Warning: Permanently added '10.128.1.72' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program [ 161.549382][ T22] audit: type=1400 audit(1662240300.010:73): avc: denied { execmem } for pid=299 comm="syz-executor394" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 161.561739][ T311] syz-executor394[311]: segfault at 2ae0 ip 00007f9e3b335a61 sp 0000000000002ae0 error 4 in syz-executor3946946922[7f9e3b2f1000+9a000] [ 161.582676][ T312] syz-executor394[312]: segfault at 2ae0 ip 00007f9e3b335a61 sp 0000000000002ae0 error 4 in syz-executor3946946922[7f9e3b2f1000+9a000] executing program [ 161.585728][ T322] syz-executor394[322]: segfault at 2ae0 ip 00007f9e3b335a61 sp 0000000000002ae0 error 4 in syz-executor3946946922[7f9e3b2f1000+9a000] [ 161.606564][ T327] syz-executor394[327]: segfault at 2ae0 ip 00007f9e3b335a61 sp 0000000000002ae0 error 4 in syz-executor3946946922[7f9e3b2f1000+9a000] [ 161.616958][ T335] syz-executor394[335]: segfault at 2ae0 ip 00007f9e3b335a61 sp 0000000000002ae0 error 4 in syz-executor3946946922[7f9e3b2f1000+9a000] [ 161.625144][ T329] syz-executor394[329]: segfault at 2ae0 ip 00007f9e3b335a61 sp 0000000000002ae0 error 4 in syz-executor3946946922[7f9e3b2f1000+9a000] [ 161.638636][ T22] audit: type=1400 audit(1662240300.010:74): avc: denied { sys_admin } for pid=308 comm="syz-executor394" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 161.652423][ T312] Code: c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 161.692889][ T322] Code: c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 161.695854][ T311] Code: c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f executing program [ 161.714380][ T335] Code: c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 161.733534][ T327] Code: c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 161.754047][ T22] audit: type=1400 audit(1662240300.010:75): avc: denied { sys_admin } for pid=307 comm="syz-executor394" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 executing program executing program executing program executing program executing program executing program executing program [ 161.777086][ T340] syz-executor394[340]: segfault at 2ae0 ip 00007f9e3b335a61 sp 0000000000002ae0 error 4 in syz-executor3946946922[7f9e3b2f1000+9a000] [ 161.793103][ T329] Code: c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 161.807018][ T340] Code: c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 166.562065][ T4250] show_signal_msg: 755 callbacks suppressed [ 166.562076][ T4250] syz-executor394[4250]: segfault at 2ae0 ip 00007f9e3b335a61 sp 0000000000002ae0 error 4 in syz-executor3946946922[7f9e3b2f1000+9a000] [ 166.583108][ T4246] syz-executor394[4246]: segfault at 2ae0 ip 00007f9e3b335a61 sp 0000000000002ae0 error 4 in syz-executor3946946922[7f9e3b2f1000+9a000] executing program executing program executing program executing program [ 166.583173][ T4250] Code: c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 166.604476][ T4256] syz-executor394[4256]: segfault at 2ae0 ip 00007f9e3b335a61 sp 0000000000002ae0 error 4 in syz-executor3946946922[7f9e3b2f1000+9a000] [ 166.644963][ T4264] syz-executor394[4264]: segfault at 2ae0 ip 00007f9e3b335a61 sp 0000000000002ae0 error 4 in syz-executor3946946922[7f9e3b2f1000+9a000] executing program [ 166.659299][ T4272] syz-executor394[4272]: segfault at 2ae0 ip 00007f9e3b335a61 sp 0000000000002ae0 error 4 in syz-executor3946946922[7f9e3b2f1000+9a000] [ 166.659579][ T4267] syz-executor394[4267]: segfault at 2ae0 ip 00007f9e3b335a61 sp 0000000000002ae0 error 4 in syz-executor3946946922[7f9e3b2f1000+9a000] [ 166.678820][ T4246] Code: c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 166.690936][ T4280] syz-executor394[4280]: segfault at 2ae0 ip 00007f9e3b335a61 sp 0000000000002ae0 error 4 in syz-executor3946946922[7f9e3b2f1000+9a000] [ 