Warning: Permanently added '10.128.0.55' (ED25519) to the list of known hosts. 2024/01/20 22:34:33 ignoring optional flag "sandboxArg"="0" 2024/01/20 22:34:33 parsed 1 programs 2024/01/20 22:34:33 executed programs: 0 [ 45.882695][ T23] kauditd_printk_skb: 68 callbacks suppressed [ 45.882705][ T23] audit: type=1400 audit(1705790073.870:144): avc: denied { mounton } for pid=407 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 45.913956][ T23] audit: type=1400 audit(1705790073.880:145): avc: denied { mount } for pid=407 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 46.162695][ T418] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.170495][ T418] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.177931][ T418] device bridge_slave_0 entered promiscuous mode [ 46.187388][ T418] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.194439][ T418] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.202176][ T418] device bridge_slave_1 entered promiscuous mode [ 46.334990][ T420] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.342018][ T420] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.349618][ T420] device bridge_slave_0 entered promiscuous mode [ 46.361187][ T420] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.368037][ T420] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.375565][ T420] device bridge_slave_1 entered promiscuous mode [ 46.396783][ T425] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.403785][ T425] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.411275][ T425] device bridge_slave_0 entered promiscuous mode [ 46.427411][ T425] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.434338][ T425] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.442450][ T425] device bridge_slave_1 entered promiscuous mode [ 46.461127][ T23] audit: type=1400 audit(1705790074.450:146): avc: denied { create } for pid=418 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 46.463099][ T423] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.482091][ T23] audit: type=1400 audit(1705790074.450:147): avc: denied { write } for pid=418 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 46.489431][ T423] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.510420][ T23] audit: type=1400 audit(1705790074.450:148): avc: denied { read } for pid=418 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 46.517545][ T423] device bridge_slave_0 entered promiscuous mode [ 46.544110][ T421] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.551004][ T421] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.558250][ T421] device bridge_slave_0 entered promiscuous mode [ 46.589919][ T423] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.596857][ T423] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.604697][ T423] device bridge_slave_1 entered promiscuous mode [ 46.612101][ T421] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.619268][ T421] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.626727][ T421] device bridge_slave_1 entered promiscuous mode [ 46.664653][ T418] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.671527][ T418] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.678998][ T418] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.685730][ T418] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.694049][ T424] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.701478][ T424] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.708914][ T424] device bridge_slave_0 entered promiscuous mode [ 46.747991][ T424] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.755129][ T424] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.762674][ T424] device bridge_slave_1 entered promiscuous mode [ 46.899967][ T425] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.906809][ T425] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.913971][ T425] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.920751][ T425] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.960223][ T420] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.967170][ T420] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.974357][ T420] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.981212][ T420] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.001992][ T362] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.009214][ T362] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.016459][ T362] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.024029][ T362] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.031451][ T362] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.038972][ T362] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.047395][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 47.055253][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.079082][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.087876][ T362] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.094940][ T362] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.116238][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.124679][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.131644][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.194620][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 47.205270][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 47.213853][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 47.221806][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 47.229183][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.261965][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 47.269862][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.277290][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 47.285934][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.294650][ T107] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.301527][ T107] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.309066][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 47.316513][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.324354][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 47.332921][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.341305][ T107] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.348339][ T107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.355804][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 47.364455][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.372720][ T107] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.379609][ T107] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.387108][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 47.395918][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.404056][ T107] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.410988][ T107] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.419484][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 47.426928][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.434355][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 47.442680][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.451363][ T107] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.458191][ T107] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.466179][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 47.474684][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.483157][ T107] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.490200][ T107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.509181][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 47.516789][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 47.524640][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 47.532928][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.541558][ T107] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.548772][ T107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.556325][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 47.564851][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.573722][ T107] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.582240][ T107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.589709][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 47.598098][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 47.618050][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 47.626658][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 47.670920][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 47.682981][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 47.691651][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 47.700043][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 47.708212][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 47.716626][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 47.724707][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 47.733023][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 47.748527][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 47.759251][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 47.766669][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.774378][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 47.782561][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 47.817804][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 47.826225][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 47.834720][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 47.842756][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 47.851759][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 47.860109][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 47.868692][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 