[   20.926709][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   20.938848][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   20.957104][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   20.966433][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   20.976371][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   21.113722][  T306] syz-executor.0 (306) used greatest stack depth: 20472 bytes left
[   21.547309][    T7] device bridge_slave_1 left promiscuous mode
[   21.553604][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[   21.561435][    T7] device bridge_slave_0 left promiscuous mode
[   21.567683][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
Warning: Permanently added '10.128.1.157' (ECDSA) to the list of known hosts.
2023/04/21 05:43:24 ignoring optional flag "sandboxArg"="0"
2023/04/21 05:43:24 parsed 1 programs
2023/04/21 05:43:24 executed programs: 0
[   38.406189][   T22] kauditd_printk_skb: 62 callbacks suppressed
[   38.406198][   T22] audit: type=1400 audit(1682055804.320:145): avc:  denied  { mounton } for  pid=334 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   38.437593][   T22] audit: type=1400 audit(1682055804.320:146): avc:  denied  { mount } for  pid=334 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   38.440309][  T339] cgroup1: Unknown subsys name 'perf_event'
[   38.472290][  T339] cgroup1: Unknown subsys name 'net_cls'
[   38.480855][  T341] cgroup1: Unknown subsys name 'perf_event'
[   38.498508][   T22] audit: type=1400 audit(1682055804.360:147): avc:  denied  { mounton } for  pid=339 comm="syz-executor.0" path="/syzcgroup/unified" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[   38.507442][  T341] cgroup1: Unknown subsys name 'net_cls'
[   38.525482][   T22] audit: type=1400 audit(1682055804.360:148): avc:  denied  { mount } for  pid=339 comm="syz-executor.0" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   38.528839][  T343] cgroup1: Unknown subsys name 'perf_event'
[   38.551082][  T346] cgroup1: Unknown subsys name 'perf_event'
[   38.563136][  T348] cgroup1: Unknown subsys name 'perf_event'
[   38.563153][  T347] cgroup1: Unknown subsys name 'perf_event'
[   38.569458][  T348] cgroup1: Unknown subsys name 'net_cls'
[   38.580988][  T346] cgroup1: Unknown subsys name 'net_cls'
[   38.586694][  T347] cgroup1: Unknown subsys name 'net_cls'
[   38.590850][   T22] audit: type=1400 audit(1682055804.410:149): avc:  denied  { module_request } for  pid=339 comm="syz-executor.0" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[   38.592980][  T343] cgroup1: Unknown subsys name 'net_cls'
[   38.766632][  T339] bridge0: port 1(bridge_slave_0) entered blocking state
[   38.773783][  T339] bridge0: port 1(bridge_slave_0) entered disabled state
[   38.781253][  T339] device bridge_slave_0 entered promiscuous mode
[   38.788173][  T339] bridge0: port 2(bridge_slave_1) entered blocking state
[   38.795266][  T339] bridge0: port 2(bridge_slave_1) entered disabled state
[   38.802712][  T339] device bridge_slave_1 entered promiscuous mode
[   38.835961][  T346] bridge0: port 1(bridge_slave_0) entered blocking state
[   38.843006][  T346] bridge0: port 1(bridge_slave_0) entered disabled state
[   38.850409][  T346] device bridge_slave_0 entered promiscuous mode
[   38.868594][  T346] bridge0: port 2(bridge_slave_1) entered blocking state
[   38.875629][  T346] bridge0: port 2(bridge_slave_1) entered disabled state
[   38.883086][  T346] device bridge_slave_1 entered promiscuous mode
[   38.906897][  T343] bridge0: port 1(bridge_slave_0) entered blocking state
[   38.914065][  T343] bridge0: port 1(bridge_slave_0) entered disabled state
[   38.921557][  T343] device bridge_slave_0 entered promiscuous mode
[   38.937041][  T341] bridge0: port 1(bridge_slave_0) entered blocking state
[   38.944083][  T341] bridge0: port 1(bridge_slave_0) entered disabled state
[   38.951505][  T341] device bridge_slave_0 entered promiscuous mode
[   38.968966][  T343] bridge0: port 2(bridge_slave_1) entered blocking state
[   38.976277][  T343] bridge0: port 2(bridge_slave_1) entered disabled state
[   38.983906][  T343] device bridge_slave_1 entered promiscuous mode
[   39.000269][  T341] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.007383][  T341] bridge0: port 2(bridge_slave_1) entered disabled state
[   39.014918][  T341] device bridge_slave_1 entered promiscuous mode
[   39.031459][  T348] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.038613][  T348] bridge0: port 1(bridge_slave_0) entered disabled state
[   39.045931][  T348] device bridge_slave_0 entered promiscuous mode
[   39.058399][  T348] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.065522][  T348] bridge0: port 2(bridge_slave_1) entered disabled state
[   39.073177][  T348] device bridge_slave_1 entered promiscuous mode