166.722002][ T4256] Code: c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 166.728324][ T4283] syz-executor394[4283]: segfault at 2ae0 ip 00007f9e3b335a61 sp 0000000000002ae0 error 4 in syz-executor3946946922[7f9e3b2f1000+9a000] [ 166.742745][ T4267] Code: c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 166.761065][ T4264] Code: c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f executing program executing program executing program executing program [ 166.775566][ T4280] Code: c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 166.814622][ T4272] Code: c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 166.822805][ T4283] Code: c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f executing program [ 166.865859][ T4300] syz-executor394[4300]: segfault at 2ae0 ip 00007f9e3b335a61 sp 0000000000002ae0 error 4 in syz-executor3946946922[7f9e3b2f1000+9a000] [ 166.877125][ T4308] syz-executor394[4308]: segfault at 2ae0 ip 00007f9e3b335a61 sp 0000000000002ae0 error 4 in syz-executor3946946922[7f9e3b2f1000+9a000] [ 166.896465][ T4308] Code: c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 166.916102][ T4300] Code: c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 168.974847][ T5895] ================================================================== [ 168.982929][ T5895] BUG: KASAN: use-after-free in try_to_del_timer_sync+0x2ad/0x460 [ 168.990700][ T5895] Write of size 8 at addr ffff8881ea7631c8 by task syz-executor394/5895 [ 168.998984][ T5895] [ 169.001290][ T5895] CPU: 0 PID: 5895 Comm: syz-executor394 Not tainted 5.4.197-syzkaller-00015-gf0306959ab7c #0 [ 169.011628][ T5895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 169.021662][ T5895] Call Trace: [ 169.024930][ T5895] dump_stack+0x18e/0x1d5 [ 169.029231][ T5895] ? try_to_del_timer_sync+0x2ad/0x460 [ 169.034669][ T5895] print_address_description+0x8c/0x630 [ 169.040191][ T5895] ? printk+0x76/0x96 [ 169.044143][ T5895] ? try_to_del_timer_sync+0x2ad/0x460 [ 169.049571][ T5895] ? vprintk_emit+0x3aa/0x3f0 [ 169.054233][ T5895] ? try_to_del_timer_sync+0x2ad/0x460 [ 169.059674][ T5895] __kasan_report+0xf6/0x130 [ 169.064245][ T5895] ? try_to_del_timer_sync+0x2ad/0x460 [ 169.069684][ T5895] kasan_report+0x30/0x60 [ 169.073983][ T5895] try_to_del_timer_sync+0x2ad/0x460 [ 169.079234][ T5895] del_timer_sync+0x74/0xd0 [ 169.083703][ T5895] tun_free_netdev+0x99/0x3b0 [ 169.088354][ T5895] ? find_next_bit+0xc6/0x110 [ 169.093004][ T5895] ? tun_xdp+0x3d0/0x3d0 [ 169.097213][ T5895] netdev_run_todo+0xa3c/0xc80 [ 169.101942][ T5895] ? kfree+0xc6/0x260 [ 169.105896][ T5895] ? netdev_state_change+0x5c/0x1b0 [ 169.111059][ T5895] tun_chr_close+0xc0/0xd0 [ 169.115441][ T5895] ? tun_chr_open+0x490/0x490 [ 169.120088][ T5895] __fput+0x261/0x680 [ 169.124034][ T5895] task_work_run+0x186/0x1b0 [ 169.128590][ T5895] do_exit+0xbe1/0x2b40 [ 169.132718][ T5895] do_group_exit+0x136/0x300 [ 169.137275][ T5895] get_signal+0xd99/0x13f0 [ 169.141661][ T5895] do_signal+0x3b/0x540 [ 169.145784][ T5895] exit_to_usermode_loop+0xdd/0x1d0 [ 169.150956][ T5895] prepare_exit_to_usermode+0x17c/0x1d0 [ 169.156480][ T5895] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 169.162342][ T5895] RIP: 0033:0x7f9e3b335a59 [ 169.166737][ T5895] Code: Bad RIP value. [ 169.170779][ T5895] RSP: 002b:00007f9e3b2e7308 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 169.179153][ T5895] RAX: 0000000000000000 RBX: 00007f9e3b3bd3e8 RCX: 00007f9e3b335a59 [ 169.187202][ T5895] RDX: 0000000020000040 RSI: 00000000400454ca RDI: 0000000000000003 [ 169.195140][ T5895] RBP: 00007f9e3b3bd3e0 R08: 0000000000000000 R09: 0000000000000000 [ 169.203077][ T5895] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9e3b38b074 [ 169.211014][ T5895] R13: 00007f9e3b3bd3ec R14: 74656e2f7665642f R15: 0000000000022000 [ 