d { noatsecure } for pid=219 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 12.852194][ T24] audit: type=1400 audit(1730043626.929:63): avc: denied { write } for pid=219 comm="sh" path="pipe:[13789]" dev="pipefs" ino=13789 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 12.855382][ T24] audit: type=1400 audit(1730043626.929:64): avc: denied { rlimitinh } for pid=219 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 12.858070][ T24] audit: type=1400 audit(1730043626.929:65): avc: denied { siginh } for pid=219 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
Warning: Permanently added '10.128.1.117' (ED25519) to the list of known hosts.
[ 23.772333][ T24] audit: type=1400 audit(1730043637.849:66): avc: denied { execmem } for pid=284 comm="syz-executor372" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 23.775678][ T24] audit: type=1400 audit(1730043637.849:67): avc: denied { mounton } for pid=284 comm="syz-executor372" path="/syzcgroup/unified" dev="sda1" ino=1926 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 23.776683][ T284] cgroup: Unknown subsys name 'net'
[ 23.778945][ T24] audit: type=1400 audit(1730043637.849:68): avc: denied { mount } for pid=284 comm="syz-executor372" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 23.782657][ T24] audit: type=1400 audit(1730043637.859:69): avc: denied { unmount } for pid=284 comm="syz-executor372" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 23.782807][ T284] cgroup: Unknown subsys name 'devices'
[ 23.899021][ T284] cgroup: Unknown subsys name 'hugetlb'
[ 23.904410][ T284] cgroup: Unknown subsys name 'rlimit'
[ 24.089359][ T24] audit: type=1400 audit(1730043638.169:70): avc: denied { mounton } for pid=284 comm="syz-executor372" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 24.102055][ T286] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
Setting up swapspace version 1, size = 127995904 bytes
[ 24.114494][ T24] audit: type=1400 audit(1730043638.169:71): avc: denied { mount } for pid=284 comm="syz-executor372" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[ 24.146278][ T24] audit: type=1400 audit(1730043638.169:72): avc: denied { setattr } for pid=284 comm="syz-executor372" name="raw-gadget" dev="devtmpfs" ino=249 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 24.169703][ T24] audit: type=1400 audit(1730043638.199:73): avc: denied { relabelto } for pid=286 comm="mkswap" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 24.169815][ T284] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 24.194984][ T24] audit: type=1400 audit(1730043638.199:74): avc: denied { write } for pid=286 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 24.228951][ T24] audit: type=1400 audit(1730043638.229:75): avc: denied { read } for pid=284 comm="syz-executor372" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 24.258489][ T287] bridge0: port 1(bridge_slave_0) entered blocking state
[ 24.265341][ T287] bridge0: port 1(bridge_slave_0) entered disabled state
[ 24.272596][ T287] device bridge_slave_0 entered promiscuous mode
[ 24.279182][ T287] bridge0: port 2(bridge_slave_1) entered blocking state
[ 24.286010][ T287] bridge0: port 2(bridge_slave_1) entered disabled state
[ 24.293320][ T287] device bridge_slave_1 entered promiscuous mode
[ 24.322720][ T287] bridge0: port 2(bridge_slave_1) entered blocking state
[ 24.329572][ T287] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 24.336624][ T287] bridge0: port 1(bridge_slave_0) entered blocking state
[ 24.343483][ T287] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 24.359441][ T48] bridge0: port 1(bridge_slave_0) entered disabled state
[ 24.366442][ T48] bridge0: port 2(bridge_slave_1) entered disabled state
[ 24.373566][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 24.381292][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 24.389960][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 24.397912][ T48] bridge0: port 1(bridge_slave_0) entered blocking state
[ 24.404736][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 24.413146][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 24.421111][ T48] bridge0: port 2(bridge_slave_1) entered blocking state
[ 24.427949][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 24.438878][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 24.447633][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 24.459655][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 24.470206][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 24.478215][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 24.485499][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 24.493443][ T287] device veth0_vlan entered promiscuous mode
[ 24.502306][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 24.510933][ T287] device veth1_macvtap entered promiscuous mode
[ 24.519730][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 24.529183][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
executing program
[ 24.546750][ T287] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation
[ 24.564856][ T293] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[ 24.577980][ T293] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[ 24.588742][ T293] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002]
[ 24.596470][ T293] System zones: 1-12
[ 24.601225][ T293] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2806: Unable to expand inode 15. Delete some EAs or run e2fsck.