47.876941][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 47.885357][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 47.893343][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 47.901408][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 47.909809][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 47.918664][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.926817][ T362] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.933988][ T362] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.941498][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 47.950924][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.959631][ T362] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.966618][ T362] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.974345][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 48.000769][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 48.004632][ T23] audit: type=1400 audit(1705790075.990:149): avc: denied { mounton } for pid=420 comm="syz-executor.2" path="/dev/binderfs" dev="devtmpfs" ino=10740 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 48.008818][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 48.042232][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 48.066279][ T23] audit: type=1400 audit(1705790076.040:150): avc: denied { sys_admin } for pid=449 comm="syz-executor.2" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 48.107566][ T447] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 48.116614][ T447] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.125408][ T447] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 48.135080][ T447] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 48.143635][ T447] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.194121][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 48.211318][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 48.221654][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 48.229785][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 48.237945][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 48.246591][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 48.255188][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 48.263733][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 48.271799][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 48.318979][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 48.327578][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 48.336666][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 48.344630][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 48.352692][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 48.361466][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 48.383666][ T447] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 48.393462][ T447] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 48.401979][ T447] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 48.411266][ T447] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 48.440422][ T447] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 48.450066][ T447] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 48.459592][ T447] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 48.467751][ T447] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 48.476452][ T447] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 48.485438][ T447] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 48.540759][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 48.552682][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 48.561719][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 48.570602][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2024/01/20 22:34:38 executed programs: 132 2024/01/20 22:34:43 executed programs: 455 2024/01/20 22:34:48 executed programs: 788 2024/01/20 22:34:53 executed programs: 1120 [ 66.439750][ T74] cfg80211: failed to load regulatory.db 2024/01/20 22:34:58 executed programs: 1351 [ 74.733339][ T8125] ================================================================== [ 74.741597][ T8125] BUG: KASAN: use-after-free in detach_if_pending+0x188/0x360 [ 74.749335][ T8125] Write of size 8 at addr ffff8881e706f1c8 by task syz-executor.0/8125 [ 74.757479][ T8125] [ 74.759649][ T8125] CPU: 1 PID: 8125 Comm: syz-executor.0 Not tainted 5.4.259-syzkaller-04804-g9ca091c99214 #0 [ 74.769939][ T8125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 74.780320][ T8125] Call Trace: [ 74.783629][ T8125] dump_stack+0x1d8/0x241 [ 74.787785][ T8125] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 74.793454][ T8125] ? printk+0xd1/0x111 [ 74.797335][ T8125] ? detach_if_pending+0x188/0x360 [ 74.802380][ T8125] ? wake_up_klogd+0xb2/0xf0 [ 74.806920][ T8125] ? detach_if_pending+0x188/0x360 [ 74.811825][ T8125] print_address_description+0x8c/0x600 [ 74.817207][ T8125] ? panic+0x896/0x896 [ 74.821117][ T8125] ? detach_if_pending+0x188/0x360 [ 74.826061][ T8125] __kasan_report+0xf3/0x120 [ 74.830572][ T8125] ? detach_if_pending+0x188/0x360 [ 74.835697][ T8125] kasan_report+0x30/0x60 [ 74.839885][ T8125] detach_if_pending+0x188/0x360 [ 74.844712][ T8125] del_timer_sync+0x13c/0x230 [ 74.849237][ T8125] ? find_next_bit+0xcd/0x100 [ 74.853752][ T8125] ? try_to_del_timer_sync+0x150/0x150 [ 74.859057][ T8125] ? pcpu_chunk_relocate+0xdc/0x3a0 [ 74.864182][ T8125] tun_flow_uninit+0x2c/0x280 [ 74.868692][ T8125] ? free_percpu+0x359/0x910 [ 74.873968][ T8125] tun_free_netdev+0x77/0x190 [ 74.878643][ T8125] ? tun_xdp+0x3f0/0x3f0 [ 74.882850][ T8125] netdev_run_todo+0xb7f/0xdf0 [ 74.887464][ T8125] ? netdev_refcnt_read+0x1c0/0x1c0 [ 74.892441][ T8125] ? kfree+0x123/0x370 [ 74.896363][ T8125] ? tun_chr_close+0x8f/0x130 [ 74.901061][ T8125] tun_chr_close+0xc1/0x130 [ 74.905367][ T8125] ? tun_chr_open+0x500/0x500 [ 74.909879][ T8125] __fput+0x262/0x680 [ 74.913711][ T8125] task_work_run+0x140/0x170 [ 74.918384][ T8125] do_exit+0xcaf/0x2bc0 [ 74.922669][ T8125] ? put_task_struct+0x80/0x80 [ 74.927357][ T8125] ? tun_attach_filter+0x285/0x300 [ 74.932294][ T8125] ? __tun_chr_ioctl+0x77a/0x1d00 [ 74.937335][ T8125] ? _raw_spin_lock_irqsave+0x210/0x210 [ 74.942844][ T8125] do_group_exit+0x138/0x300 [ 74.947356][ T8125] get_signal+0xdb1/0x1440 [ 74.951700][ T8125] do_signal+0xb0/0x11f0 [ 74.955795][ T8125] ? ioctl_preallocate+0x250/0x250 [ 74.960926][ T8125] ? __set_current_blocked+0x2a2/0x2f0 [ 74.966198][ T8125] ? signal_fault+0x1e0/0x1e0 [ 74.970700][ T8125] ? __fget+0x407/0x490 [ 74.974798][ T8125] ? switch_fpu_return+0x1d4/0x410 [ 74.979821][ T8125] ? fput_many+0x15e/0x1b0 [ 74.984061][ T8125] exit_to_usermode_loop+0xc0/0x1a0 [ 74.989096][ T8125] prepare_exit_to_usermode+0x199/0x200 [ 74.994669][ T8125] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 75.000554][ T8125] [ 75.002724][ T8125] The buggy address belongs to the page: [ 75.008190][ T8125] page:ffffea00079c1bc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 75.017316][ T8125] flags: 0x8000000000000000() [ 75.021831][ T8125] raw: 8000000000000000 0000000000000000 ffffffff079c0101 0000000000000000 [ 75.030459][ T8125] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 75.039105][ T8125] page dumped because: kasan: bad access detected [ 75.045454][ T8125] page_owner tracks the page as freed [ 75.050798][ T8125] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x146dc0(GFP_USER|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_COMP|__GFP_ZERO) [ 75.064920][ T8125] prep_new_page+0x18f/0x370 [ 75.069343][ T8125] get_page_from_freelist+0x2d13/0x2d90 [ 75.074722][ T8125] __alloc_pages_nodemask+0x393/0x840 [ 75.080338][ T8125] kmalloc_order_trace+0x2a/0x100 [ 75.085292][ T8125] kvmalloc_node+0x7e/0xf0 [ 75.089579][ T8125] alloc_netdev_mqs+0x85/0xc70 [ 75.094162][ T8125] tun_set_iff+0x51f/0xdc0 [ 75.098514][ T8125] __tun_chr_ioctl+0x8a9/0x1d00 [ 75.103695][ T8125] do_vfs_ioctl+0x742/0x1720 [ 75.108164][ T8125] __x64_sys_ioctl+0xd4/0x110 [ 75.112630][ T8125] do_syscall_64+0xca/0x1c0 [ 75.117248][ T8125] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 75.123139][ T8125] page last free stack trace: [ 75.127918][ T8125] __free_pages_ok+0x847/0x950 [ 75.133832][ T8125] __free_pages+0x91/0x140 [ 75.138225][ T8125] device_release+0x6b/0x190 [ 75.142652][ T8125] kobject_put+0x1e6/0x2f0 [ 75.146892][ T8125] netdev_run_todo+0xc44/0xdf0 [ 75.151493][ T8125] tun_chr_close+0xc1/0x130 [ 75.155834][ T8125] __fput+0x262/0x680 [ 75.160196][ T8125] task_work_run+0x140/0x170 [ 75.165054][ T8125] exit_to_usermode_loop+0x190/0x1a0 [ 75.170266][ T8125] prepare_exit_to_usermode+0x199/0x200 [ 75.175639][ T8125] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 75.181646][ T8125] [ 75.183758][ T8125] Memory state around the buggy address: [ 75.189418][ T8125] ffff8881e706f080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 75.197231][ T8125] ffff8881e706f100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 75.205159][ T8125] >ffff8881e706f180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 75.213743][ T8125] ^ [ 75.220411][ T8125] ffff8881e706f200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 75.229205][ T8125] ffff8881e706f280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 75.237121][ T8125] ================================================================== [ 75.245693][ T8125] Disabling lock debugging due to kernel taint 2024/01/20 22:35:03 executed programs: 1703 [ 78.038291][ C0] kasan: CONFIG_KASAN_INLINE enabled [ 78.043404][ C0] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 78.051494][ C0] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 78.058371][ C0] CPU: 0 PID: 9173 Comm: syz-executor.4 