Warning: Permanently added '10.128.0.29' (ED25519) to the list of known hosts.
2025/05/04 13:08:21 ignoring optional flag "sandboxArg"="0"
2025/05/04 13:08:22 parsed 1 programs
[ 22.493515][ T23] audit: type=1400 audit(1746364102.800:81): avc: denied { node_bind } for pid=335 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[ 23.063643][ T23] audit: type=1400 audit(1746364103.370:82): avc: denied { mounton } for pid=343 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1926 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 23.064970][ T343] cgroup1: Unknown subsys name 'net'
[ 23.087020][ T23] audit: type=1400 audit(1746364103.370:83): avc: denied { mount } for pid=343 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 23.093181][ T343] cgroup1: Unknown subsys name 'net_prio'
[ 23.120462][ T343] cgroup1: Unknown subsys name 'devices'
[ 23.127186][ T23] audit: type=1400 audit(1746364103.440:84): avc: denied { unmount } for pid=343 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 23.263838][ T343] cgroup1: Unknown subsys name 'hugetlb'
[ 23.269660][ T343] cgroup1: Unknown subsys name 'rlimit'
[ 23.435708][ T23] audit: type=1400 audit(1746364103.740:85): avc: denied { setattr } for pid=343 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=9877 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 23.459116][ T23] audit: type=1400 audit(1746364103.740:86): avc: denied { create } for pid=343 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 23.464436][ T346] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
[ 23.479607][ T23] audit: type=1400 audit(1746364103.740:87): avc: denied { write } for pid=343 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 23.508455][ T23] audit: type=1400 audit(1746364103.740:88): avc: denied { read } for pid=343 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 23.528753][ T23] audit: type=1400 audit(1746364103.740:89): avc: denied { module_request } for pid=343 comm="syz-executor" kmod="netdev-wpan0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[ 23.550940][ T23] audit: type=1400 audit(1746364103.740:90): avc: denied { mounton } for pid=343 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 23.595742][ T343] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 23.962934][ T349] request_module fs-gadgetfs succeeded, but still no fs?
[ 24.047733][ T353] bridge0: port 1(bridge_slave_0) entered blocking state
[ 24.055802][ T353] bridge0: port 1(bridge_slave_0) entered disabled state
[ 24.063692][ T353] device bridge_slave_0 entered promiscuous mode
[ 24.071122][ T353] bridge0: port 2(bridge_slave_1) entered blocking state
[ 24.078193][ T353] bridge0: port 2(bridge_slave_1) entered disabled state
[ 24.085838][ T353] device bridge_slave_1 entered promiscuous mode
[ 24.118016][ T353] bridge0: port 2(bridge_slave_1) entered blocking state
[ 24.125231][ T353] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 24.132858][ T353] bridge0: port 1(bridge_slave_0) entered blocking state
[ 24.139890][ T353] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 24.158891][ T354] bridge0: port 1(bridge_slave_0) entered disabled state
[ 24.166664][ T354] bridge0: port 2(bridge_slave_1) entered disabled state
[ 24.174097][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 24.182359][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 24.202536][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 24.211134][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 24.219628][ T354] bridge0: port 1(bridge_slave_0) entered blocking state
[ 24.226744][ T354] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 24.234571][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 24.242799][ T354] bridge0: port 2(bridge_slave_1) entered blocking state
