Warning: Permanently added '10.128.0.192' (ED25519) to the list of known hosts.
2025/02/09 16:48:54 ignoring optional flag "sandboxArg"="0"
2025/02/09 16:48:55 parsed 1 programs
[ 22.636174][ T23] audit: type=1400 audit(1739119735.009:66): avc: denied { node_bind } for pid=349 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[ 23.197163][ T23] audit: type=1400 audit(1739119735.579:67): avc: denied { mounton } for pid=358 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1926 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 23.198784][ T358] cgroup1: Unknown subsys name 'net'
[ 23.219647][ T23] audit: type=1400 audit(1739119735.579:68): avc: denied { mount } for pid=358 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 23.225232][ T358] cgroup1: Unknown subsys name 'net_prio'
[ 23.253104][ T358] cgroup1: Unknown subsys name 'devices'
[ 23.259292][ T23] audit: type=1400 audit(1739119735.639:69): avc: denied { unmount } for pid=358 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 23.399552][ T358] cgroup1: Unknown subsys name 'hugetlb'
[ 23.405171][ T358] cgroup1: Unknown subsys name 'rlimit'
[ 23.636633][ T23] audit: type=1400 audit(1739119736.009:70): avc: denied { setattr } for pid=358 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=10768 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 23.659817][ T23] audit: type=1400 audit(1739119736.019:71): avc: denied { create } for pid=358 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 23.680014][ T23] audit: type=1400 audit(1739119736.019:72): avc: denied { write } for pid=358 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 23.686190][ T362] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
[ 23.700594][ T23] audit: type=1400 audit(1739119736.019:73): avc: denied { read } for pid=358 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 23.728674][ T23] audit: type=1400 audit(1739119736.019:74): avc: denied { module_request } for pid=358 comm="syz-executor" kmod="netdev-wpan0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[ 23.750407][ T23] audit: type=1400 audit(1739119736.019:75): avc: denied { mounton } for pid=358 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 23.797454][ T358] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 24.131650][ T369] request_module fs-gadgetfs succeeded, but still no fs?
[ 24.494128][ T382] syz-executor (382) used greatest stack depth: 21112 bytes left
[ 24.686021][ T398] bridge0: port 1(bridge_slave_0) entered blocking state
[ 24.693085][ T398] bridge0: port 1(bridge_slave_0) entered disabled state
[ 24.700513][ T398] device bridge_slave_0 entered promiscuous mode
[ 24.707333][ T398] bridge0: port 2(bridge_slave_1) entered blocking state
[ 24.714153][ T398] bridge0: port 2(bridge_slave_1) entered disabled state
[ 24.721433][ T398] device bridge_slave_1 entered promiscuous mode
[ 24.761713][ T398] bridge0: port 2(bridge_slave_1) entered blocking state
[ 24.768733][ T398] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 24.775822][ T398] bridge0: port 1(bridge_slave_0) entered blocking state
[ 24.782625][ T398] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 24.803836][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 24.811316][ T180] bridge0: port 1(bridge_slave_0) entered disabled state
[ 24.818405][ T180] bridge0: port 2(bridge_slave_1) entered disabled state
[ 24.828663][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 24.837192][ T180] bridge0: port 1(bridge_slave_0) entered blocking state
[ 24.844363][ T180] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 24.854120][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 24.863520][ T180] bridge0: port 2(bridge_slave_1) entered blocking state