[ 24.614155][ T293] EXT4-fs (loop0): 1 truncate cleaned up
[ 24.619646][ T293] EXT4-fs (loop0): mounted filesystem without journal. Opts: nogrpid,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,quota,,errors=continue
[ 24.643295][ T293] ==================================================================
[ 24.651189][ T293] BUG: KASAN: use-after-free in ext4_search_dir+0xf7/0x1b0
[ 24.658199][ T293] Read of size 1 at addr ffff88810d4cb900 by task syz-executor372/293
[ 24.666179][ T293]
[ 24.668356][ T293] CPU: 1 PID: 293 Comm: syz-executor372 Not tainted 5.10.226-syzkaller #0
[ 24.676689][ T293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 24.686675][ T293] Call Trace:
[ 24.689800][ T293] dump_stack_lvl+0x1e2/0x24b
[ 24.694306][ T293] ? bfq_pos_tree_add_move+0x43b/0x43b
[ 24.699602][ T293] ? panic+0x812/0x812
[ 24.703503][ T293] print_address_description+0x81/0x3b0
[ 24.708893][ T293] kasan_report+0x179/0x1c0
[ 24.713235][ T293] ? ext4_search_dir+0xf7/0x1b0
[ 24.717936][ T293] ? ext4_search_dir+0xf7/0x1b0
[ 24.722599][ T293] __asan_report_load1_noabort+0x14/0x20
[ 24.728070][ T293] ext4_search_dir+0xf7/0x1b0
[ 24.732666][ T293] ext4_find_inline_entry+0x4b6/0x5e0
[ 24.737874][ T293] ? __kasan_check_write+0x14/0x20
[ 24.742824][ T293] ? ext4_try_create_inline_dir+0x320/0x320
[ 24.748556][ T293] ? stack_trace_save+0x113/0x1c0
[ 24.753674][ T293] __ext4_find_entry+0x2b0/0x1990
[ 24.758542][ T293] ? __kasan_slab_alloc+0xc3/0xe0
[ 24.763397][ T293] ? __kasan_slab_alloc+0xb1/0xe0
[ 24.768257][ T293] ? __d_alloc+0x2d/0x6c0
[ 24.772419][ T293] ? d_alloc+0x4b/0x1d0
[ 24.776412][ T293] ? __lookup_hash+0xe7/0x290
[ 24.781098][ T293] ? do_syscall_64+0x34/0x70
[ 24.785526][ T293] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 24.791877][ T293] ? ext4_ci_compare+0x660/0x660
[ 24.796728][ T293] ? generic_set_encrypted_ci_d_ops+0x91/0xf0
[ 24.802627][ T293] ext4_lookup+0x3c6/0xaa0
[ 24.806878][ T293] ? ext4_add_entry+0x1280/0x1280
[ 24.811769][ T293] ? __kasan_check_write+0x14/0x20
[ 24.816694][ T293] ? _raw_spin_lock+0xa4/0x1b0
[ 24.821394][ T293] ? __d_alloc+0x4dd/0x6c0
[ 24.825630][ T293] ? _raw_spin_unlock+0x4d/0x70
[ 24.830318][ T293] ? d_alloc+0x199/0x1d0
[ 24.834406][ T293] __lookup_hash+0x143/0x290
[ 24.838826][ T293] filename_create+0x202/0x750
[ 24.843432][ T293] ? __check_object_size+0x2e6/0x3c0
[ 24.848547][ T293] ? kern_path_create+0x40/0x40
[ 24.853226][ T293] do_mknodat+0x187/0x450
[ 24.857417][ T293] ? may_open+0x3f0/0x3f0
[ 24.861574][ T293] ? debug_smp_processor_id+0x17/0x20
[ 24.866944][ T293] __x64_sys_mknod+0x80/0x90
[ 24.871392][ T293] do_syscall_64+0x34/0x70
[ 24.875713][ T293] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 24.881651][ T293] RIP: 0033:0x7f1b23f9d119
