Warning: Permanently added '10.128.1.198' (ED25519) to the list of known hosts. 2024/09/13 08:45:49 ignoring optional flag "sandboxArg"="0" 2024/09/13 08:45:50 parsed 1 programs 2024/09/13 08:45:50 executed programs: 0 [ 48.024559][ T420] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.031455][ T420] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.038791][ T420] device bridge_slave_0 entered promiscuous mode [ 48.075588][ T420] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.084032][ T420] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.091882][ T420] device bridge_slave_1 entered promiscuous mode [ 48.221133][ T422] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.227976][ T422] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.235629][ T422] device bridge_slave_0 entered promiscuous mode [ 48.245309][ T422] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.252871][ T422] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.260318][ T422] device bridge_slave_1 entered promiscuous mode [ 48.304307][ T424] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.311264][ T424] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.318546][ T424] device bridge_slave_0 entered promiscuous mode [ 48.329381][ T424] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.336218][ T424] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.343655][ T424] device bridge_slave_1 entered promiscuous mode [ 48.382905][ T423] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.389795][ T423] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.397077][ T423] device bridge_slave_0 entered promiscuous mode [ 48.407651][ T423] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.414574][ T423] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.421973][ T423] device bridge_slave_1 entered promiscuous mode [ 48.455280][ T425] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.462161][ T425] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.469805][ T425] device bridge_slave_0 entered promiscuous mode [ 48.499438][ T425] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.506401][ T425] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.514133][ T425] device bridge_slave_1 entered promiscuous mode [ 48.540291][ T421] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.547142][ T421] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.554703][ T421] device bridge_slave_0 entered promiscuous mode [ 48.565885][ T421] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.572767][ T421] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.580093][ T421] device bridge_slave_1 entered promiscuous mode [ 48.682906][ T420] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.689877][ T420] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.697063][ T420] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.704109][ T420] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.812469][ T124] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.820175][ T124] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.829080][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 48.837374][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.861675][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.869901][ T74] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.876844][ T74] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.884645][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.893211][ T74] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.900076][ T74] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.930954][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.940199][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 49.002355][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 49.010166][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 49.036994][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 49.046204][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.054387][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.061223][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.068483][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 49.076925][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 49.085246][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 49.093827][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.101855][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.108694][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.115972][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 49.123733][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 49.131783][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 49.165038][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 49.173698][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 