Warning: Permanently added '10.128.1.147' (ED25519) to the list of known hosts.
2024/02/28 03:07:58 ignoring optional flag "sandboxArg"="0"
2024/02/28 03:07:58 parsed 1 programs
2024/02/28 03:07:58 executed programs: 0
[   42.932794][   T23] kauditd_printk_skb: 69 callbacks suppressed
[   42.932804][   T23] audit: type=1400 audit(1709089678.930:145): avc:  denied  { mounton } for  pid=402 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   42.966882][   T23] audit: type=1400 audit(1709089678.970:146): avc:  denied  { mount } for  pid=402 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   43.040987][  T407] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.048425][  T407] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.056098][  T407] device bridge_slave_0 entered promiscuous mode
[   43.063047][  T407] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.070153][  T407] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.077780][  T407] device bridge_slave_1 entered promiscuous mode
[   43.128450][   T23] audit: type=1400 audit(1709089679.120:147): avc:  denied  { create } for  pid=407 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   43.137757][  T407] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.149721][   T23] audit: type=1400 audit(1709089679.120:148): avc:  denied  { write } for  pid=407 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   43.156680][  T407] bridge0: port 2(bridge_slave_1) entered forwarding state
[   43.156827][  T407] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.178201][   T23] audit: type=1400 audit(1709089679.120:149): avc:  denied  { read } for  pid=407 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   43.184640][  T407] bridge0: port 1(bridge_slave_0) entered forwarding state
[   43.223216][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.230508][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.238450][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   43.247263][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   43.262798][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   43.271529][  T107] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.279114][  T107] bridge0: port 1(bridge_slave_0) entered forwarding state
[   43.287254][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   43.296131][  T107] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.303437][  T107] bridge0: port 2(bridge_slave_1) entered forwarding state
[   43.322761][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   43.331042][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   43.343054][  T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   43.361872][  T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   43.369636][  T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   43.386812][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   43.396024][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   43.409875][   T23] audit: type=1400 audit(1709089679.400:150): avc:  denied  { mounton } for  pid=407 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=842 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[   66.552128][   T74] cfg80211: failed to load regulatory.db
2024/02/28 03:08:54 executed programs: 1
[   99.501852][  T473] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.508717][  T473] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.516203][  T473] device bridge_slave_0 entered promiscuous mode
[   99.523331][  T473] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.531037][  T473] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.543165][  T473] device bridge_slave_1 entered promiscuous mode
[   99.597269][  T473] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.604958][  T473] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.612181][  T473] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.619366][  T473] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.644641][  T362] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.653245][  T362] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.661018][  T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   99.669146][  T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   99.680061][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   99.688586][   T74] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.697574][   T74] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.712472][  T362] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   99.720692][  T362] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.728774][  T362] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.743194][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   99.754484][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   99.775083][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   99.792234][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   99.812990][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   99.822491][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   99.833186][  T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   99.855838][  T473] ==================================================================
[   99.864596][  T473] BUG: KASAN: use-after-free in __mutex_lock+0xcd7/0x1060
[   99.872140][  T473] Read of size 4 at addr ffff8881f37c5eb8 by task syz-executor.0/473
[   99.881044][  T473] 
[   99.883356][  T473] CPU: 1 PID: 473 Comm: syz-executor.0 Not tainted 5.4.265-syzkaller-04844-g50cb39f34248 #0
[   99.894116][  T473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   99.904241][  T473] Call Trace:
[   99.907463][  T473]  dump_stack+0x1d8/0x241
[   99.911640][  T473]  ? nf_ct_l4proto_log_invalid+0x258/0x258
[   99.917257][  T473]  ? printk+0xd1/0x111
[   99.921344][  T473]  ? __mutex_lock+0xcd7/0x1060
[   99.926051][  T473]  print_address_description+0x8c/0x600
[   99.931441][  T473]  ? __unwind_start+0x708/0x890