[ 24.870359][ T180] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 24.885420][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 24.895189][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 24.913131][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 24.924652][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 24.937358][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 24.950010][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 24.959810][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 24.999579][ T398] syz-executor (398) used greatest stack depth: 19416 bytes left
2025/02/09 16:48:57 executed programs: 0
[ 25.366823][ T432] bridge0: port 1(bridge_slave_0) entered blocking state
[ 25.373753][ T432] bridge0: port 1(bridge_slave_0) entered disabled state
[ 25.381440][ T432] device bridge_slave_0 entered promiscuous mode
[ 25.391513][ T432] bridge0: port 2(bridge_slave_1) entered blocking state
[ 25.398378][ T432] bridge0: port 2(bridge_slave_1) entered disabled state
[ 25.405512][ T432] device bridge_slave_1 entered promiscuous mode
[ 25.464516][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 25.472287][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 25.484003][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 25.492149][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 25.500225][ T410] bridge0: port 1(bridge_slave_0) entered blocking state
[ 25.507051][ T410] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 25.514518][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 25.526240][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 25.534791][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 25.542838][ T410] bridge0: port 2(bridge_slave_1) entered blocking state
[ 25.549670][ T410] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 25.565835][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 25.575090][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 25.590108][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 25.607923][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 25.623185][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 25.639275][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 25.653412][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 26.483129][ T9] device bridge_slave_1 left promiscuous mode
[ 26.490965][ T9] bridge0: port 2(bridge_slave_1) entered disabled state
[ 26.500168][ T9] device bridge_slave_0 left promiscuous mode
[ 26.506253][ T9] bridge0: port 1(bridge_slave_0) entered disabled state
[ 44.066530][ T707] bridge0: port 1(bridge_slave_0) entered blocking state
[ 44.073437][ T707] bridge0: port 1(bridge_slave_0) entered disabled state
[ 44.080684][ T707] device bridge_slave_0 entered promiscuous mode
[ 44.087392][ T707] bridge0: port 2(bridge_slave_1) entered blocking state
[ 44.094212][ T707] bridge0: port 2(bridge_slave_1) entered disabled state
[ 44.101544][ T707] device bridge_slave_1 entered promiscuous mode
[ 44.140250][ T707] bridge0: port 2(bridge_slave_1) entered blocking state
[ 44.147118][ T707] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 44.154167][ T707] bridge0: port 1(bridge_slave_0) entered blocking state
[ 44.160986][ T707] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 44.180690][ T9] bridge0: port 1(bridge_slave_0) entered disabled state
[ 44.187754][ T9] bridge0: port 2(bridge_slave_1) entered disabled state
[ 44.194901][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 44.202524][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 44.212641][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 44.221003][ T9] bridge0: port 1(bridge_slave_0) entered blocking state
[ 44.227929][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 44.237324][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 44.245361][ T9] bridge0: port 2(bridge_slave_1) entered blocking state