49.194137][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 49.202024][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 49.209769][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 49.218002][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 49.226834][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 49.235295][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.243783][ T371] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.250755][ T371] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.257975][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 49.266915][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.275101][ T371] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.281956][ T371] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.289760][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 49.315478][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 49.323733][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 49.332558][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 49.341329][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.349495][ T124] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.356327][ T124] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.364162][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 49.373298][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 49.381784][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 49.390430][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.398385][ T124] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.405247][ T124] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.422261][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 49.430533][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 49.437880][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 49.445822][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 49.454069][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 49.473138][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 49.481867][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 49.490113][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 49.498449][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 49.507667][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.516199][ T74] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.523308][ T74] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.532259][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 49.540116][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 49.547978][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 49.583148][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 49.591387][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 49.599686][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 49.607668][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 49.616791][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 49.625395][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 49.633996][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.642359][ T371] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.649251][ T371] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.656824][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 49.666158][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.674585][ T371] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.681434][ T371] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.688604][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 49.696991][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.705104][ T371] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.711950][ T371] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.719104][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 49.727154][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 49.735147][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 49.787297][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 49.795230][ T23] kauditd_printk_skb: 15 callbacks suppressed [ 49.795242][ T23] audit: type=1400 audit(1726217151.980:91): avc: denied { sys_admin } for pid=449 comm="syz-executor.1" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 49.823544][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 49.831712][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 49.839581][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 49.847765][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 49.856170][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 49.864489][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 49.872739][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 49.889436][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 