Warning: Permanently added '10.128.0.56' (ECDSA) to the list of known hosts. 2023/05/11 21:05:04 ignoring optional flag "sandboxArg"="0" 2023/05/11 21:05:05 parsed 1 programs 2023/05/11 21:05:05 executed programs: 0 [ 39.534173][ T23] kauditd_printk_skb: 68 callbacks suppressed [ 39.534180][ T23] audit: type=1400 audit(1683839105.029:144): avc: denied { mounton } for pid=403 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 39.566415][ T23] audit: type=1400 audit(1683839105.059:145): avc: denied { mount } for pid=403 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 39.818448][ T410] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.825526][ T410] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.832880][ T410] device bridge_slave_0 entered promiscuous mode [ 39.842978][ T410] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.850002][ T410] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.857642][ T410] device bridge_slave_1 entered promiscuous mode [ 39.865393][ T412] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.872419][ T412] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.879755][ T412] device bridge_slave_0 entered promiscuous mode [ 39.894711][ T418] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.901615][ T418] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.909113][ T418] device bridge_slave_0 entered promiscuous mode [ 39.916252][ T418] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.923181][ T418] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.930389][ T418] device bridge_slave_1 entered promiscuous mode [ 39.951867][ T412] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.958796][ T412] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.966453][ T412] device bridge_slave_1 entered promiscuous mode [ 39.973299][ T417] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.980132][ T417] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.987650][ T417] device bridge_slave_0 entered promiscuous mode [ 39.995816][ T417] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.002785][ T417] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.010100][ T417] device bridge_slave_1 entered promiscuous mode [ 40.090110][ T421] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.096983][ T421] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.104265][ T421] device bridge_slave_0 entered promiscuous mode [ 40.114228][ T421] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.121173][ T421] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.128444][ T421] device bridge_slave_1 entered promiscuous mode [ 40.146074][ T419] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.153867][ T419] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.161326][ T419] device bridge_slave_0 entered promiscuous mode [ 40.173598][ T419] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.180707][ T419] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.188179][ T419] device bridge_slave_1 entered promiscuous mode [ 40.316738][ T412] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.323786][ T412] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.331169][ T412] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.338319][ T412] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.377647][ T410] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.384734][ T410] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.391933][ T410] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.398683][ T410] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.423221][ T418] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.430244][ T418] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.437879][ T418] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.444722][ T418] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.456441][ T419] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.463561][ T419] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.470699][ T419] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.477685][ T419] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.495802][ T417] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.503085][ T417] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.510408][ T417] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.517742][ T417] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.534319][ T421] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.541618][ T421] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.549317][ T421] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.556185][ T421] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.565186][ T108] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.572895][ T108] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.580058][ T108] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.587586][ T108] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.594877][ T108] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.602290][ T108] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.609432][ T108] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.616631][ T108] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.623694][ T108] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.630761][ T108] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.638111][ T108] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.645274][ T108] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.653293][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 40.660762][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 40.699117][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 40.707398][ T361] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.714367][ T361] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.722962][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 40.731372][ T361] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.739257][ T361] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.746431][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 40.754179][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 40.783289][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 40.790591][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 40.804064][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 40.813107][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 40.821355][ T108] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.828473][ T108] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.836027][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 40.844594][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 40.852816][ T108] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.859633][ T108] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.867175][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 40.874638][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 40.889431][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 40.897737][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 40.906059][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 40.914368][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 40.922880][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.929971][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.952900][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 40.960823][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 40.969995][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 40.978664][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 40.986824][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.993681][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.012513][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 41.020472][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 41.029288][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 41.037613][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 41.045872][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 41.053403][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 41.072019][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 41.079620][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 41.087079][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 41.095245][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 41.103578][ T362] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.110506][ T362] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.117892][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 41.126032][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 41.134247][ T362] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.141061][ T362] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.148277][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 41.156092][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 41.195580][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 41.203830][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 41.212186][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.219188][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.226785][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 41.235622][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 41.243970][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.250794][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.258221][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 41.265823][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 41.273226][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 41.281529][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 41.290288][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.297137][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.304741][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 41.313011][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 41.320996][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.327759][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.335303][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 41.343968][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 41.352096][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 41.360538][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 41.368780][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 41.377067][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 41.385058][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 41.393434][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 41.401654][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 41.409756][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 41.417932][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 41.463879][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 41.472486][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 41.480800][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 41.492419][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 41.500736][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 41.509023][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 41.517655][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 41.526168][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 41.534472][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 41.542864][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 41.552408][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 41.560181][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 41.568149][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 41.576637][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 41.593420][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 41.601650][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 41.622326][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 41.630828][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 41.638857][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 