[   39.120239][  T347] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.127312][  T347] bridge0: port 1(bridge_slave_0) entered disabled state
[   39.134714][  T347] device bridge_slave_0 entered promiscuous mode
[   39.159283][  T347] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.166746][  T347] bridge0: port 2(bridge_slave_1) entered disabled state
[   39.174541][  T347] device bridge_slave_1 entered promiscuous mode
[   39.261859][  T346] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.268913][  T346] bridge0: port 2(bridge_slave_1) entered forwarding state
[   39.276145][  T346] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.283162][  T346] bridge0: port 1(bridge_slave_0) entered forwarding state
[   39.337134][  T341] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.344315][  T341] bridge0: port 2(bridge_slave_1) entered forwarding state
[   39.351643][  T341] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.358683][  T341] bridge0: port 1(bridge_slave_0) entered forwarding state
[   39.369718][  T339] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.376852][  T339] bridge0: port 2(bridge_slave_1) entered forwarding state
[   39.384600][  T339] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.391673][  T339] bridge0: port 1(bridge_slave_0) entered forwarding state
[   39.411284][  T348] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.418377][  T348] bridge0: port 2(bridge_slave_1) entered forwarding state
[   39.425847][  T348] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.433005][  T348] bridge0: port 1(bridge_slave_0) entered forwarding state
[   39.473219][  T343] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.480657][  T343] bridge0: port 2(bridge_slave_1) entered forwarding state
[   39.488026][  T343] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.495065][  T343] bridge0: port 1(bridge_slave_0) entered forwarding state
[   39.516917][  T101] bridge0: port 1(bridge_slave_0) entered disabled state
[   39.524748][  T101] bridge0: port 2(bridge_slave_1) entered disabled state
[   39.532456][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   39.541091][  T101] bridge0: port 1(bridge_slave_0) entered disabled state
[   39.548556][  T101] bridge0: port 2(bridge_slave_1) entered disabled state
[   39.555738][  T101] bridge0: port 1(bridge_slave_0) entered disabled state
[   39.563060][  T101] bridge0: port 1(bridge_slave_0) entered disabled state
[   39.570717][  T101] bridge0: port 2(bridge_slave_1) entered disabled state
[   39.578174][  T101] bridge0: port 2(bridge_slave_1) entered disabled state
[   39.585434][  T101] bridge0: port 1(bridge_slave_0) entered disabled state
[   39.592915][  T101] bridge0: port 2(bridge_slave_1) entered disabled state
[   39.618681][  T316] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   39.627619][  T316] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.634741][  T316] bridge0: port 1(bridge_slave_0) entered forwarding state
[   39.650764][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   39.664162][  T316] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   39.673078][  T316] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.680118][  T316] bridge0: port 2(bridge_slave_1) entered forwarding state
[   39.710481][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   39.719256][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   39.727517][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   39.735080][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   39.743771][    T5] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.750921][    T5] bridge0: port 1(bridge_slave_0) entered forwarding state
[   39.758889][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   39.767624][    T5] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.774722][    T5] bridge0: port 2(bridge_slave_1) entered forwarding state
[   39.802783][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   39.811450][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   39.820264][    T5] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.827306][    T5] bridge0: port 1(bridge_slave_0) entered forwarding state
[   39.835835][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   39.844887][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   39.853444][    T5] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.860487][    T5] bridge0: port 2(bridge_slave_1) entered forwarding state
[   39.868163][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   39.875658][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   39.883460][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   39.891922][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   39.900035][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   39.908293][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   39.916361][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   39.924893][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   39.933702][    T5] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.941142][    T5] bridge0: port 1(bridge_slave_0) entered forwarding state
