Warning: Permanently added '10.128.10.12' (ECDSA) to the list of known hosts.
2022/09/16 21:53:14 ignoring optional flag "sandboxArg"="0"
2022/09/16 21:53:14 parsed 1 programs
2022/09/16 21:53:14 executed programs: 0
[ 38.634153][ T25] audit: type=1400 audit(1663365194.709:148): avc: denied { mounton } for pid=401 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 38.672832][ T25] audit: type=1400 audit(1663365194.709:149): avc: denied { mount } for pid=401 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[ 38.724722][ T25] audit: type=1400 audit(1663365194.739:150): avc: denied { mounton } for pid=406 comm="syz-executor.0" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[ 38.749625][ T25] audit: type=1400 audit(1663365194.739:151): avc: denied { module_request } for pid=406 comm="syz-executor.0" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[ 38.832598][ T406] bridge0: port 1(bridge_slave_0) entered blocking state
[ 38.839934][ T406] bridge0: port 1(bridge_slave_0) entered disabled state
[ 38.847581][ T406] device bridge_slave_0 entered promiscuous mode
[ 38.854481][ T410] bridge0: port 1(bridge_slave_0) entered blocking state
[ 38.861722][ T410] bridge0: port 1(bridge_slave_0) entered disabled state
[ 38.869132][ T410] device bridge_slave_0 entered promiscuous mode
[ 38.895071][ T406] bridge0: port 2(bridge_slave_1) entered blocking state
[ 38.902627][ T406] bridge0: port 2(bridge_slave_1) entered disabled state
[ 38.910237][ T406] device bridge_slave_1 entered promiscuous mode
[ 38.916864][ T410] bridge0: port 2(bridge_slave_1) entered blocking state
[ 38.924121][ T410] bridge0: port 2(bridge_slave_1) entered disabled state
[ 38.931820][ T410] device bridge_slave_1 entered promiscuous mode
[ 38.966576][ T418] bridge0: port 1(bridge_slave_0) entered blocking state
[ 38.974055][ T418] bridge0: port 1(bridge_slave_0) entered disabled state
[ 38.981718][ T418] device bridge_slave_0 entered promiscuous mode
[ 38.992959][ T419] bridge0: port 1(bridge_slave_0) entered blocking state
[ 39.000201][ T419] bridge0: port 1(bridge_slave_0) entered disabled state
[ 39.007686][ T419] device bridge_slave_0 entered promiscuous mode
[ 39.020882][ T420] bridge0: port 1(bridge_slave_0) entered blocking state
[ 39.028130][ T420] bridge0: port 1(bridge_slave_0) entered disabled state
[ 39.035700][ T420] device bridge_slave_0 entered promiscuous mode
[ 39.044999][ T418] bridge0: port 2(bridge_slave_1) entered blocking state
[ 39.052501][ T418] bridge0: port 2(bridge_slave_1) entered disabled state
[ 39.060139][ T418] device bridge_slave_1 entered promiscuous mode
[ 39.072356][ T419] bridge0: port 2(bridge_slave_1) entered blocking state
[ 39.079616][ T419] bridge0: port 2(bridge_slave_1) entered disabled state
[ 39.087226][ T419] device bridge_slave_1 entered promiscuous mode
[ 39.094057][ T420] bridge0: port 2(bridge_slave_1) entered blocking state
[ 39.101374][ T420] bridge0: port 2(bridge_slave_1) entered disabled state
[ 39.109478][ T420] device bridge_slave_1 entered promiscuous mode
[ 39.127538][ T412] bridge0: port 1(bridge_slave_0) entered blocking state
[ 39.134743][ T412] bridge0: port 1(bridge_slave_0) entered disabled state
[ 39.142713][ T412] device bridge_slave_0 entered promiscuous mode
[ 39.160833][ T412] bridge0: port 2(bridge_slave_1) entered blocking state
[ 39.168123][ T412] bridge0: port 2(bridge_slave_1) entered disabled state
[ 39.175561][ T412] device bridge_slave_1 entered promiscuous mode
[ 39.304621][ T420] bridge0: port 2(bridge_slave_1) entered blocking state
[ 39.311794][ T420] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 39.319183][ T420] bridge0: port 1(bridge_slave_0) entered blocking state
[ 39.326201][ T420] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 39.340111][ T406] bridge0: port 2(bridge_slave_1) entered blocking state
[ 39.347216][ T406] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 39.354518][ T406] bridge0: port 1(bridge_slave_0) entered blocking state
[ 39.361638][ T406] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 39.405170][ T53] bridge0: port 1(bridge_slave_0) entered disabled state
[ 39.412439][ T53] bridge0: port 2(bridge_slave_1) entered disabled state
