Warning: Permanently added '10.128.1.135' (ED25519) to the list of known hosts.
2025/04/04 05:47:31 ignoring optional flag "sandboxArg"="0"
2025/04/04 05:47:32 parsed 1 programs
[   22.343063][   T23] audit: type=1400 audit(1743745652.330:66): avc:  denied  { node_bind } for  pid=348 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   22.935804][   T23] audit: type=1400 audit(1743745652.930:67): avc:  denied  { mounton } for  pid=358 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1926 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   22.937426][  T358] cgroup1: Unknown subsys name 'net'
[   22.958414][   T23] audit: type=1400 audit(1743745652.930:68): avc:  denied  { mount } for  pid=358 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   22.963775][  T358] cgroup1: Unknown subsys name 'net_prio'
[   22.991187][  T358] cgroup1: Unknown subsys name 'devices'
[   22.997445][   T23] audit: type=1400 audit(1743745652.980:69): avc:  denied  { unmount } for  pid=358 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   23.021858][   T23] audit: type=1400 audit(1743745653.010:70): avc:  denied  { read } for  pid=146 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[   23.133900][  T358] cgroup1: Unknown subsys name 'hugetlb'
[   23.139557][  T358] cgroup1: Unknown subsys name 'rlimit'
[   23.311306][   T23] audit: type=1400 audit(1743745653.300:71): avc:  denied  { setattr } for  pid=358 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=10755 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   23.334856][   T23] audit: type=1400 audit(1743745653.300:72): avc:  denied  { create } for  pid=358 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   23.341085][  T362] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   23.355332][   T23] audit: type=1400 audit(1743745653.300:73): avc:  denied  { write } for  pid=358 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   23.383538][   T23] audit: type=1400 audit(1743745653.300:74): avc:  denied  { read } for  pid=358 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   23.403590][   T23] audit: type=1400 audit(1743745653.300:75): avc:  denied  { module_request } for  pid=358 comm="syz-executor" kmod="netdev-wpan0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[   23.445698][  T358] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   23.844526][  T364] request_module fs-gadgetfs succeeded, but still no fs?
[   24.021446][  T370] syz-executor (370) used greatest stack depth: 19992 bytes left
[   24.614809][  T410] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.621711][  T410] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.629051][  T410] device bridge_slave_0 entered promiscuous mode
[   24.635925][  T410] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.642808][  T410] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.650092][  T410] device bridge_slave_1 entered promiscuous mode
[   24.692708][  T410] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.699547][  T410] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.706700][  T410] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.713538][  T410] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.735240][  T375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   24.742753][  T375] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.750145][  T375] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.759637][  T375] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   24.768524][  T375] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.775531][  T375] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.784640][  T375] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   24.792866][  T375] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.799705][  T375] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.813269][  T375] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   24.822972][  T375] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   24.838668][  T375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   24.849799][  T375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   24.867261][  T375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   24.880020][  T375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   24.890304][  T375] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   24.928259][  T410] syz-executor (410) used greatest stack depth: 19416 bytes left
2025/04/04 05:47:35 executed programs: 0
[   25.176044][  T431] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.183191][  T431] bridge0: port 1(bridge_slave_0) entered disabled state
[   25.190503][  T431] device bridge_slave_0 entered promiscuous mode
[   25.197524][  T431] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.204391][  T431] bridge0: port 2(bridge_slave_1) entered disabled state
[   25.212621][  T431] device bridge_slave_1 entered promiscuous mode
[   25.260770][  T431] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.267625][  T431] bridge0: port 2(bridge_slave_1) entered forwarding state
[   25.274750][  T431] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.281605][  T431] bridge0: port 1(bridge_slave_0) entered forwarding state
[   25.307244][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   25.315614][  T102] bridge0: port 1(bridge_slave_0) entered disabled state
[   25.322871][  T102] bridge0: port 2(bridge_slave_1) entered disabled state