[ 24.885893][ T293] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 1f 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 24.905334][ T293] RSP: 002b:00007fffcb015fc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000085
[ 24.913577][ T293] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f1b23f9d119
[ 24.921389][ T293] RDX: 0000000000000701 RSI: 0000000000000000 RDI: 0000000020000000
[ 24.929203][ T293] RBP: 00007f1b24013488 R08: 0000000000001501 R09: 00007fffcb016050
[ 24.937124][ T293] R10: 0000000000001505 R11: 0000000000000246 R12: 00007fffcb016050
[ 24.945624][ T293] R13: 00007fffcb016010 R14: 0000000000000003 R15: 0000000000000000
[ 24.953444][ T293]
[ 24.955604][ T293] Allocated by task 133:
[ 24.959694][ T293] __kasan_slab_alloc+0xb1/0xe0
[ 24.964371][ T293] slab_post_alloc_hook+0x61/0x2f0
[ 24.969333][ T293] kmem_cache_alloc+0x168/0x2e0
[ 24.974004][ T293] __alloc_skb+0x80/0x510
[ 24.978167][ T293] alloc_skb_with_frags+0xa1/0x570
[ 24.983128][ T293] sock_alloc_send_pskb+0x915/0xa50
[ 24.988153][ T293] unix_dgram_sendmsg+0x700/0x1f90
[ 24.993096][ T293] sock_write_iter+0x39b/0x530
[ 24.997697][ T293] do_iter_readv_writev+0x58e/0x790
[ 25.002730][ T293] do_iter_write+0x183/0x640
[ 25.007157][ T293] vfs_writev+0x26e/0x510
[ 25.011328][ T293] do_writev+0x1aa/0x340
[ 25.015403][ T293] __x64_sys_writev+0x7d/0x90
[ 25.019919][ T293] do_syscall_64+0x34/0x70
[ 25.024170][ T293] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 25.029984][ T293]
[ 25.032150][ T293] Freed by task 132:
[ 25.035886][ T293] kasan_set_track+0x4b/0x70
[ 25.040318][ T293] kasan_set_free_info+0x23/0x40
[ 25.045088][ T293] ____kasan_slab_free+0x121/0x160
[ 25.050035][ T293] __kasan_slab_free+0x11/0x20
[ 25.054645][ T293] slab_free_freelist_hook+0xc0/0x190
[ 25.059849][ T293] kmem_cache_free+0xa9/0x1e0
[ 25.064356][ T293] kfree_skbmem+0x104/0x170
[ 25.068695][ T293] consume_skb+0xb4/0x250
[ 25.072864][ T293] skb_free_datagram+0x28/0xe0
[ 25.077464][ T293] unix_dgram_recvmsg+0xc97/0x1240
[ 25.082421][ T293] sock_read_iter+0x353/0x480
[ 25.086925][ T293] do_iter_readv_writev+0x58e/0x790
[ 25.091959][ T293] do_iter_read+0x177/0x650
[ 25.096301][ T293] do_readv+0x268/0x460
[ 25.100299][ T293] __x64_sys_readv+0x7d/0x90
[ 25.105500][ T293] do_syscall_64+0x34/0x70
[ 25.109760][ T293] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 25.115475][ T293]
[ 25.117646][ T293] The buggy address belongs to the object at ffff88810d4cb8c0
[ 25.117646][ T293] which belongs to the cache skbuff_head_cache of size 248
[ 25.132145][ T293] The buggy address is located 64 bytes inside of
[ 25.132145][ T293] 248-byte region [ffff88810d4cb8c0, ffff88810d4cb9b8)
[ 25.145160][ T293] The buggy address belongs to the page:
[ 25.150654][ T293] page:ffffea00043532c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10d4cb
[ 25.160818][ T293] flags: 0x4000000000000200(slab)