[ 39.420751][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 39.428628][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 39.436978][ T53] bridge0: port 2(bridge_slave_1) entered disabled state
[ 39.462988][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 39.471256][ T53] bridge0: port 2(bridge_slave_1) entered blocking state
[ 39.478319][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 39.485621][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 39.493725][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 39.512460][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 39.532338][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 39.540338][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 39.547711][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 39.556405][ T376] bridge0: port 1(bridge_slave_0) entered blocking state
[ 39.563461][ T376] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 39.570810][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 39.578973][ T376] bridge0: port 2(bridge_slave_1) entered blocking state
[ 39.586348][ T376] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 39.602580][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 39.610739][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 39.640219][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 39.648374][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 39.656548][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 39.665428][ T53] bridge0: port 1(bridge_slave_0) entered blocking state
[ 39.672749][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 39.680208][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 39.688601][ T53] bridge0: port 2(bridge_slave_1) entered blocking state
[ 39.695783][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 39.703319][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 39.722897][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 39.730870][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 39.739844][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 39.761461][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 39.770484][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 39.779425][ T56] bridge0: port 1(bridge_slave_0) entered blocking state
[ 39.786609][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 39.794964][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 39.803754][ T56] bridge0: port 2(bridge_slave_1) entered blocking state
[ 39.811204][ T56] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 39.818579][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 39.850389][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 39.858835][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 39.867308][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 39.875617][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 39.884343][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 39.893009][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 39.912648][ T25] audit: type=1400 audit(1663365195.989:152): avc: denied { mount } for pid=420 comm="syz-executor.4" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[ 39.936065][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 39.944343][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 39.953060][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 39.961097][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 39.969260][ T56] bridge0: port 1(bridge_slave_0) entered blocking state
[ 39.976426][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 39.983957][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 39.992187][ T56] bridge0: port 2(bridge_slave_1) entered blocking state
