[ 27.361173][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 27.369243][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 27.383489][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 27.396951][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 27.411846][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 27.517660][ T362] syz-executor.0 (362) used greatest stack depth: 19736 bytes left [ 27.961284][ T179] device bridge_slave_1 left promiscuous mode [ 27.967458][ T179] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.975203][ T179] device bridge_slave_0 left promiscuous mode [ 27.981394][ T179] bridge0: port 1(bridge_slave_0) entered disabled state Warning: Permanently added '10.128.1.104' (ED25519) to the list of known hosts. 2023/09/02 21:56:11 ignoring optional flag "sandboxArg"="0" 2023/09/02 21:56:11 parsed 1 programs 2023/09/02 21:56:11 executed programs: 0 [ 46.675382][ T23] kauditd_printk_skb: 68 callbacks suppressed [ 46.675392][ T23] audit: type=1400 audit(1693691771.790:144): avc: denied { mounton } for pid=406 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 46.708420][ T23] audit: type=1400 audit(1693691771.790:145): avc: denied { mount } for pid=406 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 46.862644][ T413] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.870116][ T413] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.877848][ T413] device bridge_slave_0 entered promiscuous mode [ 46.915011][ T413] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.922058][ T413] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.929623][ T413] device bridge_slave_1 entered promiscuous mode [ 47.088748][ T431] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.095728][ T431] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.103284][ T431] device bridge_slave_0 entered promiscuous mode [ 47.145575][ T431] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.152501][ T431] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.159998][ T431] device bridge_slave_1 entered promiscuous mode [ 47.174178][ T419] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.181108][ T419] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.188711][ T419] device bridge_slave_0 entered promiscuous mode [ 47.197687][ T428] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.204694][ T428] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.211974][ T428] device bridge_slave_0 entered promiscuous mode [ 47.222424][ T428] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.229313][ T428] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.236804][ T428] device bridge_slave_1 entered promiscuous mode [ 47.254891][ T419] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.261730][ T419] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.269280][ T419] device bridge_slave_1 entered promiscuous mode [ 47.278263][ T422] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.285361][ T422] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.292620][ T422] device bridge_slave_0 entered promiscuous mode [ 47.324008][ T430] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.324365][ T23] audit: type=1400 audit(1693691772.440:146): avc: denied { create } for pid=413 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 47.331513][ T430] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.352607][ T23] audit: type=1400 audit(1693691772.470:147): avc: denied { write } for pid=413 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 47.359484][ T430] device bridge_slave_0 entered promiscuous mode [ 47.379278][ T23] audit: type=1400 audit(1693691772.470:148): avc: denied { read } for pid=413 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 47.406946][ T422] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.413876][ T422] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.421469][ T422] device bridge_slave_1 entered promiscuous mode [ 47.447727][ T430] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.454689][ T430] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.461989][ T430] device bridge_slave_1 entered promiscuous mode [ 47.548263][ T413] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.555230][ T413] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.562576][ T413] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.569607][ T413] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.658646][ T431] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.665487][ T431] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.672672][ T431] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.679478][ T431] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.693673][ T428] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.700546][ T428] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.707726][ T428] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.714667][ T428] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.761278][ T422] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.768233][ T422] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.775451][ T422] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.782415][ T422] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.805298][ T107] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.812475][ T107] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.820076][ T107] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.827722][ T107] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.835039][ T107] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.842365][ T107] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.849957][ T107] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.857687][ T107] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.877284][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 47.885457][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.894783][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 