Warning: Permanently added '10.128.1.45' (ED25519) to the list of known hosts.
2025/05/14 10:16:20 ignoring optional flag "sandboxArg"="0"
2025/05/14 10:16:21 parsed 1 programs
[ 27.763903][ T23] audit: type=1400 audit(1747217781.190:81): avc: denied { node_bind } for pid=335 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[ 28.567142][ T23] audit: type=1400 audit(1747217782.000:82): avc: denied { mounton } for pid=343 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1926 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 28.569016][ T343] cgroup1: Unknown subsys name 'net'
[ 28.590800][ T23] audit: type=1400 audit(1747217782.000:83): avc: denied { mount } for pid=343 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 28.596714][ T343] cgroup1: Unknown subsys name 'net_prio'
[ 28.624836][ T343] cgroup1: Unknown subsys name 'devices'
[ 28.632154][ T23] audit: type=1400 audit(1747217782.070:84): avc: denied { unmount } for pid=343 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 28.829099][ T343] cgroup1: Unknown subsys name 'hugetlb'
[ 28.834960][ T343] cgroup1: Unknown subsys name 'rlimit'
[ 29.005588][ T23] audit: type=1400 audit(1747217782.430:85): avc: denied { setattr } for pid=343 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=10699 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 29.029448][ T23] audit: type=1400 audit(1747217782.430:86): avc: denied { create } for pid=343 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 29.049936][ T23] audit: type=1400 audit(1747217782.430:87): avc: denied { write } for pid=343 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 29.057125][ T346] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
[ 29.070426][ T23] audit: type=1400 audit(1747217782.440:88): avc: denied { read } for pid=343 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 29.099320][ T23] audit: type=1400 audit(1747217782.440:89): avc: denied { module_request } for pid=343 comm="syz-executor" kmod="netdev-wpan0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[ 29.121339][ T23] audit: type=1400 audit(1747217782.440:90): avc: denied { mounton } for pid=343 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 29.190707][ T343] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 29.582893][ T349] request_module fs-gadgetfs succeeded, but still no fs?
[ 30.279162][ T397] bridge0: port 1(bridge_slave_0) entered blocking state
[ 30.286364][ T397] bridge0: port 1(bridge_slave_0) entered disabled state
[ 30.294036][ T397] device bridge_slave_0 entered promiscuous mode
[ 30.301104][ T397] bridge0: port 2(bridge_slave_1) entered blocking state
[ 30.308251][ T397] bridge0: port 2(bridge_slave_1) entered disabled state
[ 30.315640][ T397] device bridge_slave_1 entered promiscuous mode
[ 30.348075][ T393] syz-executor (393) used greatest stack depth: 21632 bytes left
[ 30.362147][ T397] bridge0: port 2(bridge_slave_1) entered blocking state
[ 30.369497][ T397] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 30.377304][ T397] bridge0: port 1(bridge_slave_0) entered blocking state
[ 30.384716][ T397] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 30.406457][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 30.414622][ T7] bridge0: port 1(bridge_slave_0) entered disabled state
[ 30.422047][ T7] bridge0: port 2(bridge_slave_1) entered disabled state
[ 30.434994][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 30.443713][ T7] bridge0: port 1(bridge_slave_0) entered blocking state
[ 30.450943][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 30.460222][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 30.468700][ T7] bridge0: port 2(bridge_slave_1) entered blocking state