[ 25.165657][ T293] raw: 4000000000000200 dead000000000100 dead000000000122 ffff888107d9cf00
[ 25.174077][ T293] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 25.182575][ T293] page dumped because: kasan: bad access detected
[ 25.188828][ T293] page_owner tracks the page as allocated
[ 25.194379][ T293] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY), pid 133, ts 5135146807, free_ts 5125660724
[ 25.210003][ T293] prep_new_page+0x166/0x180
[ 25.214426][ T293] get_page_from_freelist+0x2d8c/0x2f30
[ 25.220015][ T293] __alloc_pages_nodemask+0x435/0xaf0
[ 25.225209][ T293] new_slab+0x80/0x400
[ 25.229116][ T293] ___slab_alloc+0x302/0x4b0
[ 25.233539][ T293] __slab_alloc+0x63/0xa0
[ 25.237708][ T293] kmem_cache_alloc+0x1b9/0x2e0
[ 25.242393][ T293] __alloc_skb+0x80/0x510
[ 25.246657][ T293] inet6_rt_notify+0x2db/0x550
[ 25.251361][ T293] fib6_add+0x233e/0x3d20
[ 25.255514][ T293] ip6_route_add+0x8a/0x130
[ 25.259859][ T293] addrconf_add_dev+0x415/0x610
[ 25.264552][ T293] addrconf_dev_config+0x231/0x5a0
[ 25.269498][ T293] addrconf_notify+0x8c5/0xe90
[ 25.274091][ T293] raw_notifier_call_chain+0x8c/0xf0
[ 25.279212][ T293] __dev_notify_flags+0x304/0x610
[ 25.284068][ T293] page last free stack trace:
[ 25.288596][ T293] free_unref_page_prepare+0x2ae/0x2d0
[ 25.293893][ T293] free_the_page+0x9e/0x370
[ 25.298225][ T293] __free_pages+0x67/0xc0
[ 25.302380][ T293] free_pages+0x7c/0x90
[ 25.306376][ T293] pgd_free+0x17d/0x190
[ 25.310369][ T293] __mmdrop+0xb0/0x490
[ 25.314279][ T293] finish_task_switch+0x1e6/0x5a0
[ 25.319136][ T293] __schedule+0xbee/0x1330
[ 25.323384][ T293] preempt_schedule_irq+0xc7/0x140
[ 25.328347][ T293] irqentry_exit+0x4f/0x60
[ 25.332602][ T293] sysvec_reschedule_ipi+0x83/0x160
[ 25.337619][ T293] asm_sysvec_reschedule_ipi+0x12/0x20
[ 25.342910][ T293]
[ 25.345077][ T293] Memory state around the buggy address:
[ 25.350550][ T293] ffff88810d4cb800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 25.358452][ T293] ffff88810d4cb880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 25.366422][ T293] >ffff88810d4cb900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 25.374279][ T293] ^
[ 25.378162][ T293] ffff88810d4cb980: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 25.386067][ T293] ffff88810d4cba00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 25.394040][ T293] ==================================================================
[ 25.401948][ T293] Disabling lock debugging due to kernel taint
[ 25.411082][ T293] EXT4-fs error (device loop0): ext4_find_dest_de:2077: inode #12: block 7: comm syz-executor372: bad entry in directory: directory entry overrun - offset=0, inode=1793120026, rec_len=34652, size=56 fake=0
[ 25.441317][ T287] EXT4-fs error (device loop0): ext4_lookup:1828: inode #11: comm syz-executor372: iget: bad