Warning: Permanently added '10.128.0.146' (ED25519) to the list of known hosts.
2025/02/14 10:53:47 ignoring optional flag "sandboxArg"="0"
2025/02/14 10:53:48 parsed 1 programs
[   27.232034][   T23] audit: type=1400 audit(1739530427.990:66): avc:  denied  { node_bind } for  pid=352 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   28.059211][   T23] audit: type=1400 audit(1739530428.830:67): avc:  denied  { mounton } for  pid=361 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1926 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   28.061858][  T361] cgroup1: Unknown subsys name 'net'
[   28.081697][   T23] audit: type=1400 audit(1739530428.830:68): avc:  denied  { mount } for  pid=361 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   28.088015][  T361] cgroup1: Unknown subsys name 'net_prio'
[   28.114357][  T361] cgroup1: Unknown subsys name 'devices'
[   28.120731][   T23] audit: type=1400 audit(1739530428.880:69): avc:  denied  { unmount } for  pid=361 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   28.256187][  T361] cgroup1: Unknown subsys name 'hugetlb'
[   28.261837][  T361] cgroup1: Unknown subsys name 'rlimit'
[   28.267838][   T23] audit: type=1400 audit(1739530429.040:70): avc:  denied  { read } for  pid=146 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[   28.430027][   T23] audit: type=1400 audit(1739530429.190:71): avc:  denied  { setattr } for  pid=361 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=267 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   28.453042][   T23] audit: type=1400 audit(1739530429.190:72): avc:  denied  { create } for  pid=361 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   28.473111][   T23] audit: type=1400 audit(1739530429.190:73): avc:  denied  { write } for  pid=361 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   28.493207][   T23] audit: type=1400 audit(1739530429.190:74): avc:  denied  { read } for  pid=361 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   28.500718][  T365] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   28.513172][   T23] audit: type=1400 audit(1739530429.190:75): avc:  denied  { module_request } for  pid=361 comm="syz-executor" kmod="netdev-wpan0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[   28.582431][  T361] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   29.039778][  T371] request_module fs-gadgetfs succeeded, but still no fs?
[   29.177063][  T379] bridge0: port 1(bridge_slave_0) entered blocking state
[   29.183933][  T379] bridge0: port 1(bridge_slave_0) entered disabled state
[   29.191282][  T379] device bridge_slave_0 entered promiscuous mode
[   29.198366][  T379] bridge0: port 2(bridge_slave_1) entered blocking state
[   29.205238][  T379] bridge0: port 2(bridge_slave_1) entered disabled state
[   29.212663][  T379] device bridge_slave_1 entered promiscuous mode
[   29.268013][  T379] bridge0: port 2(bridge_slave_1) entered blocking state
[   29.274875][  T379] bridge0: port 2(bridge_slave_1) entered forwarding state
[   29.281981][  T379] bridge0: port 1(bridge_slave_0) entered blocking state
[   29.288765][  T379] bridge0: port 1(bridge_slave_0) entered forwarding state
[   29.315150][  T103] bridge0: port 1(bridge_slave_0) entered disabled state
[   29.322794][  T103] bridge0: port 2(bridge_slave_1) entered disabled state
[   29.330123][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   29.337634][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   29.348189][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   29.356256][  T103] bridge0: port 1(bridge_slave_0) entered blocking state
[   29.363119][  T103] bridge0: port 1(bridge_slave_0) entered forwarding state
[   29.372251][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   29.380427][  T103] bridge0: port 2(bridge_slave_1) entered blocking state
[   29.387271][  T103] bridge0: port 2(bridge_slave_1) entered forwarding state
