Warning: Permanently added '10.128.1.60' (ED25519) to the list of known hosts. 2024/02/15 22:44:23 parsed 1 programs 2024/02/15 22:44:23 executed programs: 0 [ 39.751215][ T23] kauditd_printk_skb: 57 callbacks suppressed [ 39.751225][ T23] audit: type=1400 audit(1708037063.700:133): avc: denied { mounton } for pid=398 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 39.784096][ T23] audit: type=1400 audit(1708037063.730:134): avc: denied { mount } for pid=398 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 39.807214][ T403] cgroup1: Unknown subsys name 'perf_event' [ 39.815337][ T405] cgroup1: Unknown subsys name 'perf_event' [ 39.825248][ T408] cgroup1: Unknown subsys name 'perf_event' [ 39.829659][ T405] cgroup1: Unknown subsys name 'net_cls' [ 39.832147][ T403] cgroup1: Unknown subsys name 'net_cls' [ 39.841311][ T23] audit: type=1400 audit(1708037063.730:135): avc: denied { mounton } for pid=403 comm="syz-executor.1" path="/syzcgroup/unified" dev="sda1" ino=1938 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 39.846898][ T408] cgroup1: Unknown subsys name 'net_cls' [ 39.877985][ T410] cgroup1: Unknown subsys name 'perf_event' [ 39.885415][ T412] cgroup1: Unknown subsys name 'perf_event' [ 39.886529][ T410] cgroup1: Unknown subsys name 'net_cls' [ 39.892015][ T412] cgroup1: Unknown subsys name 'net_cls' [ 39.901355][ T23] audit: type=1400 audit(1708037063.730:136): avc: denied { mount } for pid=403 comm="syz-executor.1" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 39.903763][ T413] cgroup1: Unknown subsys name 'perf_event' [ 39.925717][ T23] audit: type=1400 audit(1708037063.770:137): avc: denied { mounton } for pid=405 comm="syz-executor.0" path="/syzcgroup/unified" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 39.952773][ T413] cgroup1: Unknown subsys name 'net_cls' [ 40.175351][ T405] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.182315][ T405] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.190146][ T405] device bridge_slave_0 entered promiscuous mode [ 40.190437][ T23] audit: type=1400 audit(1708037064.140:138): avc: denied { append } for pid=145 comm="syslogd" name="messages" dev="tmpfs" ino=9415 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 40.219658][ T23] audit: type=1400 audit(1708037064.140:139): avc: denied { open } for pid=145 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=9415 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 40.223591][ T405] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.245823][ T23] audit: type=1400 audit(1708037064.140:140): avc: denied { getattr } for pid=145 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=9415 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 40.253095][ T405] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.285469][ T405] device bridge_slave_1 entered promiscuous mode [ 40.299004][ T413] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.306664][ T413] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.315013][ T413] device bridge_slave_0 entered promiscuous mode [ 40.325549][ T413] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.333017][ T413] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.340726][ T413] device bridge_slave_1 entered promiscuous mode [ 40.386012][ T403] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.393052][ T403] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.400832][ T403] device bridge_slave_0 entered promiscuous mode [ 40.407955][ T412] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.415302][ T412] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.423673][ T412] device bridge_slave_0 entered promiscuous mode [ 40.435149][ T410] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.442631][ T410] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.451894][ T410] device bridge_slave_0 entered promiscuous mode [ 40.458739][ T408] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.465693][ T408] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.473252][ T408] device bridge_slave_0 entered promiscuous mode [ 40.486910][ T408] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.493965][ T408] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.501763][ T408] device bridge_slave_1 entered promiscuous mode [ 40.508859][ T403] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.516185][ T403] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.524015][ T403] device bridge_slave_1 entered promiscuous mode [ 40.530860][ T412] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.538863][ T412] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.546773][ T412] device bridge_slave_1 entered promiscuous mode [ 40.557404][ T410] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.565005][ T410] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.572418][ T410] device bridge_slave_1 entered promiscuous mode [ 40.764732][ T23] audit: type=1400 audit(1708037064.720:141): avc: denied { write } for pid=412 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 40.786990][ T23] audit: type=1400 audit(1708037064.740:142): avc: denied { read } for pid=412 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 40.810191][ T412] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.817584][ T412] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.824836][ T412] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.831843][ T412] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.877823][ T413] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.884981][ T413] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.892105][ T413] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.898964][ T413] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.921723][ T408] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.928770][ T408] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.936434][ T408] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.943262][ T408] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.958385][ T410] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.965456][ T410] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.972601][ T410] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.979498][ T410] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.994166][ T405] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.001145][ T405] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.008225][ T405] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.015010][ T405] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.036061][ T108] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.043171][ T108] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.050262][ T108] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.057777][ T108] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.064792][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 41.072442][ T108] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.081217][ T108] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.088963][ T108] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.096604][ T108] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.104238][ T108] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.111494][ T108] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.156266][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 41.178467][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 41.187653][ T18] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.194694][ T18] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.201937][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 41.210396][ T18] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.217248][ T18] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.224737][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 41.232930][ T18] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.239997][ T18] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.247714][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 41.256173][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 41.264253][ T18] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.271124][ T18] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.294783][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 41.303048][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 41.335350][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 41.343410][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 41.352039][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 41.360689][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 41.388792][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 41.397665][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 41.405901][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 41.413318][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 41.421595][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 41.429560][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 41.437314][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 41.445933][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 41.454789][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.461705][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.484781][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 41.492629][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 41.502375][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 41.510878][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 41.534602][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 41.543236][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 41.552153][ T108] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.559355][ T108] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.567249][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 41.575010][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 41.582349][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 41.591025][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 41.599382][ T108] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.606317][ T108] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.613498][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 41.621198][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 41.628955][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 41.659091][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 41.667776][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 41.677282][ T18] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.684198][ T18] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.691676][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 41.700742][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 41.709028][ T18] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.715860][ T18] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.723017][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 41.732542][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 41.740740][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 41.749045][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 41.757557][ T18] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.765160][ T18] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.772512][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 41.780576][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 41.788931][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 41.797429][ T18] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.804581][ T18] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.812581][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 41.822292][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 41.850570][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 41.859655][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 41.868539][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 41.878049][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 41.886834][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 41.895252][ T108] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.902175][ T108] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.910075][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 41.918650][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 41.926904][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 41.954102][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 41.962684][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 41.970730][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 41.987157][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 42.007325][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 42.016019][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 42.024297][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 42.033148][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 42.042206][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 42.050657][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 42.084973][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 42.093645][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 42.103541][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 42.141860][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 42.157573][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 42.204494][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 42.213036][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 42.221693][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 42.230219][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 42.238561][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 42.247915][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 42.256263][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 42.264953][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 42.273964][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 42.282579][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 42.290916][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 42.299552][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 42.348031][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 42.361121][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 42.393188][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 42.406201][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 42.414687][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 42.423184][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 42.432991][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 42.441832][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 43.794878][ T565] ================================================================== [ 43.803229][ T565] BUG: KASAN: use-after-free in detach_if_pending+0x188/0x360 [ 43.810720][ T565] Write of size 8 at addr ffff8881ea9cb1c8 by task syz-executor.5/565 [ 43.819058][ T565] [ 43.821234][ T565] CPU: 1 PID: 565 Comm: syz-executor.5 Not tainted 5.4.265-syzkaller-04843-g1b3143b9b166 #0 [ 43.831504][ T565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 43.841395][ T565] Call Trace: [ 43.844613][ T565] dump_stack+0x1d8/0x241 [ 43.848816][ T565] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 43.854501][ T565] ? printk+0xd1/0x111 [ 43.858591][ T565] ? detach_if_pending+0x188/0x360 [ 43.863527][ T565] ? wake_up_klogd+0xb2/0xf0 [ 43.867951][ T565] ? detach_if_pending+0x188/0x360 [ 43.872898][ T565] print_address_description+0x8c/0x600 [ 43.878455][ T565] ? panic+0x896/0x896 [ 43.882380][ T565] ? detach_if_pending+0x188/0x360 [ 43.887322][ T565] __kasan_report+0xf3/0x120 [ 43.891734][ T565] ? detach_if_pending+0x188/0x360 [ 43.896679][ T565] kasan_report+0x30/0x60 [ 43.900949][ T565] detach_if_pending+0x188/0x360 [ 43.905812][ T565] del_timer_sync+0x13c/0x230 [ 43.910320][ T565] ? find_next_bit+0xcd/0x100 [ 