Warning: Permanently added '10.128.1.168' (ED25519) to the list of known hosts. 2025/04/13 02:57:00 ignoring optional flag "sandboxArg"="0" 2025/04/13 02:57:00 ignoring optional flag "type"="gce" 2025/04/13 02:57:00 parsed 1 programs 2025/04/13 02:57:00 executed programs: 0 [ 48.809187][ T415] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.816785][ T415] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.824810][ T415] device bridge_slave_0 entered promiscuous mode [ 48.856333][ T415] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.863174][ T415] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.870856][ T415] device bridge_slave_1 entered promiscuous mode [ 48.959502][ T424] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.966817][ T424] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.974340][ T424] device bridge_slave_0 entered promiscuous mode [ 48.990939][ T424] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.997914][ T424] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.005607][ T424] device bridge_slave_1 entered promiscuous mode [ 49.139660][ T428] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.146893][ T428] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.154334][ T428] device bridge_slave_0 entered promiscuous mode [ 49.182335][ T425] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.189230][ T425] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.196840][ T425] device bridge_slave_0 entered promiscuous mode [ 49.203706][ T428] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.210996][ T428] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.218515][ T428] device bridge_slave_1 entered promiscuous mode [ 49.256255][ T425] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.263184][ T425] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.271076][ T425] device bridge_slave_1 entered promiscuous mode [ 49.277937][ T426] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.284853][ T426] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.292516][ T426] device bridge_slave_0 entered promiscuous mode [ 49.316833][ T426] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.323685][ T426] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.331421][ T426] device bridge_slave_1 entered promiscuous mode [ 49.381489][ T424] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.388378][ T424] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.395563][ T424] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.402777][ T424] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.429171][ T427] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.436340][ T427] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.444005][ T427] device bridge_slave_0 entered promiscuous mode [ 49.452103][ T427] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.458969][ T427] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.466769][ T427] device bridge_slave_1 entered promiscuous mode [ 49.535521][ T415] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.542621][ T415] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.549899][ T415] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.556840][ T415] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.677716][ T428] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.684944][ T428] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.692372][ T428] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.699317][ T428] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.724596][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.735145][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.744907][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 49.753974][ T7] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.761632][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.769674][ T7] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.777148][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.786965][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 49.794790][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 49.827622][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.835957][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.843160][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.850931][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.859140][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.866133][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.917125][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 49.925585][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 49.945780][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 49.953963][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 49.962817][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 49.971930][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 49.980272][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 49.988817][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 50.033036][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 50.041582][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 50.069470][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 50.076903][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 50.084331][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 50.093154][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 50.101741][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 50.110425][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.119001][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.125834][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.133623][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 50.141657][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 50.150205][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 