169.218960][ T5895] [ 169.221254][ T5895] The buggy address belongs to the page: [ 169.226854][ T5895] page:ffffea0007a9d8c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 169.235936][ T5895] flags: 0x8000000000000000() [ 169.240582][ T5895] raw: 8000000000000000 0000000000000000 ffffffff07a90101 0000000000000000 [ 169.249136][ T5895] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 169.257696][ T5895] page dumped because: kasan: bad access detected [ 169.264078][ T5895] page_owner tracks the page as freed [ 169.269420][ T5895] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x46dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_COMP|__GFP_ZERO) [ 169.283789][ T5895] prep_new_page+0x194/0x380 [ 169.288391][ T5895] get_page_from_freelist+0x524/0x560 [ 169.293732][ T5895] __alloc_pages_nodemask+0x2ab/0x6f0 [ 169.299069][ T5895] kmalloc_order_trace+0x2a/0xf0 [ 169.303974][ T5895] kvmalloc_node+0x7e/0xf0 [ 169.308380][ T5895] alloc_netdev_mqs+0x86/0xc30 [ 169.313122][ T5895] tun_set_iff+0x4f9/0x1050 [ 169.317603][ T5895] __tun_chr_ioctl+0x6c7/0x1b70 [ 169.322428][ T5895] do_vfs_ioctl+0x6d1/0x15b0 [ 169.326988][ T5895] __x64_sys_ioctl+0xd4/0x110 [ 169.331633][ T5895] do_syscall_64+0xcb/0x1c0 [ 169.336104][ T5895] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 169.341969][ T5895] page last free stack trace: [ 169.346630][ T5895] __free_pages_ok+0x7ee/0x920 [ 169.351358][ T5895] __free_pages+0x45/0x1e0 [ 169.355743][ T5895] kfree+0x1ef/0x260 [ 169.359628][ T5895] device_release+0x70/0x1a0 [ 169.364184][ T5895] kobject_release+0x1f3/0x3d0 [ 169.368912][ T5895] netdev_run_todo+0xae7/0xc80 [ 169.373646][ T5895] tun_chr_close+0xc0/0xd0 [ 169.378042][ T5895] __fput+0x261/0x680 [ 169.381987][ T5895] task_work_run+0x186/0x1b0 [ 169.386561][ T5895] do_exit+0xbe1/0x2b40 [ 169.390679][ T5895] do_group_exit+0x136/0x300 [ 169.395235][ T5895] get_signal+0xd99/0x13f0 [ 169.399620][ T5895] do_signal+0x3b/0x540 [ 169.403742][ T5895] exit_to_usermode_loop+0xdd/0x1d0 [ 169.408904][ T5895] prepare_exit_to_usermode+0x17c/0x1d0 [ 169.414414][ T5895] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 169.420267][ T5895] [ 169.422561][ T5895] Memory state around the buggy address: [ 169.428155][ T5895] ffff8881ea763080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 169.436189][ T5895] ffff8881ea763100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 169.444228][ T5895] >ffff8881ea763180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 169.452270][ T5895] ^ [ 169.458656][ T5895] ffff8881ea763200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 169.466698][ T5895] ffff8881ea763280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff executing program executing program executing program executing program executing program executing program [ 169.474729][ T5895] ================================================================== [ 169.482759][ T5895] Disabling lock debugging due to kernel taint executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 171.586750][ T7603] show_signal_msg: 617 callbacks suppressed [ 171.586760][ T7603] syz-executor394[7603]: segfault at 2ae0 ip 00007f9e3b335a61 sp 0000000000002ae0 error 4 in syz-executor3946946922[7f9e3b2f1000+9a000] [ 171.595830][ T7611] syz-executor394[7611]: segfault at 2ae0 ip 00007f9e3b335a61 sp 0000000000002ae0 error 4 in syz-executor3946946922[7f9e3b2f1000+9a000] [ 171.609078][ T7599] syz-executor394[7599]: segfault at 2ae0 ip 00007f9e3b335a61 sp 0000000000002ae0 error 4 in syz-executor3946946922[7f9e3b2f1000+9a000] executing program [ 171.625563][ T7611] Code: c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 171.663212][ T7599] Code: c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f executing program executing program executing program [ 171.673833][ T7603] Code: c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 171.715969][ T7627] syz-executor394[7627]: segfault at 2ae0 ip 00007f9e3b335a61 sp 0000000000002ae0 error 4 in syz-executor3946946922[7f9e3b2f1000+9a000] [ 171.718609][ T7620] syz-executor394[7620]: segfault at 2ae0 ip 00007f9e3b335a61 sp 0000000000002ae0 error 4 in syz-executor3946946922[7f9e3b2f1000+9a000] [ 171.732577][ T7630] syz-executor394[7630]: segfault at 2ae0 ip 00007f9e3b335a61 sp 0000000000002ae0 error 4 in syz-executor3946946922[7f9e3b2f1000+9a000] [ 171.752476][ T7633] syz-executor394[7633]: segfault at 2ae0 ip 00007f9e3b335a61 sp 0000000000002ae0 error 4 in syz-executor3946946922[7f9e3b2f1000+9a000] [ 171.759757][ T7627] Code: c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 171.793931][ T7630] Code: c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 171.811557][ T7633] Code: c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f executing program executing program [ 171.820414][ T7620] Code: c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 171.866913][ T7648] syz-executor394[7648]: segfault at 2ae0 ip 00007f9e3b335a61 sp 0000000000002ae0 error 4 in syz-executor3946946922[7f9e3b2f1000+9a000] executing program executing program executing program executing program executing program [ 171.883966][ T7647] syz-executor394[7647]: segfault at 2ae0 ip 00007f9e3b335a61 sp 0000000000002ae0 error 4 in syz-executor3946946922[7f9e3b2f1000+9a000] [ 171.900752][ T7660] syz-executor394[7660]: segfault at 2ae0 ip 00007f9e3b335a61 sp 0000000000002ae0 error 4 in syz-executor3946946922[7f9e3b2f1000+9a000] [ 171.917830][ T7648] Code: c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f executing program executing program executing program executing program executing program executing program executing program executing program [ 171.929788][ T7647] Code: c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 171.948415][ T7660] Code: c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 172.378581][ C0] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 172.386394][ C0] #PF: supervisor instruction fetch in kernel mode [ 172.392876][ C0] #PF: error_code(0x0010) - not-present page [ 172.398851][ C0] PGD 0 P4D 0 [ 172.402263][ C0] Oops: 0010 [#1] PREEMPT SMP KASAN [ 172.407446][ C0] CPU: 0 PID: 328 Comm: udevd Tainted: G B 5.4.197-syzkaller-00015-gf0306959ab7c #0 [ 172.418084][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 executing program executing program executing program executing program executing program executing program executing program [ 172.428122][ C0] RIP: 0010:0x0 [ 172.431588][ C0] Code: Bad RIP value. [ 172.435649][ C0] RSP: 0018:ffff8881f6e09d30 EFLAGS: 00010206 [ 172.441773][ C0] RAX: ffffffff81519fb9 RBX: 0000000000000100 RCX: ffff8881de655e80 [ 172.449730][ C0] RDX: 0000000080000100 RSI: 0000000000000000 RDI: ffff8881ea7631c0 [ 172.457687][ C0] RBP: ffff8881ea7631e0 R08: ffffffff81519d92 R09: ffffed103edc92f8 [ 172.465641][ C0] R10: ffffed103edc92f8 R11: 1ffff1103edc92f7 R12: 00000000ffffcd40 [ 172.473590][ C0] R13: 1ffff1103edc92f1 R14: 0000000000000000 R15: ffff8881ea7631c0 [ 172.481545][ C0] FS: 00007efc2dc13840(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 172.490456][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 172.497012][ C0] CR2: ffffffffffffffd6 CR3: 00000001de5dd000 CR4: 00000000003406f0 [ 172.504955][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 172.512898][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 172.520836][ C0] Call Trace: [ 172.524093][ C0] [ 172.526919][ C0] call_timer_fn+0x31/0x350 [ 172.531394][ C0] expire_timers+0x21e/0x400 [ 172.535954][ C0] __run_timers+0x5b0/0x6b0 [ 172.540431][ C0] ? kvm_sched_clock_read+0x14/0x40 [ 172.545601][ C0] run_timer_softirq+0x46/0x80 [ 172.550332][ C0] __do_softirq+0x23e/0x643 [ 172.554806][ C0] irq_exit+0x195/0x1c0 [ 172.558933][ C0] smp_apic_timer_interrupt+0x113/0x440 [ 172.564450][ C0] apic_timer_interrupt+0xf/0x20 [ 172.569352][ C0] [ 172.572270][ C0] RIP: 0010:memset_erms+0x9/0x10 [ 172.577179][ C0] Code: c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 f3 48 ab 89 d1 f3 aa 4c 89 c8 c3 90 49 89 f9 40 88 f0 48 89 d1 aa 4c 89 c8 c3 90 49 89 fa 40 0f b6 ce 48 b8 01 01 01 01 01 01 [ 172.596754][ C0] RSP: 0018:ffff8881de65f8b8 EFLAGS: 00010246 ORIG_RAX: ffffffffffffff13 [ 172.605132][ C0] RAX: 0000000000000100 RBX: 0000000000000000 RCX: 0000000000000180 [ 172.613074][ C0] RDX: 0000000000000200 RSI: 0000000000000000 RDI: ffff8881de65f940 [ 172.621012][ C0] RBP: ffff8881de65fb00 R08: dffffc0000000000 R09: ffff8881de65f8c0 [ 172.628949][ C0] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8881ed0e4000 [ 172.636890][ C0] R13: 0000000000001000 R14: ffff8881f5c0c280 R15: ffff8881de65f8c0 [ 172.644842][ C0] __kasan_slab_free+0x169/0x240 [ 172.649752][ C0] ? format_decode+0x3bc/0x1930 [ 172.654574][ C0] ? string+0x289/0x2d0 [ 172.658699][ C0] ? memcpy+0x38/0x50 [ 172.662648][ C0] ? vsnprintf+0x1a4e/0x1b00 [ 172.667220][ C0] slab_free_freelist_hook+0x80/0x150 [ 172.672562][ C0] ? uevent_show+0x1d7/0x2f0 [ 172.677117][ C0] kfree+0xc6/0x260 [ 172.680897][ C0] uevent_show+0x1d7/0x2f0 [ 172.685295][ C0] dev_attr_show+0x50/0xc0 [ 172.689681][ C0] ? device_get_ownership+0xa0/0xa0 [ 172.694852][ C0] sysfs_kf_seq_show+0x264/0x3e0 [ 172.699759][ C0] seq_read+0x4ca/0xda0 [ 172.703887][ C0] ? kernfs_notify_workfn+0x4b0/0x4b0 [ 172.709230][ C0] __vfs_read+0xa5/0x690 [ 172.713445][ C0] vfs_read+0x166/0x370 [ 172.717576][ C0] ksys_read+0x158/0x260 [ 172.721788][ C0] do_syscall_64+0xcb/0x1c0 [ 172.726259][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 172.732120][ C0] RIP: 0033:0x7efc2dd6a8fe [ 172.736504][ C0] Code: c0 e9 e6 fe ff ff 50 48 8d 3d 0e c7 09 00 e8 c9 cf 01 00 66 0f 1f 84 00 00 00 00 00 64 8b 04 25 18 00 00 00 85 c0 75 14 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 66 0f 1f 84 00 00 00 00 00 48 83 ec 28 [ 172.756074][ C0] RSP: 002b:00007ffd3bc9b128 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 172.764455][ C0] RAX: ffffffffffffffda RBX: 000055af93fa9190 RCX: 00007efc2dd6a8fe [ 172.772409][ C0] RDX: 0000000000001000 RSI: 000055af93f80850 RDI: 0000000000000008 [ 172.780350][ C0] RBP: 00007efc2de37380 R08: 0000000000000008 R09: 00007efc2de3aa60 [ 172.788291][ C0] R10: 0000000000000063 R11: 0000000000000246 R12: 000055af93fa9190 [ 172.796229][ C0] R13: 0000000000000d68 R14: 00007efc2de36780 R15: 0000000000000d68 [ 172.804169][ C0] Modules linked in: [ 172.808048][ C0] CR2: 0000000000000000 [ 172.812170][ C0] ---[ end trace efb6e0b212ce1a7c ]--- [ 172.817601][ C0] RIP: 0010:0x0 [ 172.821037][ C0] Code: Bad RIP value. [ 172.825072][ C0] RSP: 0018:ffff8881f6e09d30 EFLAGS: 00010206 [ 172.831103][ C0] RAX: ffffffff81519fb9 RBX: 0000000000000100 RCX: ffff8881de655e80 [ 172.839041][ C0] RDX: 0000000080000100 RSI: 0000000000000000 RDI: ffff8881ea7631c0 [ 172.846987][ C0] RBP: ffff8881ea7631e0 R08: ffffffff81519d92 R09: ffffed103edc92f8 [ 172.854927][ C0] R10: ffffed103edc92f8 R11: 1ffff1103edc92f7 R12: 00000000ffffcd40 [ 172.862872][ C0] R13: 1ffff1103edc92f1 R14: 0000000000000000 R15: ffff8881ea7631c0 [ 172.870825][ C0] FS: 00007efc2dc13840(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 172.879718][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 172.886269][ C0] CR2: ffffffffffffffd6 CR3: 00000001de5dd000 CR4: 00000000003406f0 [ 172.894229][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 172.902168][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 172.910112][ C0] Kernel panic - not syncing: Fatal exception in interrupt [ 172.917521][ C0] Kernel Offset: disabled [ 172.921821][ C0] Rebooting in 86400 seconds..