[   25.334040][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   25.342627][  T102] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.350333][  T102] bridge0: port 1(bridge_slave_0) entered forwarding state
[   25.366354][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   25.374453][  T102] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.381294][  T102] bridge0: port 2(bridge_slave_1) entered forwarding state
[   25.398374][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   25.406568][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   25.423351][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   25.442364][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   25.456904][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   25.471187][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   25.481409][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   26.372383][    T9] device bridge_slave_1 left promiscuous mode
[   26.378382][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   26.385619][    T9] device bridge_slave_0 left promiscuous mode
[   26.391641][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   40.570142][  T469] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.577045][  T469] bridge0: port 1(bridge_slave_0) entered disabled state
[   40.584330][  T469] device bridge_slave_0 entered promiscuous mode
[   40.591090][  T469] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.597911][  T469] bridge0: port 2(bridge_slave_1) entered disabled state
[   40.605246][  T469] device bridge_slave_1 entered promiscuous mode
[   40.647480][  T469] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.654328][  T469] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.661467][  T469] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.668202][  T469] bridge0: port 1(bridge_slave_0) entered forwarding state
[   40.689573][  T102] bridge0: port 1(bridge_slave_0) entered disabled state
[   40.696933][  T102] bridge0: port 2(bridge_slave_1) entered disabled state
[   40.704150][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   40.711519][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   40.720882][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   40.729085][  T102] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.735927][  T102] bridge0: port 1(bridge_slave_0) entered forwarding state
[   40.745028][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   40.753168][  T102] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.759978][  T102] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.773599][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   40.782862][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   40.798583][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   40.810231][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   40.823302][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   40.835945][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
2025/04/04 05:47:50 executed programs: 3
[   40.846203][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   40.869291][  T469] ==================================================================
[   40.877184][  T469] BUG: KASAN: use-after-free in __mutex_lock+0xcd7/0x1060
[   40.884380][  T469] Read of size 4 at addr ffff8881ea972f78 by task syz-executor/469
[   40.892204][  T469] 
[   40.894383][  T469] CPU: 1 PID: 469 Comm: syz-executor Not tainted 5.4.290-syzkaller-00002-g41adfeb3d639 #0
[   40.904181][  T469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   40.914162][  T469] Call Trace:
[   40.917295][  T469]  dump_stack+0x1d8/0x241
[   40.921458][  T469]  ? nf_ct_l4proto_log_invalid+0x258/0x258
[   40.927096][  T469]  ? printk+0xd1/0x111
[   40.931010][  T469]  ? __mutex_lock+0xcd7/0x1060
[   40.935605][  T469]  print_address_description+0x8c/0x600
[   40.941081][  T469]  ? check_preemption_disabled+0x9f/0x320
[   40.946628][  T469]  ? __unwind_start+0x708/0x890
[   40.951316][  T469]  ? __mutex_lock+0xcd7/0x1060
[   40.955911][  T469]  __kasan_report+0xf3/0x120
[   40.960338][  T469]  ? __mutex_lock+0xcd7/0x1060
[   40.964941][  T469]  kasan_report+0x30/0x60
[   40.969106][  T469]  __mutex_lock+0xcd7/0x1060
[   40.973538][  T469]  ? kobject_get_unless_zero+0x229/0x320
[   40.979004][  T469]  ? __ww_mutex_lock_interruptible_slowpath+0x10/0x10
[   40.985604][  T469]  ? __module_put_and_exit+0x20/0x20
[   40.990718][  T469]  ? up_read+0x6f/0x1b0
[   40.994715][  T469]  mutex_lock_killable+0xd8/0x110
[   40.999577][  T469]  ? __mutex_lock_interruptible_slowpath+0x10/0x10
[   41.005999][  T469]  ? mutex_lock+0xa5/0x110
[   41.010248][  T469]  ? mutex_trylock+0xa0/0xa0
[   41.014764][  T469]  lo_open+0x18/0xc0
[   41.018495][  T469]  __blkdev_get+0x3c8/0x1160
[   41.022925][  T469]  ? blkdev_get+0x3a0/0x3a0
[   41.027262][  T469]  ? _raw_spin_unlock+0x49/0x60
[   41.031952][  T469]  blkdev_get+0x2de/0x3a0
[   41.036116][  T469]  ? blkdev_open+0x173/0x290
[   41.040545][  T469]  ? block_ioctl+0xe0/0xe0
[   41.044797][  T469]  do_dentry_open+0x964/0x1130
[   41.049397][  T469]  ? finish_open+0xd0/0xd0
[   41.053657][  T469]  ? security_inode_permission+0xad/0xf0
[   41.059116][  T469]  ? memcpy+0x38/0x50
[   41.062942][  T469]  path_openat+0x29bf/0x34b0
[   41.067368][  T469]  ? stack_trace_save+0x118/0x1c0
[   41.072232][  T469]  ? do_filp_open+0x450/0x450