Tainted: G B 5.4.259-syzkaller-04804-g9ca091c99214 #0 [ 78.069878][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 78.079874][ C0] RIP: 0010:__run_timers+0x7b0/0xbe0 [ 78.085425][ C0] Code: 89 e7 e8 53 38 3f 00 4d 89 2c 24 4d 85 ed 74 2e e8 65 67 0f 00 49 83 c5 08 4c 89 e8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 ef e8 22 38 3f 00 4d 89 65 00 eb 05 e8 37 [ 78.105035][ C0] RSP: 0018:ffff8881f6e09d60 EFLAGS: 00010802 [ 78.111277][ C0] RAX: 1bd5a00000000025 RBX: 1ffff1103ce0de39 RCX: dffffc0000000000 [ 78.119288][ C0] RDX: 0000000080000101 RSI: 0000000000000008 RDI: ffff8881e706f1c8 [ 78.127273][ C0] RBP: ffff8881f6e09ec8 R08: dffffc0000000000 R09: 0000000000000003 [ 78.135625][ C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff8881f6e09e28 [ 78.143662][ C0] R13: dead00000000012a R14: 1ffff1103ce0de38 R15: ffff8881e706f1c8 [ 78.151563][ C0] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 78.160496][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 78.166945][ C0] CR2: 0000000020000040 CR3: 000000000580e000 CR4: 00000000003406b0 [ 78.174912][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 78.182887][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 78.191046][ C0] Call Trace: [ 78.194167][ C0] [ 78.196974][ C0] ? __die+0xb4/0x100 [ 78.200819][ C0] ? die+0x26/0x50 [ 78.204366][ C0] ? do_general_protection+0x266/0x3c0 [ 78.209821][ C0] ? do_trap+0x340/0x340 [ 78.213894][ C0] ? check_preemption_disabled+0x9f/0x320 [ 78.219476][ C0] ? round_jiffies+0x99/0xb0 [ 78.224084][ C0] ? general_protection+0x28/0x30 [ 78.228943][ C0] ? __run_timers+0x7b0/0xbe0 [ 78.233571][ C0] ? enqueue_timer+0x300/0x300 [ 78.238244][ C0] ? check_preemption_disabled+0x9f/0x320 [ 78.243879][ C0] ? debug_smp_processor_id+0x20/0x20 [ 78.249284][ C0] ? lapic_next_event+0x5b/0x70 [ 78.254067][ C0] run_timer_softirq+0x63/0xf0 [ 78.258663][ C0] __do_softirq+0x23b/0x6b7 [ 78.263003][ C0] irq_exit+0x195/0x1c0 [ 78.266986][ C0] smp_apic_timer_interrupt+0x11a/0x460 [ 78.272372][ C0] apic_timer_interrupt+0xf/0x20 [ 78.277335][ C0] [ 78.280105][ C0] ? free_swap_cache+0x82/0x210 [ 78.284863][ C0] ? free_swap_cache+0x90/0x210 [ 78.289676][ C0] ? free_swap_cache+0xa0/0x210 [ 78.294596][ C0] ? check_memory_region+0x6/0x280 [ 78.299599][ C0] ? free_swap_cache+0xa0/0x210 [ 78.304365][ C0] ? free_pages_and_swap_cache+0x5e/0x90 [ 78.310354][ C0] ? tlb_finish_mmu+0x177/0x320 [ 78.315038][ C0] ? exit_mmap+0x2dc/0x520 [ 78.319280][ C0] ? vm_brk+0x20/0x20 [ 78.323201][ C0] ? mutex_unlock+0x18/0x40 [ 78.327608][ C0] ? uprobe_clear_state+0x297/0x300 [ 78.332755][ C0] ? mm_update_next_owner+0x4f7/0x5d0 [ 78.337939][ C0] ? __mmput+0x8e/0x2c0 [ 78.341933][ C0] ? do_exit+0xc08/0x2bc0 [ 78.346184][ C0] ? _copy_from_user+0x71/0xe0 [ 78.350793][ C0] ? put_task_struct+0x80/0x80 [ 78.355415][ C0] ? copy_user_generic_unrolled+0x89/0xc0 [ 78.360956][ C0] ? __tun_chr_ioctl+0xad4/0x1d00 [ 78.365910][ C0] ? _raw_spin_lock_irqsave+0x210/0x210 [ 78.371296][ C0] ? do_group_exit+0x138/0x300 [ 78.376200][ C0] ? get_signal+0xdb1/0x1440 [ 78.380737][ C0] ? do_signal+0xb0/0x11f0 [ 78.385249][ C0] ? ioctl_preallocate+0x250/0x250 [ 78.390284][ C0] ? signal_fault+0x1e0/0x1e0 [ 78.394905][ C0] ? __fget+0x407/0x490 [ 78.398894][ C0] ? switch_fpu_return+0x1d4/0x410 [ 78.403988][ C0] ? fput_many+0x15e/0x1b0 [ 78.408245][ C0] ? exit_to_usermode_loop+0xc0/0x1a0 [ 78.413437][ C0] ? prepare_exit_to_usermode+0x199/0x200 [ 78.418992][ C0] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 78.424884][ C0] Modules linked in: [ 78.428648][ C0] ---[ end trace 7e47ef1b9d8cc795 ]--- [ 78.433923][ C0] RIP: 0010:__run_timers+0x7b0/0xbe0 [ 78.439038][ C0] Code: 89 e7 e8 53 38 3f 00 4d 89 2c 24 4d 85 ed 74 2e e8 65 67 0f 00 49 83 c5 08 4c 89 e8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 ef e8 22 38 3f 00 4d 89 65 00 eb 05 e8 37 [ 78.458763][ C0] RSP: 0018:ffff8881f6e09d60 EFLAGS: 00010802 [ 78.464759][ C0] RAX: 1bd5a00000000025 RBX: 1ffff1103ce0de39 RCX: dffffc0000000000 [ 78.472666][ C0] RDX: 0000000080000101 RSI: 0000000000000008 RDI: ffff8881e706f1c8 [ 78.480565][ C0] RBP: ffff8881f6e09ec8 R08: dffffc0000000000 R09: 0000000000000003 [ 78.488621][ C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff8881f6e09e28 [ 78.497042][ C0] R13: dead00000000012a R14: 1ffff1103ce0de38 R15: ffff8881e706f1c8 [ 78.505136][ C0] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 78.514147][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 78.520565][ C0] CR2: 0000000020000040 CR3: 000000000580e000 CR4: 00000000003406b0 [ 78.528670][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 78.536478][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 78.544394][ C0] Kernel panic - not syncing: Fatal exception in interrupt [ 78.551894][ C0] Kernel Offset: disabled [ 78.556045][ C0] Rebooting in 86400 seconds..