Warning: Permanently added '10.128.10.52' (ED25519) to the list of known hosts.
2025/02/07 18:59:00 ignoring optional flag "sandboxArg"="0"
2025/02/07 18:59:01 parsed 1 programs
[ 23.046852][ T23] audit: type=1400 audit(1738954741.960:66): avc: denied { node_bind } for pid=349 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[ 23.561568][ T23] audit: type=1400 audit(1738954742.470:67): avc: denied { mounton } for pid=358 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1926 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 23.563289][ T358] cgroup1: Unknown subsys name 'net'
[ 23.584052][ T23] audit: type=1400 audit(1738954742.470:68): avc: denied { mount } for pid=358 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 23.589385][ T358] cgroup1: Unknown subsys name 'net_prio'
[ 23.611652][ T23] audit: type=1400 audit(1738954742.530:69): avc: denied { read } for pid=146 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[ 23.616819][ T358] cgroup1: Unknown subsys name 'devices'
[ 23.644344][ T23] audit: type=1400 audit(1738954742.560:70): avc: denied { unmount } for pid=358 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 23.815368][ T358] cgroup1: Unknown subsys name 'hugetlb'
[ 23.821420][ T358] cgroup1: Unknown subsys name 'rlimit'
[ 23.992213][ T23] audit: type=1400 audit(1738954742.900:71): avc: denied { setattr } for pid=358 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=9546 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 24.008731][ T361] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
[ 24.015333][ T23] audit: type=1400 audit(1738954742.910:72): avc: denied { create } for pid=358 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 24.043959][ T23] audit: type=1400 audit(1738954742.910:73): avc: denied { write } for pid=358 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 24.064265][ T23] audit: type=1400 audit(1738954742.910:74): avc: denied { read } for pid=358 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 24.084215][ T23] audit: type=1400 audit(1738954742.910:75): avc: denied { module_request } for pid=358 comm="syz-executor" kmod="netdev-wpan0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[ 24.105972][ T358] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 24.483259][ T364] request_module fs-gadgetfs succeeded, but still no fs?
[ 24.593492][ T364] syz-executor (364) used greatest stack depth: 21400 bytes left
[ 24.912888][ T393] bridge0: port 1(bridge_slave_0) entered blocking state
[ 24.919728][ T393] bridge0: port 1(bridge_slave_0) entered disabled state
[ 24.927490][ T393] device bridge_slave_0 entered promiscuous mode
[ 24.934140][ T393] bridge0: port 2(bridge_slave_1) entered blocking state
[ 24.940954][ T393] bridge0: port 2(bridge_slave_1) entered disabled state
[ 24.948479][ T393] device bridge_slave_1 entered promiscuous mode
[ 24.991690][ T393] bridge0: port 2(bridge_slave_1) entered blocking state
[ 24.998660][ T393] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 25.005795][ T393] bridge0: port 1(bridge_slave_0) entered blocking state
[ 25.012636][ T393] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 25.034086][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 25.041501][ T103] bridge0: port 1(bridge_slave_0) entered disabled state
[ 25.048601][ T103] bridge0: port 2(bridge_slave_1) entered disabled state
[ 25.058386][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 25.066931][ T103] bridge0: port 1(bridge_slave_0) entered blocking state
[ 25.073782][ T103] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 25.085488][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 25.093490][ T103] bridge0: port 2(bridge_slave_1) entered blocking state