43.915113][ T565] ? try_to_del_timer_sync+0x150/0x150 [ 43.920475][ T565] ? pcpu_chunk_relocate+0xdc/0x3a0 [ 43.925705][ T565] tun_flow_uninit+0x2c/0x280 [ 43.930381][ T565] ? free_percpu+0x359/0x910 [ 43.934872][ T565] tun_free_netdev+0x77/0x190 [ 43.939479][ T565] ? tun_xdp+0x3f0/0x3f0 [ 43.943551][ T565] netdev_run_todo+0xb7f/0xdf0 [ 43.948330][ T565] ? netdev_refcnt_read+0x1c0/0x1c0 [ 43.953618][ T565] ? kfree+0x123/0x370 [ 43.957829][ T565] tun_chr_close+0xc1/0x130 [ 43.962300][ T565] ? tun_chr_open+0x500/0x500 [ 43.966888][ T565] __fput+0x262/0x680 [ 43.970780][ T565] task_work_run+0x140/0x170 [ 43.975298][ T565] exit_to_usermode_loop+0x190/0x1a0 [ 43.980603][ T565] prepare_exit_to_usermode+0x199/0x200 [ 43.986059][ T565] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 43.991913][ T565] [ 43.994443][ T565] Allocated by task 413: [ 43.998519][ T565] __kasan_kmalloc+0x171/0x210 [ 44.003335][ T565] kmem_cache_alloc+0xd9/0x250 [ 44.007926][ T565] copy_mm+0x169/0x10d0 [ 44.011927][ T565] copy_process+0x1291/0x3230 [ 44.016433][ T565] _do_fork+0x197/0x900 [ 44.020430][ T565] __x64_sys_clone+0x26b/0x2c0 [ 44.025120][ T565] do_syscall_64+0xca/0x1c0 [ 44.029906][ T565] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 44.035870][ T565] [ 44.038041][ T565] Freed by task 395: [ 44.041877][ T565] __kasan_slab_free+0x1b5/0x270 [ 44.046642][ T565] kmem_cache_free+0x10b/0x2c0 [ 44.051432][ T565] finish_task_switch+0x1e6/0x590 [ 44.056275][ T565] __schedule+0xb0d/0x1320 [ 44.060524][ T565] schedule+0x12c/0x1d0 [ 44.064527][ T565] schedule_hrtimeout_range_clock+0x1ef/0x330 [ 44.070782][ T565] do_epoll_wait+0x1036/0x1280 [ 44.075454][ T565] __se_sys_epoll_pwait+0x56/0x180 [ 44.080598][ T565] do_syscall_64+0xca/0x1c0 [ 44.085035][ T565] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 44.090946][ T565] [ 44.093199][ T565] The buggy address belongs to the object at ffff8881ea9caf80 [ 44.093199][ T565] which belongs to the cache mm_struct of size 1048 [ 44.107356][ T565] The buggy address is located 584 bytes inside of [ 44.107356][ T565] 1048-byte region [ffff8881ea9caf80, ffff8881ea9cb398) [ 44.120878][ T565] The buggy address belongs to the page: [ 44.126447][ T565] page:ffffea0007aa7200 refcount:1 mapcount:0 mapping:ffff8881f5c22f00 index:0x0 compound_mapcount: 0 [ 44.137545][ T565] flags: 0x8000000000010200(slab|head) [ 44.142852][ T565] raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881f5c22f00 [ 44.151522][ T565] raw: 0000000000000000 00000000800d000d 00000001ffffffff 0000000000000000 [ 44.160281][ T565] page dumped because: kasan: bad access detected [ 44.166667][ T565] page_owner tracks the page as allocated [ 44.172222][ T565] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC) [ 44.187625][ T565] prep_new_page+0x18f/0x370 [ 44.192424][ T565] get_page_from_freelist+0x2d13/0x2d90 [ 44.197865][ T565] __alloc_pages_nodemask+0x393/0x840 [ 44.203164][ T565] alloc_slab_page+0x39/0x3c0 [ 44.207671][ T565] new_slab+0x97/0x440 [ 44.211576][ T565] ___slab_alloc+0x2fe/0x490 [ 44.216358][ T565] __slab_alloc+0x62/0xa0 [ 44.220612][ T565] kmem_cache_alloc+0x109/0x250 [ 44.225462][ T565] copy_mm+0x169/0x10d0 [ 44.229457][ T565] copy_process+0x1291/0x3230 [ 44.233992][ T565] _do_fork+0x197/0x900 [ 44.237986][ T565] __x64_sys_clone+0x26b/0x2c0 [ 44.242562][ T565] do_syscall_64+0xca/0x1c0 [ 44.246991][ T565] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 44.252807][ T565] page last free stack trace: [ 44.258117][ T565] __free_pages_ok+0x847/0x950 [ 44.263441][ T565] __free_pages+0x91/0x140 [ 44.268129][ T565] device_release+0x6b/0x190 [ 44.272923][ T565] kobject_put+0x1e6/0x2f0 [ 44.277323][ T565] tun_set_iff+0x870/0xdc0 [ 44.281663][ T565] __tun_chr_ioctl+0x8a9/0x1d00 [ 44.286497][ T565] do_vfs_ioctl+0x742/0x1720 [ 44.291039][ T565] __x64_sys_ioctl+0xd4/0x110 [ 44.295643][ T565] do_syscall_64+0xca/0x1c0 [ 44.300162][ T565] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 44.306153][ T565] [ 44.308419][ T565] Memory state around the buggy address: [ 44.315003][ T565] ffff8881ea9cb080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.323449][ T565] ffff8881ea9cb100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.331604][ T565] >ffff8881ea9cb180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.339474][ T565] ^ [ 44.345828][ T565] ffff8881ea9cb200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.354453][ T565] ffff8881ea9cb280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.362597][ T565] ================================================================== [ 44.370940][ T565] Disabling lock debugging due to kernel taint 2024/02/15 22:44:28 executed programs: 60 [ 47.094424][ C0] BUG: unable to handle page fault for address: 00007ffda3f2a8f9 [ 47.102069][ C0] #PF: supervisor instruction fetch in kernel mode [ 47.108389][ C0] #PF: error_code(0x0010) - not-present page [ 47.114292][ C0] PGD 1e1a05067 P4D 1e1a05067 PUD 0 [ 47.119545][ C0] Oops: 0010 [#1] PREEMPT SMP KASAN [ 47.124802][ C0] CPU: 0 PID: 849 Comm: syz-executor.3 Tainted: G B 5.4.265-syzkaller-04843-g1b3143b9b166 #0 [ 47.136436][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 47.146961][ C0] RIP: 0010:0x7ffda3f2a8f9 [ 47.151325][ C0] Code: Bad RIP value. [ 47.155213][ C0] RSP: 0018:ffff8881f6e09d18 EFLAGS: 00010206 [ 