[   39.948731][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   39.957215][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   39.987631][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   39.996255][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   40.004973][  T101] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.012125][  T101] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.020138][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   40.028648][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   40.036777][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   40.045143][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   40.053865][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   40.061618][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   40.069337][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   40.077869][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   40.086068][  T101] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.093234][  T101] bridge0: port 1(bridge_slave_0) entered forwarding state
[   40.100626][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   40.109012][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   40.117181][  T101] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.124526][  T101] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.132023][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   40.140202][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   40.148642][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   40.157109][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   40.165557][  T101] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.173212][  T101] bridge0: port 1(bridge_slave_0) entered forwarding state
[   40.180761][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   40.189259][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   40.197875][  T101] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.204897][  T101] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.212553][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   40.240489][  T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   40.249494][  T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   40.257769][  T316] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   40.266349][  T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   40.274639][  T316] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   40.283494][  T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   40.292290][  T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   40.301620][  T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   40.320710][  T316] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   40.331886][  T316] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   40.340457][  T316] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   40.349473][  T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   40.358190][  T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   40.379929][  T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   40.388149][  T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   40.398248][  T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   40.429622][  T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   40.438575][  T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   40.451594][  T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   40.460140][  T308] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   40.468477][  T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   40.477529][  T308] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   40.486215][  T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   40.494867][  T308] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   40.537507][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   40.541073][   T22] audit: type=1400 audit(1682055806.460:150): avc:  denied  { mounton } for  pid=368 comm="syz-executor.3" path="/root/syzkaller-testdir613504886/syzkaller.sYPmL5/0/file0" dev="sda1" ino=1173 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   40.546109][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   40.576034][   T22] audit: type=1400 audit(1682055806.460:151): avc:  denied  { mount } for  pid=368 comm="syz-executor.3" name="/" dev="incremental-fs" ino=1173 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[   40.583311][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   40.607333][   T22] audit: type=1400 audit(1682055806.460:152): avc:  denied  { unmount } for  pid=368 