[ 30.475846][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 30.493003][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 30.503492][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 30.523566][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 30.534749][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 30.548129][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 30.564668][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 30.575275][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2025/05/14 10:16:24 executed programs: 0
[ 30.867963][ T416] bridge0: port 1(bridge_slave_0) entered blocking state
[ 30.875008][ T416] bridge0: port 1(bridge_slave_0) entered disabled state
[ 30.882628][ T416] device bridge_slave_0 entered promiscuous mode
[ 30.889640][ T416] bridge0: port 2(bridge_slave_1) entered blocking state
[ 30.896721][ T416] bridge0: port 2(bridge_slave_1) entered disabled state
[ 30.904289][ T416] device bridge_slave_1 entered promiscuous mode
[ 30.960424][ T416] bridge0: port 2(bridge_slave_1) entered blocking state
[ 30.967586][ T416] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 30.975050][ T416] bridge0: port 1(bridge_slave_0) entered blocking state
[ 30.982108][ T416] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 31.008183][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 31.016112][ T103] bridge0: port 1(bridge_slave_0) entered disabled state
[ 31.024308][ T103] bridge0: port 2(bridge_slave_1) entered disabled state
[ 31.041354][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 31.049799][ T103] bridge0: port 1(bridge_slave_0) entered blocking state
[ 31.057039][ T103] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 31.064968][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 31.073688][ T103] bridge0: port 2(bridge_slave_1) entered blocking state
[ 31.080866][ T103] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 31.097096][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 31.105223][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 31.123916][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 31.133428][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 31.148341][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 31.160774][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 31.171746][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 31.908677][ T9] device bridge_slave_1 left promiscuous mode
[ 31.914990][ T9] bridge0: port 2(bridge_slave_1) entered disabled state
[ 31.922459][ T9] device bridge_slave_0 left promiscuous mode
[ 31.928780][ T9] bridge0: port 1(bridge_slave_0) entered disabled state
[ 46.255503][ T439] bridge0: port 1(bridge_slave_0) entered blocking state
[ 46.263083][ T439] bridge0: port 1(bridge_slave_0) entered disabled state
[ 46.271067][ T439] device bridge_slave_0 entered promiscuous mode
[ 46.278331][ T439] bridge0: port 2(bridge_slave_1) entered blocking state
[ 46.285694][ T439] bridge0: port 2(bridge_slave_1) entered disabled state
[ 46.293471][ T439] device bridge_slave_1 entered promiscuous mode
[ 46.336469][ T439] bridge0: port 2(bridge_slave_1) entered blocking state
[ 46.343519][ T439] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 46.351067][ T439] bridge0: port 1(bridge_slave_0) entered blocking state
[ 46.358416][ T439] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 46.381746][ T103] bridge0: port 1(bridge_slave_0) entered disabled state
[ 46.389414][ T103] bridge0: port 2(bridge_slave_1) entered disabled state
[ 46.397325][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 46.405329][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 46.415080][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 46.423595][ T103] bridge0: port 1(bridge_slave_0) entered blocking state
[ 46.430765][ T103] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 46.440068][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 46.448600][ T103] bridge0: port 2(bridge_slave_1) entered blocking state
