Warning: Permanently added '10.128.0.67' (ED25519) to the list of known hosts.
2025/04/11 12:02:48 parsed 1 programs
2025/04/11 12:02:48 executed programs: 0
[ 48.409134][ T23] kauditd_printk_skb: 11 callbacks suppressed
[ 48.409153][ T23] audit: type=1400 audit(1744372968.499:87): avc: denied { mounton } for pid=419 comm="syz-executor.2" path="/syzcgroup/unified" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[ 48.409815][ T419] cgroup1: Unknown subsys name 'perf_event'
[ 48.415213][ T23] audit: type=1400 audit(1744372968.499:88): avc: denied { mounton } for pid=419 comm="syz-executor.2" path="/syzcgroup/cpu" dev="sda1" ino=1931 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 48.439516][ T419] cgroup1: Unknown subsys name 'net_cls'
[ 48.453267][ T420] cgroup1: Unknown subsys name 'perf_event'
[ 48.467754][ T423] cgroup1: Unknown subsys name 'perf_event'
[ 48.473712][ T425] cgroup1: Unknown subsys name 'perf_event'
[ 48.478604][ T424] cgroup1: Unknown subsys name 'perf_event'
[ 48.484137][ T426] cgroup1: Unknown subsys name 'perf_event'
[ 48.489408][ T423] cgroup1: Unknown subsys name 'net_cls'
[ 48.495258][ T425] cgroup1: Unknown subsys name 'net_cls'
[ 48.501743][ T424] cgroup1: Unknown subsys name 'net_cls'
[ 48.506414][ T426] cgroup1: Unknown subsys name 'net_cls'
[ 48.523008][ T420] cgroup1: Unknown subsys name 'net_cls'
[ 48.673123][ T424] bridge0: port 1(bridge_slave_0) entered blocking state
[ 48.679977][ T424] bridge0: port 1(bridge_slave_0) entered disabled state
[ 48.687756][ T424] device bridge_slave_0 entered promiscuous mode
[ 48.696392][ T424] bridge0: port 2(bridge_slave_1) entered blocking state
[ 48.703255][ T424] bridge0: port 2(bridge_slave_1) entered disabled state
[ 48.710464][ T424] device bridge_slave_1 entered promiscuous mode
[ 48.749322][ T423] bridge0: port 1(bridge_slave_0) entered blocking state
[ 48.756601][ T423] bridge0: port 1(bridge_slave_0) entered disabled state
[ 48.764181][ T423] device bridge_slave_0 entered promiscuous mode
[ 48.772575][ T423] bridge0: port 2(bridge_slave_1) entered blocking state
[ 48.779410][ T423] bridge0: port 2(bridge_slave_1) entered disabled state
[ 48.786844][ T423] device bridge_slave_1 entered promiscuous mode
[ 48.868847][ T419] bridge0: port 1(bridge_slave_0) entered blocking state
[ 48.875709][ T419] bridge0: port 1(bridge_slave_0) entered disabled state
[ 48.883080][ T419] device bridge_slave_0 entered promiscuous mode
[ 48.901945][ T419] bridge0: port 2(bridge_slave_1) entered blocking state
[ 48.908779][ T419] bridge0: port 2(bridge_slave_1) entered disabled state
[ 48.916197][ T419] device bridge_slave_1 entered promiscuous mode
[ 48.945155][ T426] bridge0: port 1(bridge_slave_0) entered blocking state
[ 48.952012][ T426] bridge0: port 1(bridge_slave_0) entered disabled state
[ 48.959632][ T426] device bridge_slave_0 entered promiscuous mode
[ 48.970528][ T426] bridge0: port 2(bridge_slave_1) entered blocking state
[ 48.977484][ T426] bridge0: port 2(bridge_slave_1) entered disabled state
[ 48.984675][ T426] device bridge_slave_1 entered promiscuous mode
[ 49.032207][ T425] bridge0: port 1(bridge_slave_0) entered blocking state
[ 49.039037][ T425] bridge0: port 1(bridge_slave_0) entered disabled state
[ 49.046471][ T425] device bridge_slave_0 entered promiscuous mode
[ 49.057800][ T425] bridge0: port 2(bridge_slave_1) entered blocking state
[ 49.064656][ T425] bridge0: port 2(bridge_slave_1) entered disabled state
[ 49.072262][ T425] device bridge_slave_1 entered promiscuous mode
[ 49.078636][ T420] bridge0: port 1(bridge_slave_0) entered blocking state
[ 49.085636][ T420] bridge0: port 1(bridge_slave_0) entered disabled state
[ 49.092900][ T420] device bridge_slave_0 entered promiscuous mode
[ 49.113342][ T420] bridge0: port 2(bridge_slave_1) entered blocking state
[ 49.120181][ T420] bridge0: port 2(bridge_slave_1) entered disabled state
[ 49.127821][ T420] device bridge_slave_1 entered promiscuous mode
[ 49.302958][ T419] bridge0: port 2(bridge_slave_1) entered blocking state
[ 49.309823][ T419] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 49.317025][ T419] bridge0: port 1(bridge_slave_0) entered blocking state
[ 49.323788][ T419] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 49.341373][ T423] bridge0: port 2(bridge_slave_1) entered blocking state
[ 49.348205][ T423] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 49.355462][ T423] bridge0: port 1(bridge_slave_0) entered blocking state