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[   40.614449][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   40.642276][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   40.651359][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   40.659703][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   40.682316][  T118] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   40.691282][  T118] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   40.700491][  T118] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   40.709239][  T118] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   40.717853][  T118] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   40.726681][  T118] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   40.735311][  T118] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   40.744525][  T118] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   40.753433][  T118] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   40.780364][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   40.788947][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   40.797361][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   40.822642][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   40.831457][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   40.839926][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   40.848751][  T101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   40.896470][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   40.905376][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   40.915388][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   40.924188][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   40.933114][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   40.941802][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   40.950607][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   40.959558][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   40.993215][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   41.002157][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   41.011136][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   41.020267][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   41.215277][   T22] audit: type=1400 audit(1682055807.130:153): avc:  denied  { read } for  pid=415 comm="syz-executor.2" name=".pending_reads" dev="incremental-fs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   41.267860][   T22] audit: type=1400 audit(1682055807.130:154): avc:  denied  { open } for  pid=415 comm="syz-executor.2" path="/root/syzkaller-testdir1848240643/syzkaller.1PFFhV/2/file0/.pending_reads" dev="incremental-fs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
2023/04/21 05:43:29 executed programs: 188
[   44.134238][ T1200] ==================================================================
[   44.142433][ T1200] BUG: KASAN: use-after-free in path_openat+0x1c9e/0x3480
[   44.149612][ T1200] Read of size 4 at addr ffff8881ece1081c by task syz-executor.2/1200
[   44.157901][ T1200] 
[   44.160219][ T1200] CPU: 1 PID: 1200 Comm: syz-executor.2 Not tainted 5.4.233-syzkaller-00011-g0108362f3305 #0
[   44.170491][ T1200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[   44.180746][ T1200] Call Trace:
[   44.184114][ T1200]  dump_stack+0x1d8/0x241
[   44.188423][ T1200]  ? nf_ct_l4proto_log_invalid+0x258/0x258
[   44.194309][ T1200]  ? printk+0xd1/0x111
[   44.198376][ T1200]  ? path_openat+0x1c9e/0x3480
[   44.203127][ T1200]  print_address_description+0x8c/0x600
[   44.209105][ T1200]  ? path_openat+0x1c9e/0x3480
[   44.213976][ T1200]  __kasan_report+0xf3/0x120
[   44.218663][ T1200]  ? path_openat+0x1c9e/0x3480
[   44.223404][ T1200]  kasan_report+0x30/0x60
[   44.228237][ T1200]  path_openat+0x1c9e/0x3480
[   44.232896][ T1200]  ? debug_smp_processor_id+0x20/0x20
[   44.238360][ T1200]  ? check_preemption_disabled+0x9f/0x320
[   44.244140][ T1200]  ? switch_mm_irqs_off+0x329/0x9b0
[   44.249333][ T1200]  ? do_filp_open+0x450/0x450
[   44.254094][ T1200]  ? __schedule+0xb03/0x12a0
[   44.258953][ T1200]  ? is_mmconf_reserved+0x430/0x430
[   44.264257][ T1200]  do_filp_open+0x20b/0x450
[   44.268841][ T1200]  ? vfs_tmpfile+0x280/0x280
[   44.273508][ T1200]  ? preempt_schedule+0xd9/0xe0
[   44.278599][ T1200]  ? _raw_spin_unlock+0x5b/0x60
[   44.283427][ T1200]  ? __alloc_fd+0x4c1/0x560
[   44.288006][ T1200]  do_sys_open+0x39c/0x810
[   44.292445][ T1200]  ? file_open_root+0x490/0x490
[   44.297286][ T1200]  ? switch_fpu_return+0x1d4/0x410
[   44.302722][ T1200]  ? ksys_mount+0xe0/0xf0
[   44.307032][ T1200]  do_syscall_64+0xca/0x1c0
[   44.311514][ T1200]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   44.317411][ T1200] 
[   44.319770][ T1200] Allocated by task 1200:
[   44.324085][ T1200]  __kasan_kmalloc+0x130/0x1d0
[   44.329141][ T1200]  alloc_inode+0x43/0x70