[   41.076825][  T469]  ? do_sys_open+0x357/0x810
[   41.081347][  T469]  ? do_syscall_64+0xca/0x1c0
[   41.085856][  T469]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   41.091761][  T469]  do_filp_open+0x20b/0x450
[   41.096093][  T469]  ? vfs_tmpfile+0x2c0/0x2c0
[   41.100535][  T469]  ? _raw_spin_unlock+0x49/0x60
[   41.105210][  T469]  ? __alloc_fd+0x4c5/0x570
[   41.109549][  T469]  do_sys_open+0x39c/0x810
[   41.113802][  T469]  ? check_preemption_disabled+0x153/0x320
[   41.119529][  T469]  ? file_open_root+0x490/0x490
[   41.124220][  T469]  do_syscall_64+0xca/0x1c0
[   41.128590][  T469]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   41.134311][  T469] RIP: 0033:0x7fc74b2e2a51
[   41.138544][  T469] Code: 75 57 89 f0 25 00 00 41 00 3d 00 00 41 00 74 49 80 3d fa 1a 1f 00 00 74 6d 89 da 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 93 00 00 00 48 8b 54 24 28 64 48 2b 14 25
[   41.157983][  T469] RSP: 002b:00007ffcbcb35a30 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[   41.166239][  T469] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fc74b2e2a51
[   41.174045][  T469] RDX: 0000000000000002 RSI: 00007ffcbcb35b40 RDI: 00000000ffffff9c
[   41.181850][  T469] RBP: 00007ffcbcb35b40 R08: 000000000000000a R09: 00007ffcbcb357f7
[   41.189660][  T469] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[   41.197574][  T469] R13: 00007fc74b4cd260 R14: 0000000000000003 R15: 00007ffcbcb35b40
[   41.205471][  T469] 
[   41.207638][  T469] Allocated by task 445:
[   41.211724][  T469]  __kasan_kmalloc+0x171/0x210
[   41.216324][  T469]  kmem_cache_alloc+0xd9/0x250
[   41.221182][  T469]  dup_task_struct+0x4f/0x600
[   41.225695][  T469]  copy_process+0x56d/0x3230
[   41.230118][  T469]  _do_fork+0x197/0x900
[   41.234116][  T469]  __x64_sys_clone3+0x2da/0x300
[   41.238800][  T469]  do_syscall_64+0xca/0x1c0
[   41.243141][  T469]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   41.248862][  T469] 
[   41.251034][  T469] Freed by task 17:
[   41.254686][  T469]  __kasan_slab_free+0x1b5/0x270
[   41.259458][  T469]  kmem_cache_free+0x10b/0x2c0
[   41.264058][  T469]  rcu_do_batch+0x492/0xa00
[   41.268399][  T469]  rcu_core+0x4c8/0xcb0
[   41.272390][  T469]  __do_softirq+0x23b/0x6b7
[   41.276724][  T469] 
[   41.279003][  T469] The buggy address belongs to the object at ffff8881ea972f40
[   41.279003][  T469]  which belongs to the cache task_struct of size 3904
[   41.292974][  T469] The buggy address is located 56 bytes inside of
[   41.292974][  T469]  3904-byte region [ffff8881ea972f40, ffff8881ea973e80)
[   41.306076][  T469] The buggy address belongs to the page:
[   41.311559][  T469] page:ffffea0007aa5c00 refcount:1 mapcount:0 mapping:ffff8881f5cf0f00 index:0x0 compound_mapcount: 0
[   41.322411][  T469] flags: 0x8000000000010200(slab|head)
[   41.327723][  T469] raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881f5cf0f00
[   41.336128][  T469] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[   41.344526][  T469] page dumped because: kasan: bad access detected
[   41.350775][  T469] page_owner tracks the page as allocated
[   41.356343][  T469] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL)
[   41.372571][  T469]  prep_new_page+0x18f/0x370
[   41.376995][  T469]  get_page_from_freelist+0x2d13/0x2d90
[   41.382374][  T469]  __alloc_pages_nodemask+0x393/0x840
[   41.387586][  T469]  alloc_slab_page+0x39/0x3c0
[   41.392101][  T469]  new_slab+0x97/0x440
[   41.396001][  T469]  ___slab_alloc+0x2fe/0x490
[   41.400425][  T469]  __slab_alloc+0x62/0xa0
[   41.404616][  T469]  kmem_cache_alloc+0x109/0x250
[   41.409284][  T469]  dup_task_struct+0x4f/0x600
[   41.413815][  T469]  copy_process+0x56d/0x3230
[   41.418352][  T469]  _do_fork+0x197/0x900
[   41.422304][  T469]  __x64_sys_clone+0x26b/0x2c0
[   41.426907][  T469]  do_syscall_64+0xca/0x1c0
[   41.431254][  T469]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   41.436969][  T469] page last free stack trace:
[   41.441498][  T469]  __free_pages_ok+0x847/0x950
[   41.446084][  T469]  __free_pages+0x91/0x140
[   41.450369][  T469]  __free_slab+0x221/0x2e0
[   41.454591][  T469]  unfreeze_partials+0x14e/0x180
[   41.459368][  T469]  put_cpu_partial+0x44/0x180
[   41.463891][  T469]  __slab_free+0x297/0x360
[   41.468217][  T469]  qlist_free_all+0x43/0xb0
[   41.472570][  T469]  quarantine_reduce+0x1d9/0x210
[   41.477331][  T469]  __kasan_kmalloc+0x41/0x210
[   41.481946][  T469]  kmem_cache_alloc_trace+0xdc/0x260
[   41.487054][  T469]  kthread+0x94/0x360
[   41.490870][  T469]  ret_from_fork+0x1f/0x30
[   41.495124][  T469] 
[   41.497290][  T469] Memory state around the buggy address:
[   41.502763][  T469]  ffff8881ea972e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   41.510662][  T469]  ffff8881ea972e80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   41.518616][  T469] >ffff8881ea972f00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   41.526473][  T469]                                                                 ^
[   41.534279][  T469]  ffff8881ea972f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   41.542167][  T469]  ffff8881ea973000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   41.550154][  T469] ==================================================================
[   41.558050][  T469] Disabling lock debugging due to kernel taint