[ 25.100319][ T103] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 25.115702][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 25.132354][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 25.145232][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 25.156618][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 25.170181][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 25.182301][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 25.193411][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 25.228665][ T393] syz-executor (393) used greatest stack depth: 19832 bytes left
2025/02/07 18:59:04 executed programs: 0
[ 25.793853][ T430] bridge0: port 1(bridge_slave_0) entered blocking state
[ 25.800778][ T430] bridge0: port 1(bridge_slave_0) entered disabled state
[ 25.808991][ T430] device bridge_slave_0 entered promiscuous mode
[ 25.815934][ T430] bridge0: port 2(bridge_slave_1) entered blocking state
[ 25.822809][ T430] bridge0: port 2(bridge_slave_1) entered disabled state
[ 25.829987][ T430] device bridge_slave_1 entered promiscuous mode
[ 25.896650][ T430] bridge0: port 2(bridge_slave_1) entered blocking state
[ 25.903520][ T430] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 25.910657][ T430] bridge0: port 1(bridge_slave_0) entered blocking state
[ 25.917623][ T430] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 25.950495][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 25.958893][ T103] bridge0: port 1(bridge_slave_0) entered disabled state
[ 25.966488][ T103] bridge0: port 2(bridge_slave_1) entered disabled state
[ 25.983654][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 25.991681][ T103] bridge0: port 1(bridge_slave_0) entered blocking state
[ 25.998526][ T103] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 26.006133][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 26.014617][ T103] bridge0: port 2(bridge_slave_1) entered blocking state
[ 26.021431][ T103] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 26.031690][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 26.040954][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 26.056821][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 26.069940][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 26.083935][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 26.096651][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 26.106882][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 26.753304][ T9] device bridge_slave_1 left promiscuous mode
[ 26.759249][ T9] bridge0: port 2(bridge_slave_1) entered disabled state
[ 26.766505][ T9] device bridge_slave_0 left promiscuous mode
[ 26.772414][ T9] bridge0: port 1(bridge_slave_0) entered disabled state
[ 41.191750][ T465] bridge0: port 1(bridge_slave_0) entered blocking state
[ 41.198684][ T465] bridge0: port 1(bridge_slave_0) entered disabled state
[ 41.206164][ T465] device bridge_slave_0 entered promiscuous mode
[ 41.213009][ T465] bridge0: port 2(bridge_slave_1) entered blocking state
[ 41.219832][ T465] bridge0: port 2(bridge_slave_1) entered disabled state
[ 41.227173][ T465] device bridge_slave_1 entered promiscuous mode
[ 41.269007][ T465] bridge0: port 2(bridge_slave_1) entered blocking state
[ 41.275874][ T465] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 41.283005][ T465] bridge0: port 1(bridge_slave_0) entered blocking state
[ 41.289729][ T465] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 41.310764][ T9] bridge0: port 1(bridge_slave_0) entered disabled state
[ 41.317925][ T9] bridge0: port 2(bridge_slave_1) entered disabled state
[ 41.325141][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 41.332359][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 41.341670][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 41.349689][ T9] bridge0: port 1(bridge_slave_0) entered blocking state
