Warning: Permanently added '10.128.0.131' (ECDSA) to the list of known hosts. 2023/04/20 05:47:02 ignoring optional flag "sandboxArg"="0" 2023/04/20 05:47:02 parsed 1 programs 2023/04/20 05:47:02 executed programs: 0 [ 36.610696][ T22] kauditd_printk_skb: 62 callbacks suppressed [ 36.610703][ T22] audit: type=1400 audit(1681969622.640:145): avc: denied { mounton } for pid=334 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 36.642109][ T22] audit: type=1400 audit(1681969622.680:146): avc: denied { mount } for pid=334 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 36.676060][ T22] audit: type=1400 audit(1681969622.710:147): avc: denied { mounton } for pid=342 comm="syz-executor.2" path="/syzcgroup/unified" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 36.687824][ T343] cgroup1: Unknown subsys name 'perf_event' [ 36.700975][ T342] cgroup1: Unknown subsys name 'perf_event' [ 36.705854][ T343] cgroup1: Unknown subsys name 'net_cls' [ 36.711806][ T342] cgroup1: Unknown subsys name 'net_cls' [ 36.725761][ T22] audit: type=1400 audit(1681969622.720:148): avc: denied { mount } for pid=343 comm="syz-executor.1" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 36.744283][ T345] cgroup1: Unknown subsys name 'perf_event' [ 36.748578][ T22] audit: type=1400 audit(1681969622.760:149): avc: denied { module_request } for pid=343 comm="syz-executor.1" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 36.765615][ T345] cgroup1: Unknown subsys name 'net_cls' [ 36.785115][ T347] cgroup1: Unknown subsys name 'perf_event' [ 36.793614][ T347] cgroup1: Unknown subsys name 'net_cls' [ 36.800339][ T350] cgroup1: Unknown subsys name 'perf_event' [ 36.813860][ T350] cgroup1: Unknown subsys name 'net_cls' [ 36.814657][ T349] cgroup1: Unknown subsys name 'perf_event' [ 36.830416][ T349] cgroup1: Unknown subsys name 'net_cls' [ 36.969872][ T342] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.977022][ T342] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.985074][ T342] device bridge_slave_0 entered promiscuous mode [ 36.995163][ T342] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.002209][ T342] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.009994][ T342] device bridge_slave_1 entered promiscuous mode [ 37.041496][ T350] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.048790][ T350] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.056638][ T350] device bridge_slave_0 entered promiscuous mode [ 37.067019][ T350] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.074216][ T350] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.081614][ T350] device bridge_slave_1 entered promiscuous mode [ 37.104233][ T343] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.111391][ T343] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.119271][ T343] device bridge_slave_0 entered promiscuous mode [ 37.129128][ T343] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.136226][ T343] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.143848][ T343] device bridge_slave_1 entered promiscuous mode [ 37.210593][ T349] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.217772][ T349] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.225390][ T349] device bridge_slave_0 entered promiscuous mode [ 37.235333][ T349] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.242366][ T349] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.250252][ T349] device bridge_slave_1 entered promiscuous mode [ 37.256999][ T347] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.264067][ T347] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.271736][ T347] device bridge_slave_0 entered promiscuous mode [ 37.300822][ T347] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.307947][ T347] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.315459][ T347] device bridge_slave_1 entered promiscuous mode [ 37.365123][ T345] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.372163][ T345] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.379900][ T345] device bridge_slave_0 entered promiscuous mode [ 37.390788][ T345] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.398033][ T345] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.405549][ T345] device bridge_slave_1 entered promiscuous mode [ 37.509570][ T350] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.516818][ T350] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.524130][ T350] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.531161][ T350] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.564623][ T343] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.571670][ T343] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.578999][ T343] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.586051][ T343] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.604594][ T342] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.611635][ T342] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.618909][ T342] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.626218][ T342] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.674244][ T347] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.681292][ T347] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.688609][ T347] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.695676][ T347] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.714550][ T345] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.721777][ T345] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.729086][ T345] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.736126][ T345] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.753834][ T349] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.760873][ T349] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.768372][ T349] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.775397][ T349] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.794545][ T308] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.801701][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 