[ 49.362193][ T423] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 49.385208][ T426] bridge0: port 2(bridge_slave_1) entered blocking state
[ 49.392066][ T426] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 49.399167][ T426] bridge0: port 1(bridge_slave_0) entered blocking state
[ 49.405953][ T426] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 49.417419][ T425] bridge0: port 2(bridge_slave_1) entered blocking state
[ 49.424270][ T425] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 49.431417][ T425] bridge0: port 1(bridge_slave_0) entered blocking state
[ 49.438146][ T425] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 49.474755][ T420] bridge0: port 2(bridge_slave_1) entered blocking state
[ 49.481617][ T420] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 49.488681][ T420] bridge0: port 1(bridge_slave_0) entered blocking state
[ 49.495501][ T420] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 49.548632][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 49.558137][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 49.567191][ T180] bridge0: port 2(bridge_slave_1) entered disabled state
[ 49.574409][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 49.582711][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 49.589988][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 49.598233][ T180] bridge0: port 2(bridge_slave_1) entered disabled state
[ 49.605312][ T180] bridge0: port 1(bridge_slave_0) entered disabled state
[ 49.612672][ T180] bridge0: port 2(bridge_slave_1) entered disabled state
[ 49.619749][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 49.627973][ T180] bridge0: port 2(bridge_slave_1) entered disabled state
[ 49.634976][ T180] bridge0: port 1(bridge_slave_0) entered disabled state
[ 49.642147][ T180] bridge0: port 2(bridge_slave_1) entered disabled state
[ 49.687032][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 49.695733][ T180] bridge0: port 2(bridge_slave_1) entered blocking state
[ 49.702610][ T180] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 49.711493][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 49.719399][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 49.727625][ T180] bridge0: port 2(bridge_slave_1) entered blocking state
[ 49.734469][ T180] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 49.741695][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 49.750159][ T180] bridge0: port 2(bridge_slave_1) entered blocking state
[ 49.757189][ T180] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 49.764541][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 49.772156][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 49.779340][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 49.786755][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 49.794074][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 49.802630][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 49.810567][ T180] bridge0: port 1(bridge_slave_0) entered blocking state
[ 49.817473][ T180] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 49.824749][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 49.832403][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 49.839592][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 49.847932][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 49.856039][ T180] bridge0: port 1(bridge_slave_0) entered blocking state
[ 49.863142][ T180] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 49.870380][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 49.879080][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 49.887184][ T180] bridge0: port 1(bridge_slave_0) entered blocking state
[ 49.894021][ T180] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 49.901565][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 49.932393][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 49.940459][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 49.948470][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 49.957629][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 49.965948][ T180] bridge0: port 2(bridge_slave_1) entered blocking state
[ 49.973061][ T180] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 49.980414][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 49.988546][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 49.996477][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 50.004341][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 50.012231][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 50.020408][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 50.028628][ T180] bridge0: port 2(bridge_slave_1) entered blocking state