[ 39.999229][ T56] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 40.006549][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 40.014601][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 40.022606][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 40.031077][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 40.039646][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 40.047773][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 40.055920][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 40.064197][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 40.072799][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 40.081239][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 40.089836][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 40.097359][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 40.104919][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 40.113392][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 40.121671][ T56] bridge0: port 1(bridge_slave_0) entered blocking state
[ 40.128794][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 40.136111][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 40.144614][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 40.152816][ T56] bridge0: port 2(bridge_slave_1) entered blocking state
[ 40.159991][ T56] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 40.167428][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 40.176325][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 40.184632][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 40.193608][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 40.202133][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 40.210386][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 40.239387][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 40.247708][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 40.256840][ T25] audit: type=1400 audit(1663365196.339:153): avc: denied { read write } for pid=443 comm="syz-executor.4" name="usbmon0" dev="devtmpfs" ino=138 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[ 40.257057][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 40.286781][ T25] audit: type=1400 audit(1663365196.359:154): avc: denied { open } for pid=443 comm="syz-executor.4" path="/dev/usbmon0" dev="devtmpfs" ino=138 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[ 40.290260][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 40.321898][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 40.322349][ T25] audit: type=1400 audit(1663365196.389:155): avc: denied { map } for pid=443 comm="syz-executor.4" path="/dev/usbmon0" dev="devtmpfs" ino=138 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[ 40.330958][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 40.360445][ T25] audit: type=1400 audit(1663365196.429:156): avc: denied { ioctl } for pid=443 comm="syz-executor.4" path="/dev/raw-gadget" dev="devtmpfs" ino=165 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 40.364499][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 40.396288][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 40.404528][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 40.412888][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 40.420999][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 40.428980][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 40.436969][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 40.444965][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 40.453265][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 40.461707][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 40.469539][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 40.500683][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 40.508919][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 40.517365][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 40.526058][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 40.534588][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 40.543089][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 40.570813][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 40.579242][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 40.605079][ T441] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 40.614114][ T441] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 40.622229][ T441] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 40.630693][ T441] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 40.637898][ T26] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[ 40.638890][ T441] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 40.654275][ T441] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 40.662690][ T441] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 40.671124][ T441] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 40.827876][ T53] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[ 40.867959][ T35] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[ 40.927881][ T26] usb 5-1: device descriptor read/64, error 18