49.897507][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 49.909840][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 49.938518][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 49.947428][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 49.956409][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 49.979207][ T23] audit: type=1400 audit(1726217152.150:92): avc: denied { mounton } for pid=423 comm="syz-executor.2" path="/dev/binderfs" dev="devtmpfs" ino=10614 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 50.004246][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 50.023825][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 50.033229][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 50.041809][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 50.050850][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 50.078556][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 50.087371][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 50.095948][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 50.104105][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 50.122069][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 50.131287][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 50.175428][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 50.185111][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 50.194835][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 50.203243][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 50.211611][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 50.219981][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 50.266474][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 50.275788][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 50.284393][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 50.292974][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 50.353972][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 50.368168][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 50.412265][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 50.424011][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2024/09/13 08:45:55 executed programs: 207 2024/09/13 08:46:00 executed programs: 589 [ 62.320480][ T3854] ================================================================== [ 62.328477][ T3854] BUG: KASAN: use-after-free in enqueue_timer+0xb7/0x300 [ 62.335308][ T3854] Write of size 8 at addr ffff8881e34431c8 by task syz-executor.2/3854 [ 62.343375][ T3854] [ 62.345677][ T3854] CPU: 1 PID: 3854 Comm: syz-executor.2 Not tainted 5.4.281-syzkaller-04949-gc8a568fb88e9 #0 [ 62.355654][ T3854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 62.365564][ T3854] Call Trace: [ 62.368679][ T3854] dump_stack+0x1d8/0x241 [ 62.372837][ T3854] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 62.378526][ T3854] ? printk+0xd1/0x111 [ 62.382386][ T3854] ? enqueue_timer+0xb7/0x300 [ 62.386994][ T3854] ? wake_up_klogd+0xb2/0xf0 [ 62.391416][ T3854] ? enqueue_timer+0xb7/0x300 [ 62.395924][ T3854] print_address_description+0x8c/0x600 [ 62.401396][ T3854] ? panic+0x89d/0x89d [ 62.405296][ T3854] ? enqueue_timer+0xb7/0x300 [ 62.409816][ T3854] __kasan_report+0xf3/0x120 [ 62.414326][ T3854] ? enqueue_timer+0xb7/0x300 [ 62.418839][ T3854] kasan_report+0x30/0x60 [ 62.423183][ T3854] enqueue_timer+0xb7/0x300 [ 62.427520][ T3854] internal_add_timer+0x240/0x430 [ 62.432379][ T3854] __mod_timer+0x6f1/0x13e0 [ 62.436715][ T3854] ? mod_timer_pending+0x20/0x20 [ 62.441494][ T3854] ? selinux_tun_dev_alloc_security+0x4d/0x130 [ 62.447748][ T3854] ? selinux_tun_dev_alloc_security+0x5e/0x130 [ 62.453840][ T3854] ? init_timer_key+0x2d/0x1f0 [ 62.458414][ T3854] tun_net_init+0x287/0x540 [ 62.462853][ T3854] register_netdevice+0x1c0/0x12a0 [ 62.467976][ T3854] ? netdev_update_lockdep_key+0x10/0x10 [ 62.473452][ T3854] ? memset+0x1f/0x40 [ 62.477258][ T3854] tun_set_iff+0x7f7/0xdc0 [ 62.481513][ T3854] __tun_chr_ioctl+0x8a9/0x1d00 [ 62.486285][ T3854] ? tun_flow_create+0x250/0x250 [ 62.491071][ T3854] ? tun_chr_poll+0x670/0x670 [ 62.495659][ T3854] do_vfs_ioctl+0x742/0x1720 [ 62.500090][ T3854] ? ioctl_preallocate+0x250/0x250 [ 62.505063][ T3854] ? __fget+0x407/0x490 [ 62.509036][ T3854] ? fget_many+0x20/0x20 [ 62.513192][ T3854] ? switch_fpu_return+0x1d4/0x410 [ 62.518137][ T3854] ? security_file_ioctl+0x7d/0xa0 [ 62.523088][ T3854] __x64_sys_ioctl+0xd4/0x110 [ 62.527598][ T3854] do_syscall_64+0xca/0x1c0 [ 62.531939][ T3854] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 62.537681][ T3854] RIP: 0033:0x7ff38a939a29 [ 62.541929][ T3854] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 62.561444][ T3854] RSP: 002b:00007ff38a8bf0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 