Warning: Permanently added '10.128.1.146' (ED25519) to the list of known hosts. 2024/04/26 00:47:08 parsed 1 programs 2024/04/26 00:47:08 executed programs: 0 [ 38.308037][ T23] kauditd_printk_skb: 57 callbacks suppressed [ 38.308059][ T23] audit: type=1400 audit(1714092428.079:133): avc: denied { mounton } for pid=395 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 38.339853][ T402] cgroup1: Unknown subsys name 'perf_event' [ 38.345887][ T23] audit: type=1400 audit(1714092428.079:134): avc: denied { mount } for pid=395 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 38.350262][ T403] cgroup1: Unknown subsys name 'perf_event' [ 38.369861][ T405] cgroup1: Unknown subsys name 'perf_event' [ 38.376455][ T402] cgroup1: Unknown subsys name 'net_cls' [ 38.383080][ T405] cgroup1: Unknown subsys name 'net_cls' [ 38.394191][ T407] cgroup1: Unknown subsys name 'perf_event' [ 38.399600][ T408] cgroup1: Unknown subsys name 'perf_event' [ 38.399960][ T23] audit: type=1400 audit(1714092428.109:135): avc: denied { mounton } for pid=402 comm="syz-executor.2" path="/syzcgroup/unified" dev="sda1" ino=1941 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 38.405961][ T408] cgroup1: Unknown subsys name 'net_cls' [ 38.430120][ T403] cgroup1: Unknown subsys name 'net_cls' [ 38.434843][ T409] cgroup1: Unknown subsys name 'perf_event' [ 38.439588][ T407] cgroup1: Unknown subsys name 'net_cls' [ 38.451023][ T409] cgroup1: Unknown subsys name 'net_cls' [ 38.453153][ T23] audit: type=1400 audit(1714092428.119:136): avc: denied { mount } for pid=402 comm="syz-executor.2" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 38.478809][ T23] audit: type=1400 audit(1714092428.119:137): avc: denied { mounton } for pid=403 comm="syz-executor.3" path="/syzcgroup/unified" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 38.623415][ T403] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.630372][ T403] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.637720][ T403] device bridge_slave_0 entered promiscuous mode [ 38.646050][ T403] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.652897][ T403] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.660224][ T403] device bridge_slave_1 entered promiscuous mode [ 38.723684][ T405] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.730558][ T405] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.737861][ T405] device bridge_slave_0 entered promiscuous mode [ 38.772971][ T407] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.779912][ T407] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.786952][ T407] device bridge_slave_0 entered promiscuous mode [ 38.793546][ T402] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.800401][ T402] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.807742][ T402] device bridge_slave_0 entered promiscuous mode [ 38.814279][ T405] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.821245][ T405] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.828381][ T405] device bridge_slave_1 entered promiscuous mode [ 38.855463][ T407] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.862414][ T407] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.869667][ T407] device bridge_slave_1 entered promiscuous mode [ 38.876000][ T402] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.882841][ T402] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.890076][ T402] device bridge_slave_1 entered promiscuous mode [ 38.918391][ T409] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.925238][ T409] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.932574][ T409] device bridge_slave_0 entered promiscuous mode [ 38.939304][ T409] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.946121][ T409] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.953510][ T409] device bridge_slave_1 entered promiscuous mode [ 39.071125][ T408] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.077963][ T408] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.085318][ T408] device bridge_slave_0 entered promiscuous mode [ 39.122550][ T408] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.129468][ T408] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.136750][ T408] device bridge_slave_1 entered promiscuous mode [ 39.160545][ T23] audit: type=1400 audit(1714092428.939:138): avc: denied { write } for pid=407 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 39.185027][ T23] audit: type=1400 audit(1714092428.939:139): avc: denied { read } for pid=409 comm="syz-executor.5" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 39.194533][ T409] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.212102][ T409] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.219217][ T409] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.225978][ T409] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.233911][ T23] audit: type=1400 audit(1714092429.009:140): avc: denied { append } for pid=144 