[ 40.938499][ T25] audit: type=1400 audit(1663365197.019:157): avc: denied { append } for pid=147 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 40.948316][ T441] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 40.960873][ T440] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[ 40.968363][ T56] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[ 41.127910][ T53] usb 6-1: device descriptor read/64, error 18
[ 41.167922][ T35] usb 2-1: device descriptor read/64, error 18
[ 41.218290][ T441] usb 1-1: Using ep0 maxpacket: 16
[ 41.237911][ T440] usb 4-1: device descriptor read/64, error 18
[ 41.247980][ T56] usb 3-1: device descriptor read/64, error 18
[ 41.327912][ T26] usb 5-1: device descriptor read/64, error 18
[ 41.338184][ T441] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 41.349408][ T441] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 41.362860][ T441] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 41.372587][ T441] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 41.382053][ T441] usb 1-1: config 0 descriptor??
[ 41.517893][ T53] usb 6-1: device descriptor read/64, error 18
[ 41.557894][ T35] usb 2-1: device descriptor read/64, error 18
[ 41.611097][ T26] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[ 41.618817][ T454] ==================================================================
[ 41.627392][ T454] BUG: KASAN: slab-out-of-bounds in mon_bin_flush+0x121/0x260
[ 41.635029][ T454] Read of size 8 at addr ffff8881134c7ab8 by task syz-executor.0/454
[ 41.637939][ T56] usb 3-1: device descriptor read/64, error 18
[ 41.645267][ T454]
[ 41.645276][ T454] CPU: 1 PID: 454 Comm: syz-executor.0 Not tainted 6.0.0-rc5-syzkaller-00094-ga335366bad13 #0
[ 41.645295][ T454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
[ 41.645304][ T454] Call Trace:
[ 41.645310][ T454]
[ 41.645316][ T454] dump_stack_lvl+0x151/0x1b7
[ 41.685722][ T454] ? bfq_pos_tree_add_move+0x43e/0x43e
[ 41.691280][ T454] ? _printk+0xcf/0x10f
[ 41.695518][ T454] print_report+0x173/0x630
[ 41.700171][ T454] ? __kasan_check_write+0x14/0x20
[ 41.705740][ T454] ? _raw_spin_lock_irqsave+0xf8/0x210
[ 41.711310][ T454] ? __kasan_check_write+0x14/0x20
[ 41.716654][ T454] ? mon_bin_flush+0x121/0x260
[ 41.721500][ T454] kasan_report+0xe6/0x110
[ 41.725914][ T454] ? mon_bin_flush+0x121/0x260
[ 41.730678][ T454] __asan_report_load8_noabort+0x14/0x20
[ 41.736409][ T454] mon_bin_flush+0x121/0x260
[ 41.741089][ T454] mon_bin_ioctl+0x2fb/0xed0
[ 41.745767][ T454] ? selinux_file_alloc_security+0x120/0x120
[ 41.751933][ T454] ? xfd_validate_state+0x70/0x160
[ 41.757325][ T454] ? mon_bin_poll+0x150/0x150
[ 41.762016][ T454] ? __fget_files+0x2d9/0x330
[ 41.766860][ T454] ? security_file_ioctl+0xb1/0xd0
[ 41.772050][ T454] ? mon_bin_poll+0x150/0x150
[ 41.776917][ T454] __se_sys_ioctl+0x115/0x190
[ 41.781594][ T454] __x64_sys_ioctl+0x7b/0x90
[ 41.786273][ T454] do_syscall_64+0x2f/0x50
[ 41.790697][ T454] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 41.797037][ T454] RIP: 0033:0x7f4674489409
[ 41.801490][ T454] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 41.821433][ T454] RSP: 002b:00007f46756cb168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 41.830029][ T454] RAX: ffffffffffffffda RBX: 00007f467459bf80 RCX: 00007f4674489409
[ 41.838379][ T454] RDX: 0000000000000006 RSI: 0000000000009208 RDI: 0000000000000003
[ 41.846862][ T454] RBP: 00007f46744e4367 R08: 0000000000000000 R09: 0000000000000000
[ 41.854929][ T454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 41.862909][ T454] R13: 00007ffd92894c7f R14: 00007f46756cb300 R15: 0000000000022000
[ 41.870965][ T454]
[ 41.873982][ T454]
[ 41.876306][ T454] Allocated by task 175:
[ 41.880792][ T454] ____kasan_kmalloc+0xdc/0x110
