[ 22.205227][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.213032][ T45] device bridge_slave_0 left promiscuous mode [ 22.219089][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.227022][ T45] device veth1_macvtap left promiscuous mode [ 22.233141][ T45] device veth0_vlan left promiscuous mode [ 33.271224][ T30] kauditd_printk_skb: 77 callbacks suppressed [ 33.271235][ T30] audit: type=1400 audit(1701091682.263:153): avc: denied { transition } for pid=318 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 33.299147][ T30] audit: type=1400 audit(1701091682.293:154): avc: denied { noatsecure } for pid=318 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 33.317999][ T30] audit: type=1400 audit(1701091682.293:155): avc: denied { rlimitinh } for pid=318 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 33.336557][ T30] audit: type=1400 audit(1701091682.293:156): avc: denied { siginh } for pid=318 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.0.35' (ED25519) to the list of known hosts. 2023/11/27 13:28:09 ignoring optional flag "sandboxArg"="0" 2023/11/27 13:28:10 parsed 1 programs [ 41.100296][ T30] audit: type=1400 audit(1701091690.093:157): avc: denied { mounton } for pid=340 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 41.125183][ T30] audit: type=1400 audit(1701091690.123:158): avc: denied { mount } for pid=340 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 41.219458][ T30] audit: type=1400 audit(1701091690.213:159): avc: denied { unlink } for pid=340 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" 2023/11/27 13:28:10 executed programs: 0 [ 41.276465][ T340] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 41.450622][ T352] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.457474][ T352] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.464758][ T352] device bridge_slave_0 entered promiscuous mode [ 41.472675][ T352] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.479535][ T352] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.486652][ T352] device bridge_slave_1 entered promiscuous mode [ 41.526587][ T353] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.533489][ T353] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.540728][ T353] device bridge_slave_0 entered promiscuous mode [ 41.560479][ T358] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.567320][ T358] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.574577][ T358] device bridge_slave_0 entered promiscuous mode [ 41.580975][ T353] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.587808][ T353] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.595009][ T353] device bridge_slave_1 entered promiscuous mode [ 41.609769][ T358] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.616604][ T358] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.623913][ T358] device bridge_slave_1 entered promiscuous mode [ 41.642638][ T356] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.649492][ T356] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.656619][ T356] device bridge_slave_0 entered promiscuous mode [ 41.675461][ T355] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.682307][ T355] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.689575][ T355] device bridge_slave_0 entered promiscuous mode [ 41.695938][ T356] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.702844][ T356] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.710010][ T356] device bridge_slave_1 entered promiscuous mode [ 41.727526][ T355] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.734374][ T355] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.741648][ T355] device bridge_slave_1 entered promiscuous mode [ 41.786663][ T359] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.793612][ T359] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.801038][ T359] device bridge_slave_0 entered promiscuous mode [ 41.823071][ T359] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.830009][ T359] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.837051][ T359] device bridge_slave_1 entered promiscuous mode [ 41.884862][ T30] audit: type=1400 audit(1701091690.873:160): avc: denied { write } for pid=352 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 41.905315][ T30] audit: type=1400 audit(1701091690.873:161): avc: denied { read } for pid=352 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 41.983124][ T352] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.990019][ T352] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.997084][ T352] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.003910][ T352] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.046548][ T353] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.053404][ T353] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.060504][ T353] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.067275][ T353] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.098070][ T358] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.104918][ T358] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.112006][ T358] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.118806][ T358] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.128058][ T359] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.134908][ T359] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.142014][ T359] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.148823][ T359] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.177990][ T356] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.184849][ T356] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.191934][ T356] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.198737][ T356] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.207157][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 42.215899][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 42.224071][ T20] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.231290][ T20] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.238297][ T20] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.245460][ T20] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.252633][ T20] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.259839][ T20] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.266848][ T20] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.273968][ T20] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.282526][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 42.289797][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.339853][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 42.347029][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.360795][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.390544][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.399713][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 42.407624][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.414370][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.421998][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 42.430032][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.436855][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.444123][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 42.452035][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.458880][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.466007][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 42.474037][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.480872][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.487976][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 42.495734][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.502901][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 42.510661][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 42.518327][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 42.526299][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.533130][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.540354][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 42.548237][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.555008][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.562146][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 42.570184][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.576999][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.585214][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 42.605022][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 42.612849][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 42.620959][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 42.629161][ T39] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.636000][ T39] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.643187][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 42.651354][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 42.659098][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 42.674961][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 42.682893][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 42.690804][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 42.697947][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.709316][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 42.717100][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 42.734895][ T358] device veth0_vlan entered promiscuous mode [ 42.741296][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 42.749422][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 42.757643][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 42.765951][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 42.774019][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 42.781672][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 42.792197][ T353] device veth0_vlan entered promiscuous mode [ 42.810816][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 42.818005][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 42.825309][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 42.833113][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 42.840950][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 42.849477][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 42.857178][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 42.865097][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 42.872807][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 42.880908][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 42.888826][ T297] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.895652][ T297] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.902851][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 42.910937][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 42.918965][ T297] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.925791][ T297] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.932986][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 42.940831][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 42.948591][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 42.956381][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 42.964161][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 42.972261][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 42.980683][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 42.987870][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 43.001013][ T359] device veth0_vlan entered promiscuous mode [ 43.012200][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 43.020057][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 43.027200][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 43.034612][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 43.046093][ T352] device veth0_vlan entered promiscuous mode [ 43.062969][ T355] device veth0_vlan entered