[   29.401790][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   29.413390][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   29.431076][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   29.444125][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   29.459041][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   29.472407][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   29.483449][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   29.525630][  T379] syz-executor (379) used greatest stack depth: 19960 bytes left
[   30.224977][    T7] device bridge_slave_1 left promiscuous mode
[   30.231046][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[   30.247047][    T7] device bridge_slave_0 left promiscuous mode
[   30.253031][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
2025/02/14 10:53:51 executed programs: 0
[   30.688378][  T433] bridge0: port 1(bridge_slave_0) entered blocking state
[   30.695774][  T433] bridge0: port 1(bridge_slave_0) entered disabled state
[   30.703382][  T433] device bridge_slave_0 entered promiscuous mode
[   30.710461][  T433] bridge0: port 2(bridge_slave_1) entered blocking state
[   30.717396][  T433] bridge0: port 2(bridge_slave_1) entered disabled state
[   30.724704][  T433] device bridge_slave_1 entered promiscuous mode
[   30.798578][  T433] bridge0: port 2(bridge_slave_1) entered blocking state
[   30.805559][  T433] bridge0: port 2(bridge_slave_1) entered forwarding state
[   30.812613][  T433] bridge0: port 1(bridge_slave_0) entered blocking state
[   30.819415][  T433] bridge0: port 1(bridge_slave_0) entered forwarding state
[   30.847498][  T380] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   30.854986][  T380] bridge0: port 1(bridge_slave_0) entered disabled state
[   30.861931][  T380] bridge0: port 2(bridge_slave_1) entered disabled state
[   30.872523][  T380] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   30.881558][  T380] bridge0: port 1(bridge_slave_0) entered blocking state
[   30.888420][  T380] bridge0: port 1(bridge_slave_0) entered forwarding state
[   30.898134][  T380] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   30.906226][  T380] bridge0: port 2(bridge_slave_1) entered blocking state
[   30.913087][  T380] bridge0: port 2(bridge_slave_1) entered forwarding state
[   30.927859][  T380] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   30.937873][  T380] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   30.955828][  T380] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   30.968064][  T380] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   30.981940][  T380] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   30.996369][  T380] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   31.006692][  T380] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   46.103950][  T475] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.110782][  T475] bridge0: port 1(bridge_slave_0) entered disabled state
[   46.118346][  T475] device bridge_slave_0 entered promiscuous mode
[   46.125187][  T475] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.132015][  T475] bridge0: port 2(bridge_slave_1) entered disabled state
[   46.139621][  T475] device bridge_slave_1 entered promiscuous mode
[   46.193398][  T475] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.200233][  T475] bridge0: port 2(bridge_slave_1) entered forwarding state
[   46.207398][  T475] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.214440][  T475] bridge0: port 1(bridge_slave_0) entered forwarding state
[   46.239370][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[   46.246647][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[   46.254018][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   46.261323][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   46.272591][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   46.280825][    T7] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.287679][    T7] bridge0: port 1(bridge_slave_0) entered forwarding state
[   46.297101][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   46.305328][    T7] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.312142][    T7] bridge0: port 2(bridge_slave_1) entered forwarding state