47.161135][ C0] RAX: ffffffff8154e38a RBX: 0000000000000100 RCX: ffff8881ec1a2f40 [ 47.169198][ C0] RDX: 0000000080000100 RSI: 00007ffda3f2a8f9 RDI: ffff8881ea9cb1c0 [ 47.177187][ C0] RBP: ffff8881f6e09ec8 R08: ffffffff8154dfce R09: 0000000000000003 [ 47.185201][ C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: 00000000ffff9c70 [ 47.193569][ C0] R13: dffffc0000000000 R14: 00007ffda3f2a8f9 R15: ffff8881ea9cb1c0 [ 47.202089][ C0] FS: 0000000002a67480(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 47.211098][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 47.217865][ C0] CR2: 00007ffda3f2a8cf CR3: 00000001e06ad000 CR4: 00000000003406b0 [ 47.225775][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 47.234021][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 47.242649][ C0] Call Trace: [ 47.245856][ C0] [ 47.248722][ C0] ? __die+0xb4/0x100 [ 47.252719][ C0] ? no_context+0xbda/0xe50 [ 47.257148][ C0] ? enqueue_timer+0x165/0x300 [ 47.261887][ C0] ? is_prefetch+0x4b0/0x4b0 [ 47.266473][ C0] ? _raw_spin_unlock_irqrestore+0x57/0x80 [ 47.272124][ C0] ? __do_page_fault+0xa7d/0xbb0 [ 47.277230][ C0] ? __bad_area_nosemaphore+0xc0/0x460 [ 47.282615][ C0] ? page_fault+0x2f/0x40 [ 47.286786][ C0] ? __run_timers+0x84e/0xbe0 [ 47.291282][ C0] ? call_timer_fn+0x2a/0x390 [ 47.295799][ C0] ? call_timer_fn+0x36/0x390 [ 47.300601][ C0] ? __run_timers+0x879/0xbe0 [ 47.305323][ C0] ? enqueue_timer+0x300/0x300 [ 47.310088][ C0] ? check_preemption_disabled+0x9f/0x320 [ 47.316020][ C0] ? debug_smp_processor_id+0x20/0x20 [ 47.321598][ C0] ? lapic_next_event+0x5b/0x70 [ 47.326263][ C0] run_timer_softirq+0x63/0xf0 [ 47.330858][ C0] __do_softirq+0x23b/0x6b7 [ 47.335303][ C0] irq_exit+0x195/0x1c0 [ 47.339326][ C0] smp_apic_timer_interrupt+0x11a/0x460 [ 47.344979][ C0] apic_timer_interrupt+0xf/0x20 [ 47.351024][ C0] [ 47.353934][ C0] ? stack_depot_save+0x133/0x480 [ 47.359020][ C0] ? save_stack+0x7de/0x880 [ 47.363615][ C0] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 47.369518][ C0] ? page_fault+0x2f/0x40 [ 47.373878][ C0] ? __set_page_owner+0x33/0x1e0 [ 47.378764][ C0] ? __reset_page_owner+0x100/0x100 [ 47.384046][ C0] ? prep_new_page+0x18f/0x370 [ 47.388648][ C0] ? get_page_from_freelist+0x2d13/0x2d90 [ 47.394201][ C0] ? __alloc_pages_nodemask+0x393/0x840 [ 47.399667][ C0] ? dup_task_struct+0x85/0x600 [ 47.404362][ C0] ? copy_process+0x56d/0x3230 [ 47.408957][ C0] ? _do_fork+0x197/0x900 [ 47.413123][ C0] ? __x64_sys_clone3+0x2da/0x300 [ 47.418077][ C0] ? do_syscall_64+0xca/0x1c0 [ 47.422711][ C0] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 47.428643][ C0] ? debug_smp_processor_id+0x20/0x20 [ 47.433813][ C0] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 47.439196][ C0] ? deref_stack_reg+0x1f0/0x1f0 [ 47.444074][ C0] ? __set_page_owner+0x33/0x1e0 [ 47.449323][ C0] ? prep_new_page+0x18f/0x370 [ 47.454011][ C0] ? get_page_from_freelist+0x2d13/0x2d90 [ 47.459733][ C0] ? stack_trace_save+0x118/0x1c0 [ 47.464773][ C0] ? __alloc_pages_nodemask+0x840/0x840 [ 47.470771][ C0] ? setup_fault_attr+0x3d0/0x3d0 [ 47.475654][ C0] ? __alloc_pages_nodemask+0x393/0x840 [ 47.481158][ C0] ? gfp_pfmemalloc_allowed+0x120/0x120 [ 47.486535][ C0] ? dup_task_struct+0x4f/0x600 [ 47.492495][ C0] ? kmem_cache_alloc+0xd9/0x250 [ 47.497340][ C0] ? dup_task_struct+0x85/0x600 [ 47.502025][ C0] ? copy_process+0x56d/0x3230 [ 47.506627][ C0] ? debug_smp_processor_id+0x20/0x20 [ 47.512265][ C0] ? __lru_cache_add+0x206/0x2b0 [ 47.517124][ C0] ? _raw_spin_unlock+0x49/0x60 [ 47.521992][ C0] ? fork_idle+0x290/0x290 [ 47.526234][ C0] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 47.531180][ C0] ? _copy_from_user+0xa6/0xe0 [ 47.535789][ C0] ? _do_fork+0x197/0x900 [ 47.540045][ C0] ? __delayed_free_task+0x20/0x20 [ 47.545476][ C0] ? copy_process+0x3230/0x3230 [ 47.550116][ C0] ? __x64_sys_clone3+0x2da/0x300 [ 47.554993][ C0] ? __ia32_sys_clone+0x2b0/0x2b0 [ 47.559828][ C0] ? __do_page_fault+0x725/0xbb0 [ 47.564689][ C0] ? do_syscall_64+0xca/0x1c0 [ 47.569305][ C0] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 47.575318][ C0] Modules linked in: [ 47.579191][ C0] CR2: 00007ffda3f2a8f9 [ 47.583184][ C0] ---[ end trace bf72783012829b71 ]--- [ 47.588623][ C0] RIP: 0010:0x7ffda3f2a8f9 [ 47.592874][ C0] Code: Bad RIP value. [ 47.596774][ C0] RSP: 0018:ffff8881f6e09d18 EFLAGS: 00010206 [ 47.602681][ C0] RAX: ffffffff8154e38a RBX: 0000000000000100 RCX: ffff8881ec1a2f40 [ 47.610924][ C0] RDX: 0000000080000100 RSI: 00007ffda3f2a8f9 RDI: ffff8881ea9cb1c0 [ 47.619858][ C0] RBP: ffff8881f6e09ec8 R08: ffffffff8154dfce R09: 0000000000000003 [ 47.628190][ C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: 00000000ffff9c70 [ 47.636717][ C0] R13: dffffc0000000000 R14: 00007ffda3f2a8f9 R15: ffff8881ea9cb1c0 [ 47.645283][ C0] FS: 0000000002a67480(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 47.654286][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 47.660701][ C0] CR2: 00007ffda3f2a8cf CR3: 00000001e06ad000 CR4: 00000000003406b0 [ 47.668511][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 47.676508][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 47.684400][ C0] Kernel panic - not syncing: Fatal exception in interrupt [ 47.691680][ C0] Kernel Offset: disabled [ 47.695828][ C0] Rebooting in 86400 seconds..