[   44.333533][ T1200]  iget5_locked+0x9c/0x260
[   44.338035][ T1200]  fetch_regular_inode+0x256/0x320
[   44.343308][ T1200]  incfs_mount_fs+0x5c3/0xa00
[   44.348085][ T1200]  legacy_get_tree+0xdf/0x170
[   44.352944][ T1200]  vfs_get_tree+0x85/0x260
[   44.357357][ T1200]  do_new_mount+0x292/0x570
[   44.362015][ T1200]  do_mount+0x688/0xdd0
[   44.366156][ T1200]  ksys_mount+0xc2/0xf0
[   44.370468][ T1200]  __x64_sys_mount+0xb1/0xc0
[   44.375042][ T1200]  do_syscall_64+0xca/0x1c0
[   44.379534][ T1200]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   44.385434][ T1200] 
[   44.387771][ T1200] Freed by task 1185:
[   44.391740][ T1200]  __kasan_slab_free+0x178/0x230
[   44.396752][ T1200]  kfree+0xeb/0x320
[   44.400558][ T1200]  evict+0x59d/0x6a0
[   44.404453][ T1200]  evict_inodes+0x5db/0x660
[   44.409042][ T1200]  generic_shutdown_super+0x94/0x2a0
[   44.414524][ T1200]  kill_anon_super+0x37/0x60
[   44.419109][ T1200]  incfs_kill_sb+0x4c/0x200
[   44.423596][ T1200]  deactivate_locked_super+0xa8/0x110
[   44.429159][ T1200]  deactivate_super+0x1e2/0x2a0
[   44.434180][ T1200]  cleanup_mnt+0x419/0x4d0
[   44.438573][ T1200]  task_work_run+0x140/0x170
[   44.443158][ T1200]  exit_to_usermode_loop+0x18b/0x1a0
[   44.448432][ T1200]  prepare_exit_to_usermode+0x199/0x200
[   44.453972][ T1200]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   44.459837][ T1200] 
[   44.462158][ T1200] The buggy address belongs to the object at ffff8881ece10800
[   44.462158][ T1200]  which belongs to the cache kmalloc-1k of size 1024
[   44.476286][ T1200] The buggy address is located 28 bytes inside of
[   44.476286][ T1200]  1024-byte region [ffff8881ece10800, ffff8881ece10c00)
[   44.489973][ T1200] The buggy address belongs to the page:
[   44.495718][ T1200] page:ffffea0007b38400 refcount:1 mapcount:0 mapping:ffff8881f5c02280 index:0x0 compound_mapcount: 0
[   44.507151][ T1200] flags: 0x8000000000010200(slab|head)
[   44.512614][ T1200] raw: 8000000000010200 ffffea0007b37c00 0000000400000004 ffff8881f5c02280
[   44.521446][ T1200] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   44.530004][ T1200] page dumped because: kasan: bad access detected
[   44.536655][ T1200] page_owner tracks the page as allocated
[   44.542575][ T1200] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC)
[   44.556963][ T1200]  prep_new_page+0x18f/0x370
[   44.561560][ T1200]  get_page_from_freelist+0x2ce8/0x2d70
[   44.567076][ T1200]  __alloc_pages_nodemask+0x393/0x840
[   44.572636][ T1200]  alloc_slab_page+0x39/0x3c0
[   44.577298][ T1200]  new_slab+0x97/0x440
[   44.581441][ T1200]  ___slab_alloc+0x2fe/0x490
[   44.586012][ T1200]  __slab_alloc+0x5a/0x90
[   44.590323][ T1200]  __kmalloc_track_caller+0x168/0x290
[   44.595674][ T1200]  __alloc_skb+0xb4/0x4d0
[   44.599981][ T1200]  inet6_rt_notify+0x212/0x480
[   44.604723][ T1200]  fib6_add+0x2444/0x3df0
[   44.609054][ T1200]  ip6_ins_rt+0x102/0x170
[   44.613447][ T1200]  __ipv6_ifa_notify+0x5c9/0x11d0
[   44.618536][ T1200]  addrconf_dad_completed+0x17f/0xe30
[   44.623894][ T1200]  addrconf_dad_work+0xe4d/0x16f0
[   44.629201][ T1200]  process_one_work+0x765/0xd20
[   44.634217][ T1200] page last free stack trace:
[   44.639257][ T1200]  __free_pages_ok+0x83d/0x940
[   44.644004][ T1200]  __free_pages+0x91/0x140
[   44.648425][ T1200]  __free_slab+0x221/0x2e0
[   44.652954][ T1200]  unfreeze_partials+0x14e/0x180
[   44.658193][ T1200]  put_cpu_partial+0xb4/0x150
[   44.662977][ T1200]  __slab_free+0x288/0x350
[   44.667377][ T1200]  qlist_free_all+0x43/0xb0
[   44.671868][ T1200]  quarantine_reduce+0x174/0x190
[   44.676812][ T1200]  __kasan_kmalloc+0x43/0x1d0
[   44.681467][ T1200]  kmem_cache_alloc+0xd0/0x220
[   44.686220][ T1200]  __alloc_skb+0x7a/0x4d0
[   44.690550][ T1200]  rtmsg_ifinfo_build_skb+0x81/0x180
[   44.695930][ T1200]  rtmsg_ifinfo+0x71/0x120
[   44.700335][ T1200]  netdev_state_change+0x15a/0x1e0
[   44.705687][ T1200]  linkwatch_do_dev+0xfc/0x130
[   44.710526][ T1200]  __linkwatch_run_queue+0x4cc/0x7f0
[   44.715886][ T1200] 
[   44.718196][ T1200] Memory state around the buggy address:
[   44.723808][ T1200]  ffff8881ece10700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   44.732103][ T1200]  ffff8881ece10780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   44.740417][ T1200] >ffff8881ece10800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   44.748995][ T1200]                             ^
[   44.753996][ T1200]  ffff8881ece10880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   44.762030][ T1200]  ffff8881ece10900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   44.770240][ T1200] ==================================================================
[   44.778380][ T1200] Disabling lock debugging due to kernel taint
2023/04/21 05:43:34 executed programs: 500
2023/04/21 05:43:39 executed programs: 874