[   46.327046][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   46.336888][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   46.355231][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   46.367084][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   46.381137][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
2025/02/14 10:54:07 executed programs: 3
[   46.395645][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   46.405890][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   46.431461][  T475] ==================================================================
[   46.439391][  T475] BUG: KASAN: use-after-free in __mutex_lock+0xcd7/0x1060
[   46.446385][  T475] Read of size 4 at addr ffff8881d4dbdeb8 by task syz-executor/475
[   46.454098][  T475] 
[   46.456277][  T475] CPU: 0 PID: 475 Comm: syz-executor Not tainted 5.4.289-syzkaller-00011-g39762b7a60e9 #0
[   46.466002][  T475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   46.475886][  T475] Call Trace:
[   46.479022][  T475]  dump_stack+0x1d8/0x241
[   46.483187][  T475]  ? nf_ct_l4proto_log_invalid+0x258/0x258
[   46.488822][  T475]  ? printk+0xd1/0x111
[   46.492731][  T475]  ? __mutex_lock+0xcd7/0x1060
[   46.497339][  T475]  print_address_description+0x8c/0x600
[   46.502727][  T475]  ? check_preemption_disabled+0x9f/0x320
[   46.508267][  T475]  ? __unwind_start+0x708/0x890
[   46.512955][  T475]  ? __mutex_lock+0xcd7/0x1060
[   46.517560][  T475]  __kasan_report+0xf3/0x120
[   46.521986][  T475]  ? __mutex_lock+0xcd7/0x1060
[   46.526579][  T475]  kasan_report+0x30/0x60
[   46.530748][  T475]  __mutex_lock+0xcd7/0x1060
[   46.535173][  T475]  ? kobject_get_unless_zero+0x229/0x320
[   46.540640][  T475]  ? __ww_mutex_lock_interruptible_slowpath+0x10/0x10
[   46.547434][  T475]  ? __module_put_and_exit+0x20/0x20
[   46.552553][  T475]  ? up_read+0x6f/0x1b0
[   46.556546][  T475]  mutex_lock_killable+0xd8/0x110
[   46.561406][  T475]  ? __mutex_lock_interruptible_slowpath+0x10/0x10
[   46.567745][  T475]  ? mutex_lock+0xa5/0x110
[   46.572115][  T475]  ? mutex_trylock+0xa0/0xa0
[   46.576527][  T475]  lo_open+0x18/0xc0
[   46.580263][  T475]  __blkdev_get+0x3c8/0x1160
[   46.584775][  T475]  ? blkdev_get+0x3a0/0x3a0
[   46.589110][  T475]  ? _raw_spin_unlock+0x49/0x60
[   46.593794][  T475]  blkdev_get+0x2de/0x3a0
[   46.597976][  T475]  ? blkdev_open+0x173/0x290
[   46.602398][  T475]  ? block_ioctl+0xe0/0xe0
[   46.606828][  T475]  do_dentry_open+0x964/0x1130
[   46.611423][  T475]  ? finish_open+0xd0/0xd0
[   46.615673][  T475]  ? security_inode_permission+0xad/0xf0
[   46.621222][  T475]  ? memcpy+0x38/0x50
[   46.625040][  T475]  path_openat+0x29bf/0x34b0
[   46.629468][  T475]  ? stack_trace_save+0x118/0x1c0
[   46.634330][  T475]  ? do_filp_open+0x450/0x450
[   46.638837][  T475]  ? do_sys_open+0x357/0x810
[   46.643264][  T475]  ? do_syscall_64+0xca/0x1c0
[   46.647785][  T475]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   46.653696][  T475]  do_filp_open+0x20b/0x450
[   46.658037][  T475]  ? vfs_tmpfile+0x2c0/0x2c0
[   46.662463][  T475]  ? _raw_spin_unlock+0x49/0x60
[   46.667147][  T475]  ? __alloc_fd+0x4c5/0x570
[   46.671483][  T475]  do_sys_open+0x39c/0x810
[   46.675745][  T475]  ? check_preemption_disabled+0x153/0x320
[   46.681385][  T475]  ? file_open_root+0x490/0x490
[   46.686062][  T475]  do_syscall_64+0xca/0x1c0
[   46.690404][  T475]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   46.696234][  T475] RIP: 0033:0x7f664ef476d1
[   46.700464][  T475] Code: 75 57 89 f0 25 00 00 41 00 3d 00 00 41 00 74 49 80 3d 7a 1e 1f 00 00 74 6d 89 da 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 93 00 00 00 48 8b 54 24 28 64 48 2b 14 25
[   46.719899][  T475] RSP: 002b:00007ffeedd205e0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[   46.728149][  T475] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f664ef476d1
[   46.735959][  T475] RDX: 0000000000000002 RSI: 00007ffeedd206f0 RDI: 00000000ffffff9c