comm="syslogd" name="messages" dev="tmpfs" ino=9908 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 39.246466][ T407] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.262881][ T407] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.270001][ T407] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.276755][ T407] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.278558][ T23] audit: type=1400 audit(1714092429.009:141): avc: denied { open } for pid=144 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=9908 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 39.311146][ T402] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.317975][ T402] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.325270][ T402] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.332017][ T402] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.339190][ T23] audit: type=1400 audit(1714092429.009:142): avc: denied { getattr } for pid=144 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=9908 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 39.402867][ T403] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.409728][ T403] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.416789][ T403] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.423698][ T403] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.432152][ T405] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.438994][ T405] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.446102][ T405] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.452879][ T405] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.466852][ T408] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.473709][ T408] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.480827][ T408] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.487744][ T408] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.523481][ T124] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.530873][ T124] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.537772][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 39.545291][ T124] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.552916][ T124] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.559883][ T124] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.567269][ T124] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.574347][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 39.582402][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 39.590590][ T124] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.597601][ T124] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.605291][ T124] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.612454][ T124] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.635733][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 39.643109][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 39.650727][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 39.658990][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 39.666913][ T18] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.673854][ T18] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.680987][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 39.689107][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 39.697018][ T18] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.703777][ T18] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.719123][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 39.726537][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 39.734229][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 39.742723][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 39.750820][ T360] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.757638][ T360] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.765175][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 39.772892][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 39.780211][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 39.788251][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 39.796269][ T360] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.803100][ T360] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.830771][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 39.839029][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 39.846785][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 39.854953][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 39.862907][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 39.870911][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 39.878934][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 39.886782][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 39.898748][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 39.906669][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 39.914686][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 39.922651][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 