50.158772][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.167166][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.173994][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.211212][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 50.218998][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 50.227012][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 50.235246][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.245092][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.251972][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.259636][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 50.268293][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.276473][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.283565][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.290955][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 50.299250][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.307583][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.314457][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.321965][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 50.330948][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.339112][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.346222][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.353851][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 50.361426][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 50.368978][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 50.377437][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 50.385523][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 50.394243][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.403235][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.410235][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.418139][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 50.426564][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.434657][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.441535][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.448871][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 50.457258][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 50.465060][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 50.472810][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 50.480851][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 50.510303][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 50.518966][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 50.527257][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 50.535659][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 50.544456][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 50.553049][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 50.561217][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 50.578333][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 50.591038][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 50.599671][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 50.633497][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 50.641685][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 50.650634][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 50.659234][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 50.668308][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 50.677425][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 50.685515][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 50.693709][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 50.712377][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 50.721029][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 50.730794][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 50.739172][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 50.747893][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 50.761445][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 50.789075][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 50.797891][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 50.808314][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 50.817078][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 50.849314][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 50.857393][ T23] kauditd_printk_skb: 15 callbacks suppressed [ 50.857405][ T23] audit: type=1400 audit(1744513023.140:91): avc: denied { mounton } for pid=424 comm="syz-executor.2" path="/dev/binderfs" dev="devtmpfs" ino=11688 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 50.859628][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 50.895826][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 50.905025][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 50.921323][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 50.930126][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 50.940052][ T23] audit: type=1400 audit(1744513023.220:92): avc: denied { sys_admin } for pid=451 comm="syz-executor.2" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 50.970483][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 50.979553][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 51.024490][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 51.032805][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 51.041960][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 51.050651][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 51.059134][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 51.067614][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 51.087102][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 51.095957][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 51.104768][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 51.114074][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 