[ 24.249975][ T354] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 24.257906][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 24.266161][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 24.277325][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 24.289360][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 24.301028][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 24.313073][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 24.342582][ T353] syz-executor (353) used greatest stack depth: 20736 bytes left
2025/05/04 13:08:25 executed programs: 0
[ 25.097072][ T415] bridge0: port 1(bridge_slave_0) entered blocking state
[ 25.104740][ T415] bridge0: port 1(bridge_slave_0) entered disabled state
[ 25.112298][ T415] device bridge_slave_0 entered promiscuous mode
[ 25.120437][ T415] bridge0: port 2(bridge_slave_1) entered blocking state
[ 25.127482][ T415] bridge0: port 2(bridge_slave_1) entered disabled state
[ 25.134875][ T415] device bridge_slave_1 entered promiscuous mode
[ 25.168707][ T415] bridge0: port 2(bridge_slave_1) entered blocking state
[ 25.175770][ T415] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 25.183037][ T415] bridge0: port 1(bridge_slave_0) entered blocking state
[ 25.190219][ T415] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 25.209599][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 25.217601][ T354] bridge0: port 1(bridge_slave_0) entered disabled state
[ 25.225385][ T354] bridge0: port 2(bridge_slave_1) entered disabled state
[ 25.234401][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 25.243248][ T354] bridge0: port 1(bridge_slave_0) entered blocking state
[ 25.250288][ T354] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 25.261402][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 25.269705][ T354] bridge0: port 2(bridge_slave_1) entered blocking state
[ 25.276736][ T354] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 25.288512][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 25.297680][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 25.314169][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 25.324936][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 25.336742][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 25.350214][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 25.360074][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 25.392137][ T9] device bridge_slave_1 left promiscuous mode
[ 25.398262][ T9] bridge0: port 2(bridge_slave_1) entered disabled state
[ 25.405695][ T9] device bridge_slave_0 left promiscuous mode
[ 25.411930][ T9] bridge0: port 1(bridge_slave_0) entered disabled state
[ 40.427387][ T438] bridge0: port 1(bridge_slave_0) entered blocking state
[ 40.434613][ T438] bridge0: port 1(bridge_slave_0) entered disabled state
[ 40.442085][ T438] device bridge_slave_0 entered promiscuous mode
[ 40.448955][ T438] bridge0: port 2(bridge_slave_1) entered blocking state
[ 40.456067][ T438] bridge0: port 2(bridge_slave_1) entered disabled state
[ 40.463462][ T438] device bridge_slave_1 entered promiscuous mode
[ 40.494758][ T438] bridge0: port 2(bridge_slave_1) entered blocking state
[ 40.502161][ T438] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 40.509643][ T438] bridge0: port 1(bridge_slave_0) entered blocking state
[ 40.516721][ T438] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 40.533946][ T9] bridge0: port 1(bridge_slave_0) entered disabled state
[ 40.541209][ T9] bridge0: port 2(bridge_slave_1) entered disabled state
[ 40.548706][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 40.557101][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 40.566196][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 40.574548][ T9] bridge0: port 1(bridge_slave_0) entered blocking state
[ 40.581907][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 40.590347][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 40.598660][ T9] bridge0: port 2(bridge_slave_1) entered blocking state