[ 41.356554][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 41.365684][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 41.373917][ T9] bridge0: port 2(bridge_slave_1) entered blocking state
[ 41.380737][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 41.394415][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 41.403802][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 41.419769][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 41.431426][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 41.445390][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 41.457656][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
2025/02/07 18:59:20 executed programs: 3
[ 41.468097][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 41.491122][ T465] ==================================================================
[ 41.499021][ T465] BUG: KASAN: use-after-free in __mutex_lock+0xcd7/0x1060
[ 41.505958][ T465] Read of size 4 at addr ffff8881f045deb8 by task syz-executor/465
[ 41.513669][ T465]
[ 41.515847][ T465] CPU: 1 PID: 465 Comm: syz-executor Not tainted 5.4.289-syzkaller-00030-gcb850525fc3e #0
[ 41.525568][ T465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 41.535469][ T465] Call Trace:
[ 41.538728][ T465] dump_stack+0x1d8/0x241
[ 41.542886][ T465] ? nf_ct_l4proto_log_invalid+0x258/0x258
[ 41.548530][ T465] ? printk+0xd1/0x111
[ 41.552440][ T465] ? __mutex_lock+0xcd7/0x1060
[ 41.557061][ T465] print_address_description+0x8c/0x600
[ 41.562429][ T465] ? check_preemption_disabled+0x9f/0x320
[ 41.567964][ T465] ? __unwind_start+0x708/0x890
[ 41.572666][ T465] ? __mutex_lock+0xcd7/0x1060
[ 41.577259][ T465] __kasan_report+0xf3/0x120
[ 41.581698][ T465] ? __mutex_lock+0xcd7/0x1060
[ 41.586302][ T465] kasan_report+0x30/0x60
[ 41.590528][ T465] __mutex_lock+0xcd7/0x1060
[ 41.594969][ T465] ? kobject_get_unless_zero+0x229/0x320
[ 41.600560][ T465] ? __ww_mutex_lock_interruptible_slowpath+0x10/0x10
[ 41.607142][ T465] ? __module_put_and_exit+0x20/0x20
[ 41.612345][ T465] ? up_read+0x6f/0x1b0
[ 41.616335][ T465] mutex_lock_killable+0xd8/0x110
[ 41.621465][ T465] ? __mutex_lock_interruptible_slowpath+0x10/0x10
[ 41.627792][ T465] ? mutex_lock+0xa5/0x110
[ 41.632038][ T465] ? mutex_trylock+0xa0/0xa0
[ 41.636477][ T465] lo_open+0x18/0xc0
[ 41.640215][ T465] __blkdev_get+0x3c8/0x1160
[ 41.644629][ T465] ? blkdev_get+0x3a0/0x3a0
[ 41.648969][ T465] ? _raw_spin_unlock+0x49/0x60
[ 41.653831][ T465] blkdev_get+0x2de/0x3a0
[ 41.657998][ T465] ? blkdev_open+0x173/0x290
[ 41.662605][ T465] ? block_ioctl+0xe0/0xe0
[ 41.666854][ T465] do_dentry_open+0x964/0x1130
[ 41.671458][ T465] ? finish_open+0xd0/0xd0
[ 41.675703][ T465] ? security_inode_permission+0xad/0xf0
[ 41.681167][ T465] ? memcpy+0x38/0x50
[ 41.684991][ T465] path_openat+0x29bf/0x34b0
[ 41.689429][ T465] ? stack_trace_save+0x118/0x1c0
[ 41.694280][ T465] ? do_filp_open+0x450/0x450
[ 41.698801][ T465] ? do_sys_open+0x357/0x810
[ 41.703414][ T465] ? do_syscall_64+0xca/0x1c0
[ 41.707907][ T465] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 41.713836][ T465] do_filp_open+0x20b/0x450
[ 41.718163][ T465] ? vfs_tmpfile+0x2c0/0x2c0
[ 41.722594][ T465] ? _raw_spin_unlock+0x49/0x60
[ 41.727287][ T465] ? __alloc_fd+0x4c5/0x570
[ 41.731690][ T465] do_sys_open+0x39c/0x810
[ 41.735957][ T465] ? check_preemption_disabled+0x153/0x320
[ 41.741595][ T465] ? file_open_root+0x490/0x490
[ 41.746292][ T465] do_syscall_64+0xca/0x1c0
[ 41.750717][ T465] entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 41.756450][ T465] RIP: 0033:0x7fec3117e6d1