39.938974][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 39.946754][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 39.955420][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 39.963125][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 39.970484][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 39.978960][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 39.986891][ T18] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.993762][ T18] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.024135][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 40.031870][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 40.040228][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 40.048265][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 40.056412][ T124] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.063249][ T124] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.083907][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 40.091969][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 40.100220][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 40.108125][ T410] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.114876][ T410] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.122008][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 40.130244][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 40.138269][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 40.146820][ T410] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.153658][ T410] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.160883][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 40.169111][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 40.177021][ T410] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.183763][ T410] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.190895][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 40.199144][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 40.207053][ T410] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.213792][ T410] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.221154][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 40.238575][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 40.246529][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 40.254621][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 40.262805][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 40.291249][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 40.299780][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 40.307969][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 40.317336][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 40.325134][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 40.332978][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 40.340712][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 40.348892][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 40.373371][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 40.387289][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 40.396446][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 40.421877][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 40.430826][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 40.439945][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 40.447916][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 40.456153][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 40.464173][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 40.472114][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 40.480297][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 40.488281][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 40.523965][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 40.533052][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 40.541550][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 40.549676][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 40.557751][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 40.566189][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 40.574376][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 40.582573][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 40.590364][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 40.598331][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 40.627706][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 40.635847][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 40.644154][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 40.652369][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 40.660877][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 40.669341][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 40.677341][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 40.685549][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 40.693611][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 