[ 40.606556][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 40.618178][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 40.627251][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 40.640739][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 40.651249][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 40.663324][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 40.674916][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 40.684676][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2025/05/04 13:08:41 executed programs: 3
[ 40.704442][ T438] ==================================================================
[ 40.712528][ T438] BUG: KASAN: use-after-free in __mutex_lock+0xace/0xe30
[ 40.719528][ T438] Read of size 4 at addr ffff8881edef8ff8 by task syz-executor/438
[ 40.727490][ T438]
[ 40.729806][ T438] CPU: 1 PID: 438 Comm: syz-executor Not tainted 5.4.292-syzkaller-00021-gcd8e74fa0fa3 #0
[ 40.739662][ T438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 40.749693][ T438] Call Trace:
[ 40.752962][ T438] __dump_stack+0x1e/0x20
[ 40.757265][ T438] dump_stack+0x15b/0x1b8
[ 40.761570][ T438] ? vprintk_default+0x28/0x30
[ 40.766333][ T438] ? show_regs_print_info+0x18/0x18
[ 40.771514][ T438] ? printk+0xcc/0x110
[ 40.775557][ T438] ? __mutex_lock+0xace/0xe30
[ 40.780236][ T438] print_address_description+0x8d/0x4c0
[ 40.785783][ T438] ? __mutex_lock+0xace/0xe30
[ 40.790646][ T438] __kasan_report+0xef/0x120
[ 40.795229][ T438] ? __mutex_lock+0xace/0xe30
[ 40.799893][ T438] kasan_report+0x30/0x60
[ 40.804214][ T438] __asan_report_load4_noabort+0x14/0x20
[ 40.809823][ T438] __mutex_lock+0xace/0xe30
[ 40.814308][ T438] ? __kasan_check_write+0x14/0x20
[ 40.819416][ T438] ? kobject_get_unless_zero+0x15e/0x1e0
[ 40.825040][ T438] ? __ww_mutex_lock_interruptible_slowpath+0x20/0x20
[ 40.831860][ T438] ? mutex_lock+0x8c/0xe0
[ 40.836165][ T438] ? disk_check_events+0x5c0/0x5c0
[ 40.841262][ T438] __mutex_lock_killable_slowpath+0xe/0x10
[ 40.847058][ T438] mutex_lock_killable+0xd3/0xe0
[ 40.852014][ T438] ? __mutex_lock_interruptible_slowpath+0x10/0x10
[ 40.858491][ T438] ? __kasan_check_write+0x14/0x20
[ 40.863583][ T438] ? kobject_get+0xd3/0x120
[ 40.868061][ T438] lo_open+0x1d/0xc0
[ 40.871937][ T438] __blkdev_get+0x610/0x1560
[ 40.876519][ T438] ? blkdev_get+0x380/0x380
[ 40.881007][ T438] ? _raw_spin_lock+0x8e/0xe0
[ 40.885667][ T438] ? _raw_spin_trylock_bh+0x130/0x130
[ 40.891031][ T438] ? __fsnotify_parent+0x310/0x310
[ 40.896129][ T438] blkdev_get+0x68/0x380
[ 40.900344][ T438] ? bd_acquire+0x30a/0x340
[ 40.904840][ T438] blkdev_open+0x1cb/0x2b0
[ 40.909250][ T438] ? block_ioctl+0x100/0x100
[ 40.913824][ T438] do_dentry_open+0x8b5/0x1030
[ 40.918744][ T438] ? finish_open+0xd0/0xd0
[ 40.923139][ T438] ? inode_permission+0xed/0x540
[ 40.928078][ T438] vfs_open+0x73/0x80
[ 40.932046][ T438] path_openat+0x2a5e/0x35c0
[ 40.936630][ T438] ? kmem_cache_alloc+0xe2/0x270
[ 40.941555][ T438] ? getname_flags+0xb9/0x500
[ 40.946658][ T438] ? getname+0x19/0x20
[ 40.950889][ T438] ? do_filp_open+0x3f0/0x3f0
[ 40.955563][ T438] do_filp_open+0x1ae/0x3f0
[ 40.960140][ T438] ? vfs_tmpfile+0x2c0/0x2c0
[ 40.964836][ T438] ? get_unused_fd_flags+0x93/0xa0
[ 40.970299][ T438] do_sys_open+0x2bb/0x5d0
[ 40.974783][ T438] ? file_open_root+0x2b0/0x2b0
[ 40.979624][ T438] ? debug_smp_processor_id+0x1c/0x20
[ 40.984974][ T438] __x64_sys_openat+0xa2/0xb0
[ 40.989702][ T438] do_syscall_64+0xcf/0x170
[ 40.994205][ T438] entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 41.000077][ T438] RIP: 0033:0x7f1de2830251
[ 41.004471][ T438] Code: 75 57 89 f0 25 00 00 41 00 3d 00 00 41 00 74 49 80 3d fa 72 1f 00 00 74 6d 89 da 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 93 00 00 00 48 8b 54 24 28 64 48 2b 14 25