51.143478][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 51.153189][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 51.163249][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 51.171854][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 51.184551][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 51.192989][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 51.280741][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 51.290089][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 51.332263][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 51.340557][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 52.697804][ T853] ================================================================== [ 52.705737][ T853] BUG: KASAN: use-after-free in enqueue_timer+0xb7/0x300 [ 52.712647][ T853] Write of size 8 at addr ffff8881e2c0f1c8 by task syz-executor.3/853 [ 52.720763][ T853] [ 52.722929][ T853] CPU: 1 PID: 853 Comm: syz-executor.3 Not tainted 5.4.290-syzkaller-05053-g41adfeb3d639 #0 [ 52.733272][ T853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 52.743255][ T853] Call Trace: [ 52.746375][ T853] dump_stack+0x1d8/0x241 [ 52.750527][ T853] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 52.756169][ T853] ? printk+0xd1/0x111 [ 52.760076][ T853] ? enqueue_timer+0xb7/0x300 [ 52.764586][ T853] ? wake_up_klogd+0xb2/0xf0 [ 52.769098][ T853] ? enqueue_timer+0xb7/0x300 [ 52.773612][ T853] print_address_description+0x8c/0x600 [ 52.778996][ T853] ? panic+0x89d/0x89d [ 52.782902][ T853] ? enqueue_timer+0xb7/0x300 [ 52.787521][ T853] __kasan_report+0xf3/0x120 [ 52.791956][ T853] ? enqueue_timer+0xb7/0x300 [ 52.796663][ T853] kasan_report+0x30/0x60 [ 52.800850][ T853] enqueue_timer+0xb7/0x300 [ 52.805183][ T853] internal_add_timer+0x240/0x430 [ 52.810037][ T853] __mod_timer+0x6f1/0x13e0 [ 52.814495][ T853] ? mod_timer_pending+0x20/0x20 [ 52.819257][ T853] ? selinux_tun_dev_alloc_security+0x4d/0x130 [ 52.825248][ T853] ? selinux_tun_dev_alloc_security+0x5e/0x130 [ 52.831412][ T853] ? init_timer_key+0x2d/0x1f0 [ 52.836007][ T853] tun_net_init+0x287/0x540 [ 52.840352][ T853] register_netdevice+0x1c0/0x12a0 [ 52.845385][ T853] ? netdev_update_lockdep_key+0x10/0x10 [ 52.851005][ T853] ? memset+0x1f/0x40 [ 52.854823][ T853] tun_set_iff+0x7f7/0xdc0 [ 52.859077][ T853] __tun_chr_ioctl+0x8a9/0x1d00 [ 52.863781][ T853] ? tun_flow_create+0x250/0x250 [ 52.868663][ T853] ? tun_chr_poll+0x670/0x670 [ 52.873160][ T853] do_vfs_ioctl+0x742/0x1720 [ 52.877761][ T853] ? ioctl_preallocate+0x250/0x250 [ 52.882814][ T853] ? __fget+0x407/0x490 [ 52.886786][ T853] ? fget_many+0x20/0x20 [ 52.890857][ T853] ? switch_fpu_return+0x1d4/0x410 [ 52.895920][ T853] ? security_file_ioctl+0x7d/0xa0 [ 52.900950][ T853] __x64_sys_ioctl+0xd4/0x110 [ 52.905595][ T853] do_syscall_64+0xca/0x1c0 [ 52.910234][ T853] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 52.916060][ T853] RIP: 0033:0x7f92d3797a29 [ 52.920372][ T853] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 52.939911][ T853] RSP: 002b:00007f92d371d0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 52.948284][ T853] RAX: ffffffffffffffda RBX: 00007f92d38a9f80 RCX: 00007f92d3797a29 [ 52.956218][ T853] RDX: 0000000020000040 RSI: 00000000400454ca RDI: 0000000000000003 [ 52.964004][ T853] RBP: 00007f92d37f32d0 R08: 0000000000000000 R09: 0000000000000000 [ 52.971802][ T853] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 52.979648][ T853] R13: 000000000000000b R14: 00007f92d38a9f80 R15: 00007ffef85ff308 [ 52.987446][ T853] [ 52.989595][ T853] The buggy address belongs to the page: [ 52.995164][ T853] page:ffffea00078b03c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 53.004463][ T853] flags: 0x8000000000000000() [ 53.008994][ T853] raw: 8000000000000000 0000000000000000 ffffea00078b03c8 0000000000000000 [ 53.017691][ T853] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 53.026177][ T853] page dumped because: kasan: bad access detected [ 53.032644][ T853] page_owner tracks the page as freed [ 53.037815][ T853] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x146dc0(GFP_USER|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_COMP|__GFP_ZERO) [ 53.051970][ T853] prep_new_page+0x18f/0x370 [ 53.056471][ T853] get_page_from_freelist+0x2d13/0x2d90 [ 53.061855][ T853] __alloc_pages_nodemask+0x393/0x840 [ 53.067062][ T853] kmalloc_order_trace+0x2a/0x100 [ 53.072011][ T853] kvmalloc_node+0x7e/0xf0 [ 53.076271][ T853] alloc_netdev_mqs+0x85/0xc70 [ 53.080860][ T853] tun_set_iff+0x51f/0xdc0 [ 53.085218][ T853] __tun_chr_ioctl+0x8a9/0x1d00 [ 53.090147][ T853] do_vfs_ioctl+0x742/0x1720 [ 53.094771][ T853] __x64_sys_ioctl+0xd4/0x110 [ 53.099285][ T853] do_syscall_64+0xca/0x1c0 [ 53.103701][ T853] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 53.109505][ T853] page last free stack trace: [ 53.114039][ T853] __free_pages_ok+0x847/0x950 [ 53.118734][ T853] __free_pages+0x91/0x140 [ 53.122991][ T853] device_release+0x6b/0x190 [ 53.127660][ T853] kobject_put+0x1e6/0x2f0 [ 53.132242][ T853] tun_set_iff+0x870/0xdc0 [ 53.136487][ T853] __tun_chr_ioctl+0x8a9/0x1d00 [ 53.141255][ T853] do_vfs_ioctl+0x742/0x1720 [ 53.145794][ T853] __x64_sys_ioctl+0xd4/0x110 [ 53.150497][ T853] do_syscall_64+0xca/0x1c0 [ 53.155236][ T853] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 53.161042][ T853] [ 53.163392][ T853] Memory state around the buggy address: [ 53.168871][ T853] ffff8881e2c0f080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 53.176916][ T853] ffff8881e2c0f100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 53.185095][ T853] >ffff8881e2c0f180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 53.192975][ T853] ^ [ 53.199290][ T853] ffff8881e2c0f200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 53.207661][ T853] ffff8881e2c0f280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 