Warning: Permanently added '10.128.0.15' (ED25519) to the list of known hosts.
2025/02/21 00:16:19 ignoring optional flag "sandboxArg"="0"
2025/02/21 00:16:19 parsed 1 programs
[   24.533771][   T23] audit: type=1400 audit(1740096979.939:66): avc:  denied  { node_bind } for  pid=350 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   25.034592][   T23] audit: type=1400 audit(1740096980.439:67): avc:  denied  { mounton } for  pid=359 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1926 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   25.036113][  T359] cgroup1: Unknown subsys name 'net'
[   25.057035][   T23] audit: type=1400 audit(1740096980.439:68): avc:  denied  { mount } for  pid=359 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   25.062295][  T359] cgroup1: Unknown subsys name 'net_prio'
[   25.089791][  T359] cgroup1: Unknown subsys name 'devices'
[   25.095255][   T23] audit: type=1400 audit(1740096980.509:69): avc:  denied  { read } for  pid=146 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[   25.117304][   T23] audit: type=1400 audit(1740096980.539:70): avc:  denied  { unmount } for  pid=359 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   25.258753][  T359] cgroup1: Unknown subsys name 'hugetlb'
[   25.264344][  T359] cgroup1: Unknown subsys name 'rlimit'
[   25.495340][   T23] audit: type=1400 audit(1740096980.899:71): avc:  denied  { setattr } for  pid=359 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=9592 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   25.518380][   T23] audit: type=1400 audit(1740096980.899:72): avc:  denied  { create } for  pid=359 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   25.538506][   T23] audit: type=1400 audit(1740096980.899:73): avc:  denied  { write } for  pid=359 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   25.556129][  T363] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   25.558537][   T23] audit: type=1400 audit(1740096980.899:74): avc:  denied  { read } for  pid=359 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   25.586920][   T23] audit: type=1400 audit(1740096980.909:75): avc:  denied  { module_request } for  pid=359 comm="syz-executor" kmod="netdev-wpan0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[   25.638419][  T359] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   25.993108][  T365] request_module fs-gadgetfs succeeded, but still no fs?
[   26.167568][  T374] syz-executor (374) used greatest stack depth: 20088 bytes left
[   26.638952][  T408] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.645798][  T408] bridge0: port 1(bridge_slave_0) entered disabled state
[   26.653253][  T408] device bridge_slave_0 entered promiscuous mode
[   26.660639][  T408] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.667511][  T408] bridge0: port 2(bridge_slave_1) entered disabled state
[   26.674726][  T408] device bridge_slave_1 entered promiscuous mode
[   26.713360][  T408] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.720199][  T408] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.727341][  T408] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.734076][  T408] bridge0: port 1(bridge_slave_0) entered forwarding state
[   26.753905][  T385] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   26.761303][  T385] bridge0: port 1(bridge_slave_0) entered disabled state
[   26.768315][  T385] bridge0: port 2(bridge_slave_1) entered disabled state
[   26.777313][  T385] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   26.785471][  T385] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.792296][  T385] bridge0: port 1(bridge_slave_0) entered forwarding state
[   26.801150][  T385] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   26.809496][  T385] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.816368][  T385] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.829168][  T385] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   26.838322][  T385] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   26.853968][  T385] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   26.864939][  T385] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   26.878007][  T385] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   26.892198][  T385] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   26.902191][  T385] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   26.939683][  T408] syz-executor (408) used greatest stack depth: 18552 bytes left
