Warning: Permanently added '10.128.0.152' (ED25519) to the list of known hosts. 2023/09/28 21:38:53 parsed 1 programs 2023/09/28 21:38:53 executed programs: 0 [ 43.133235][ T23] kauditd_printk_skb: 57 callbacks suppressed [ 43.133249][ T23] audit: type=1400 audit(1695937133.680:133): avc: denied { mounton } for pid=399 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 43.171451][ T23] audit: type=1400 audit(1695937133.680:134): avc: denied { mount } for pid=399 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 43.206686][ T408] cgroup1: Unknown subsys name 'perf_event' [ 43.208922][ T23] audit: type=1400 audit(1695937133.750:135): avc: denied { mounton } for pid=408 comm="syz-executor.2" path="/syzcgroup/unified" dev="sda1" ino=1946 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 43.214503][ T411] cgroup1: Unknown subsys name 'perf_event' [ 43.248768][ T409] cgroup1: Unknown subsys name 'perf_event' [ 43.252666][ T408] cgroup1: Unknown subsys name 'net_cls' [ 43.261148][ T409] cgroup1: Unknown subsys name 'net_cls' [ 43.273623][ T413] cgroup1: Unknown subsys name 'perf_event' [ 43.286932][ T23] audit: type=1400 audit(1695937133.750:136): avc: denied { mount } for pid=408 comm="syz-executor.2" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 43.289566][ T415] cgroup1: Unknown subsys name 'perf_event' [ 43.328081][ T416] cgroup1: Unknown subsys name 'perf_event' [ 43.336140][ T416] cgroup1: Unknown subsys name 'net_cls' [ 43.344289][ T411] cgroup1: Unknown subsys name 'net_cls' [ 43.347758][ T413] cgroup1: Unknown subsys name 'net_cls' [ 43.371457][ T23] audit: type=1400 audit(1695937133.760:137): avc: denied { mounton } for pid=411 comm="syz-executor.3" path="/syzcgroup/unified" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 43.397401][ T415] cgroup1: Unknown subsys name 'net_cls' [ 43.636223][ T408] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.643388][ T408] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.651453][ T23] audit: type=1400 audit(1695937134.200:138): avc: denied { append } for pid=144 comm="syslogd" name="messages" dev="tmpfs" ino=256 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 43.652578][ T408] device bridge_slave_0 entered promiscuous mode [ 43.677357][ T23] audit: type=1400 audit(1695937134.200:139): avc: denied { open } for pid=144 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=256 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 43.677375][ T23] audit: type=1400 audit(1695937134.200:140): avc: denied { getattr } for pid=144 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=256 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 43.739436][ T409] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.747865][ T409] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.759939][ T409] device bridge_slave_0 entered promiscuous mode [ 43.768997][ T413] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.776624][ T413] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.784840][ T413] device bridge_slave_0 entered promiscuous mode [ 43.800462][ T413] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.808901][ T413] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.817824][ T413] device bridge_slave_1 entered promiscuous mode [ 43.825486][ T408] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.833502][ T408] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.842679][ T408] device bridge_slave_1 entered promiscuous mode [ 43.860495][ T409] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.870386][ T409] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.881197][ T409] device bridge_slave_1 entered promiscuous mode [ 43.895543][ T415] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.904530][ T415] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.914411][ T415] device bridge_slave_0 entered promiscuous mode [ 43.940106][ T415] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.948315][ T415] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.957475][ T415] device bridge_slave_1 entered promiscuous mode [ 44.004539][ T411] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.012103][ T411] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.023339][ T411] device bridge_slave_0 entered promiscuous mode [ 44.036452][ T411] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.044224][ T411] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.052158][ T411] device bridge_slave_1 entered promiscuous mode [ 44.081563][ T416] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.089872][ T416] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.098384][ T416] device bridge_slave_0 entered promiscuous mode [ 44.128775][ T416] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.135917][ T416] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.143734][ T416] device bridge_slave_1 entered promiscuous mode [ 44.295308][ T23] audit: type=1400 audit(1695937134.840:141): avc: denied { write } for pid=408 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 44.329414][ T23] audit: type=1400 audit(1695937134.870:142): avc: denied { read } for pid=411 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 44.360035][ T408] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.368344][ T408] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.376899][ T408] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.384180][ T408] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.400259][ T411] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.407406][ T411] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.415910][ T411] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.424248][ T411] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.448092][ T409] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.457455][ T409] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.467562][ T409] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.475975][ T409] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.486524][ T413] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.494842][ T413] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.502882][ T413] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.511941][ T413] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.530400][ T125] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.538860][ T125] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.546418][ T125] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.554142][ T125] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.561925][ T125] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.570273][ T125] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.578494][ T125] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.585566][ T125] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.672579][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 44.680298][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.693388][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 44.701986][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.710039][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 44.720361][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.729822][ T107] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.737581][ T107] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.745622][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 44.754369][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.764475][ T107] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.773805][ T107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.782743][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 44.793166][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.802353][ T107] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.810531][ T107] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.831976][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 44.840448][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 44.848360][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.856144][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 44.866010][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.876240][ T74] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.883949][ T74] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.924099][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.933206][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.941647][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.952378][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 44.962028][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.970574][ T107] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.977818][ T107] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.985307][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 44.994036][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 45.003666][ T107] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.011056][ T107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.018970][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 45.027908][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 45.035373][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 45.043540][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 45.057684][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 45.066203][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 45.105790][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 45.114107][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 45.122553][ T74] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.130010][ T74] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.137988][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 45.146387][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 45.155297][ T74] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.162945][ T74] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.170946][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 45.179383][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 45.186714][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 45.195271][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 45.204351][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 45.213141][ T74] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.221120][ T74] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.230009][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 