47.903061][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.911657][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.918763][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.966900][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 47.974809][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.983879][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 47.992687][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.001360][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.009784][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.017241][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 48.024776][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.032428][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.040650][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.048794][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.055810][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.063570][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.072507][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.081021][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.088948][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.096381][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 48.104818][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.112785][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.121759][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.130301][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.137501][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.145009][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 48.153032][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.195856][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.204526][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.212936][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.219793][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.227123][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 48.235479][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.243275][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 48.251734][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.286842][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.295268][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.303212][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 48.310845][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.318527][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.327339][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.335654][ T107] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.342876][ T107] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.350382][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.359450][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.368320][ T107] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.376379][ T107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.383618][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 48.391576][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.401879][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.413786][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.422804][ T107] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.430522][ T107] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.438819][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.447445][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.456185][ T107] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.463283][ T107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.471002][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 48.497292][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 48.506245][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 48.524496][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.533428][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 48.542436][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.560217][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 48.568635][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 48.577056][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.585141][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.593314][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.601782][ T367] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.608807][ T367] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.616495][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 48.639462][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 48.647439][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 48.666535][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 48.675607][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 48.683630][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 48.692341][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 48.700752][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 48.709111][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 48.717576][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 48.744795][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 48.753124][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.761440][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.769410][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.777959][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.786259][ T107] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.793071][ T107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.815626][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 48.823722][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.832195][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.840320][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 48.858202][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 48.866043][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 48.881537][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 48.890133][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 48.899350][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 48.907901][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 