[ 44.252196][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 44.264917][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 44.274056][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 44.289402][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 44.300424][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 44.313013][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 44.325667][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
2025/02/09 16:49:16 executed programs: 62
[ 44.335819][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 44.358171][ T707] ==================================================================
[ 44.366146][ T707] BUG: KASAN: use-after-free in __mutex_lock+0xcd7/0x1060
[ 44.373076][ T707] Read of size 4 at addr ffff8881e46e0ff8 by task syz-executor/707
[ 44.380786][ T707]
[ 44.382968][ T707] CPU: 0 PID: 707 Comm: syz-executor Not tainted 5.4.289-syzkaller-00030-gcb850525fc3e #0
[ 44.392686][ T707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 44.402576][ T707] Call Trace:
[ 44.405717][ T707] dump_stack+0x1d8/0x241
[ 44.409879][ T707] ? nf_ct_l4proto_log_invalid+0x258/0x258
[ 44.415508][ T707] ? printk+0xd1/0x111
[ 44.419416][ T707] ? __mutex_lock+0xcd7/0x1060
[ 44.424017][ T707] print_address_description+0x8c/0x600
[ 44.429396][ T707] ? check_preemption_disabled+0x9f/0x320
[ 44.434950][ T707] ? __unwind_start+0x708/0x890
[ 44.439636][ T707] ? __mutex_lock+0xcd7/0x1060
[ 44.444237][ T707] __kasan_report+0xf3/0x120
[ 44.448677][ T707] ? __mutex_lock+0xcd7/0x1060
[ 44.453270][ T707] kasan_report+0x30/0x60
[ 44.457434][ T707] __mutex_lock+0xcd7/0x1060
[ 44.461857][ T707] ? kobject_get_unless_zero+0x229/0x320
[ 44.467351][ T707] ? __ww_mutex_lock_interruptible_slowpath+0x10/0x10
[ 44.473919][ T707] ? __module_put_and_exit+0x20/0x20
[ 44.479040][ T707] ? up_read+0x6f/0x1b0
[ 44.483030][ T707] mutex_lock_killable+0xd8/0x110
[ 44.487893][ T707] ? __mutex_lock_interruptible_slowpath+0x10/0x10
[ 44.494227][ T707] ? mutex_lock+0xa5/0x110
[ 44.498478][ T707] ? mutex_trylock+0xa0/0xa0
[ 44.502905][ T707] lo_open+0x18/0xc0
[ 44.506640][ T707] __blkdev_get+0x3c8/0x1160
[ 44.511064][ T707] ? blkdev_get+0x3a0/0x3a0
[ 44.515403][ T707] ? _raw_spin_unlock+0x49/0x60
[ 44.520091][ T707] blkdev_get+0x2de/0x3a0
[ 44.524255][ T707] ? blkdev_open+0x173/0x290
[ 44.528683][ T707] ? block_ioctl+0xe0/0xe0
[ 44.532934][ T707] do_dentry_open+0x964/0x1130
[ 44.537539][ T707] ? finish_open+0xd0/0xd0
[ 44.541786][ T707] ? security_inode_permission+0xad/0xf0
[ 44.547254][ T707] ? memcpy+0x38/0x50
[ 44.551072][ T707] path_openat+0x29bf/0x34b0
[ 44.555502][ T707] ? stack_trace_save+0x118/0x1c0
[ 44.560362][ T707] ? do_filp_open+0x450/0x450
[ 44.564874][ T707] ? do_sys_open+0x357/0x810
[ 44.569299][ T707] ? do_syscall_64+0xca/0x1c0
[ 44.573812][ T707] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 44.579716][ T707] do_filp_open+0x20b/0x450
[ 44.584052][ T707] ? vfs_tmpfile+0x2c0/0x2c0
[ 44.588482][ T707] ? _raw_spin_unlock+0x49/0x60
[ 44.593177][ T707] ? __alloc_fd+0x4c5/0x570
[ 44.597517][ T707] do_sys_open+0x39c/0x810
[ 44.601765][ T707] ? check_preemption_disabled+0x153/0x320
[ 44.607414][ T707] ? file_open_root+0x490/0x490
[ 44.612126][ T707] do_syscall_64+0xca/0x1c0
[ 44.616426][ T707] entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 44.622171][ T707] RIP: 0033:0x7f20ab6226d1
[ 44.626473][ T707] Code: 75 57 89 f0 25 00 00 41 00 3d 00 00 41 00 74 49 80 3d 7a 1e 1f 00 00 74 6d 89 da 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 93 00 00 00 48 8b 54 24 28 64 48 2b 14 25
[ 44.645856][ T707] RSP: 002b:00007ffea3e56e50 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 44.654093][ T707] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f20ab6226d1
[ 44.661903][ T707] RDX: 0000000000000002 RSI: 00007ffea3e56f60 RDI: 00000000ffffff9c
[ 44.669720][ T707] RBP: 00007ffea3e56f60 R08: 000000000000000a R09: 00007ffea3e56c17
[ 44.677525][ T707] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 44.685339][ T707] R13: 00007f20ab80d260 R14: 0000000000000003 R15: 00007ffea3e56f60