62.569688][ T3854] RAX: ffffffffffffffda RBX: 00007ff38aa4bf80 RCX: 00007ff38a939a29 [ 62.577674][ T3854] RDX: 0000000020000040 RSI: 00000000400454ca RDI: 0000000000000003 [ 62.585487][ T3854] RBP: 00007ff38a9952d0 R08: 0000000000000000 R09: 0000000000000000 [ 62.593294][ T3854] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 62.601221][ T3854] R13: 000000000000000b R14: 00007ff38aa4bf80 R15: 00007fffb42370f8 [ 62.609205][ T3854] [ 62.611369][ T3854] The buggy address belongs to the page: [ 62.616851][ T3854] page:ffffea00078d10c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 62.625872][ T3854] flags: 0x8000000000000000() [ 62.630384][ T3854] raw: 8000000000000000 0000000000000000 dead000000000122 0000000000000000 [ 62.639150][ T3854] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 62.647669][ T3854] page dumped because: kasan: bad access detected [ 62.653930][ T3854] page_owner tracks the page as freed [ 62.659131][ T3854] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x146dc0(GFP_USER|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_COMP|__GFP_ZERO) [ 62.673278][ T3854] prep_new_page+0x18f/0x370 [ 62.677709][ T3854] get_page_from_freelist+0x2d13/0x2d90 [ 62.683083][ T3854] __alloc_pages_nodemask+0x393/0x840 [ 62.688292][ T3854] kmalloc_order_trace+0x2a/0x100 [ 62.693150][ T3854] kvmalloc_node+0x7e/0xf0 [ 62.697417][ T3854] alloc_netdev_mqs+0x85/0xc70 [ 62.702010][ T3854] tun_set_iff+0x51f/0xdc0 [ 62.706262][ T3854] __tun_chr_ioctl+0x8a9/0x1d00 [ 62.710947][ T3854] do_vfs_ioctl+0x742/0x1720 [ 62.715375][ T3854] __x64_sys_ioctl+0xd4/0x110 [ 62.719893][ T3854] do_syscall_64+0xca/0x1c0 [ 62.724225][ T3854] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 62.730212][ T3854] page last free stack trace: [ 62.734725][ T3854] __free_pages_ok+0x847/0x950 [ 62.739414][ T3854] __free_pages+0x91/0x140 [ 62.743670][ T3854] device_release+0x6b/0x190 [ 62.748265][ T3854] kobject_put+0x1e6/0x2f0 [ 62.752517][ T3854] tun_set_iff+0x870/0xdc0 [ 62.756859][ T3854] __tun_chr_ioctl+0x8a9/0x1d00 [ 62.761842][ T3854] do_vfs_ioctl+0x742/0x1720 [ 62.766256][ T3854] __x64_sys_ioctl+0xd4/0x110 [ 62.770776][ T3854] do_syscall_64+0xca/0x1c0 [ 62.775114][ T3854] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 62.780840][ T3854] [ 62.783006][ T3854] Memory state around the buggy address: [ 62.788478][ T3854] ffff8881e3443080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 62.796458][ T3854] ffff8881e3443100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 62.804356][ T3854] >ffff8881e3443180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 62.812251][ T3854] ^ 2024/09/13 08:46:05 executed programs: 882 [ 62.818712][ T3854] ffff8881e3443200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 62.826614][ T3854] ffff8881e3443280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 62.834602][ T3854] ================================================================== [ 62.842503][ T3854] Disabling lock debugging due to kernel taint [ 66.049226][ C1] kasan: CONFIG_KASAN_INLINE enabled [ 66.054527][ C1] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 66.062450][ C1] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 66.069202][ C1] CPU: 1 PID: 4849 Comm: syz-executor.4 Tainted: G B 5.4.281-syzkaller-04949-gc8a568fb88e9 #0 [ 66.080870][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 66.091066][ C1] RIP: 0010:__run_timers+0x7b0/0xbe0 [ 66.096175][ C1] Code: 89 e7 e8 33 50 3f 00 4d 89 2c 24 4d 85 ed 74 2e e8 e5 68 0f 00 49 83 c5 08 4c 89 e8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 ef e8 02 50 3f 00 4d 89 65 00 eb 05 e8 b7 [ 66.115737][ C1] RSP: 0018:ffff8881f6f09d60 EFLAGS: 00010802 [ 66.121618][ C1] RAX: 1bd5a00000000025 RBX: 1ffff1103c688639 RCX: dffffc0000000000 [ 66.129423][ C1] RDX: 0000000080000101 RSI: 0000000000000008 RDI: ffff8881e34431c8 [ 66.137366][ C1] RBP: ffff8881f6f09ec8 R08: dffffc0000000000 R09: 0000000000000003 [ 66.145170][ C1] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff8881f6f09e20 [ 66.153065][ C1] R13: dead00000000012a R14: 1ffff1103c688638 R15: ffff8881e34431c8 [ 66.160877][ C1] FS: 00005555569c6480(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 66.169644][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 66.176075][ C1] CR2: 00007fbf4e79e504 CR3: 00000001e9fe6000 CR4: 00000000003406a0 [ 66.183881][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 66.191777][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 66.199586][ C1] Call Trace: [ 66.202716][ C1] [ 66.205413][ C1] ? __die+0xb4/0x100 [ 66.209332][ C1] ? die+0x26/0x50 [ 66.212969][ C1] ? do_general_protection+0x266/0x3c0 [ 66.218464][ C1] ? do_trap+0x340/0x340 [ 66.222529][ C1] ? wg_packet_send_keepalive+0x1c0/0x1c0 [ 66.228093][ C1] ? round_jiffies+0x99/0xb0 [ 66.232683][ C1] ? general_protection+0x28/0x30 [ 66.237769][ C1] ? __run_timers+0x7b0/0xbe0 [ 66.242547][ C1] ? enqueue_timer+0x300/0x300 [ 66.247158][ C1] ? check_preemption_disabled+0x9f/0x320 [ 66.252698][ C1] ? debug_smp_processor_id+0x20/0x20 [ 66.257903][ C1] ? lapic_next_event+0x5b/0x70 [ 66.262589][ C1] run_timer_softirq+0x63/0xf0 [ 66.267191][ C1] __do_softirq+0x23b/0x6b7 [ 66.271552][ C1] irq_exit+0x195/0x1c0 [ 66.275534][ C1] smp_apic_timer_interrupt+0x11a/0x460 [ 66.281005][ C1] apic_timer_interrupt+0xf/0x20 [ 66.285759][ C1] [ 66.288540][ C1] RIP: 0010:__sanitizer_cov_trace_pc+0x22/0x50 [ 66.294531][ C1] Code: 90 90 90 90 90 90 90 90 48 8b 04 24 65 48 8b 0d 94 54 9e 7e 65 8b 15 99 54 9e 7e f7 c2 00 01 1f 00 74 01 c3 8b 91 00 0a 00 00 <83> fa 02 75 f4 48 8b 91 08 0a 00 00 48 8b 32 48 8d 7e 01 8b 89 04 [ 66.314178][ C1] RSP: 0018:ffff8881e2727718 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 66.322629][ C1] RAX: ffffffff81abcab1 RBX: ffff8881daea3648 RCX: ffff8881e7b44ec0 [ 66.330433][ C1] RDX: 0000000000000000 RSI: 0000000000010000 RDI: ffff8881daea3648 [ 66.338242][ C1] RBP: ffff8881e2727870 R08: 0000000000000000 R09: 0000000000000000 [ 66.346497][ C1] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff8881daea3648 [ 66.354396][ C1] R13: ffff8881daea37b8 R14: dffffc0000000000 R15: ffff8881eb020628 [ 66.362229][ C1] ? fsnotify+0xa1/0x1340 [ 66.366379][ C1] fsnotify+0xa1/0x1340 [ 66.370374][ C1] ? __fsnotify_parent+0xec/0x310 [ 66.375226][ C1] ? __fsnotify_update_child_dentry_flags+0x290/0x290 [ 66.381827][ C1] ? selinux_file_receive+0x120/0x120 [ 66.387023][ C1] ? __fsnotify_parent+0x310/0x310 [ 66.391972][ C1] ? __module_get+0x130/0x130 [ 66.396481][ C1] ? preempt_count_add+0x8f/0x180 [ 66.401342][ C1] ? security_file_open+0x1e2/0x2a0 [ 66.406376][ C1] do_dentry_open+0x3fc/0x1130 [ 66.410978][ C1] ? finish_open+0xd0/0xd0 [ 66.415228][ C1] ? memcpy+0x38/0x50 [ 66.419049][ C1] path_openat+0x29bf/0x34b0 [ 66.423481][ C1] ? do_filp_open+0x450/0x450 [ 66.427988][ C1] ? do_sys_open+0x357/0x810 [ 66.432412][ C1] ? do_syscall_64+0xca/0x1c0 [ 66.436926][ C1] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 66.442972][ C1] do_filp_open+0x20b/0x450 [ 66.447311][ C1] ? vfs_tmpfile+0x2c0/0x2c0 [ 66.451743][ C1] ? noop_direct_IO+0x10/0x10 [ 66.456252][ C1] ? _raw_spin_unlock+0x49/0x60 [ 66.460961][ C1] ? __alloc_fd+0x4c5/0x570 [ 66.465369][ C1] do_sys_open+0x39c/0x810 [ 66.469637][ C1] ? check_preemption_disabled+0x153/0x320 [ 66.475262][ C1] ? file_open_root+0x490/0x490 [ 66.479945][ C1] do_syscall_64+0xca/0x1c0 [ 66.484289][ C1] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 66.490012][ C1] RIP: 0033:0x7fbf4e71b7c1 [ 66.494266][ C1] Code: 75 57 89 f0 25 00 00 41 00 3d 00 00 41 00 74 49 80 3d 4a b7 0e 00 00 74 6d 89 da 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 93 00 00 00 48 8b 54 24 28 64 48 2b 14 25 [ 66.513877][ C1] RSP: 002b:00007fff21477810 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 66.522209][ C1] RAX: ffffffffffffffda RBX: 0000000000080001 RCX: 00007fbf4e71b7c1 [ 66.530204][ C1] RDX: 0000000000080001 RSI: 00007fbf4e778358 RDI: 00000000ffffff9c [ 66.538101][ C1] RBP: 00007fbf4e778358 R08: 0000000000000000 R09: 0000000000000000 [ 66.546180][ C1] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000004 [ 66.554088][ C1] R13: 00007fff214778b0 R14: 0000000000000001 R15: 0000000000000000 [ 66.561898][ C1] Modules linked in: [ 66.565645][ C1] ---[ end trace 0d0aa5354dd28f99 ]--- [ 66.570937][ C1] RIP: 0010:__run_timers+0x7b0/0xbe0 [ 66.576058][ C1] Code: 89 e7 e8 33 50 3f 00 4d 89 2c 24 4d 85 ed 74 2e e8 e5 68 0f 00 49 83 c5 08 4c 89 e8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 ef e8 02 50 3f 00 4d 89 65 00 eb 05 e8 b7 [ 66.595491][ C1] RSP: 0018:ffff8881f6f09d60 EFLAGS: 00010802 [ 66.601479][ C1] RAX: 1bd5a00000000025 RBX: 1ffff1103c688639 RCX: dffffc0000000000 [ 66.609292][ C1] RDX: 0000000080000101 RSI: 0000000000000008 RDI: ffff8881e34431c8 [ 66.617187][ C1] RBP: ffff8881f6f09ec8 R08: dffffc0000000000 R09: 0000000000000003 [ 66.625084][ C1] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff8881f6f09e20 [ 66.632896][ C1] R13: dead00000000012a R14: 1ffff1103c688638 R15: ffff8881e34431c8 [ 66.640711][ C1] FS: 00005555569c6480(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 66.649704][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 66.656218][ C1] CR2: 00007fbf4e79e504 CR3: 00000001e9fe6000 CR4: 00000000003406a0 [ 66.664137][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 66.671941][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 66.679833][ C1] Kernel panic - not syncing: Fatal exception in interrupt [ 66.687235][ C1] Kernel Offset: disabled [ 66.691459][ C1] Rebooting in 86400 seconds..