40.716727][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 40.725239][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 40.733668][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 40.742384][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 40.793323][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 40.801563][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 40.829307][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 40.841837][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 40.860378][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 40.870590][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2024/04/26 00:47:13 executed programs: 98 [ 44.395664][ T854] ================================================================== [ 44.403558][ T854] BUG: KASAN: use-after-free in enqueue_timer+0xb7/0x300 [ 44.410407][ T854] Write of size 8 at addr ffff8881e7aa71c8 by task syz-executor.5/854 [ 44.418379][ T854] [ 44.420554][ T854] CPU: 1 PID: 854 Comm: syz-executor.5 Not tainted 5.4.268-syzkaller-04873-g2d5d8240a7cb #0 [ 44.430441][ T854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 44.440335][ T854] Call Trace: [ 44.443478][ T854] dump_stack+0x1d8/0x241 [ 44.447634][ T854] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 44.453280][ T854] ? printk+0xd1/0x111 [ 44.457181][ T854] ? enqueue_timer+0xb7/0x300 [ 44.461694][ T854] ? wake_up_klogd+0xb2/0xf0 [ 44.466122][ T854] ? enqueue_timer+0xb7/0x300 [ 44.470636][ T854] print_address_description+0x8c/0x600 [ 44.476012][ T854] ? panic+0x896/0x896 [ 44.479921][ T854] ? enqueue_timer+0xb7/0x300 [ 44.484437][ T854] __kasan_report+0xf3/0x120 [ 44.488857][ T854] ? enqueue_timer+0xb7/0x300 [ 44.493375][ T854] kasan_report+0x30/0x60 [ 44.497538][ T854] enqueue_timer+0xb7/0x300 [ 44.501874][ T854] internal_add_timer+0x240/0x430 [ 44.506733][ T854] __mod_timer+0x6f1/0x13e0 [ 44.511092][ T854] ? mod_timer_pending+0x20/0x20 [ 44.515855][ T854] ? selinux_tun_dev_alloc_security+0x4d/0x130 [ 44.521835][ T854] ? selinux_tun_dev_alloc_security+0x5e/0x130 [ 44.527831][ T854] ? init_timer_key+0x2d/0x1f0 [ 44.532421][ T854] tun_net_init+0x287/0x540 [ 44.536763][ T854] register_netdevice+0x1c0/0x12a0 [ 44.541712][ T854] ? memset+0x1f/0x40 [ 44.545527][ T854] ? netdev_update_lockdep_key+0x10/0x10 [ 44.550995][ T854] ? alloc_netdev_mqs+0x99d/0xc70 [ 44.555857][ T854] tun_set_iff+0x7f7/0xdc0 [ 44.560109][ T854] __tun_chr_ioctl+0x8a9/0x1d00 [ 44.564796][ T854] ? tun_flow_create+0x250/0x250 [ 44.569570][ T854] ? tun_chr_poll+0x670/0x670 [ 44.574092][ T854] do_vfs_ioctl+0x742/0x1720 [ 44.578509][ T854] ? ioctl_preallocate+0x250/0x250 [ 44.583482][ T854] ? __fget+0x407/0x490 [ 44.587449][ T854] ? fget_many+0x20/0x20 [ 44.591529][ T854] ? switch_fpu_return+0x1d4/0x410 [ 44.596475][ T854] ? security_file_ioctl+0x7d/0xa0 [ 44.601428][ T854] __x64_sys_ioctl+0xd4/0x110 [ 44.605942][ T854] do_syscall_64+0xca/0x1c0 [ 44.610281][ T854] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 44.616001][ T854] [ 44.618169][ T854] The buggy address belongs to the page: [ 44.623642][ T854] page:ffffea00079ea9c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 44.632581][ T854] flags: 0x8000000000000000() [ 44.637097][ T854] raw: 8000000000000000 0000000000000000 ffffea0007592408 0000000000000000 [ 44.645515][ T854] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 44.653931][ T854] page dumped because: kasan: bad access detected [ 44.660186][ T854] page_owner tracks the page as freed [ 44.665391][ T854] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x46dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_COMP|__GFP_ZERO) [ 44.679652][ T854] prep_new_page+0x18f/0x370 [ 44.684051][ T854] get_page_from_freelist+0x2d13/0x2d90 [ 44.689517][ T854] __alloc_pages_nodemask+0x393/0x840 [ 44.694725][ T854] kmalloc_order_trace+0x2a/0x100 [ 44.699588][ T854] kvmalloc_node+0x7e/0xf0 [ 44.703846][ T854] alloc_netdev_mqs+0x85/0xc70 [ 44.708443][ T854] tun_set_iff+0x51f/0xdc0 [ 44.712690][ T854] __tun_chr_ioctl+0x8a9/0x1d00 [ 44.717385][ T854] do_vfs_ioctl+0x742/0x1720 [ 44.721804][ T854] __x64_sys_ioctl+0xd4/0x110 [ 44.726316][ T854] do_syscall_64+0xca/0x1c0 [ 44.730659][ T854] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 44.736393][ T854] page last free stack trace: [ 44.740902][ T854] __free_pages_ok+0x847/0x950 [ 44.745498][ T854] __free_pages+0x91/0x140 [ 44.749753][ T854] device_release+0x6b/0x190 [ 44.754179][ T854] kobject_put+0x1e6/0x2f0 [ 44.758429][ T854] tun_set_iff+0x870/0xdc0 [ 44.762683][ T854] __tun_chr_ioctl+0x8a9/0x1d00 [ 44.767371][ T854] do_vfs_ioctl+0x742/0x1720 [ 44.771898][ T854] __x64_sys_ioctl+0xd4/0x110 [ 44.776410][ T854] do_syscall_64+0xca/0x1c0 [ 44.780760][ T854] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 44.786478][ T854] [ 44.788647][ T854] Memory state around the buggy address: [ 44.794117][ T854] ffff8881e7aa7080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 