promiscuous mode [ 43.070031][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 43.077794][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 43.085158][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 43.092770][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 43.100566][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 43.108244][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 43.116383][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 43.124514][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 43.132709][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 43.140706][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 43.147895][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 43.160770][ T356] device veth0_vlan entered promiscuous mode [ 43.173521][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 43.181518][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 43.190709][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 43.198284][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 43.206698][ T358] device veth1_macvtap entered promiscuous mode [ 43.216582][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 43.223822][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 43.231190][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 43.239949][ T355] device veth1_macvtap entered promiscuous mode [ 43.248837][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 43.256787][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 43.265819][ T359] device veth1_macvtap entered promiscuous mode [ 43.273731][ T352] device veth1_macvtap entered promiscuous mode [ 43.280668][ T353] device veth1_macvtap entered promiscuous mode [ 43.292128][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 43.300067][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 43.307939][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 43.318383][ T356] device veth1_macvtap entered promiscuous mode [ 43.335602][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 43.343594][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 43.351735][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 43.360111][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 43.368077][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 43.376290][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 43.384886][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 43.397763][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 43.405832][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 43.422046][ T30] audit: type=1400 audit(1701091692.413:162): avc: denied { mounton } for pid=358 comm="syz-executor.2" path="/dev/binderfs" dev="devtmpfs" ino=362 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 43.422364][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 43.453040][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 43.461251][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 43.469338][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 43.477375][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 43.485484][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 43.493634][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 43.501722][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 43.531703][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 43.540156][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 43.548240][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 43.556999][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 43.565165][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 43.573232][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2023/11/27 13:28:15 executed programs: 55 [ 48.729242][ T724] ================================================================== [ 48.737140][ T724] BUG: KASAN: use-after-free in unix_stream_read_actor+0xa3/0xb0 [ 48.744686][ T724] Read of size 4 at addr ffff8881160617c4 by task syz-executor.5/724 [ 48.752586][ T724] [ 48.754755][ T724] CPU: 1 PID: 724 Comm: syz-executor.5 Not tainted 5.15.137-syzkaller-1068730-g61cfd264993d #0 [ 48.764903][ T724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 48.774798][ T724] Call Trace: [ 48.777922][ T724] [ 48.780697][ T724] dump_stack_lvl+0x151/0x1b7 [ 48.785222][ T724] ? io_uring_drop_tctx_refs+0x190/0x190 [ 48.790678][ T724] ? panic+0x751/0x751 [ 48.794589][ T724] print_address_description+0x87/0x3b0 [ 48.799973][ T724] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 48.805617][ T724] kasan_report+0x179/0x1c0 [ 48.809959][ T724] ? unix_stream_read_actor+0xa3/0xb0 [ 48.815168][ T724] ? unix_stream_read_actor+0xa3/0xb0 [ 48.820363][ T724] __asan_report_load4_noabort+0x14/0x20 [ 48.825839][ T724] unix_stream_read_actor+0xa3/0xb0 [ 48.830871][ T724] unix_stream_recv_urg+0x1b4/0x2f0 [ 48.835905][ T724] unix_stream_read_generic+0x2147/0x2240 [ 48.841459][ T724] ? avc_denied+0x1b0/0x1b0 [ 48.845800][ T724] ? avc_has_perm+0x16f/0x260 [ 48.850317][ T724] ? avc_has_perm_noaudit+0x430/0x430 [ 48.855520][ T724] ? unix_stream_read_actor+0xb0/0xb0 [ 48.860721][ T724] ? is_bpf_text_address+0x172/0x190 [ 48.865845][ T724] ? selinux_socket_recvmsg+0x243/0x340 [ 48.871316][ T724] ? selinux_socket_sendmsg+0x340/0x340 [ 48.876693][ T724] unix_stream_recvmsg+0x22d/0x2c0 [ 48.881648][ T724] ? unix_stream_sendmsg+0x1060/0x1060 [ 48.886936][ T724] ? stack_trace_save+0x113/0x1c0 [ 48.891796][ T724] ? __unix_stream_recvmsg+0x210/0x210 [ 48.897089][ T724] ? stack_trace_snprint+0xf0/0xf0 [ 48.902036][ T724] ? security_socket_recvmsg+0x87/0xb0 [ 48.907463][ T724] ? unix_stream_sendmsg+0x1060/0x1060 [ 48.912753][ T724] ____sys_recvmsg+0x286/0x530 [ 48.917385][ T724] ? __sys_recvmsg_sock+0x50/0x50 [ 48.922213][ T724] ? import_iovec+0xe5/0x120 [ 48.926639][ T724] ___sys_recvmsg+0x1ec/0x690 [ 48.931165][ T724] ? __sys_recvmsg+0x260/0x260 [ 48.935755][ T724] ? __fdget+0x1bc/0x240 [ 48.939834][ T724] __x64_sys_recvmsg+0x1dc/0x2b0 [ 48.944604][ T724] ? ___sys_recvmsg+0x690/0x690 [ 48.949292][ T724] ? switch_fpu_return+0x1ed/0x3d0 [ 48.954241][ T724] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 48.960148][ T724] ? exit_to_user_mode_prepare+0x39/0xa0 [ 48.965609][ T724] do_syscall_64+0x3d/0xb0 [ 48.969862][ T724] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 48.975590][ T724] RIP: 0033:0x7f0d643dbae9 [ 48.979842][ T724] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 48.999291][ T724] RSP: 002b:00007f0d63f1c0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 49.007533][ T724] RAX: ffffffffffffffda RBX: 00007f0d644fb120 RCX: 00007f0d643dbae9 [ 49.015342][ T724] RDX: 0000000040010083 RSI: 0000000020000140 RDI: 0000000000000004 [ 49.023158][ T724] RBP: 00007f0d6442747a R08: 0000000000000000 R09: 0000000000000000 [ 49.030962][ T724] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 49.038778][ T724] R13: 000000000000006e R14: 00007f0d644fb120 R15: 00007ffe1509ebe8 [ 49.046588][ T724] [ 49.049450][ T724] [ 49.051619][ T724] Allocated by task 723: [ 49.055703][ T724] __kasan_slab_alloc+0xb1/0xe0 [ 49.060387][ T724] slab_post_alloc_hook+0x53/0x2c0 [ 49.065332][ T724] kmem_cache_alloc+0xf5/0x200 [ 49.069933][ T724] __alloc_skb+0xbe/0x550 [ 49.074098][ T724] alloc_skb_with_frags+0xa6/0x680 [ 49.079056][ T724] sock_alloc_send_pskb+0x915/0xa50 [ 49.084079][ T724] sock_alloc_send_skb+0x32/0x40 [ 49.088854][ T724] queue_oob+0xfd/0x8c0 [ 49.092847][ T724] unix_stream_sendmsg+0xe06/0x1060 [ 49.097879][ T724] ____sys_sendmsg+0x59e/0x8f0 [ 49.102567][ T724] ___sys_sendmsg+0x252/0x2e0 [ 49.107082][ T724] __se_sys_sendmsg+0x19a/0x260 [ 49.111766][ T724] __x64_sys_sendmsg+0x7b/0x90 [ 49.116371][ T724] do_syscall_64+0x3d/0xb0 [ 49.120635][ T724] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 49.126363][ T724] [ 49.128520][ T724] Freed by task 723: [ 49.132271][ T724] kasan_set_track+0x4b/0x70 [ 49.136680][ T724] kasan_set_free_info+0x23/0x40 [ 49.141454][ T724] ____kasan_slab_free+0x126/0x160 [ 49.146399][ T724] __kasan_slab_free+0x11/0x20 [ 49.150998][ T724] slab_free_freelist_hook+0xbd/0x190 [ 49.156204][ T724] kmem_cache_free+0x116/0x2e0 [ 49.160808][ T724] kfree_skbmem+0x104/0x170 [ 49.165174][ T724] consume_skb+0xb4/0x250 [ 49.169311][ T724] queue_oob+0x522/0x8c0 [ 49.173391][ T724] unix_stream_sendmsg+0xe06/0x1060 [ 49.178428][ T724] ____sys_sendmsg+0x59e/0x8f0 [ 49.183023][ T724] ___sys_sendmsg+0x252/0x2e0 [ 49.187544][ T724] __se_sys_sendmsg+0x19a/0x260 [ 49.192224][ T724] __x64_sys_sendmsg+0x7b/0x90 [ 49.196821][ T724] do_syscall_64+0x3d/0xb0 [ 49.201077][ T724] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 49.206806][ T724] [ 49.208973][ T724] The buggy address belongs to the object at ffff888116061780 [ 49.208973][ T724] which belongs to the cache skbuff_head_cache of size 248 [ 49.223386][ T724] The buggy address is located 68 bytes inside of [ 49.223386][ T724] 248-byte region [ffff888116061780, ffff888116061878) [ 49.236403][ T724] The buggy address belongs to the page: [ 49.241874][ T724] page:ffffea0004581840 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x116061 [ 49.251946][ T724] flags: 0x4000000000000200(slab|zone=1) [ 49.257421][ T724] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100350c00 [ 49.265830][ T724] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000 [ 49.274243][ T724] page dumped because: kasan: bad access detected [ 49.280495][ T724] page_owner tracks the page as allocated [ 49.286051][ T724] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 721, ts 48727466609, free_ts 48679425245 [ 49.301756][ T724] post_alloc_hook+0x1a3/0x1b0 [ 49.306354][ T724] prep_new_page+0x1b/0x110 [ 49.310695][ T724] get_page_from_freelist+0x3550/0x35d0 [ 49.316077][ T724] __alloc_pages+0x206/0x5e0 [ 49.320501][ T724] new_slab+0x9a/0x4e0 [ 49.324416][ T724] ___slab_alloc+0x39e/0x830 [ 49.328836][ T724] __slab_alloc+0x4a/0x90 [ 49.333001][ T724] kmem_cache_alloc+0x134/0x200 [ 49.337688][ T724] __alloc_skb+0xbe/0x550 [ 49.341855][ T724] alloc_skb_with_frags+0xa6/0x680 [ 49.346811][ T724] sock_alloc_send_pskb+0x915/0xa50 [ 49.351836][ T724] sock_alloc_send_skb+0x32/0x40 [ 49.356610][ T724] queue_oob+0xfd/0x8c0 [ 49.360602][ T724] unix_stream_sendmsg+0xe06/0x1060 [ 49.365637][ T724] ____sys_sendmsg+0x59e/0x8f0 [ 49.370243][ T724] ___sys_sendmsg+0x252/0x2e0 [ 49.374766][ T724] page last free stack trace: [ 49.379261][ T724] free_unref_page_prepare+0x7c8/0x7d0 [ 49.384563][ T724] free_unref_page+0xe6/0x730 [ 49.389073][ T724] __free_pages+0x61/0xf0 [ 49.393234][ T724] __free_slab+0xec/0x1d0 [ 49.397401][ T724] discard_slab+0x29/0x40 [ 49.401570][ T724] __slab_free+0x205/0x290 [ 49.405823][ T724] ___cache_free+0x109/0x120 [ 49.410248][ T724] qlink_free+0x4d/0x90 [ 49.414238][ T724] qlist_free_all+0x44/0xb0 [ 49.418579][ T724] kasan_quarantine_reduce+0x15a/0x180 [ 49.423879][ T724] __kasan_slab_alloc+0x2f/0xe0 [ 49.428560][ T724] slab_post_alloc_hook+0x53/0x2c0 [ 49.433507][ T724] kmem_cache_alloc+0xf5/0x200 [ 49.438105][ T724] getname_flags+0xba/0x520 [ 49.442455][ T724] user_path_at_empty+0x2d/0x1a0 [ 49.447224][ T724] do_readlinkat+0x114/0x3a0 [ 49.452898][ T724] [ 49.455064][ T724] Memory state around the buggy address: [ 49.460537][ T724] ffff888116061680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 49.468441][ T724] ffff888116061700: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc [ 49.476336][ T724] >ffff888116061780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 49.484233][ T724] ^ [ 49.490224][ T724] ffff888116061800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc [ 49.498118][ T724] ffff888116061880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 49.506012][ T724] ================================================================== [ 49.513910][ T724] Disabling lock debugging due to kernel taint 2023/11/27 13:28:20 executed programs: 120 2023/11/27 13:28:25 executed programs: 200