45.238650][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 45.247161][ T74] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.254424][ T74] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.261926][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 45.270087][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 45.278833][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 45.287378][ T74] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.294727][ T74] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.302017][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 45.310370][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 45.319140][ T74] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.326487][ T74] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.358228][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 45.370044][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 45.378297][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 45.386767][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 45.395387][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 45.421174][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 45.430854][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 45.441101][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 45.449513][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 45.471444][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 45.482030][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 45.508869][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 45.520135][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 45.542198][ T437] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 45.552086][ T437] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 45.561291][ T437] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 45.577053][ T125] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 45.585663][ T125] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 45.613118][ T125] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 45.623394][ T125] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 45.632735][ T125] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 45.641597][ T125] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 45.650265][ T125] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 45.658472][ T125] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 45.666572][ T125] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 45.675186][ T125] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 45.684325][ T125] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 45.693196][ T125] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 45.726545][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 45.737630][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 45.746805][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 45.760525][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 45.771041][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 45.782277][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 45.792741][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 45.803054][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 45.813346][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 45.825558][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 45.863096][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 45.880554][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 45.894153][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 45.904056][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 45.943348][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 45.966293][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 45.977611][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 45.989456][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 46.000368][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 46.009687][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 46.042666][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 46.053253][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 46.062623][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 46.072700][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 46.081916][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 46.091039][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 46.100703][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 46.110291][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 48.047768][ T625] ================================================================== [ 48.056131][ T625] BUG: KASAN: use-after-free in detach_if_pending+0x160/0x360 [ 48.064077][ T625] Write of size 8 at addr ffff8881d655f1c0 by task syz-executor.5/625 [ 48.072644][ T625] [ 48.074940][ T625] CPU: 1 PID: 625 Comm: syz-executor.5 Not tainted 5.4.249-syzkaller-04720-ga1b9dbe5628a #0 [ 48.086421][ T625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 [ 48.097185][ T625] Call Trace: [ 48.100923][ T625] dump_stack+0x1d8/0x241 [ 48.106745][ T625] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 48.113447][ T625] ? printk+0xd1/0x111 [ 48.117865][ T625] ? detach_if_pending+0x160/0x360 [ 48.125950][ T625] ? wake_up_klogd+0xb2/0xf0 [ 48.133045][ T625] ? detach_if_pending+0x160/0x360 [ 48.138704][ T625] print_address_description+0x8c/0x600 [ 48.145002][ T625] ? panic+0x896/0x896 [ 48.149527][ T625] ? detach_if_pending+0x160/0x360 [ 48.154814][ T625] __kasan_report+0xf3/0x120 [ 48.162921][ T625] ? detach_if_pending+0x160/0x360 [ 48.168041][ T625] kasan_report+0x30/0x60 [ 48.173243][ T625] detach_if_pending+0x160/0x360 [ 48.178485][ T625] del_timer_sync+0x13c/0x230 [ 48.183514][ T625] ? find_next_bit+0xcd/0x100 [ 48.188157][ T625] ? try_to_del_timer_sync+0x150/0x150 [ 48.193733][ T625] ? pcpu_chunk_relocate+0xdc/0x3a0 [ 48.200083][ T625] tun_flow_uninit+0x2c/0x280 [ 48.204750][ T625] ? free_percpu+0x359/0x910 [ 48.210781][ T625] tun_free_netdev+0x77/0x190 [ 48.222252][ T625] ? tun_xdp+0x3f0/0x3f0 [ 48.226897][ T625] netdev_run_todo+0xb7f/0xdf0 [ 48.233289][ T625] ? netdev_refcnt_read+0x1c0/0x1c0 [ 48.238657][ T625] ? kfree+0x123/0x370 [ 48.242916][ T625] tun_chr_close+0xc1/0x130 [ 48.247256][ T625] ? tun_chr_open+0x530/0x530 [ 48.252342][ T625] __fput+0x262/0x680 [ 48.256790][ T625] task_work_run+0x140/0x170 [ 48.262239][ T625] exit_to_usermode_loop+0x190/0x1a0 [ 48.268582][ T625] prepare_exit_to_usermode+0x199/0x200 [ 48.273912][ T625] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 48.279746][ T625] [ 48.281996][ T625] The buggy address belongs to the page: [ 48.289080][ T625] page:ffffea00075957c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 48.298675][ T625] flags: 0x8000000000000000() [ 48.303597][ T625] raw: 8000000000000000 0000000000000000 ffffea0007595788 0000000000000000 [ 48.313377][ T625] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 48.322591][ T625] page dumped because: kasan: bad access detected [ 48.330156][ T625] page_owner tracks the page as freed [ 48.335939][ T625] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x46dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_COMP|__GFP_ZERO) [ 48.350552][ T625] prep_new_page+0x18f/0x370 [ 48.355143][ T625] get_page_from_freelist+0x2d13/0x2d90 [ 48.361194][ T625] __alloc_pages_nodemask+0x393/0x840 [ 48.366987][ T625] kmalloc_order_trace+0x2a/0x100 [ 48.372091][ T625] kvmalloc_node+0x7e/0xf0 [ 48.376323][ T625] alloc_netdev_mqs+0x85/0xc70 [ 48.380970][ T625] tun_set_iff+0x51f/0xdc0 [ 48.385725][ T625] __tun_chr_ioctl+0x860/0x1d50 [ 48.391366][ T625] do_vfs_ioctl+0x742/0x1720 [ 48.397101][ T625] __x64_sys_ioctl+0xd4/0x110 [ 48.402103][ T625] do_syscall_64+0xca/0x1c0 [ 48.407010][ T625] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 48.413210][ T625] page last free stack trace: [ 48.420252][ T625] __free_pages_ok+0x847/0x950 [ 48.425045][ T625] __free_pages+0x91/0x140 [ 48.429349][ T625] device_release+0x6b/0x190 [ 48.433903][ T625] kobject_put+0x1e6/0x2f0 [ 48.438793][ T625] netdev_run_todo+0xc44/0xdf0 [ 48.443841][ T625] tun_chr_close+0xc1/0x130 [ 48.448256][ T625] __fput+0x262/0x680 [ 48.452242][ T625] task_work_run+0x140/0x170 [ 48.456744][ T625] get_signal+0x13c6/0x1440 [ 48.461323][ T625] do_signal+0xb0/0x11f0 [ 48.465623][ T625] exit_to_usermode_loop+0xc0/0x1a0 [ 48.471925][ T625] prepare_exit_to_usermode+0x199/0x200 [ 48.477639][ T625] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 48.483323][ T625] [ 48.485610][ T625] Memory state around the buggy address: [ 48.491254][ T625] ffff8881d655f080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 48.500401][ T625] ffff8881d655f100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 48.509539][ T625] >ffff8881d655f180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 48.520260][ T625] ^ [ 48.526458][ T625] ffff8881d655f200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 48.535004][ T625] ffff8881d655f280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 2023/09/28 21:38:59 executed programs: 68 [ 48.543146][ T625] ================================================================== [ 48.551312][ T625] Disabling lock debugging due to kernel taint [ 51.236856][ C0] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 51.245693][ C0] #PF: supervisor instruction fetch in kernel mode [ 51.253930][ C0] #PF: error_code(0x0010) - not-present page [ 51.261660][ C0] PGD 1ea7b4067 P4D 1ea7b4067 PUD 1e7b1f067 PMD 0 [ 51.270194][ C0] Oops: 0010 [#1] PREEMPT SMP KASAN [ 51.277346][ C0] CPU: 0 PID: 892 Comm: syz-executor.2 Tainted: G B 5.4.249-syzkaller-04720-ga1b9dbe5628a #0 [ 51.291411][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 [ 51.303818][ C0] RIP: 0010:0x0 [ 51.307760][ C0] Code: Bad RIP value. [ 51.312058][ C0] RSP: 0018:ffff8881f6e09d18 EFLAGS: 00010202 [ 51.318581][ C0] RAX: ffffffff8154d3fa RBX: 0000000000000101 RCX: ffff8881debfee40 [ 51.327467][ C0] RDX: 0000000080000101 RSI: 0000000000000000 RDI: ffff8881d655f1c0 [ 51.335918][ C0] RBP: ffff8881f6e09ec8 R08: ffffffff8154d03e R09: 0000000000000003 [ 51.345193][ C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: 00000000ffff9e00 [ 51.354013][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8881d655f1c0 [ 51.363073][ C0] FS: 00007fa238fb56c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 51.372739][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 