2025/02/21 00:16:22 executed programs: 0
[   27.224365][  T433] bridge0: port 1(bridge_slave_0) entered blocking state
[   27.231226][  T433] bridge0: port 1(bridge_slave_0) entered disabled state
[   27.239229][  T433] device bridge_slave_0 entered promiscuous mode
[   27.248310][  T433] bridge0: port 2(bridge_slave_1) entered blocking state
[   27.255468][  T433] bridge0: port 2(bridge_slave_1) entered disabled state
[   27.262845][  T433] device bridge_slave_1 entered promiscuous mode
[   27.307571][  T433] bridge0: port 2(bridge_slave_1) entered blocking state
[   27.314400][  T433] bridge0: port 2(bridge_slave_1) entered forwarding state
[   27.321539][  T433] bridge0: port 1(bridge_slave_0) entered blocking state
[   27.328296][  T433] bridge0: port 1(bridge_slave_0) entered forwarding state
[   27.357613][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   27.365296][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[   27.373061][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[   27.389470][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   27.397538][    T7] bridge0: port 1(bridge_slave_0) entered blocking state
[   27.404349][    T7] bridge0: port 1(bridge_slave_0) entered forwarding state
[   27.412109][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   27.420768][    T7] bridge0: port 2(bridge_slave_1) entered blocking state
[   27.427604][    T7] bridge0: port 2(bridge_slave_1) entered forwarding state
[   27.443075][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   27.450836][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   27.467117][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   27.479659][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   27.493235][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   27.505010][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   27.515256][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   28.158712][  T103] device bridge_slave_1 left promiscuous mode
[   28.164681][  T103] bridge0: port 2(bridge_slave_1) entered disabled state
[   28.171844][  T103] device bridge_slave_0 left promiscuous mode
[   28.177802][  T103] bridge0: port 1(bridge_slave_0) entered disabled state
[   42.592061][  T472] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.598945][  T472] bridge0: port 1(bridge_slave_0) entered disabled state
[   42.606059][  T472] device bridge_slave_0 entered promiscuous mode
[   42.612923][  T472] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.619774][  T472] bridge0: port 2(bridge_slave_1) entered disabled state
[   42.627235][  T472] device bridge_slave_1 entered promiscuous mode
[   42.665895][  T472] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.672742][  T472] bridge0: port 2(bridge_slave_1) entered forwarding state
[   42.679860][  T472] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.686620][  T472] bridge0: port 1(bridge_slave_0) entered forwarding state
[   42.706101][  T103] bridge0: port 1(bridge_slave_0) entered disabled state
[   42.713141][  T103] bridge0: port 2(bridge_slave_1) entered disabled state
[   42.720454][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   42.728408][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   42.737387][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   42.745376][  T103] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.752206][  T103] bridge0: port 1(bridge_slave_0) entered forwarding state
[   42.761649][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   42.769693][  T103] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.776520][  T103] bridge0: port 2(bridge_slave_1) entered forwarding state