[ 50.035589][ T180] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 50.043019][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 50.051303][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 50.059226][ T180] bridge0: port 2(bridge_slave_1) entered blocking state
[ 50.066095][ T180] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 50.073562][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 50.081517][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 50.095510][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 50.103759][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 50.133251][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 50.141859][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 50.149813][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 50.158370][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 50.166571][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 50.174778][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 50.182680][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 50.193308][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 50.224553][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 50.233358][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 50.242822][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 50.251582][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 50.259696][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 50.268300][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 50.276417][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 50.284764][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 50.304077][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 50.318298][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 50.343956][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 50.351838][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 50.359883][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 50.368169][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 50.376427][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 50.384751][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 50.400241][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 50.421239][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 50.441652][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 50.449924][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 50.459303][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 50.467461][ T23] audit: type=1400 audit(1744372970.559:89): avc: denied { map_create } for pid=448 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 50.478714][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 50.487264][ T23] audit: type=1400 audit(1744372970.559:90): avc: denied { map_read map_write } for pid=448 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 50.494698][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 50.541685][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 50.549696][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 50.558387][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 50.566621][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 50.575140][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 50.587810][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 50.596227][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 50.636392][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 50.645257][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 50.654220][ T180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 50.670069][ T452] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 50.678332][ T452] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 50.703303][ T452] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 50.711755][ T452] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 50.750982][ T452] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 50.759980][ T452] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 50.768401][ T452] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 50.776899][ T452] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 50.785362][ T452] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 50.794412][ T452] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 51.641251][ T543] ==================================================================