[   46.743769][  T475] RBP: 00007ffeedd206f0 R08: 000000000000000a R09: 00007ffeedd203a7
[   46.751670][  T475] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[   46.759493][  T475] R13: 00007f664f132260 R14: 0000000000000003 R15: 00007ffeedd206f0
[   46.767318][  T475] 
[   46.769469][  T475] Allocated by task 438:
[   46.773640][  T475]  __kasan_kmalloc+0x171/0x210
[   46.778235][  T475]  kmem_cache_alloc+0xd9/0x250
[   46.782839][  T475]  dup_task_struct+0x4f/0x600
[   46.787350][  T475]  copy_process+0x56d/0x3230
[   46.791776][  T475]  _do_fork+0x197/0x900
[   46.795768][  T475]  __x64_sys_clone3+0x2da/0x300
[   46.800451][  T475]  do_syscall_64+0xca/0x1c0
[   46.804804][  T475]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   46.810520][  T475] 
[   46.812684][  T475] Freed by task 17:
[   46.816336][  T475]  __kasan_slab_free+0x1b5/0x270
[   46.821217][  T475]  kmem_cache_free+0x10b/0x2c0
[   46.825815][  T475]  rcu_do_batch+0x492/0xa00
[   46.830152][  T475]  rcu_core+0x4c8/0xcb0
[   46.834144][  T475]  __do_softirq+0x23b/0x6b7
[   46.838479][  T475] 
[   46.840653][  T475] The buggy address belongs to the object at ffff8881d4dbde80
[   46.840653][  T475]  which belongs to the cache task_struct of size 3904
[   46.854638][  T475] The buggy address is located 56 bytes inside of
[   46.854638][  T475]  3904-byte region [ffff8881d4dbde80, ffff8881d4dbedc0)
[   46.867728][  T475] The buggy address belongs to the page:
[   46.873216][  T475] page:ffffea0007536e00 refcount:1 mapcount:0 mapping:ffff8881f5cf0280 index:0x0 compound_mapcount: 0
[   46.883967][  T475] flags: 0x8000000000010200(slab|head)
[   46.889274][  T475] raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881f5cf0280
[   46.897688][  T475] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[   46.906092][  T475] page dumped because: kasan: bad access detected
[   46.912350][  T475] page_owner tracks the page as allocated
[   46.917903][  T475] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL)
[   46.934137][  T475]  prep_new_page+0x18f/0x370
[   46.938560][  T475]  get_page_from_freelist+0x2d13/0x2d90
[   46.943939][  T475]  __alloc_pages_nodemask+0x393/0x840
[   46.949145][  T475]  alloc_slab_page+0x39/0x3c0
[   46.953664][  T475]  new_slab+0x97/0x440
[   46.957563][  T475]  ___slab_alloc+0x2fe/0x490
[   46.961988][  T475]  __slab_alloc+0x62/0xa0
[   46.966160][  T475]  kmem_cache_alloc+0x109/0x250
[   46.970843][  T475]  dup_task_struct+0x4f/0x600
[   46.975379][  T475]  copy_process+0x56d/0x3230
[   46.979902][  T475]  _do_fork+0x197/0x900
[   46.983982][  T475]  __x64_sys_clone+0x26b/0x2c0
[   46.988578][  T475]  do_syscall_64+0xca/0x1c0
[   46.992920][  T475]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   46.998641][  T475] page last free stack trace:
[   47.003159][  T475]  __free_pages_ok+0x847/0x950
[   47.007764][  T475]  __free_pages+0x91/0x140
[   47.012015][  T475]  wg_destruct+0x206/0x2f0
[   47.016266][  T475]  netdev_run_todo+0xb7f/0xdf0
[   47.020869][  T475]  default_device_exit_batch+0x62b/0x680
[   47.026334][  T475]  cleanup_net+0x6e2/0xc90
[   47.030586][  T475]  process_one_work+0x765/0xd20
[   47.035274][  T475]  worker_thread+0xaef/0x1470
[   47.039899][  T475]  kthread+0x2da/0x360
[   47.043806][  T475]  ret_from_fork+0x1f/0x30
[   47.048051][  T475] 
[   47.050280][  T475] Memory state around the buggy address:
[   47.055694][  T475]  ffff8881d4dbdd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   47.063596][  T475]  ffff8881d4dbde00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   47.071492][  T475] >ffff8881d4dbde80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   47.079385][  T475]                                         ^
[   47.085117][  T475]  ffff8881d4dbdf00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   47.093017][  T475]  ffff8881d4dbdf80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   47.100912][  T475] ==================================================================
[   47.108808][  T475] Disabling lock debugging due to kernel taint