44.802013][ T854] ffff8881e7aa7100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 44.809914][ T854] >ffff8881e7aa7180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 44.817807][ T854] ^ [ 44.824059][ T854] ffff8881e7aa7200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 44.831966][ T854] ffff8881e7aa7280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 44.839942][ T854] ================================================================== [ 44.847838][ T854] Disabling lock debugging due to kernel taint [ 48.108549][ C1] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 48.116160][ C1] #PF: supervisor instruction fetch in kernel mode [ 48.122494][ C1] #PF: error_code(0x0010) - not-present page [ 48.128307][ C1] PGD 1e9f7c067 P4D 1e9f7c067 PUD 1ea62f067 PMD 0 [ 48.134732][ C1] Oops: 0010 [#1] PREEMPT SMP KASAN [ 48.139787][ C1] CPU: 1 PID: 1204 Comm: syz-executor.0 Tainted: G B 5.4.268-syzkaller-04873-g2d5d8240a7cb #0 [ 48.151274][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 48.161238][ C1] RIP: 0010:0x0 [ 48.164528][ C1] Code: Bad RIP value. [ 48.168419][ C1] RSP: 0018:ffff8881f6f09d18 EFLAGS: 00010002 [ 48.174333][ C1] RAX: ffffffff8154e34a RBX: 0000000000000101 RCX: ffff8881e9d6ee40 [ 48.182135][ C1] RDX: 0000000080000101 RSI: 0000000000000000 RDI: ffff8881e7aa71c0 [ 48.189948][ C1] RBP: ffff8881f6f09ec8 R08: ffffffff8154df8e R09: 0000000000000003 [ 48.197758][ C1] R10: ffffffffffffffff R11: dffffc0000000001 R12: 00000000ffff9cd0 [ 48.205671][ C1] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8881e7aa71c0 [ 48.213480][ C1] FS: 000000000240b480(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 48.222249][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 48.228670][ C1] CR2: ffffffffffffffd6 CR3: 00000001ea63b000 CR4: 00000000003406a0 [ 48.236490][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 48.244290][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 48.252100][ C1] Call Trace: [ 48.255238][ C1] [ 48.257938][ C1] ? __die+0xb4/0x100 [ 48.261744][ C1] ? no_context+0xbda/0xe50 [ 48.266081][ C1] ? enqueue_timer+0x165/0x300 [ 48.270695][ C1] ? is_prefetch+0x4b0/0x4b0 [ 48.275113][ C1] ? _raw_spin_unlock_irqrestore+0x57/0x80 [ 48.280758][ C1] ? __do_page_fault+0xa7d/0xbb0 [ 48.285525][ C1] ? __bad_area_nosemaphore+0xc0/0x460 [ 48.290822][ C1] ? page_fault+0x2f/0x40 [ 48.294990][ C1] ? __run_timers+0x84e/0xbe0 [ 48.299497][ C1] ? call_timer_fn+0x2a/0x390 [ 48.304008][ C1] call_timer_fn+0x36/0x390 [ 48.308349][ C1] __run_timers+0x8a5/0xbe0 [ 48.312690][ C1] ? enqueue_timer+0x300/0x300 [ 48.317377][ C1] ? check_preemption_disabled+0x9f/0x320 [ 48.323017][ C1] ? debug_smp_processor_id+0x20/0x20 [ 48.328224][ C1] ? lapic_next_event+0x5b/0x70 [ 48.332908][ C1] run_timer_softirq+0x63/0xf0 [ 48.337601][ C1] __do_softirq+0x23b/0x6b7 [ 48.341948][ C1] ? sched_clock_cpu+0x18/0x3a0 [ 48.346627][ C1] irq_exit+0x195/0x1c0 [ 48.350619][ C1] smp_apic_timer_interrupt+0x11a/0x460 [ 48.356133][ C1] apic_timer_interrupt+0xf/0x20 [ 48.360896][ C1] [ 48.363678][ C1] ? _raw_spin_unlock_irqrestore+0x4d/0x80 [ 48.369324][ C1] ? wake_up_new_task+0x63f/0x8c0 [ 48.374186][ C1] ? blake2s_update+0x1c1/0x270 [ 48.378867][ C1] ? to_ratio+0x30/0x30 [ 48.382860][ C1] ? _do_fork+0x327/0x900 [ 48.387027][ C1] ? __delayed_free_task+0x20/0x20 [ 48.391975][ C1] ? copy_process+0x3230/0x3230 [ 48.396660][ C1] ? debug_smp_processor_id+0x20/0x20 [ 48.401982][ C1] ? __x64_sys_clone3+0x2da/0x300 [ 48.406831][ C1] ? __ia32_sys_clone+0x2b0/0x2b0 [ 48.411692][ C1] ? switch_fpu_return+0x1d4/0x410 [ 48.416732][ C1] ? __do_page_fault+0x725/0xbb0 [ 48.421502][ C1] ? do_syscall_64+0xca/0x1c0 [ 48.426012][ C1] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 48.431912][ C1] Modules linked in: [ 48.435652][ C1] CR2: 0000000000000000 [ 48.439643][ C1] ---[ end trace 9f9f4a3762720894 ]--- [ 48.444937][ C1] RIP: 0010:0x0 [ 48.448237][ C1] Code: Bad RIP value. [ 48.452134][ C1] RSP: 0018:ffff8881f6f09d18 EFLAGS: 00010002 [ 48.458037][ C1] RAX: ffffffff8154e34a RBX: 0000000000000101 RCX: ffff8881e9d6ee40 [ 48.465849][ C1] RDX: 0000000080000101 RSI: 0000000000000000 RDI: ffff8881e7aa71c0 [ 48.473664][ C1] RBP: ffff8881f6f09ec8 R08: ffffffff8154df8e R09: 0000000000000003 [ 48.481479][ C1] R10: ffffffffffffffff R11: dffffc0000000001 R12: 00000000ffff9cd0 [ 48.489285][ C1] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8881e7aa71c0 [ 48.497097][ C1] FS: 000000000240b480(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 48.505865][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 48.512284][ C1] CR2: ffffffffffffffd6 CR3: 00000001ea63b000 CR4: 00000000003406a0 [ 48.520096][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 48.527993][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 48.535805][ C1] Kernel panic - not syncing: Fatal exception in interrupt [ 48.543068][ C1] Kernel Offset: disabled [ 48.547185][ C1] Rebooting in 86400 seconds..