[ 51.649149][ T543] BUG: KASAN: use-after-free in detach_if_pending+0x188/0x360
[ 51.656416][ T543] Write of size 8 at addr ffff8881e8a371c8 by task syz-executor.2/543
[ 51.664395][ T543]
[ 51.666676][ T543] CPU: 1 PID: 543 Comm: syz-executor.2 Not tainted 5.4.290-syzkaller-05053-g41adfeb3d639 #0
[ 51.677094][ T543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 51.687153][ T543] Call Trace:
[ 51.690288][ T543] dump_stack+0x1d8/0x241
[ 51.694445][ T543] ? nf_ct_l4proto_log_invalid+0x258/0x258
[ 51.700086][ T543] ? printk+0xd1/0x111
[ 51.703991][ T543] ? detach_if_pending+0x188/0x360
[ 51.708940][ T543] ? wake_up_klogd+0xb2/0xf0
[ 51.713383][ T543] ? detach_if_pending+0x188/0x360
[ 51.718354][ T543] print_address_description+0x8c/0x600
[ 51.723768][ T543] ? panic+0x89d/0x89d
[ 51.727603][ T543] ? detach_if_pending+0x188/0x360
[ 51.732548][ T543] __kasan_report+0xf3/0x120
[ 51.736976][ T543] ? detach_if_pending+0x188/0x360
[ 51.742119][ T543] kasan_report+0x30/0x60
[ 51.746284][ T543] detach_if_pending+0x188/0x360
[ 51.751063][ T543] del_timer_sync+0x13c/0x230
[ 51.755562][ T543] ? find_next_bit+0xcd/0x100
[ 51.760075][ T543] ? try_to_del_timer_sync+0x150/0x150
[ 51.765484][ T543] ? pcpu_chunk_relocate+0xdc/0x3a0
[ 51.770529][ T543] tun_flow_uninit+0x2c/0x280
[ 51.775028][ T543] ? free_percpu+0x359/0x910
[ 51.779454][ T543] tun_free_netdev+0x77/0x190
[ 51.783976][ T543] ? tun_xdp+0x3f0/0x3f0
[ 51.788104][ T543] netdev_run_todo+0xb7f/0xdf0
[ 51.792942][ T543] ? netdev_refcnt_read+0x1c0/0x1c0
[ 51.797985][ T543] ? kfree+0x123/0x370
[ 51.802018][ T543] tun_chr_close+0xc1/0x130
[ 51.806510][ T543] ? tun_chr_open+0x500/0x500
[ 51.811024][ T543] __fput+0x262/0x680
[ 51.814831][ T543] task_work_run+0x140/0x170
[ 51.819259][ T543] get_signal+0x13c6/0x1440
[ 51.823692][ T543] ? tun_chr_poll+0x670/0x670
[ 51.828213][ T543] do_signal+0xb0/0x11f0
[ 51.832274][ T543] ? ioctl_preallocate+0x250/0x250
[ 51.837232][ T543] ? check_preemption_disabled+0x9f/0x320
[ 51.842861][ T543] ? signal_fault+0x1e0/0x1e0
[ 51.847461][ T543] ? __fget+0x407/0x490
[ 51.851455][ T543] ? task_work_add+0x100/0x120
[ 51.856055][ T543] ? fput_many+0x165/0x1b0
[ 51.860322][ T543] exit_to_usermode_loop+0xc0/0x1a0
[ 51.865340][ T543] prepare_exit_to_usermode+0x199/0x200
[ 51.870753][ T543] entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 51.876465][ T543] RIP: 0033:0x454b09
[ 51.880270][ T543] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b4 ff ff ff f7 d8 64 89 01 48
[ 51.899742][ T543] RSP: 002b:00007fd0f74390f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 51.907956][ T543] RAX: 0000000000000000 RBX: 00000000ffffffff RCX: 0000000000454b09
[ 51.915963][ T543] RDX: 0000000020000300 RSI: 00000000400454ca RDI: 0000000000000003
[ 51.923772][ T543] RBP: 00000000000005b8 R08: 0000000000000000 R09: 0000000000000000
[ 51.931686][ T543] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004e4b40
[ 51.939569][ T543] R13: 00007fd0f7439674 R14: 000000000054bf00 R15: 00000000004fb940
[ 51.947469][ T543]
[ 51.949650][ T543] Allocated by task 18:
[ 51.953634][ T543] __kasan_kmalloc+0x171/0x210
[ 51.958405][ T543] __kmalloc_track_caller+0x100/0x2b0
[ 51.963611][ T543] __alloc_skb+0xb4/0x4d0
[ 51.967777][ T543] ndisc_alloc_skb+0xee/0x2c0
[ 51.972389][ T543] ndisc_send_ns+0x29d/0x830
[ 51.976900][ T543] addrconf_dad_work+0xb91/0x16f0
[ 51.981764][ T543] process_one_work+0x765/0xd20
[ 51.986436][ T543] worker_thread+0xaef/0x1470
[ 51.990949][ T543] kthread+0x2da/0x360
[ 51.994856][ T543] ret_from_fork+0x1f/0x30
[ 51.999300][ T543]
[ 52.001449][ T543] Freed by task 18:
[ 52.005774][ T543] __kasan_slab_free+0x1b5/0x270
[ 52.010536][ T543] kfree+0x123/0x370
[ 52.014266][ T543] kfree_skb+0xb8/0x3c0
[ 52.018262][ T543] ip6_mc_input+0x236/0x2a0
[ 52.022602][ T543] ipv6_rcv+0xee/0x280
[ 52.026503][ T543] __netif_receive_skb+0x1c6/0x530
[ 52.031545][ T543] process_backlog+0x34f/0x680
[ 52.036143][ T543] net_rx_action+0x53f/0x1160
[ 52.040912][ T543] __do_softirq+0x23b/0x6b7
[ 52.045243][ T543]
[ 52.047415][ T543] The buggy address belongs to the object at ffff8881e8a37000
[ 52.047415][ T543] which belongs to the cache kmalloc-512 of size 512
[ 52.061417][ T543] The buggy address is located 456 bytes inside of
[ 52.061417][ T543] 512-byte region [ffff8881e8a37000, ffff8881e8a37200)
[ 52.074519][ T543] The buggy address belongs to the page:
[ 52.079991][ T543] page:ffffea0007a28d00 refcount:1 mapcount:0 mapping:ffff8881f5c02500 index:0x0 compound_mapcount: 0