48.931840][ T23] audit: type=1400 audit(1693691774.040:149): avc: denied { mounton } for pid=413 comm="syz-executor.2" path="/dev/binderfs" dev="devtmpfs" ino=11284 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 48.966101][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 48.975630][ T23] audit: type=1400 audit(1693691774.090:150): avc: denied { sys_admin } for pid=450 comm="syz-executor.2" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 48.977058][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 49.005306][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 49.013017][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 49.020997][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 49.029662][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 49.038618][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 49.048158][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 49.072743][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 49.080969][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 49.089921][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 49.098364][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 49.106759][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 49.115957][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 49.134327][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 49.142638][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 49.151327][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 49.159687][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 49.168546][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 49.176719][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 49.207630][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 49.216607][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 49.227871][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 49.236446][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 49.244788][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 49.252796][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 49.284427][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 49.292890][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 49.327004][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 49.335779][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 49.344456][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 49.352638][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2023/09/02 21:56:16 executed programs: 190 2023/09/02 21:56:21 executed programs: 519 2023/09/02 21:56:26 executed programs: 841 [ 66.364279][ T5855] ================================================================== [ 66.372532][ T5855] BUG: KASAN: use-after-free in detach_if_pending+0x188/0x360 [ 66.380231][ T5855] Write of size 8 at addr ffff8881f0b0f1c8 by task syz-executor.1/5855 [ 66.388562][ T5855] [ 66.390669][ T5855] CPU: 1 PID: 5855 Comm: syz-executor.1 Not tainted 5.4.249-syzkaller-04711-gc83e2462239e #0 [ 66.400636][ T5855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 66.410700][ T5855] Call Trace: [ 66.413835][ T5855] dump_stack+0x1d8/0x241 [ 66.418107][ T5855] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 66.423858][ T5855] ? printk+0xd1/0x111 [ 66.427750][ T5855] ? detach_if_pending+0x188/0x360 [ 66.432792][ T5855] ? wake_up_klogd+0xb2/0xf0 [ 66.437321][ T5855] ? detach_if_pending+0x188/0x360 [ 66.442264][ T5855] print_address_description+0x8c/0x600 [ 66.447663][ T5855] ? panic+0x896/0x896 [ 66.451569][ T5855] ? schedule+0x143/0x1d0 [ 66.456102][ T5855] ? detach_if_pending+0x188/0x360 [ 66.461592][ T5855] __kasan_report+0xf3/0x120 [ 66.466244][ T5855] ? detach_if_pending+0x188/0x360 [ 66.472337][ T5855] kasan_report+0x30/0x60 [ 66.477030][ T5855] detach_if_pending+0x188/0x360 [ 66.482598][ T5855] del_timer_sync+0x13c/0x230 [ 66.487248][ T5855] ? find_next_bit+0xcd/0x100 [ 66.491971][ T5855] ? try_to_del_timer_sync+0x150/0x150 [ 66.497255][ T5855] ? pcpu_chunk_relocate+0xdc/0x3a0 [ 66.502549][ T5855] tun_flow_uninit+0x2c/0x280 [ 66.507130][ T5855] ? free_percpu+0x359/0x910 [ 66.511752][ T5855] tun_free_netdev+0x77/0x190 [ 66.516252][ T5855] ? tun_xdp+0x3f0/0x3f0 [ 66.520882][ T5855] netdev_run_todo+0xb7f/0xdf0 [ 66.525536][ T5855] ? netdev_refcnt_read+0x1c0/0x1c0 [ 66.531368][ T5855] ? kfree+0x123/0x370 [ 66.536159][ T5855] tun_chr_close+0xc1/0x130 [ 66.540434][ T5855] ? tun_chr_open+0x530/0x530 [ 66.545116][ T5855] __fput+0x262/0x680 [ 66.549336][ T5855] task_work_run+0x140/0x170 [ 66.554710][ T5855] exit_to_usermode_loop+0x190/0x1a0 [ 66.560361][ T5855] prepare_exit_to_usermode+0x199/0x200 [ 66.565735][ T5855] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 66.571738][ T5855] [ 66.573990][ T5855] The buggy address belongs to the page: [ 66.579436][ T5855] page:ffffea0007c2c3c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 66.588894][ T5855] flags: 0x8000000000000000() [ 66.593536][ T5855] raw: 8000000000000000 0000000000000000 ffffea0007c29c88 0000000000000000 [ 66.602029][ T5855] raw: 0000000000000000 0000000000240000 00000000ffffffff 0000000000000000 [ 66.611720][ T5855] page dumped because: kasan: bad access detected [ 66.618033][ T5855] page_owner tracks the page as freed [ 66.623258][ T5855] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x146dc0(GFP_USER|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_COMP|__GFP_ZERO) [ 66.638749][ T5855] prep_new_page+0x18f/0x370 [ 66.643342][ T5855] get_page_from_freelist+0x2d13/0x2d90 [ 66.648918][ T5855] __alloc_pages_nodemask+0x393/0x840 [ 66.654895][ T5855] kmalloc_order_trace+0x2a/0x100 [ 66.660582][ T5855] kvmalloc_node+0x7e/0xf0 [ 66.665240][ T5855] alloc_netdev_mqs+0x85/0xc70 [ 66.670365][ T5855] tun_set_iff+0x51f/0xdc0 [ 66.674857][ T5855] __tun_chr_ioctl+0x860/0x1d50 [ 66.679645][ T5855] do_vfs_ioctl+0x742/0x1720 [ 66.684237][ T5855] __x64_sys_ioctl+0xd4/0x110 [ 66.689597][ T5855] do_syscall_64+0xca/0x1c0 [ 66.694054][ T5855] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 66.700525][ T5855] page last free stack trace: [ 66.705664][ T5855] __free_pages_ok+0x847/0x950 [ 66.710251][ T5855] __free_pages+0x91/0x140 [ 66.714511][ T5855] device_release+0x6b/0x190 [ 66.718925][ T5855] kobject_put+0x1e6/0x2f0 [ 66.723185][ T5855] netdev_run_todo+0xc44/0xdf0 [ 66.727784][ T5855] tun_chr_close+0xc1/0x130 [ 66.732120][ T5855] __fput+0x262/0x680 [ 66.736022][ T5855] task_work_run+0x140/0x170 [ 66.740450][ T5855] do_exit+0xcaf/0x2bc0 [ 66.744441][ T5855] do_group_exit+0x138/0x300 [ 66.748867][ T5855] get_signal+0xdb1/0x1440 [ 66.753134][ T5855] do_signal+0xb0/0x11f0 [ 66.757203][ T5855] exit_to_usermode_loop+0xc0/0x1a0 [ 66.762549][ T5855] prepare_exit_to_usermode+0x199/0x200 [ 66.768106][ T5855] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 66.773841][ T5855] [ 66.776000][ T5855] Memory state around the buggy address: [ 66.781562][ T5855] ffff8881f0b0f080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 66.789814][ T5855] ffff8881f0b0f100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 66.797800][ T5855] >ffff8881f0b0f180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 66.805781][ T5855] ^ 2023/09/02 21:56:31 executed programs: 1182 [ 66.812142][ T5855] ffff8881f0b0f200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 66.820122][ T5855] ffff8881f0b0f280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 66.828914][ T5855] ================================================================== [ 66.837997][ T5855] Disabling lock debugging due to kernel taint [ 66.844438][ T24] cfg80211: failed to load regulatory.db [ 69.124135][ C0] kasan: CONFIG_KASAN_INLINE enabled [ 69.129432][ C0] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 69.138761][ C0] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 69.145813][ C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 5.4.249-syzkaller-04711-gc83e2462239e #0 [ 69.156749][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 69.166905][ C0] RIP: 0010:__run_timers+0x7b0/0xbe0 [ 69.172012][ C0] Code: 89 e7 e8 e3 26 3f 00 4d 89 2c 24 4d 85 ed 74 2e e8 85 66 0f 00 49 83 c5 08 4c 89 e8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 ef e8 b2 26 3f 00 4d 89 65 00 eb 05 e8 57 [ 69.191892][ C0] RSP: 0018:ffff8881f6e09d60 EFLAGS: 00010007 [ 69.197870][ C0] RAX: 0000000000000003 RBX: 1ffff1103e161e39 RCX: dffffc0000000000 [ 69.205899][ C0] RDX: 0000000080000102 RSI: 0000000000000008 RDI: ffff8881f0b0f1c8 [ 69.214032][ C0] RBP: ffff8881f6e09ec8 R08: dffffc0000000000 R09: 0000000000000003 [ 69.222007][ C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff8881f6e09e20 [ 69.230068][ C0] R13: 000000000000001f R14: 1ffff1103e161e38 R15: ffff8881f0b0f1c8 [ 69.237878][ C0] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 69.246641][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 69.253154][ C0] CR2: 00007f08031cd03f CR3: 00000001ef103000 CR4: 00000000003406b0 [ 69.261038][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 69.268776][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 69.276672][ C0] Call Trace: [ 69.279797][ C0] [ 69.282583][ C0] ? __die+0xb4/0x100 [ 69.286404][ C0] ? die+0x26/0x50 [ 69.290056][ C0] ? do_general_protection+0x266/0x3c0 [ 69.295537][ C0] ? do_trap+0x340/0x340 [ 69.300196][ C0] ? check_preemption_disabled+0x9f/0x320 [ 69.305740][ C0] ? round_jiffies+0x99/0xb0 [ 69.310162][ C0] ? general_protection+0x28/0x30 [ 69.315031][ C0] ? __run_timers+0x7b0/0xbe0 [ 69.319537][ C0] ? enqueue_timer+0x300/0x300 [ 69.324136][ C0] ? check_preemption_disabled+0x9f/0x320 [ 69.329776][ C0] ? debug_smp_processor_id+0x20/0x20 [ 69.334986][ C0] ? lapic_next_event+0x5b/0x70 [ 69.339675][ C0] run_timer_softirq+0x63/0xf0 [ 69.344274][ C0] __do_softirq+0x23b/0x6b7 [ 69.348800][ C0] ? sched_clock_cpu+0x18/0x3a0 [ 69.353666][ C0] irq_exit+0x195/0x1c0 [ 69.357633][ C0] smp_apic_timer_interrupt+0x11a/0x460 [ 69.363010][ C0] apic_timer_interrupt+0xf/0x20 [ 69.367776][ C0] [ 69.370562][ C0] ? check_preemption_disabled+0x91/0x320 [ 69.376310][ C0] ? default_idle+0x1f/0x30 [ 69.380656][ C0] ? default_idle+0x11/0x30 [ 69.384997][ C0] ? do_idle+0x248/0x660 [ 69.389164][ C0] ? check_preemption_disabled+0x9f/0x320 [ 69.394795][ C0] ? idle_inject_timer_fn+0x60/0x60 [ 69.399922][ C0] ? kthread_stop+0x4a0/0x4a0 [ 69.404547][ C0] ? find_next_bit+0xc3/0x100 [ 69.409070][ C0] ? cpumask_next+0xc/0x20 [ 69.413407][ C0] ? cpu_startup_entry+0x14/0x20 [ 69.418333][ C0] ? time_init+0x33/0x33 [ 69.422403][ C0] ? start_kernel+0x6de/0x822 [ 69.426916][ C0] ? arch_call_rest_init+0xa/0xa [ 69.431812][ C0] ? kasan_early_init+0x22d/0x27d [ 69.437150][ C0] ? check_loader_disabled_bsp+0x95/0x16c [ 69.442683][ C0] ? load_ucode_bsp+0xde/0x105 [ 69.447286][ C0] ? secondary_startup_64+0xa4/0xb0 [ 69.452597][ C0] Modules linked in: [ 69.456612][ C0] ---[ end trace a9f71d2cdd0816f6 ]--- [ 69.462424][ C0] RIP: 0010:__run_timers+0x7b0/0xbe0 [ 69.467681][ C0] Code: 89 e7 e8 e3 26 3f 00 4d 89 2c 24 4d 85 ed 74 2e e8 85 66 0f 00 49 83 c5 08 4c 89 e8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 ef e8 b2 26 3f 00 4d 89 65 00 eb 05 e8 57 [ 69.487514][ C0] RSP: 0018:ffff8881f6e09d60 EFLAGS: 00010007 [ 69.493595][ C0] RAX: 0000000000000003 RBX: 1ffff1103e161e39 RCX: dffffc0000000000 [ 69.502172][ C0] RDX: 0000000080000102 RSI: 0000000000000008 RDI: ffff8881f0b0f1c8 [ 69.510110][ C0] RBP: ffff8881f6e09ec8 R08: dffffc0000000000 R09: 0000000000000003 [ 69.518011][ C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff8881f6e09e20 [ 69.526142][ C0] R13: 000000000000001f R14: 1ffff1103e161e38 R15: ffff8881f0b0f1c8 [ 69.534401][ C0] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 69.543154][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 69.549864][ C0] CR2: 00007f08031cd03f CR3: 00000001ef103000 CR4: 00000000003406b0 [ 69.558141][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 69.566042][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 69.573828][ C0] Kernel panic - not syncing: Fatal exception in interrupt [ 70.748217][ C0] Shutting down cpus with NMI [ 70.752978][ C0] Kernel Offset: disabled [ 70.757102][ C0] Rebooting in 86400 seconds..