[ 44.693148][ T707]
[ 44.695315][ T707] Allocated by task 688:
[ 44.699493][ T707] __kasan_kmalloc+0x171/0x210
[ 44.704085][ T707] kmem_cache_alloc+0xd9/0x250
[ 44.708771][ T707] dup_task_struct+0x4f/0x600
[ 44.713290][ T707] copy_process+0x56d/0x3230
[ 44.717711][ T707] _do_fork+0x197/0x900
[ 44.721704][ T707] __x64_sys_clone3+0x2da/0x300
[ 44.726397][ T707] do_syscall_64+0xca/0x1c0
[ 44.730728][ T707] entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 44.736452][ T707]
[ 44.738626][ T707] Freed by task 10:
[ 44.742274][ T707] __kasan_slab_free+0x1b5/0x270
[ 44.747045][ T707] kmem_cache_free+0x10b/0x2c0
[ 44.751643][ T707] rcu_do_batch+0x492/0xa00
[ 44.755992][ T707] rcu_core+0x4c8/0xcb0
[ 44.759976][ T707] __do_softirq+0x23b/0x6b7
[ 44.764324][ T707]
[ 44.766483][ T707] The buggy address belongs to the object at ffff8881e46e0fc0
[ 44.766483][ T707] which belongs to the cache task_struct of size 3904
[ 44.780475][ T707] The buggy address is located 56 bytes inside of
[ 44.780475][ T707] 3904-byte region [ffff8881e46e0fc0, ffff8881e46e1f00)
[ 44.793562][ T707] The buggy address belongs to the page:
[ 44.799047][ T707] page:ffffea000791b800 refcount:1 mapcount:0 mapping:ffff8881f5cf1400 index:0x0 compound_mapcount: 0
[ 44.809792][ T707] flags: 0x8000000000010200(slab|head)
[ 44.815098][ T707] raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881f5cf1400
[ 44.823510][ T707] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[ 44.831921][ T707] page dumped because: kasan: bad access detected
[ 44.838181][ T707] page_owner tracks the page as allocated
[ 44.843754][ T707] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL)
[ 44.859967][ T707] prep_new_page+0x18f/0x370
[ 44.864391][ T707] get_page_from_freelist+0x2d13/0x2d90
[ 44.869773][ T707] __alloc_pages_nodemask+0x393/0x840
[ 44.875009][ T707] alloc_slab_page+0x39/0x3c0
[ 44.879487][ T707] new_slab+0x97/0x440
[ 44.883390][ T707] ___slab_alloc+0x2fe/0x490
[ 44.887827][ T707] __slab_alloc+0x62/0xa0
[ 44.891985][ T707] kmem_cache_alloc+0x109/0x250
[ 44.896669][ T707] dup_task_struct+0x4f/0x600
[ 44.901183][ T707] copy_process+0x56d/0x3230
[ 44.905608][ T707] _do_fork+0x197/0x900
[ 44.909600][ T707] __x64_sys_clone+0x26b/0x2c0
[ 44.914201][ T707] do_syscall_64+0xca/0x1c0
[ 44.918539][ T707] entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 44.924267][ T707] page last free stack trace:
[ 44.928783][ T707] __free_pages_ok+0x847/0x950
[ 44.933380][ T707] __free_pages+0x91/0x140
[ 44.937633][ T707] __free_slab+0x221/0x2e0
[ 44.941885][ T707] unfreeze_partials+0x14e/0x180
[ 44.946659][ T707] put_cpu_partial+0x44/0x180
[ 44.951173][ T707] __slab_free+0x297/0x360
[ 44.955427][ T707] qlist_free_all+0x43/0xb0
[ 44.959766][ T707] quarantine_reduce+0x1d9/0x210
[ 44.964537][ T707] __kasan_kmalloc+0x41/0x210
[ 44.969052][ T707] kmem_cache_alloc_trace+0xdc/0x260
[ 44.974172][ T707] kobject_uevent_env+0x26f/0x710
[ 44.979034][ T707] __loop_clr_fd+0x574/0x920
[ 44.983462][ T707] __blkdev_put+0x4ad/0x710
[ 44.987797][ T707] blkdev_close+0x78/0xa0
[ 44.991962][ T707] __fput+0x262/0x680
[ 44.995785][ T707] task_work_run+0x140/0x170
[ 45.000204][ T707]
[ 45.002375][ T707] Memory state around the buggy address:
[ 45.007845][ T707] ffff8881e46e0e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 45.015744][ T707] ffff8881e46e0f00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[ 45.023640][ T707] >ffff8881e46e0f80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 45.031537][ T707] ^
[ 45.039351][ T707] ffff8881e46e1000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 45.047249][ T707] ffff8881e46e1080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 45.055142][ T707] ==================================================================
[ 45.063045][ T707] Disabling lock debugging due to kernel taint