[ 41.886677][ T454] __kasan_kmalloc+0x9/0x10
[ 41.891430][ T454] kmem_cache_alloc_trace+0x1f0/0x320
[ 41.896992][ T454] kobject_uevent_env+0x265/0x730
[ 41.903168][ T454] kobject_synth_uevent+0x3c4/0x930
[ 41.908452][ T454] uevent_store+0x25/0x60
[ 41.913406][ T454] dev_attr_store+0x5c/0x80
[ 41.918040][ T454] sysfs_kf_write+0x123/0x140
[ 41.922794][ T454] kernfs_fop_write_iter+0x2cd/0x410
[ 41.928682][ T454] vfs_write+0x8b5/0xef0
[ 41.932934][ T454] ksys_write+0x198/0x2c0
[ 41.937269][ T454] __x64_sys_write+0x7b/0x90
[ 41.942105][ T454] do_syscall_64+0x2f/0x50
[ 41.946530][ T454] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 41.952588][ T454]
[ 41.954994][ T454] Freed by task 175:
[ 41.958965][ T454] kasan_set_track+0x4c/0x70
[ 41.963662][ T454] kasan_set_free_info+0x23/0x40
[ 41.968609][ T454] ____kasan_slab_free+0x137/0x180
[ 41.973720][ T454] __kasan_slab_free+0x11/0x20
[ 41.978461][ T454] slab_free_freelist_hook+0xc9/0x1a0
[ 41.983910][ T454] kfree+0xcf/0x1f0
[ 41.987708][ T454] kobject_uevent_env+0x51c/0x730
[ 41.992795][ T454] kobject_synth_uevent+0x3c4/0x930
[ 41.998344][ T454] uevent_store+0x25/0x60
[ 42.002668][ T454] dev_attr_store+0x5c/0x80
[ 42.007241][ T454] sysfs_kf_write+0x123/0x140
[ 42.011996][ T454] kernfs_fop_write_iter+0x2cd/0x410
[ 42.017463][ T454] vfs_write+0x8b5/0xef0
[ 42.021701][ T454] ksys_write+0x198/0x2c0
[ 42.026568][ T454] __x64_sys_write+0x7b/0x90
[ 42.031246][ T454] do_syscall_64+0x2f/0x50
[ 42.035658][ T454] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 42.041800][ T454]
[ 42.044725][ T454] The buggy address belongs to the object at ffff8881134c6000
[ 42.044725][ T454] which belongs to the cache kmalloc-4k of size 4096
[ 42.059699][ T454] The buggy address is located 2744 bytes to the right of
[ 42.059699][ T454] 4096-byte region [ffff8881134c6000, ffff8881134c7000)
[ 42.073924][ T454]
[ 42.076254][ T454] The buggy address belongs to the physical page:
[ 42.082917][ T454] page:ffffea00044d3000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1134c0
[ 42.093332][ T454] head:ffffea00044d3000 order:3 compound_mapcount:0 compound_pincount:0
[ 42.101654][ T454] flags: 0x8000000000010200(slab|head|zone=2)
[ 42.107907][ T454] raw: 8000000000010200 0000000000000000 dead000000000122 ffff888100042140
[ 42.116483][ T454] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
[ 42.132090][ T454] page dumped because: kasan: bad access detected
[ 42.141637][ T454] page_owner tracks the page as allocated
[ 42.147610][ T454] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 175, tgid 175 (udevadm), ts 3562996396, free_ts 0
[ 42.168897][ T454] post_alloc_hook+0x15b/0x160
[ 42.173666][ T454] get_page_from_freelist+0x412/0x8e0
[ 42.179555][ T454] __alloc_pages+0x3d1/0x7c0
[ 42.184518][ T454] allocate_slab+0x69/0x480
[ 42.189126][ T454] ___slab_alloc+0x2c2/0x6a0
[ 42.193720][ T454] __slab_alloc+0x4a/0x90
[ 42.198028][ T454] kmem_cache_alloc_trace+0x221/0x320
[ 42.203927][ T454] kobject_uevent_env+0x265/0x730
[ 42.208944][ T454] kobject_synth_uevent+0x3c4/0x930
[ 42.214378][ T454] uevent_store+0x25/0x60
[ 42.219294][ T454] dev_attr_store+0x5c/0x80
[ 42.223880][ T454] sysfs_kf_write+0x123/0x140
[ 42.228579][ T454] kernfs_fop_write_iter+0x2cd/0x410
[ 42.234549][ T454] vfs_write+0x8b5/0xef0
[ 42.238783][ T454] ksys_write+0x198/0x2c0
[ 42.243091][ T454] __x64_sys_write+0x7b/0x90
[ 42.248357][ T454] page_owner free stack trace missing
[ 42.253974][ T454]
[ 42.256272][ T454] Memory state around the buggy address:
[ 42.262470][ T454] ffff8881134c7980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 42.270615][ T454] ffff8881134c7a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 42.278666][ T454] >ffff8881134c7a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 42.286718][ T454] ^
[ 42.292608][ T454] ffff8881134c7b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 42.300764][ T454] ffff8881134c7b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 42.308800][ T454] ==================================================================
[ 42.317027][ T454] Disabling lock debugging due to kernel taint
[ 42.323283][ T454] general protection fault, probably for non-canonical address 0xdffffc000000013c: 0000 [#1] PREEMPT SMP KASAN