[   99.936564][  T473]  ? __mutex_lock+0xcd7/0x1060
[   99.941801][  T473]  __kasan_report+0xf3/0x120
[   99.946187][  T473]  ? __mutex_lock+0xcd7/0x1060
[   99.950885][  T473]  kasan_report+0x30/0x60
[   99.955352][  T473]  __mutex_lock+0xcd7/0x1060
[   99.959962][  T473]  ? kobject_get_unless_zero+0x229/0x320
[   99.965774][  T473]  ? __ww_mutex_lock_interruptible_slowpath+0x10/0x10
[   99.972483][  T473]  ? __module_put_and_exit+0x20/0x20
[   99.977909][  T473]  ? up_read+0x6f/0x1b0
[   99.982192][  T473]  mutex_lock_killable+0xd8/0x110
[   99.987308][  T473]  ? __mutex_lock_interruptible_slowpath+0x10/0x10
[   99.993629][  T473]  ? mutex_lock+0xa5/0x110
[   99.997896][  T473]  ? mutex_trylock+0xa0/0xa0
[  100.002475][  T473]  lo_open+0x18/0xc0
[  100.006396][  T473]  __blkdev_get+0x3c8/0x1160
[  100.010767][  T473]  ? blkdev_get+0x3a0/0x3a0
[  100.015439][  T473]  ? _raw_spin_unlock+0x49/0x60
[  100.020135][  T473]  blkdev_get+0x2de/0x3a0
[  100.024368][  T473]  ? blkdev_open+0x173/0x290
[  100.028787][  T473]  ? block_ioctl+0xe0/0xe0
[  100.033044][  T473]  do_dentry_open+0x964/0x1130
[  100.037804][  T473]  ? finish_open+0xd0/0xd0
[  100.042033][  T473]  ? security_inode_permission+0xad/0xf0
[  100.047506][  T473]  ? memcpy+0x38/0x50
[  100.051354][  T473]  path_openat+0x2992/0x3480
[  100.055736][  T473]  ? do_filp_open+0x450/0x450
[  100.060239][  T473]  ? do_sys_open+0x357/0x810
[  100.064770][  T473]  ? do_syscall_64+0xca/0x1c0
[  100.069267][  T473]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  100.075354][  T473]  do_filp_open+0x20b/0x450
[  100.079851][  T473]  ? vfs_tmpfile+0x280/0x280
[  100.084766][  T473]  ? _raw_spin_unlock+0x49/0x60
[  100.089689][  T473]  ? __alloc_fd+0x4c1/0x560
[  100.094031][  T473]  do_sys_open+0x39c/0x810
[  100.098539][  T473]  ? check_preemption_disabled+0x153/0x320
[  100.104703][  T473]  ? file_open_root+0x490/0x490
[  100.109651][  T473]  do_syscall_64+0xca/0x1c0
[  100.114727][  T473]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  100.120427][  T473] 
[  100.122944][  T473] Allocated by task 412:
[  100.127162][  T473]  __kasan_kmalloc+0x171/0x210
[  100.132067][  T473]  kmem_cache_alloc+0xd9/0x250
[  100.136655][  T473]  dup_task_struct+0x4f/0x600
[  100.141770][  T473]  copy_process+0x56d/0x3230
[  100.146736][  T473]  _do_fork+0x197/0x900
[  100.150813][  T473]  __x64_sys_clone3+0x2da/0x300
[  100.155589][  T473]  do_syscall_64+0xca/0x1c0
[  100.160065][  T473]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  100.165935][  T473] 
[  100.168116][  T473] Freed by task 17:
[  100.171777][  T473]  __kasan_slab_free+0x1b5/0x270
[  100.176529][  T473]  kmem_cache_free+0x10b/0x2c0
[  100.181143][  T473]  rcu_do_batch+0x492/0xa00
[  100.185745][  T473]  rcu_core+0x4c8/0xcb0
[  100.189929][  T473]  __do_softirq+0x23b/0x6b7
[  100.194461][  T473] 
[  100.196715][  T473] The buggy address belongs to the object at ffff8881f37c5e80
[  100.196715][  T473]  which belongs to the cache task_struct of size 3904
[  100.211408][  T473] The buggy address is located 56 bytes inside of
[  100.211408][  T473]  3904-byte region [ffff8881f37c5e80, ffff8881f37c6dc0)
[  100.225009][  T473] The buggy address belongs to the page:
[  100.230564][  T473] page:ffffea0007cdf000 refcount:1 mapcount:0 mapping:ffff8881f5cf8500 index:0x0 compound_mapcount: 0
[  100.242298][  T473] flags: 0x8000000000010200(slab|head)
[  100.247944][  T473] raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881f5cf8500
[  100.256730][  T473] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[  100.265228][  T473] page dumped because: kasan: bad access detected
[  100.271679][  T473] page_owner tracks the page as allocated
[  100.277867][  T473] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC)
[  100.293077][  T473]  prep_new_page+0x18f/0x370
[  100.297770][  T473]  get_page_from_freelist+0x2d13/0x2d90
[  100.303447][  T473]  __alloc_pages_nodemask+0x393/0x840
[  100.309371][  T473]  alloc_slab_page+0x39/0x3c0
[  100.313863][  T473]  new_slab+0x97/0x440
[  100.318026][  T473]  ___slab_alloc+0x2fe/0x490
[  100.322705][  T473]  __slab_alloc+0x62/0xa0
[  100.327018][  T473]  kmem_cache_alloc+0x109/0x250
[  100.331682][  T473]  dup_task_struct+0x4f/0x600
[  100.336616][  T473]  copy_process+0x56d/0x3230
[  100.341361][  T473]  _do_fork+0x197/0x900
[  100.345332][  T473]  kernel_thread+0x16a/0x1d0
[  100.349847][  T473]  kthreadd+0x3b1/0x4f0
[  100.354123][  T473]  ret_from_fork+0x1f/0x30
[  100.358372][  T473] page last free stack trace:
[  100.362929][  T473]  __free_pages_ok+0x847/0x950
[  100.367790][  T473]  __free_pages+0x91/0x140
[  100.371982][  T473]  put_task_stack+0x212/0x260
[  100.376817][  T473]  finish_task_switch+0x24a/0x590
[  100.381853][  T473]  __schedule+0xb0d/0x1320
[  100.386540][  T473]  schedule_idle+0x50/0x80
[  100.390775][  T473]  do_idle+0x609/0x660
[  100.394889][  T473]  cpu_startup_entry+0x14/0x20
[  100.399718][  T473]  start_secondary+0x3a5/0x460
[  100.405020][  T473]  secondary_startup_64+0xa4/0xb0
[  100.409956][  T473] 
[  100.412202][  T473] Memory state around the buggy address:
[  100.417701][  T473]  ffff8881f37c5d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  100.426319][  T473]  ffff8881f37c5e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  100.434524][  T473] >ffff8881f37c5e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  100.442702][  T473]                                         ^
[  100.448693][  T473]  ffff8881f37c5f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  100.456998][  T473]  ffff8881f37c5f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  100.465416][  T473] ==================================================================
[  100.473409][  T473] Disabling lock debugging due to kernel taint
[  105.602958][  T162] udevd[162]: worker [415] /devices/virtual/block/loop6 is taking a long time