51.379669][ C0] CR2: ffffffffffffffd6 CR3: 00000001e1491000 CR4: 00000000003406b0 [ 51.388030][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 51.396385][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 51.404363][ C0] Call Trace: [ 51.407648][ C0] [ 51.411114][ C0] ? __die+0xb4/0x100 [ 51.415787][ C0] ? no_context+0xbda/0xe50 [ 51.421643][ C0] ? enqueue_timer+0x165/0x300 [ 51.426612][ C0] ? is_prefetch+0x4b0/0x4b0 [ 51.431162][ C0] ? _raw_spin_unlock_irqrestore+0x57/0x80 [ 51.437545][ C0] ? __do_page_fault+0xa7d/0xbb0 [ 51.443618][ C0] ? __bad_area_nosemaphore+0xc0/0x460 [ 51.449349][ C0] ? page_fault+0x2f/0x40 [ 51.453787][ C0] ? __run_timers+0x84e/0xbe0 [ 51.458746][ C0] ? call_timer_fn+0x2a/0x390 [ 51.463916][ C0] call_timer_fn+0x36/0x390 [ 51.469024][ C0] __run_timers+0x879/0xbe0 [ 51.473962][ C0] ? enqueue_timer+0x300/0x300 [ 51.479483][ C0] ? check_preemption_disabled+0x9f/0x320 [ 51.485197][ C0] ? debug_smp_processor_id+0x20/0x20 [ 51.491751][ C0] ? lapic_next_event+0x5b/0x70 [ 51.496676][ C0] run_timer_softirq+0x63/0xf0 [ 51.501827][ C0] __do_softirq+0x23b/0x6b7 [ 51.506953][ C0] ? sched_clock_cpu+0x18/0x3a0 [ 51.513234][ C0] irq_exit+0x195/0x1c0 [ 51.518015][ C0] smp_apic_timer_interrupt+0x11a/0x460 [ 51.524114][ C0] apic_timer_interrupt+0xf/0x20 [ 51.529879][ C0] [ 51.533030][ C0] ? unwind_next_frame+0x1036/0x1ea0 [ 51.538424][ C0] ? check_memory_region+0x6f/0x280 [ 51.545605][ C0] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 51.552411][ C0] ? memset+0x1f/0x40 [ 51.556355][ C0] ? unwind_next_frame+0x1036/0x1ea0 [ 51.562571][ C0] ? stack_trace_save+0x118/0x1c0 [ 51.567703][ C0] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 51.573927][ C0] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 51.580039][ C0] ? __kasan_kmalloc+0x171/0x210 [ 51.585087][ C0] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 51.590965][ C0] ? arch_stack_walk+0x111/0x140 [ 51.596294][ C0] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 51.602658][ C0] ? __unwind_start+0x708/0x890 [ 51.607917][ C0] ? deref_stack_reg+0x1f0/0x1f0 [ 51.612687][ C0] ? __unwind_start+0x708/0x890 [ 51.617867][ C0] ? stack_trace_save+0x118/0x1c0 [ 51.623434][ C0] ? stack_trace_save+0x1c0/0x1c0 [ 51.628365][ C0] ? arch_stack_walk+0x111/0x140 [ 51.633613][ C0] ? __kasan_kmalloc+0x171/0x210 [ 51.638763][ C0] ? stack_trace_save+0x118/0x1c0 [ 51.644674][ C0] ? stack_trace_snprint+0x170/0x170 [ 51.650755][ C0] ? __kasan_kmalloc+0x171/0x210 [ 51.655908][ C0] ? __kernfs_new_node+0xdb/0x6e0 [ 51.660830][ C0] ? kmem_cache_alloc+0xd9/0x250 [ 51.665643][ C0] ? __kernfs_new_node+0xdb/0x6e0 [ 51.670638][ C0] ? kernfs_new_node+0x160/0x160 [ 51.676182][ C0] ? mutex_lock+0xa5/0x110 [ 51.681150][ C0] ? mutex_trylock+0xa0/0xa0 [ 51.685585][ C0] ? kernfs_activate+0x2fe/0x320 [ 51.690565][ C0] ? kernfs_new_node+0x95/0x160 [ 51.695551][ C0] ? __kernfs_create_file+0x45/0x260 [ 51.701800][ C0] ? sysfs_add_file_mode_ns+0x292/0x340 [ 51.707842][ C0] ? internal_create_group+0x573/0xf00 [ 51.713476][ C0] ? kobject_add+0x210/0x210 [ 51.718289][ C0] ? sysfs_create_group+0x20/0x20 [ 51.723436][ C0] ? kobject_uevent_env+0x346/0x710 [ 51.729149][ C0] ? netdev_queue_update_kobjects+0x18b/0x3a0 [ 51.735732][ C0] ? netdev_register_kobject+0x263/0x310 [ 51.741388][ C0] ? register_netdevice+0xbc5/0x12a0 [ 51.746950][ C0] ? netdev_update_lockdep_key+0x10/0x10 [ 51.753358][ C0] ? tun_set_iff+0x7f7/0xdc0 [ 51.758328][ C0] ? __tun_chr_ioctl+0x860/0x1d50 [ 51.763992][ C0] ? tun_flow_create+0x250/0x250 [ 51.769202][ C0] ? tun_chr_poll+0x670/0x670 [ 51.774234][ C0] ? do_vfs_ioctl+0x742/0x1720 [ 51.779301][ C0] ? ioctl_preallocate+0x250/0x250 [ 51.784242][ C0] ? __fget+0x407/0x490 [ 51.788277][ C0] ? fget_many+0x20/0x20 [ 51.792526][ C0] ? switch_fpu_return+0x1d4/0x410 [ 51.797832][ C0] ? security_file_ioctl+0x7d/0xa0 [ 51.803727][ C0] ? __x64_sys_ioctl+0xd4/0x110 [ 51.809417][ C0] ? do_syscall_64+0xca/0x1c0 [ 51.814815][ C0] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 51.820917][ C0] Modules linked in: [ 51.825153][ C0] CR2: 0000000000000000 [ 51.829523][ C0] ---[ end trace a06becea9661a6da ]--- [ 51.835172][ C0] RIP: 0010:0x0 [ 51.838406][ C0] Code: Bad RIP value. [ 51.842297][ C0] RSP: 0018:ffff8881f6e09d18 EFLAGS: 00010202 [ 51.848723][ C0] RAX: ffffffff8154d3fa RBX: 0000000000000101 RCX: ffff8881debfee40 [ 51.856674][ C0] RDX: 0000000080000101 RSI: 0000000000000000 RDI: ffff8881d655f1c0 [ 51.865953][ C0] RBP: ffff8881f6e09ec8 R08: ffffffff8154d03e R09: 0000000000000003 [ 51.874676][ C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: 00000000ffff9e00 [ 51.883367][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8881d655f1c0 [ 51.891428][ C0] FS: 00007fa238fb56c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 51.900852][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 51.908275][ C0] CR2: ffffffffffffffd6 CR3: 00000001e1491000 CR4: 00000000003406b0 [ 51.917379][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 51.925876][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 51.934719][ C0] Kernel panic - not syncing: Fatal exception in interrupt [ 51.943213][ C0] Kernel Offset: disabled [ 51.947771][ C0] Rebooting in 86400 seconds..