[ 46.455695][ T103] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 46.469477][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 46.479085][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 46.495288][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 46.507427][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 46.520494][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 46.533407][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
2025/05/14 10:16:40 executed programs: 3
[ 46.544141][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 46.568129][ T439] ==================================================================
[ 46.576272][ T439] BUG: KASAN: use-after-free in __mutex_lock+0xace/0xe30
[ 46.583457][ T439] Read of size 4 at addr ffff8881ed6c5eb8 by task syz-executor/439
[ 46.591481][ T439]
[ 46.593815][ T439] CPU: 1 PID: 439 Comm: syz-executor Not tainted 5.4.292-syzkaller-00021-gcd8e74fa0fa3 #0
[ 46.603772][ T439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 46.613905][ T439] Call Trace:
[ 46.617335][ T439] __dump_stack+0x1e/0x20
[ 46.621769][ T439] dump_stack+0x15b/0x1b8
[ 46.626354][ T439] ? vprintk_default+0x28/0x30
[ 46.631223][ T439] ? show_regs_print_info+0x18/0x18
[ 46.637290][ T439] ? printk+0xcc/0x110
[ 46.641608][ T439] ? __mutex_lock+0xace/0xe30
[ 46.646450][ T439] print_address_description+0x8d/0x4c0
[ 46.652002][ T439] ? __mutex_lock+0xace/0xe30
[ 46.656811][ T439] __kasan_report+0xef/0x120
[ 46.661543][ T439] ? __mutex_lock+0xace/0xe30
[ 46.666304][ T439] kasan_report+0x30/0x60
[ 46.670631][ T439] __asan_report_load4_noabort+0x14/0x20
[ 46.676435][ T439] __mutex_lock+0xace/0xe30
[ 46.681195][ T439] ? __kasan_check_write+0x14/0x20
[ 46.686307][ T439] ? kobject_get_unless_zero+0x15e/0x1e0
[ 46.691944][ T439] ? __ww_mutex_lock_interruptible_slowpath+0x20/0x20
[ 46.698744][ T439] ? mutex_lock+0x8c/0xe0
[ 46.703164][ T439] ? disk_check_events+0x5c0/0x5c0
[ 46.708272][ T439] __mutex_lock_killable_slowpath+0xe/0x10
[ 46.714327][ T439] mutex_lock_killable+0xd3/0xe0
[ 46.719262][ T439] ? __mutex_lock_interruptible_slowpath+0x10/0x10
[ 46.725809][ T439] ? __kasan_check_write+0x14/0x20
[ 46.731388][ T439] ? kobject_get+0xd3/0x120
[ 46.735899][ T439] lo_open+0x1d/0xc0
[ 46.739920][ T439] __blkdev_get+0x610/0x1560
[ 46.744509][ T439] ? blkdev_get+0x380/0x380
[ 46.749007][ T439] ? _raw_spin_lock+0x8e/0xe0
[ 46.753702][ T439] ? _raw_spin_trylock_bh+0x130/0x130
[ 46.759081][ T439] ? __fsnotify_parent+0x310/0x310
[ 46.764417][ T439] blkdev_get+0x68/0x380
[ 46.768978][ T439] ? bd_acquire+0x30a/0x340
[ 46.773590][ T439] blkdev_open+0x1cb/0x2b0
[ 46.778102][ T439] ? block_ioctl+0x100/0x100
[ 46.782924][ T439] do_dentry_open+0x8b5/0x1030
[ 46.787855][ T439] ? finish_open+0xd0/0xd0
[ 46.792290][ T439] ? inode_permission+0xed/0x540
[ 46.797505][ T439] vfs_open+0x73/0x80
[ 46.801495][ T439] path_openat+0x2a5e/0x35c0
[ 46.806163][ T439] ? kmem_cache_alloc+0xe2/0x270
[ 46.811209][ T439] ? getname_flags+0xb9/0x500
[ 46.816579][ T439] ? getname+0x19/0x20
[ 46.821097][ T439] ? do_filp_open+0x3f0/0x3f0
[ 46.826147][ T439] do_filp_open+0x1ae/0x3f0
[ 46.830804][ T439] ? vfs_tmpfile+0x2c0/0x2c0
[ 46.835406][ T439] ? get_unused_fd_flags+0x93/0xa0
[ 46.840598][ T439] do_sys_open+0x2bb/0x5d0
[ 46.845293][ T439] ? file_open_root+0x2b0/0x2b0
[ 46.850300][ T439] ? debug_smp_processor_id+0x1c/0x20
[ 46.855676][ T439] __x64_sys_openat+0xa2/0xb0
[ 46.860341][ T439] do_syscall_64+0xcf/0x170
[ 46.864847][ T439] entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 46.870859][ T439] RIP: 0033:0x7f134ac96251
[ 46.875278][ T439] Code: 75 57 89 f0 25 00 00 41 00 3d 00 00 41 00 74 49 80 3d fa 72 1f 00 00 74 6d 89 da 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 93 00 00 00 48 8b 54 24 28 64 48 2b 14 25
[ 46.895050][ T439] RSP: 002b:00007ffd6730ed20 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 46.903454][ T439] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f134ac96251
[ 46.911527][ T439] RDX: 0000000000000002 RSI: 00007ffd6730ee30 RDI: 00000000ffffff9c
[ 46.919508][ T439] RBP: 00007ffd6730ee30 R08: 000000000000000a R09: 00007ffd6730eae7