[ 41.024062][ T438] RSP: 002b:00007fff91c8a7d0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 41.032558][ T438] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1de2830251
[ 41.040645][ T438] RDX: 0000000000000002 RSI: 00007fff91c8a8e0 RDI: 00000000ffffff9c
[ 41.048622][ T438] RBP: 00007fff91c8a8e0 R08: 000000000000000a R09: 00007fff91c8a597
[ 41.056578][ T438] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 41.064539][ T438] R13: 00007f1de2a20260 R14: 0000000000000003 R15: 00007fff91c8a8e0
[ 41.072506][ T438]
[ 41.074821][ T438] Allocated by task 419:
[ 41.079043][ T438] __kasan_kmalloc+0x162/0x200
[ 41.083857][ T438] kasan_slab_alloc+0x12/0x20
[ 41.088536][ T438] kmem_cache_alloc+0xe2/0x270
[ 41.093376][ T438] dup_task_struct+0x57/0x640
[ 41.098209][ T438] copy_process+0x503/0x2cf0
[ 41.102782][ T438] _do_fork+0x190/0x860
[ 41.107218][ T438] __x64_sys_clone3+0x1de/0x1f0
[ 41.112185][ T438] do_syscall_64+0xcf/0x170
[ 41.116674][ T438] entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 41.122576][ T438]
[ 41.124888][ T438] Freed by task 10:
[ 41.128811][ T438] __kasan_slab_free+0x1c3/0x280
[ 41.133957][ T438] kasan_slab_free+0xe/0x10
[ 41.138463][ T438] slab_free_freelist_hook+0xb7/0x180
[ 41.143853][ T438] kmem_cache_free+0x10c/0x2c0
[ 41.148626][ T438] free_task+0xe9/0x150
[ 41.152767][ T438] __put_task_struct+0x2b7/0x420
[ 41.157718][ T438] delayed_put_task_struct+0x71/0x210
[ 41.163156][ T438] rcu_do_batch+0x446/0x980
[ 41.167754][ T438] rcu_core+0x4bd/0xbd0
[ 41.171893][ T438] rcu_core_si+0x9/0x10
[ 41.176112][ T438] __do_softirq+0x236/0x660
[ 41.180610][ T438]
[ 41.182937][ T438] The buggy address belongs to the object at ffff8881edef8fc0
[ 41.182937][ T438] which belongs to the cache task_struct of size 3904
[ 41.197065][ T438] The buggy address is located 56 bytes inside of
[ 41.197065][ T438] 3904-byte region [ffff8881edef8fc0, ffff8881edef9f00)
[ 41.210337][ T438] The buggy address belongs to the page:
[ 41.215959][ T438] page:ffffea0007b7be00 refcount:1 mapcount:0 mapping:ffff8881f5cf5b80 index:0x0 compound_mapcount: 0
[ 41.227054][ T438] flags: 0x8000000000010200(slab|head)
[ 41.232872][ T438] raw: 8000000000010200 0000000000000000 0000000100000001 ffff8881f5cf5b80
[ 41.241580][ T438] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[ 41.250183][ T438] page dumped because: kasan: bad access detected
[ 41.256664][ T438] page_owner tracks the page as allocated
[ 41.262363][ T438] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC)
[ 41.277360][ T438] prep_new_page+0x35e/0x370
[ 41.281954][ T438] get_page_from_freelist+0x1296/0x1310
[ 41.287494][ T438] __alloc_pages_nodemask+0x202/0x4b0
[ 41.293020][ T438] alloc_slab_page+0x3c/0x3b0
[ 41.297682][ T438] new_slab+0x93/0x420
[ 41.301948][ T438] ___slab_alloc+0x29e/0x420
[ 41.306519][ T438] __slab_alloc+0x63/0xa0
[ 41.310920][ T438] kmem_cache_alloc+0x12c/0x270
[ 41.315756][ T438] dup_task_struct+0x57/0x640
[ 41.320409][ T438] copy_process+0x503/0x2cf0
[ 41.325013][ T438] _do_fork+0x190/0x860
[ 41.329144][ T438] kernel_thread+0x6f/0x90
[ 41.333599][ T438] kthreadd+0x354/0x480
[ 41.337730][ T438] ret_from_fork+0x1f/0x30
[ 41.342211][ T438] page_owner free stack trace missing
[ 41.347554][ T438]
[ 41.349856][ T438] Memory state around the buggy address:
[ 41.355461][ T438] ffff8881edef8e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 41.363496][ T438] ffff8881edef8f00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[ 41.371616][ T438] >ffff8881edef8f80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 41.379734][ T438] ^
[ 41.387775][ T438] ffff8881edef9000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 41.395813][ T438] ffff8881edef9080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 41.403844][ T438] ==================================================================
[ 41.411878][ T438] Disabling lock debugging due to kernel taint