37.809521][ T308] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.817299][ T308] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.824550][ T308] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.831792][ T308] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.839514][ T308] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.846729][ T308] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.854355][ T308] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.861604][ T308] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.869199][ T308] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.876552][ T308] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.884367][ T308] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.892362][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 37.900139][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 37.923880][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 37.932103][ T312] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.939348][ T312] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.947568][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 37.956499][ T312] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.964051][ T312] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.972208][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 37.980913][ T312] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.989433][ T312] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.039036][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 38.048842][ T308] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.055926][ T308] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.064599][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 38.072776][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 38.081408][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 38.090119][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 38.098255][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 38.106463][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 38.114696][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 38.122089][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 38.129642][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 38.138160][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 38.146992][ T308] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.154035][ T308] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.161465][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 38.169862][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 38.178068][ T308] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.185100][ T308] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.208975][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 38.217348][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 38.225189][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 38.232800][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 38.247291][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 38.256376][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 38.265161][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.272260][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.280029][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 38.288749][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 38.297272][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.304410][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.311896][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 38.320881][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 38.357752][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 38.365402][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 38.372807][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 38.381514][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 38.390623][ T67] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.398195][ T67] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.406779][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 38.415382][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 38.423604][ T67] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.430626][ T67] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.438342][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 38.446965][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 38.455622][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 38.463687][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 38.471617][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 38.479625][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 38.488079][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 38.496316][ T67] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.503804][ T67] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.511135][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 38.519466][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 38.527689][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 38.551352][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 38.559494][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 38.568317][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 38.576923][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 38.593680][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 38.602029][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 38.611095][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 38.619819][ T308] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.626876][ T308] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.634490][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 38.642958][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 38.676891][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 38.685763][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 38.694166][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 