53.215629][ T853] ================================================================== [ 53.223539][ T853] Disabling lock debugging due to kernel taint 2025/04/13 02:57:05 executed programs: 138 [ 56.426122][ C1] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 56.433759][ C1] #PF: supervisor instruction fetch in kernel mode [ 56.440083][ C1] #PF: error_code(0x0010) - not-present page [ 56.445900][ C1] PGD 0 P4D 0 [ 56.449201][ C1] Oops: 0010 [#1] PREEMPT SMP KASAN [ 56.454339][ C1] CPU: 1 PID: 489 Comm: udevd Tainted: G B 5.4.290-syzkaller-05053-g41adfeb3d639 #0 [ 56.465559][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 56.475459][ C1] RIP: 0010:0x0 [ 56.478756][ C1] Code: Bad RIP value. [ 56.482936][ C1] RSP: 0018:ffff8881f6f09d18 EFLAGS: 00010202 [ 56.488802][ C1] RAX: ffffffff8154e8ca RBX: 0000000000000101 RCX: ffff8881e8093f00 [ 56.496610][ C1] RDX: 0000000000000101 RSI: 0000000000000000 RDI: ffff8881e2c0f1c0 [ 56.504808][ C1] RBP: ffff8881f6f09ec8 R08: ffffffff8154e50e R09: 0000000000000003 [ 56.512803][ C1] R10: ffffffffffffffff R11: dffffc0000000001 R12: 00000000ffff9ff0 [ 56.520616][ C1] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8881e2c0f1c0 [ 56.528433][ C1] FS: 00007fcdfa8bbc80(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 56.537191][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 56.543612][ C1] CR2: ffffffffffffffd6 CR3: 00000001d8eb5000 CR4: 00000000003406a0 [ 56.551512][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 56.559331][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 56.567217][ C1] Call Trace: [ 56.570377][ C1] [ 56.573147][ C1] ? __die+0xb4/0x100 [ 56.576992][ C1] ? no_context+0xac7/0xd20 [ 56.581455][ C1] ? enqueue_timer+0x165/0x300 [ 56.586143][ C1] ? is_prefetch+0x4b0/0x4b0 [ 56.590698][ C1] ? _raw_spin_unlock_irqrestore+0x57/0x80 [ 56.596428][ C1] ? __do_page_fault+0xa72/0xbb0 [ 56.601471][ C1] ? __bad_area_nosemaphore+0xc0/0x470 [ 56.606761][ C1] ? page_fault+0x2f/0x40 [ 56.610924][ C1] ? __run_timers+0x84e/0xbe0 [ 56.615432][ C1] ? call_timer_fn+0x2a/0x390 [ 56.620123][ C1] call_timer_fn+0x36/0x390 [ 56.624463][ C1] __run_timers+0x879/0xbe0 [ 56.628801][ C1] ? enqueue_timer+0x300/0x300 [ 56.633493][ C1] ? check_preemption_disabled+0x9f/0x320 [ 56.639056][ C1] ? debug_smp_processor_id+0x20/0x20 [ 56.644258][ C1] ? lapic_next_event+0x5b/0x70 [ 56.649036][ C1] run_timer_softirq+0x63/0xf0 [ 56.653630][ C1] __do_softirq+0x23b/0x6b7 [ 56.658082][ C1] ? sched_clock_cpu+0x18/0x3a0 [ 56.662859][ C1] irq_exit+0x195/0x1c0 [ 56.666856][ C1] smp_apic_timer_interrupt+0x11a/0x490 [ 56.672445][ C1] apic_timer_interrupt+0xf/0x20 [ 56.677393][ C1] [ 56.680245][ C1] RIP: 0010:preempt_count_add+0x6b/0x180 [ 56.685793][ C1] Code: c7 c0 c0 49 eb 86 48 c1 e8 03 42 0f b6 04 38 84 c0 0f 85 d9 00 00 00 83 3d 11 59 a6 05 00 75 11 65 8b 05 d4 9c bd 7e 0f b6 c0 <3d> f5 00 00 00 73 59 65 8b 05 c3 9c bd 7e 25 ff ff ff 7f 39 d8 75 [ 56.705971][ C1] RSP: 0018:ffff8881e8b97de0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 56.714727][ C1] RAX: 0000000000000001 RBX: 0000000000000001 RCX: ffffffff86eb4903 [ 56.722645][ C1] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000001 [ 56.730539][ C1] RBP: ffff8881e8b97ea0 R08: ffffffff81006fef R09: 0000000000000000 [ 56.738591][ C1] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 56.746684][ C1] R13: ffff8881e89137c0 R14: dffffc0000000000 R15: dffffc0000000000 [ 56.754482][ C1] ? do_syscall_64+0x7f/0x1c0 [ 56.759196][ C1] _raw_spin_lock+0x6e/0x1b0 [ 56.763621][ C1] ? _raw_spin_trylock_bh+0x190/0x190 [ 56.768811][ C1] ? check_preemption_disabled+0x153/0x320 [ 56.774584][ C1] ? debug_smp_processor_id+0x20/0x20 [ 56.779969][ C1] __close_fd+0x32/0x2c0 [ 56.784126][ C1] __x64_sys_close+0x61/0xb0 [ 56.788645][ C1] do_syscall_64+0xca/0x1c0 [ 56.793154][ C1] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 56.799017][ C1] RIP: 0033:0x7fcdfa9e70a8 [ 56.803338][ C1] Code: 48 8b 05 83 9d 0d 00 64 c7 00 16 00 00 00 83 c8 ff 48 83 c4 20 5b c3 64 8b 04 25 18 00 00 00 85 c0 75 20 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 5b 48 8b 15 51 9d 0d 00 f7 d8 64 89 02 48 83 [ 56.823923][ C1] RSP: 002b:00007ffe856fe3a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 56.832388][ C1] RAX: ffffffffffffffda RBX: 0000561bae0bb730 RCX: 00007fcdfa9e70a8 [ 56.840436][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000b [ 56.848244][ C1] RBP: 0000561bae0bb730 R08: 0000000000000007 R09: 73039ddc21f734da [ 56.856052][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000561bae0bb730 [ 56.863884][ C1] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000001 [ 56.871676][ C1] Modules linked in: [ 56.875522][ C1] CR2: 0000000000000000 [ 56.879693][ C1] ---[ end trace 92ddd9e5360fa08a ]--- [ 56.885227][ C1] RIP: 0010:0x0 [ 56.888525][ C1] Code: Bad RIP value. [ 56.892710][ C1] RSP: 0018:ffff8881f6f09d18 EFLAGS: 00010202 [ 56.898799][ C1] RAX: ffffffff8154e8ca RBX: 0000000000000101 RCX: ffff8881e8093f00 [ 56.906607][ C1] RDX: 0000000000000101 RSI: 0000000000000000 RDI: ffff8881e2c0f1c0 [ 56.914672][ C1] RBP: ffff8881f6f09ec8 R08: ffffffff8154e50e R09: 0000000000000003 [ 56.922574][ C1] R10: ffffffffffffffff R11: dffffc0000000001 R12: 00000000ffff9ff0 [ 56.930564][ C1] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8881e2c0f1c0 [ 56.938547][ C1] FS: 00007fcdfa8bbc80(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 56.947329][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 56.953819][ C1] CR2: ffffffffffffffd6 CR3: 00000001d8eb5000 CR4: 00000000003406a0 [ 56.961769][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 56.970006][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 56.978184][ C1] Kernel panic - not syncing: Fatal exception in interrupt [ 56.985868][ C1] Kernel Offset: disabled [ 56.990090][ C1] Rebooting in 86400 seconds..