[ 46.927468][ T439] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 46.936767][ T439] R13: 00007f134ae86260 R14: 0000000000000003 R15: 00007ffd6730ee30
[ 46.944978][ T439]
[ 46.947639][ T439] Allocated by task 435:
[ 46.951884][ T439] __kasan_kmalloc+0x162/0x200
[ 46.956639][ T439] kasan_slab_alloc+0x12/0x20
[ 46.961310][ T439] kmem_cache_alloc+0xe2/0x270
[ 46.966409][ T439] dup_task_struct+0x57/0x640
[ 46.971499][ T439] copy_process+0x503/0x2cf0
[ 46.976423][ T439] _do_fork+0x190/0x860
[ 46.980578][ T439] __x64_sys_clone3+0x1de/0x1f0
[ 46.985595][ T439] do_syscall_64+0xcf/0x170
[ 46.990201][ T439] entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 46.996171][ T439]
[ 46.998491][ T439] Freed by task 17:
[ 47.002290][ T439] __kasan_slab_free+0x1c3/0x280
[ 47.007235][ T439] kasan_slab_free+0xe/0x10
[ 47.011747][ T439] slab_free_freelist_hook+0xb7/0x180
[ 47.017104][ T439] kmem_cache_free+0x10c/0x2c0
[ 47.021872][ T439] free_task+0xe9/0x150
[ 47.026024][ T439] __put_task_struct+0x2b7/0x420
[ 47.030942][ T439] delayed_put_task_struct+0x71/0x210
[ 47.036338][ T439] rcu_do_batch+0x446/0x980
[ 47.040980][ T439] rcu_core+0x4bd/0xbd0
[ 47.045411][ T439] rcu_core_si+0x9/0x10
[ 47.049553][ T439] __do_softirq+0x236/0x660
[ 47.054042][ T439]
[ 47.056423][ T439] The buggy address belongs to the object at ffff8881ed6c5e80
[ 47.056423][ T439] which belongs to the cache task_struct of size 3904
[ 47.071191][ T439] The buggy address is located 56 bytes inside of
[ 47.071191][ T439] 3904-byte region [ffff8881ed6c5e80, ffff8881ed6c6dc0)
[ 47.084530][ T439] The buggy address belongs to the page:
[ 47.090473][ T439] page:ffffea0007b5b000 refcount:1 mapcount:0 mapping:ffff8881f5cf5180 index:0x0 compound_mapcount: 0
[ 47.101477][ T439] flags: 0x8000000000010200(slab|head)
[ 47.107230][ T439] raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881f5cf5180
[ 47.115969][ T439] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 47.124705][ T439] page dumped because: kasan: bad access detected
[ 47.131209][ T439] page_owner tracks the page as allocated
[ 47.137392][ T439] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL)
[ 47.154828][ T439] prep_new_page+0x35e/0x370
[ 47.159496][ T439] get_page_from_freelist+0x1296/0x1310
[ 47.165033][ T439] __alloc_pages_nodemask+0x202/0x4b0
[ 47.170862][ T439] alloc_slab_page+0x3c/0x3b0
[ 47.175634][ T439] new_slab+0x93/0x420
[ 47.179780][ T439] ___slab_alloc+0x29e/0x420
[ 47.184393][ T439] __slab_alloc+0x63/0xa0
[ 47.188903][ T439] kmem_cache_alloc+0x12c/0x270
[ 47.194004][ T439] dup_task_struct+0x57/0x640
[ 47.198781][ T439] copy_process+0x503/0x2cf0
[ 47.203347][ T439] _do_fork+0x190/0x860
[ 47.207502][ T439] kernel_thread+0x6f/0x90
[ 47.212112][ T439] kthreadd+0x354/0x480
[ 47.216505][ T439] ret_from_fork+0x1f/0x30
[ 47.220910][ T439] page last free stack trace:
[ 47.225580][ T439] __free_pages_ok+0x7e4/0x910
[ 47.231114][ T439] __free_pages+0x8c/0x110
[ 47.235617][ T439] kfree+0x1ca/0x260
[ 47.240023][ T439] can_pernet_exit+0x75/0xd0
[ 47.244781][ T439] cleanup_net+0x588/0xb40
[ 47.249310][ T439] process_one_work+0x73b/0xcc0
[ 47.254607][ T439] worker_thread+0xa5c/0x13b0
[ 47.259663][ T439] kthread+0x31e/0x3a0
[ 47.264050][ T439] ret_from_fork+0x1f/0x30
[ 47.268882][ T439]
[ 47.271190][ T439] Memory state around the buggy address:
[ 47.276825][ T439] ffff8881ed6c5d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 47.284988][ T439] ffff8881ed6c5e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 47.293605][ T439] >ffff8881ed6c5e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 47.302163][ T439] ^
[ 47.308142][ T439] ffff8881ed6c5f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 47.316300][ T439] ffff8881ed6c5f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 47.324878][ T439] ==================================================================
[ 47.333839][ T439] Disabling lock debugging due to kernel taint