38.702632][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 38.714119][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 38.725844][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 38.743679][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 38.752708][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 38.762063][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 38.793175][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 38.801841][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 38.810773][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 38.819318][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 38.827728][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 38.836382][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 38.865479][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 38.874128][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 38.882812][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 38.892664][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 38.896374][ T22] audit: type=1400 audit(1681969624.930:150): avc: denied { open } for pid=370 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 38.901705][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 38.931042][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 38.940043][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 38.957580][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 38.966524][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 38.975874][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 39.002802][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 39.011400][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 39.020323][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 39.029245][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 39.067612][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 39.078128][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 39.117725][ C1] hrtimer: interrupt took 11107 ns [ 39.124220][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 39.132266][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 39.141153][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 39.150014][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 39.185905][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 39.194652][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 39.216697][ T98] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 39.225746][ T98] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2023/04/20 05:47:07 executed programs: 95 2023/04/20 05:47:12 executed programs: 265 2023/04/20 05:47:17 executed programs: 419 2023/04/20 05:47:22 executed programs: 576 2023/04/20 05:47:27 executed programs: 726 2023/04/20 05:47:32 executed programs: 882 [ 66.844577][ T12] cfg80211: failed to load regulatory.db 2023/04/20 05:47:37 executed programs: 1034 2023/04/20 05:47:42 executed programs: 1194 2023/04/20 05:47:47 executed programs: 1357 2023/04/20 05:47:52 executed programs: 1523 2023/04/20 05:47:57 executed programs: 1671 2023/04/20 05:48:02 executed programs: 1813 2023/04/20 05:48:08 executed programs: 1970 2023/04/20 05:48:13 executed programs: 2142 2023/04/20 05:48:18 executed programs: 2292 2023/04/20 05:48:23 executed programs: 2463 2023/04/20 05:48:28 executed programs: 2612 [ 124.763814][T10003] ================================================================== [ 124.771908][T10003] BUG: KASAN: use-after-free in detach_if_pending+0x157/0x340 [ 124.779349][T10003] Write of size 8 at addr ffff8881db9b71c8 by task syz-executor.1/10003 [ 124.787658][T10003] [ 124.789967][T10003] CPU: 1 PID: 10003 Comm: syz-executor.1 Not tainted 5.4.233-syzkaller-00043-g0108362f3305 #0 [ 124.800181][T10003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023 [ 124.810236][T10003] Call Trace: [ 124.813523][T10003] dump_stack+0x1d8/0x241 [ 124.817831][T10003] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 124.823612][T10003] ? printk+0xd1/0x111 [ 124.827772][T10003] ? detach_if_pending+0x157/0x340 [ 124.832890][T10003] print_address_description+0x8c/0x600 [ 124.838439][T10003] ? _raw_spin_unlock_irqrestore+0x57/0x80 [ 124.844311][T10003] ? try_to_wake_up+0xada/0x15f0 [ 124.849439][T10003] ? detach_if_pending+0x157/0x340 [ 124.854539][T10003] __kasan_report+0xf3/0x120 [ 124.859119][T10003] ? detach_if_pending+0x157/0x340 [ 124.864233][T10003] kasan_report+0x30/0x60 [ 124.868536][T10003] detach_if_pending+0x157/0x340 [ 124.873447][T10003] del_timer_sync+0x170/0x250 [ 124.878283][T10003] tun_flow_uninit+0x2c/0x280 [ 124.882935][T10003] ? free_percpu+0x359/0x910 [ 124.887610][T10003] tun_free_netdev+0x77/0x190 [ 124.892268][T10003] ? tun_xdp+0x3b0/0x3b0 [ 124.896568][T10003] netdev_run_todo+0xae0/0xd50 [ 124.901327][T10003] ? netdev_refcnt_read+0x190/0x190 [ 124.906760][T10003] ? kfree+0xeb/0x320 [ 124.910715][T10003] ? tun_chr_close+0x8f/0x130 [ 124.915448][T10003] tun_chr_close+0xc1/0x130 [ 124.919923][T10003] ? tun_chr_open+0x4b0/0x4b0 [ 124.924575][T10003] __fput+0x262/0x680 [ 124.928532][T10003] task_work_run+0x140/0x170 [ 124.933098][T10003] exit_to_usermode_loop+0x18b/0x1a0 [ 124.938464][T10003] prepare_exit_to_usermode+0x199/0x200 [ 124.944007][T10003] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 124.949872][T10003] [ 124.952172][T10003] The buggy address belongs to the page: [ 124.957950][T10003] page:ffffea00076e6dc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 124.967733][T10003] flags: 0x8000000000000000() [ 124.972398][T10003] raw: 8000000000000000 0000000000000000 ffffea00075f54c8 0000000000000000 [ 124.980962][T10003] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 124.989700][T10003] page dumped because: kasan: bad access detected [ 124.996279][T10003] page_owner tracks the page as freed [ 125.001732][T10003] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x46dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_COMP|__GFP_ZERO) [ 125.016124][T10003] prep_new_page+0x18f/0x370 [ 125.020704][T10003] get_page_from_freelist+0x2ce8/0x2d70 [ 125.026483][T10003] __alloc_pages_nodemask+0x393/0x840 [ 125.031841][T10003] kmalloc_order_trace+0x2a/0x100 [ 125.036837][T10003] kvmalloc_node+0x7e/0xf0 [ 125.041225][T10003] alloc_netdev_mqs+0x85/0xc70 [ 125.045959][T10003] tun_set_iff+0x516/0x10c0 [ 125.050521][T10003] __tun_chr_ioctl+0x806/0x1ed0 [ 125.055342][T10003] do_vfs_ioctl+0x742/0x1720 [ 125.059904][T10003] __x64_sys_ioctl+0xd4/0x110 [ 125.064552][T10003] do_syscall_64+0xca/0x1c0 [ 125.069228][T10003] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 125.075182][T10003] page last free stack trace: [ 125.079952][T10003] __free_pages_ok+0x83d/0x940 [ 125.085915][T10003] __free_pages+0x91/0x140 [ 125.090309][T10003] device_release+0x6b/0x190 [ 125.095505][T10003] kobject_put+0x1e6/0x2f0 [ 125.099922][T10003] netdev_run_todo+0xba5/0xd50 [ 125.104665][T10003] tun_chr_close+0xc1/0x130 [ 125.109148][T10003] __fput+0x262/0x680 [ 125.113114][T10003] task_work_run+0x140/0x170 [ 125.117694][T10003] exit_to_usermode_loop+0x18b/0x1a0 [ 125.122965][T10003] prepare_exit_to_usermode+0x199/0x200 [ 125.128604][T10003] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 125.134478][T10003] [ 125.136789][T10003] Memory state around the buggy address: [ 125.142919][T10003] ffff8881db9b7080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 125.151131][T10003] ffff8881db9b7100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 125.159262][T10003] >ffff8881db9b7180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 125.167292][T10003] ^ [ 125.173676][T10003] ffff8881db9b7200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 125.181707][T10003] ffff8881db9b7280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 125.189734][T10003] ================================================================== [ 125.197776][T10003] Disabling lock debugging due to kernel taint 2023/04/20 05:48:33 executed programs: 2751 [ 128.443412][ C0] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 128.451268][ C0] #PF: supervisor instruction fetch in kernel mode [ 128.457767][ C0] #PF: error_code(0x0010) - not-present page [ 128.463761][ C0] PGD 1dd414067 P4D 1dd414067 PUD 1ee1fa067 PMD 0 [ 128.470303][ C0] Oops: 0010 [#1] PREEMPT SMP KASAN [ 128.475493][ C0] CPU: 0 PID: 10408 Comm: syz-executor.3 Tainted: G B 5.4.233-syzkaller-00043-g0108362f3305 #0 [ 128.487105][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023 [ 128.497155][ C0] RIP: 0010:0x0 [ 128.500698][ C0] Code: Bad RIP value. [ 128.504777][ C0] RSP: 0018:ffff8881f6e09d18 EFLAGS: 00010202 [ 128.510972][ C0] RAX: ffffffff815408da RBX: 0000000000000101 RCX: ffff8881db37bf00 [ 128.518946][ C0] RDX: 0000000080000101 RSI: 0000000000000000 RDI: ffff8881db9b71c0 [ 128.527021][ C0] RBP: ffff8881f6e09ed8 R08: ffffffff81540565 R09: 0000000000000003 [ 128.535010][ C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: 00000000ffffbc10 [ 128.543072][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8881db9b71c0 [ 128.551036][ C0] FS: 0000000002b22400(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 128.559951][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 128.566524][ C0] CR2: ffffffffffffffd6 CR3: 00000001db0e0000 CR4: 00000000003406f0 [ 128.574489][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 128.582462][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 128.590986][ C0] Call Trace: [ 128.594271][ C0] [ 128.597288][ C0] call_timer_fn+0x36/0x390 [ 128.601984][ C0] __run_timers+0x7c2/0xae0 [ 128.606493][ C0] ? enqueue_timer+0x2d0/0x2d0 [ 128.611248][ C0] ? check_preemption_disabled+0x9f/0x320 [ 128.617058][ C0] ? debug_smp_processor_id+0x20/0x20 [ 128.622443][ C0] run_timer_softirq+0x46/0x80 [ 128.627195][ C0] __do_softirq+0x22e/0x630 [ 128.631683][ C0] irq_exit+0x195/0x1c0 [ 128.635819][ C0] smp_apic_timer_interrupt+0x111/0x440 [ 128.641345][ C0] apic_timer_interrupt+0xf/0x20 [ 128.646281][ C0] [ 128.649208][ C0] ? delete_node+0x6db/0x750 [ 128.653827][ C0] ? _raw_spin_unlock_irq+0x45/0x60 [ 128.659039][ C0] ? _raw_spin_unlock_irq+0x3d/0x60 [ 128.664321][ C0] ? alloc_pid+0x6fe/0x8a0 [ 128.668826][ C0] ? copy_process+0x15dd/0x3230 [ 128.673826][ C0] ? do_wp_page+0x834/0x930 [ 128.678337][ C0] ? fork_idle+0x290/0x290 [ 128.682746][ C0] ? handle_mm_fault+0x94e/0x3bb0 [ 128.687762][ C0] ? _do_fork+0x197/0x900 [ 128.692257][ C0] ? finish_fault+0x230/0x230 [ 128.697136][ C0] ? dup_mm+0xed0/0xed0 [ 128.701618][ C0] ? __x64_sys_clone+0x26b/0x2c0 [ 128.707727][ C0] ? down_write_trylock+0x130/0x130 [ 128.713446][ C0] ? __ia32_sys_vfork+0x110/0x110 [ 128.719639][ C0] ? __do_page_fault+0x725/0xbb0 [ 128.725152][ C0] ? do_syscall_64+0xca/0x1c0 [ 128.729977][ C0] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 128.738569][ C0] Modules linked in: [ 128.743505][ C0] CR2: 0000000000000000 [ 128.748018][ C0] ---[ end trace 708a5f7e9d6558b9 ]--- [ 128.753875][ C0] RIP: 0010:0x0 [ 128.757334][ C0] Code: Bad RIP value. [ 128.761763][ C0] RSP: 0018:ffff8881f6e09d18 EFLAGS: 00010202 [ 128.768167][ C0] RAX: ffffffff815408da RBX: 0000000000000101 RCX: ffff8881db37bf00 [ 128.776759][ C0] RDX: 0000000080000101 RSI: 0000000000000000 RDI: ffff8881db9b71c0 [ 128.785097][ C0] RBP: ffff8881f6e09ed8 R08: ffffffff81540565 R09: 0000000000000003 [ 128.793244][ C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: 00000000ffffbc10 [ 128.801273][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8881db9b71c0 [ 128.809239][ C0] FS: 0000000002b22400(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 128.818150][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 128.824826][ C0] CR2: ffffffffffffffd6 CR3: 00000001db0e0000 CR4: 00000000003406f0 [ 128.832893][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 128.840930][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 128.848966][ C0] Kernel panic - not syncing: Fatal exception in interrupt [ 128.856386][ C0] Kernel Offset: disabled [ 128.860690][ C0] Rebooting in 86400 seconds..