[ 41.760779][ T465] Code: 75 57 89 f0 25 00 00 41 00 3d 00 00 41 00 74 49 80 3d 7a 1e 1f 00 00 74 6d 89 da 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 93 00 00 00 48 8b 54 24 28 64 48 2b 14 25
[ 41.780406][ T465] RSP: 002b:00007ffc0a49dfd0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 41.788645][ T465] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fec3117e6d1
[ 41.796453][ T465] RDX: 0000000000000002 RSI: 00007ffc0a49e0e0 RDI: 00000000ffffff9c
[ 41.804283][ T465] RBP: 00007ffc0a49e0e0 R08: 000000000000000a R09: 00007ffc0a49dd97
[ 41.812078][ T465] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 41.819891][ T465] R13: 00007fec31369260 R14: 0000000000000003 R15: 00007ffc0a49e0e0
[ 41.827701][ T465]
[ 41.829871][ T465] Allocated by task 445:
[ 41.833960][ T465] __kasan_kmalloc+0x171/0x210
[ 41.838573][ T465] kmem_cache_alloc+0xd9/0x250
[ 41.843158][ T465] dup_task_struct+0x4f/0x600
[ 41.847673][ T465] copy_process+0x56d/0x3230
[ 41.852093][ T465] _do_fork+0x197/0x900
[ 41.856090][ T465] __x64_sys_clone3+0x2da/0x300
[ 41.860774][ T465] do_syscall_64+0xca/0x1c0
[ 41.865119][ T465] entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 41.870844][ T465]
[ 41.873009][ T465] Freed by task 17:
[ 41.876757][ T465] __kasan_slab_free+0x1b5/0x270
[ 41.881527][ T465] kmem_cache_free+0x10b/0x2c0
[ 41.886216][ T465] rcu_do_batch+0x492/0xa00
[ 41.890563][ T465] rcu_core+0x4c8/0xcb0
[ 41.894552][ T465] __do_softirq+0x23b/0x6b7
[ 41.898968][ T465]
[ 41.901145][ T465] The buggy address belongs to the object at ffff8881f045de80
[ 41.901145][ T465] which belongs to the cache task_struct of size 3904
[ 41.915206][ T465] The buggy address is located 56 bytes inside of
[ 41.915206][ T465] 3904-byte region [ffff8881f045de80, ffff8881f045edc0)
[ 41.928313][ T465] The buggy address belongs to the page:
[ 41.933798][ T465] page:ffffea0007c11600 refcount:1 mapcount:0 mapping:ffff8881f5cf0c80 index:0x0 compound_mapcount: 0
[ 41.944552][ T465] flags: 0x8000000000010200(slab|head)
[ 41.949847][ T465] raw: 8000000000010200 ffffea0007b7e200 0000000200000002 ffff8881f5cf0c80
[ 41.958278][ T465] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[ 41.966683][ T465] page dumped because: kasan: bad access detected
[ 41.972933][ T465] page_owner tracks the page as allocated
[ 41.978505][ T465] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC)
[ 41.993335][ T465] prep_new_page+0x18f/0x370
[ 41.997753][ T465] get_page_from_freelist+0x2d13/0x2d90
[ 42.003137][ T465] __alloc_pages_nodemask+0x393/0x840
[ 42.008354][ T465] alloc_slab_page+0x39/0x3c0
[ 42.012861][ T465] new_slab+0x97/0x440
[ 42.016770][ T465] ___slab_alloc+0x2fe/0x490
[ 42.021202][ T465] __slab_alloc+0x62/0xa0
[ 42.025408][ T465] kmem_cache_alloc+0x109/0x250
[ 42.030046][ T465] dup_task_struct+0x4f/0x600
[ 42.034561][ T465] copy_process+0x56d/0x3230
[ 42.039083][ T465] _do_fork+0x197/0x900
[ 42.043080][ T465] kernel_thread+0x16a/0x1d0
[ 42.047513][ T465] kthreadd+0x3b1/0x4f0
[ 42.051518][ T465] ret_from_fork+0x1f/0x30
[ 42.055752][ T465] page_owner free stack trace missing
[ 42.060943][ T465]
[ 42.063121][ T465] Memory state around the buggy address:
[ 42.068726][ T465] ffff8881f045dd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 42.076744][ T465] ffff8881f045de00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 42.084647][ T465] >ffff8881f045de80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 42.092639][ T465] ^
[ 42.098337][ T465] ffff8881f045df00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 42.106252][ T465] ffff8881f045df80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 42.114135][ T465] ==================================================================
[ 42.122217][ T465] Disabling lock debugging due to kernel taint