[   42.789070][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   42.798197][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   42.813358][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   42.824361][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   42.837721][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   42.850208][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
2025/02/21 00:16:38 executed programs: 3
[   42.860051][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   42.881154][  T472] ==================================================================
[   42.889038][  T472] BUG: KASAN: use-after-free in __mutex_lock+0xcd7/0x1060
[   42.895961][  T472] Read of size 4 at addr ffff8881ea69af78 by task syz-executor/472
[   42.903680][  T472] 
[   42.905863][  T472] CPU: 0 PID: 472 Comm: syz-executor Not tainted 5.4.289-syzkaller-00011-g39762b7a60e9 #0
[   42.915577][  T472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   42.925471][  T472] Call Trace:
[   42.928600][  T472]  dump_stack+0x1d8/0x241
[   42.932760][  T472]  ? nf_ct_l4proto_log_invalid+0x258/0x258
[   42.938401][  T472]  ? printk+0xd1/0x111
[   42.942308][  T472]  ? __mutex_lock+0xcd7/0x1060
[   42.946908][  T472]  print_address_description+0x8c/0x600
[   42.952291][  T472]  ? check_preemption_disabled+0x9f/0x320
[   42.957845][  T472]  ? __unwind_start+0x708/0x890
[   42.962529][  T472]  ? __mutex_lock+0xcd7/0x1060
[   42.967135][  T472]  __kasan_report+0xf3/0x120
[   42.971561][  T472]  ? __mutex_lock+0xcd7/0x1060
[   42.976156][  T472]  kasan_report+0x30/0x60
[   42.980327][  T472]  __mutex_lock+0xcd7/0x1060
[   42.984750][  T472]  ? kobject_get_unless_zero+0x229/0x320
[   42.990223][  T472]  ? __ww_mutex_lock_interruptible_slowpath+0x10/0x10
[   42.996814][  T472]  ? __module_put_and_exit+0x20/0x20
[   43.001938][  T472]  ? up_read+0x6f/0x1b0
[   43.005928][  T472]  mutex_lock_killable+0xd8/0x110
[   43.010790][  T472]  ? __mutex_lock_interruptible_slowpath+0x10/0x10
[   43.017123][  T472]  ? mutex_lock+0xa5/0x110
[   43.021372][  T472]  ? mutex_trylock+0xa0/0xa0
[   43.025804][  T472]  lo_open+0x18/0xc0
[   43.029534][  T472]  __blkdev_get+0x3c8/0x1160
[   43.033964][  T472]  ? blkdev_get+0x3a0/0x3a0
[   43.038304][  T472]  ? _raw_spin_unlock+0x49/0x60
[   43.042985][  T472]  blkdev_get+0x2de/0x3a0
[   43.047152][  T472]  ? blkdev_open+0x173/0x290
[   43.051579][  T472]  ? block_ioctl+0xe0/0xe0
[   43.055830][  T472]  do_dentry_open+0x964/0x1130
[   43.060436][  T472]  ? finish_open+0xd0/0xd0
[   43.064685][  T472]  ? security_inode_permission+0xad/0xf0
[   43.070156][  T472]  ? memcpy+0x38/0x50
[   43.073972][  T472]  path_openat+0x29bf/0x34b0
[   43.078399][  T472]  ? stack_trace_save+0x118/0x1c0
[   43.083259][  T472]  ? do_filp_open+0x450/0x450
[   43.087770][  T472]  ? do_sys_open+0x357/0x810
[   43.092197][  T472]  ? do_syscall_64+0xca/0x1c0
[   43.096714][  T472]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   43.102613][  T472]  do_filp_open+0x20b/0x450
[   43.106955][  T472]  ? vfs_tmpfile+0x2c0/0x2c0
[   43.111381][  T472]  ? _raw_spin_unlock+0x49/0x60
[   43.116067][  T472]  ? __alloc_fd+0x4c5/0x570
[   43.120404][  T472]  do_sys_open+0x39c/0x810
[   43.124659][  T472]  ? check_preemption_disabled+0x153/0x320
[   43.130297][  T472]  ? file_open_root+0x490/0x490
[   43.134989][  T472]  do_syscall_64+0xca/0x1c0
[   43.139328][  T472]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   43.145064][  T472] RIP: 0033:0x7f9493f70991
[   43.149308][  T472] Code: 75 57 89 f0 25 00 00 41 00 3d 00 00 41 00 74 49 80 3d ba 1b 1f 00 00 74 6d 89 da 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 93 00 00 00 48 8b 54 24 28 64 48 2b 14 25
[   43.168837][  T472] RSP: 002b:00007ffef6371d90 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[   43.177080][  T472] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f9493f70991
[   43.184887][  T472] RDX: 0000000000000002 RSI: 00007ffef6371ea0 RDI: 00000000ffffff9c
[   43.192700][  T472] RBP: 00007ffef6371ea0 R08: 000000000000000a R09: 00007ffef6371b57
[   43.200513][  T472] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[   43.208322][  T472] R13: 00007f949415b260 R14: 0000000000000003 R15: 00007ffef6371ea0
