                                                        ^
[   45.861888][    C1]  ffff8881ef187400: 04 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[   45.869981][    C1]  ffff8881ef187480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   45.877857][    C1] ==================================================================
[   45.886013][    C1] Disabling lock debugging due to kernel taint
2023/10/30 13:20:59 executed programs: 317
2023/10/30 13:21:04 executed programs: 786