[ 42.335246][ T454] KASAN: null-ptr-deref in range [0x00000000000009e0-0x00000000000009e7]
[ 42.343832][ T454] CPU: 1 PID: 454 Comm: syz-executor.0 Tainted: G B 6.0.0-rc5-syzkaller-00094-ga335366bad13 #0
[ 42.355546][ T454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
[ 42.365686][ T454] RIP: 0010:mon_bin_flush+0x141/0x260
[ 42.371084][ T454] Code: 74 08 48 89 df e8 1f 1b 8d fe 48 8b 03 41 81 e7 ff 0f 00 00 4d 8d 7c 07 24 4c 89 f8 48 c1 e8 03 48 bb 00 00 00 00 00 fc ff df <0f> b6 04 18 84 c0 75 6b 41 8b 37 83 c6 40 4c 89 f7 e8 a9 fd ff ff
[ 42.391816][ T454] RSP: 0018:ffffc90002edfd08 EFLAGS: 00010007
[ 42.397971][ T454] RAX: 000000000000013c RBX: dffffc0000000000 RCX: ffff88810d33a200
[ 42.406549][ T454] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 42.414704][ T454] RBP: ffffc90002edfd70 R08: ffffffff8144ac33 R09: fffffbfff0d492f1
[ 42.422927][ T454] R10: fffffbfff0d492f1 R11: 1ffffffff0d492f0 R12: 00000000fffffffd
[ 42.430892][ T454] R13: ffff888112418b18 R14: ffff888112418b00 R15: 00000000000009e4
[ 42.438940][ T454] FS: 00007f46756cb700(0000) GS:ffff8881f7300000(0000) knlGS:0000000000000000
[ 42.448348][ T454] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 42.455063][ T454] CR2: 00007f46744d7e58 CR3: 0000000124e88000 CR4: 00000000003506a0
[ 42.463037][ T454] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 42.471126][ T454] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 42.479203][ T454] Call Trace:
[ 42.482482][ T454]
[ 42.485439][ T454] mon_bin_ioctl+0x2fb/0xed0
[ 42.490026][ T454] ? selinux_file_alloc_security+0x120/0x120
[ 42.496058][ T454] ? xfd_validate_state+0x70/0x160
[ 42.501163][ T454] ? mon_bin_poll+0x150/0x150
[ 42.505823][ T454] ? __fget_files+0x2d9/0x330
[ 42.510495][ T454] ? security_file_ioctl+0xb1/0xd0
[ 42.515598][ T454] ? mon_bin_poll+0x150/0x150
[ 42.520443][ T454] __se_sys_ioctl+0x115/0x190
[ 42.525123][ T454] __x64_sys_ioctl+0x7b/0x90
[ 42.529689][ T454] do_syscall_64+0x2f/0x50
[ 42.534205][ T454] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 42.540340][ T454] RIP: 0033:0x7f4674489409
[ 42.544736][ T454] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 42.564415][ T454] RSP: 002b:00007f46756cb168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 42.572817][ T454] RAX: ffffffffffffffda RBX: 00007f467459bf80 RCX: 00007f4674489409
[ 42.580770][ T454] RDX: 0000000000000006 RSI: 0000000000009208 RDI: 0000000000000003
[ 42.589068][ T454] RBP: 00007f46744e4367 R08: 0000000000000000 R09: 0000000000000000
[ 42.597035][ T454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 42.605179][ T454] R13: 00007ffd92894c7f R14: 00007f46756cb300 R15: 0000000000022000
[ 42.613160][ T454]
[ 42.616195][ T454] Modules linked in:
[ 42.620085][ T454] ---[ end trace 0000000000000000 ]---
[ 42.625529][ T454] RIP: 0010:mon_bin_flush+0x141/0x260
[ 42.630999][ T454] Code: 74 08 48 89 df e8 1f 1b 8d fe 48 8b 03 41 81 e7 ff 0f 00 00 4d 8d 7c 07 24 4c 89 f8 48 c1 e8 03 48 bb 00 00 00 00 00 fc ff df <0f> b6 04 18 84 c0 75 6b 41 8b 37 83 c6 40 4c 89 f7 e8 a9 fd ff ff
[ 42.650911][ T454] RSP: 0018:ffffc90002edfd08 EFLAGS: 00010007
[ 42.656962][ T454] RAX: 000000000000013c RBX: dffffc0000000000 RCX: ffff88810d33a200
[ 42.664943][ T454] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 42.673073][ T454] RBP: ffffc90002edfd70 R08: ffffffff8144ac33 R09: fffffbfff0d492f1
[ 42.681040][ T454] R10: fffffbfff0d492f1 R11: 1ffffffff0d492f0 R12: 00000000fffffffd
[ 42.688993][ T454] R13: ffff888112418b18 R14: ffff888112418b00 R15: 00000000000009e4
[ 42.697117][ T454] FS: 00007f46756cb700(0000) GS:ffff8881f7300000(0000) knlGS:0000000000000000
[ 42.706035][ T454] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 42.712676][ T454] CR2: 00007f46744d7e58 CR3: 0000000124e88000 CR4: 00000000003506a0
[ 42.720643][ T454] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 42.728610][ T454] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 42.736761][ T454] Kernel panic - not syncing: Fatal exception
[ 43.858292][ T454] Shutting down cpus with NMI
[ 43.863202][ T454] Kernel Offset: disabled
[ 43.867662][ T454] Rebooting in 86400 seconds..