41.647426][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 41.655928][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 41.664185][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 41.686029][ T23] audit: type=1400 audit(1683839107.179:146): avc: denied { mounton } for pid=412 comm="syz-executor.3" path="/dev/binderfs" dev="devtmpfs" ino=9932 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 41.714883][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 41.723109][ T23] audit: type=1400 audit(1683839107.209:147): avc: denied { sys_admin } for pid=444 comm="syz-executor.3" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 41.745916][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 41.754046][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 41.762330][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 41.770061][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 41.793622][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 41.802547][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 41.815077][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 41.827181][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 41.835832][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 41.843973][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 41.892786][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 41.901078][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 41.910105][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 41.918719][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 41.969922][ T125] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 41.980168][ T125] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 42.027708][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 42.036875][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 42.045942][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 42.054858][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2023/05/11 21:05:10 executed programs: 173 2023/05/11 21:05:15 executed programs: 492 2023/05/11 21:05:20 executed programs: 977 2023/05/11 21:05:25 executed programs: 1391 2023/05/11 21:05:30 executed programs: 1859 [ 66.532035][ T74] cfg80211: failed to load regulatory.db [ 67.652209][ T8455] ================================================================== [ 67.660268][ T8455] BUG: KASAN: use-after-free in detach_if_pending+0x188/0x360 [ 67.667552][ T8455] Write of size 8 at addr ffff8881e93b71c8 by task syz-executor.5/8455 [ 67.675701][ T8455] [ 67.677864][ T8455] CPU: 0 PID: 8455 Comm: syz-executor.5 Not tainted 5.4.233-syzkaller-00003-gf423d52eea72 #0 [ 67.688116][ T8455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 67.698283][ T8455] Call Trace: [ 67.701427][ T8455] dump_stack+0x1d8/0x241 [ 67.706038][ T8455] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 67.711743][ T8455] ? printk+0xd1/0x111 [ 67.715679][ T8455] ? detach_if_pending+0x188/0x360 [ 67.720687][ T8455] ? wake_up_klogd+0xb2/0xf0 [ 67.725363][ T8455] ? detach_if_pending+0x188/0x360 [ 67.730582][ T8455] print_address_description+0x8c/0x600 [ 67.736053][ T8455] ? panic+0x896/0x896 [ 67.739957][ T8455] ? detach_if_pending+0x188/0x360 [ 67.745375][ T8455] __kasan_report+0xf3/0x120 [ 67.749814][ T8455] ? detach_if_pending+0x188/0x360 [ 67.754770][ T8455] kasan_report+0x30/0x60 [ 67.759010][ T8455] detach_if_pending+0x188/0x360 [ 67.763882][ T8455] del_timer_sync+0x13c/0x230 [ 67.768569][ T8455] ? find_next_bit+0xcd/0x100 [ 67.773074][ T8455] ? try_to_del_timer_sync+0x150/0x150 [ 67.778373][ T8455] ? pcpu_chunk_relocate+0xdc/0x3a0 [ 67.783399][ T8455] tun_flow_uninit+0x2c/0x280 [ 67.787921][ T8455] ? free_percpu+0x359/0x910 [ 67.792692][ T8455] tun_free_netdev+0x77/0x190 [ 67.797303][ T8455] ? tun_xdp+0x3f0/0x3f0 [ 67.801546][ T8455] netdev_run_todo+0xb7f/0xdf0 [ 67.806123][ T8455] ? netdev_refcnt_read+0x1c0/0x1c0 [ 67.811490][ T8455] ? kfree+0x123/0x370 [ 67.815783][ T8455] tun_chr_close+0xc1/0x130 [ 67.820334][ T8455] ? tun_chr_open+0x4b0/0x4b0 [ 67.824837][ T8455] __fput+0x262/0x680 [ 67.828648][ T8455] task_work_run+0x140/0x170 [ 67.833175][ T8455] exit_to_usermode_loop+0x190/0x1a0 [ 67.838470][ T8455] prepare_exit_to_usermode+0x199/0x200 [ 67.843937][ T8455] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 67.849660][ T8455] [ 67.851913][ T8455] The buggy address belongs to the page: [ 67.857388][ T8455] page:ffffea0007a4edc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 67.866424][ T8455] flags: 0x8000000000000000() [ 67.871073][ T8455] raw: 8000000000000000 0000000000000000 ffffea0007a4edc8 0000000000000000 [ 67.879788][ T8455] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 67.888407][ T8455] page dumped because: kasan: bad access detected [ 67.894823][ T8455] page_owner tracks the page as freed [ 67.900579][ T8455] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x146dc0(GFP_USER|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_COMP|__GFP_ZERO) [ 67.915147][ T8455] prep_new_page+0x18f/0x370 [ 67.919863][ T8455] get_page_from_freelist+0x2d13/0x2d90 [ 67.925199][ T8455] __alloc_pages_nodemask+0x393/0x840 [ 67.930498][ T8455] kmalloc_order_trace+0x2a/0x100 [ 67.935370][ T8455] kvmalloc_node+0x7e/0xf0 [ 67.939972][ T8455] alloc_netdev_mqs+0x85/0xc70 [ 67.944907][ T8455] tun_set_iff+0x513/0x11d0 [ 67.949630][ T8455] __tun_chr_ioctl+0x860/0x1d50 [ 67.954629][ T8455] do_vfs_ioctl+0x742/0x1720 [ 67.959195][ T8455] __x64_sys_ioctl+0xd4/0x110 [ 67.963681][ T8455] do_syscall_64+0xca/0x1c0 [ 67.968137][ T8455] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 67.974045][ T8455] page last free stack trace: [ 67.978682][ T8455] __free_pages_ok+0x847/0x950 [ 67.983426][ T8455] __free_pages+0x91/0x140 [ 67.987679][ T8455] device_release+0x6b/0x190 [ 67.992124][ T8455] kobject_put+0x1e6/0x2f0 [ 67.996526][ T8455] netdev_run_todo+0xc44/0xdf0 [ 68.001122][ T8455] tun_chr_close+0xc1/0x130 [ 68.005491][ T8455] __fput+0x262/0x680 [ 68.009305][ T8455] task_work_run+0x140/0x170 [ 68.013793][ T8455] exit_to_usermode_loop+0x190/0x1a0 [ 68.019383][ T8455] prepare_exit_to_usermode+0x199/0x200 [ 68.024830][ T8455] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 68.030632][ T8455] [ 68.032799][ T8455] Memory state around the buggy address: [ 68.038286][ T8455] ffff8881e93b7080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 68.046782][ T8455] ffff8881e93b7100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 68.054771][ T8455] >ffff8881e93b7180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 68.064520][ T8455] ^ [ 68.071286][ T8455] ffff8881e93b7200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 68.079159][ T8455] ffff8881e93b7280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 68.087341][ T8455] ================================================================== [ 68.095652][ T8455] Disabling lock debugging due to kernel taint 2023/05/11 21:05:35 executed programs: 2298 [ 71.171778][ C0] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 71.179399][ C0] #PF: supervisor instruction fetch in kernel mode [ 71.185747][ C0] #PF: error_code(0x0010) - not-present page [ 71.191551][ C0] PGD 0 P4D 0 [ 71.194848][ C0] Oops: 0010 [#1] PREEMPT SMP KASAN [ 71.200071][ C0] CPU: 0 PID: 771 Comm: udevd Tainted: G B 5.4.233-syzkaller-00003-gf423d52eea72 #0 [ 71.210670][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 71.220590][ C0] RIP: 0010:0x0 [ 71.223971][ C0] Code: Bad RIP value. [ 71.227991][ C0] RSP: 0018:ffff8881f6e09d18 EFLAGS: 00010206 [ 71.233952][ C0] RAX: ffffffff8154c1ca RBX: 0000000000000100 RCX: ffff8881e629cec0 [ 71.242017][ C0] RDX: 0000000080000100 RSI: 0000000000000000 RDI: ffff8881e93b71c0 [ 71.250003][ C0] RBP: ffff8881f6e09ec8 R08: ffffffff8154be0e R09: 0000000000000003 [ 71.257849][ C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: 00000000ffffa5d0 [ 71.265828][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8881e93b71c0 [ 71.273935][ C0] FS: 00007fcd3e821c80(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 71.282875][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 71.289463][ C0] CR2: ffffffffffffffd6 CR3: 00000001e6b7b000 CR4: 00000000003406b0 [ 71.297305][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 71.305086][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 71.312987][ C0] Call Trace: [ 71.316106][ C0] [ 71.318804][ C0] call_timer_fn+0x36/0x390 [ 71.323158][ C0] __run_timers+0x879/0xbe0 [ 71.327600][ C0] ? enqueue_timer+0x300/0x300 [ 71.332658][ C0] ? check_preemption_disabled+0x9f/0x320 [ 71.338407][ C0] ? debug_smp_processor_id+0x20/0x20 [ 71.343575][ C0] ? lapic_next_event+0x5b/0x70 [ 71.348255][ C0] run_timer_softirq+0x63/0xf0 [ 71.353031][ C0] __do_softirq+0x23b/0x6b7 [ 71.357573][ C0] irq_exit+0x195/0x1c0 [ 71.361562][ C0] smp_apic_timer_interrupt+0x11a/0x460 [ 71.366951][ C0] apic_timer_interrupt+0xf/0x20 [ 71.371701][ C0] [ 71.374486][ C0] ? kmem_cache_alloc+0xd9/0x250 [ 71.379261][ C0] ? stack_trace_consume_entry+0x162/0x240 [ 71.384936][ C0] ? preempt_count_add+0x32/0x180 [ 71.389765][ C0] ? unwind_next_frame+0x17c/0x1ea0 [ 71.395181][ C0] ? kmem_cache_alloc+0xd9/0x250 [ 71.400036][ C0] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 71.405988][ C0] ? __kasan_slab_free+0x233/0x270 [ 71.410938][ C0] ? __kasan_slab_free+0x1b5/0x270 [ 71.415879][ C0] ? kmem_cache_free+0x10b/0x2c0 [ 71.420649][ C0] ? filename_lookup+0x50e/0x6e0 [ 71.425426][ C0] ? vfs_statx+0x115/0x210 [ 71.429763][ C0] ? kmem_cache_alloc+0xd9/0x250 [ 71.434643][ C0] ? do_syscall_64+0xca/0x1c0 [ 71.439081][ C0] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 71.445092][ C0] ? __unwind_start+0x708/0x890 [ 71.449740][ C0] ? deref_stack_reg+0x1f0/0x1f0 [ 71.454751][ C0] ? avc_denied+0x1d0/0x1d0 [ 71.459109][ C0] ? kmem_cache_alloc+0xd9/0x250 [ 71.464124][ C0] ? stack_trace_save+0x1c0/0x1c0 [ 71.468938][ C0] ? arch_stack_walk+0x111/0x140 [ 71.473789][ C0] ? kmem_cache_alloc+0xd9/0x250 [ 71.478576][ C0] ? stack_trace_save+0x118/0x1c0 [ 71.483597][ C0] ? stack_trace_snprint+0x170/0x170 [ 71.488806][ C0] ? avc_flush+0x1f0/0x1f0 [ 71.493071][ C0] ? __kasan_kmalloc+0x171/0x210 [ 71.498032][ C0] ? __kasan_kmalloc+0x171/0x210 [ 71.502917][ C0] ? kmem_cache_alloc+0xd9/0x250 [ 71.507902][ C0] ? getname_flags+0xb8/0x4e0 [ 71.512377][ C0] ? kmem_cache_alloc+0xd9/0x250 [ 71.517166][ C0] ? getname_flags+0xb8/0x4e0 [ 71.522015][ C0] ? _raw_spin_lock+0xa4/0x1b0 [ 71.526613][ C0] ? do_sys_open+0x357/0x810 [ 71.531916][ C0] ? check_preemption_disabled+0x153/0x320 [ 71.537734][ C0] ? file_open_root+0x490/0x490 [ 71.542413][ C0] ? security_file_ioctl+0x7d/0xa0 [ 71.547454][ C0] ? do_syscall_64+0xca/0x1c0 [ 71.552152][ C0] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 71.558028][ C0] Modules linked in: [ 71.561853][ C0] CR2: 0000000000000000 [ 71.566064][ C0] ---[ end trace 27013ce5f5637334 ]--- [ 71.571326][ C0] RIP: 0010:0x0 [ 71.574713][ C0] Code: Bad RIP value. [ 71.578625][ C0] RSP: 0018:ffff8881f6e09d18 EFLAGS: 00010206 [ 71.584772][ C0] RAX: ffffffff8154c1ca RBX: 0000000000000100 RCX: ffff8881e629cec0 [ 71.592671][ C0] RDX: 0000000080000100 RSI: 0000000000000000 RDI: ffff8881e93b71c0 [ 71.600487][ C0] RBP: ffff8881f6e09ec8 R08: ffffffff8154be0e R09: 0000000000000003 [ 71.608382][ C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: 00000000ffffa5d0 [ 71.616287][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8881e93b71c0 [ 71.624267][ C0] FS: 00007fcd3e821c80(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 71.633259][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 71.639769][ C0] CR2: ffffffffffffffd6 CR3: 00000001e6b7b000 CR4: 00000000003406b0 [ 71.647765][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 71.655576][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 71.663381][ C0] Kernel panic - not syncing: Fatal exception in interrupt [ 71.670797][ C0] Kernel Offset: disabled [ 71.674924][ C0] Rebooting in 86400 seconds..