[   43.216135][  T472] 
[   43.218303][  T472] Allocated by task 446:
[   43.222390][  T472]  __kasan_kmalloc+0x171/0x210
[   43.226988][  T472]  kmem_cache_alloc+0xd9/0x250
[   43.231585][  T472]  dup_task_struct+0x4f/0x600
[   43.236207][  T472]  copy_process+0x56d/0x3230
[   43.240649][  T472]  _do_fork+0x197/0x900
[   43.244633][  T472]  __x64_sys_clone3+0x2da/0x300
[   43.249317][  T472]  do_syscall_64+0xca/0x1c0
[   43.253654][  T472]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   43.259386][  T472] 
[   43.261548][  T472] Freed by task 10:
[   43.265199][  T472]  __kasan_slab_free+0x1b5/0x270
[   43.269971][  T472]  kmem_cache_free+0x10b/0x2c0
[   43.274570][  T472]  rcu_do_batch+0x492/0xa00
[   43.278909][  T472]  rcu_core+0x4c8/0xcb0
[   43.282909][  T472]  __do_softirq+0x23b/0x6b7
[   43.287237][  T472] 
[   43.289411][  T472] The buggy address belongs to the object at ffff8881ea69af40
[   43.289411][  T472]  which belongs to the cache task_struct of size 3904
[   43.303386][  T472] The buggy address is located 56 bytes inside of
[   43.303386][  T472]  3904-byte region [ffff8881ea69af40, ffff8881ea69be80)
[   43.316487][  T472] The buggy address belongs to the page:
[   43.321962][  T472] page:ffffea0007a9a600 refcount:1 mapcount:0 mapping:ffff8881f5cf1900 index:0x0 compound_mapcount: 0
[   43.332725][  T472] flags: 0x8000000000010200(slab|head)
[   43.338017][  T472] raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881f5cf1900
[   43.346436][  T472] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[   43.354849][  T472] page dumped because: kasan: bad access detected
[   43.361104][  T472] page_owner tracks the page as allocated
[   43.366656][  T472] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL)
[   43.382890][  T472]  prep_new_page+0x18f/0x370
[   43.387344][  T472]  get_page_from_freelist+0x2d13/0x2d90
[   43.393474][  T472]  __alloc_pages_nodemask+0x393/0x840
[   43.398684][  T472]  alloc_slab_page+0x39/0x3c0
[   43.403195][  T472]  new_slab+0x97/0x440
[   43.407126][  T472]  ___slab_alloc+0x2fe/0x490
[   43.411526][  T472]  __slab_alloc+0x62/0xa0
[   43.415692][  T472]  kmem_cache_alloc+0x109/0x250
[   43.420384][  T472]  dup_task_struct+0x4f/0x600
[   43.424892][  T472]  copy_process+0x56d/0x3230
[   43.429320][  T472]  _do_fork+0x197/0x900
[   43.433310][  T472]  kernel_thread+0x16a/0x1d0
[   43.437737][  T472]  kthreadd+0x3b1/0x4f0
[   43.441729][  T472]  ret_from_fork+0x1f/0x30
[   43.445978][  T472] page last free stack trace:
[   43.450498][  T472]  __free_pages_ok+0x847/0x950
[   43.455097][  T472]  __free_pages+0x91/0x140
[   43.459349][  T472]  __free_slab+0x221/0x2e0
[   43.463601][  T472]  unfreeze_partials+0x14e/0x180
[   43.468377][  T472]  put_cpu_partial+0x44/0x180
[   43.472887][  T472]  __slab_free+0x297/0x360
[   43.477146][  T472]  qlist_free_all+0x43/0xb0
[   43.481479][  T472]  quarantine_reduce+0x1d9/0x210
[   43.486253][  T472]  __kasan_kmalloc+0x41/0x210
[   43.490767][  T472]  __kmalloc+0x105/0x2e0
[   43.494858][  T472]  kvmalloc_node+0x7e/0xf0
[   43.499102][  T472]  __nf_hook_entries_try_shrink+0x330/0x750
[   43.504832][  T472]  __nf_unregister_net_hook+0x41c/0x5d0
[   43.510209][  T472]  nf_unregister_net_hooks+0x91/0xe0
[   43.515330][  T472]  ip6t_unregister_table+0x5d/0x210
[   43.520364][  T472]  ip6table_raw_net_exit+0x58/0x80
[   43.525308][  T472] 
[   43.527477][  T472] Memory state around the buggy address:
[   43.532947][  T472]  ffff8881ea69ae00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   43.540845][  T472]  ffff8881ea69ae80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   43.548754][  T472] >ffff8881ea69af00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   43.556640][  T472]                                                                 ^
[   43.564460][  T472]  ffff8881ea69af80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   43.572351][  T472]  ffff8881ea69b000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   43.580249][  T472] ==================================================================
[   43.588148][  T472] Disabling lock debugging due to kernel taint