[ 52.090830][ T543] flags: 0x8000000000010200(slab|head)
[ 52.096125][ T543] raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881f5c02500
[ 52.104540][ T543] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[ 52.112980][ T543] page dumped because: kasan: bad access detected
[ 52.119217][ T543] page_owner tracks the page as allocated
[ 52.124766][ T543] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP)
[ 52.137532][ T543] prep_new_page+0x18f/0x370
[ 52.141951][ T543] get_page_from_freelist+0x2d13/0x2d90
[ 52.147331][ T543] __alloc_pages_nodemask+0x393/0x840
[ 52.152538][ T543] alloc_slab_page+0x39/0x3c0
[ 52.157317][ T543] new_slab+0x97/0x440
[ 52.161149][ T543] ___slab_alloc+0x2fe/0x490
[ 52.165591][ T543] __slab_alloc+0x62/0xa0
[ 52.169751][ T543] __kmalloc+0x19b/0x2e0
[ 52.173833][ T543] ___neigh_create+0x6d2/0x1ae0
[ 52.178504][ T543] ip6_finish_output2+0x8b1/0x1640
[ 52.183473][ T543] ip6_output+0x1b3/0x430
[ 52.187616][ T543] ndisc_send_skb+0x702/0xc30
[ 52.192131][ T543] addrconf_dad_completed+0x8e2/0xdb0
[ 52.197342][ T543] addrconf_dad_work+0xe4d/0x16f0
[ 52.202211][ T543] process_one_work+0x765/0xd20
[ 52.206888][ T543] worker_thread+0xaef/0x1470
[ 52.211398][ T543] page last free stack trace:
[ 52.215913][ T543] __free_pages_ok+0x847/0x950
[ 52.220514][ T543] __free_pages+0x91/0x140
[ 52.224765][ T543] device_release+0x6b/0x190
[ 52.229280][ T543] kobject_put+0x1e6/0x2f0
[ 52.233535][ T543] netdev_run_todo+0xc44/0xdf0
[ 52.238132][ T543] tun_chr_close+0xc1/0x130
[ 52.242647][ T543] __fput+0x262/0x680
[ 52.246501][ T543] task_work_run+0x140/0x170
[ 52.250891][ T543] get_signal+0x13c6/0x1440
[ 52.255231][ T543] do_signal+0xb0/0x11f0
[ 52.259310][ T543] exit_to_usermode_loop+0xc0/0x1a0
[ 52.264445][ T543] prepare_exit_to_usermode+0x199/0x200
[ 52.269899][ T543] entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 52.275626][ T543]
[ 52.277792][ T543] Memory state around the buggy address:
[ 52.283264][ T543] ffff8881e8a37080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 52.291255][ T543] ffff8881e8a37100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 52.299280][ T543] >ffff8881e8a37180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 52.307154][ T543] ^
[ 52.313408][ T543] ffff8881e8a37200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 52.321419][ T543] ffff8881e8a37280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 52.329401][ T543] ==================================================================
[ 52.337307][ T543] Disabling lock debugging due to kernel taint
2025/04/11 12:02:53 executed programs: 72
[ 55.130781][ C1] BUG: kernel NULL pointer dereference, address: 0000000000000000
[ 55.138482][ C1] #PF: supervisor instruction fetch in kernel mode
[ 55.144824][ C1] #PF: error_code(0x0010) - not-present page
[ 55.150633][ C1] PGD 1ec513067 P4D 1ec513067 PUD 1db9f7067 PMD 0
[ 55.156970][ C1] Oops: 0010 [#1] PREEMPT SMP KASAN
[ 55.162004][ C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G B 5.4.290-syzkaller-05053-g41adfeb3d639 #0
[ 55.172678][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 55.182675][ C1] RIP: 0010:0x0
[ 55.185975][ C1] Code: Bad RIP value.
[ 55.189873][ C1] RSP: 0018:ffff8881f6f09d18 EFLAGS: 00010202
[ 55.195948][ C1] RAX: ffffffff8154e8ca RBX: 0000000000000101 RCX: ffff8881f5dc3f00
[ 55.203761][ C1] RDX: 0000000080000101 RSI: 0000000000000000 RDI: ffff8881e8a371c0
[ 55.211577][ C1] RBP: ffff8881f6f09ec8 R08: ffffffff8154e50e R09: 0000000000000003
[ 55.219384][ C1] R10: ffffffffffffffff R11: dffffc0000000001 R12: 00000000ffff9f88
[ 55.227280][ C1] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8881e8a371c0
[ 55.235097][ C1] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 55.243855][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 55.250283][ C1] CR2: ffffffffffffffd6 CR3: 00000001ec4f6000 CR4: 00000000003406a0
[ 55.258091][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 55.265903][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 55.273800][ C1] Call Trace:
[ 55.276933][ C1]
[ 55.279621][ C1] ? __die+0xb4/0x100
[ 55.283445][ C1] ? no_context+0xac7/0xd20
[ 55.287783][ C1] ? enqueue_timer+0x165/0x300
[ 55.292396][ C1] ? is_prefetch+0x4b0/0x4b0
[ 55.296809][ C1] ? _raw_spin_unlock_irqrestore+0x57/0x80
[ 55.302571][ C1] ? __do_page_fault+0xa72/0xbb0
[ 55.307335][ C1] ? __bad_area_nosemaphore+0xc0/0x470
[ 55.312631][ C1] ? page_fault+0x2f/0x40
[ 55.316881][ C1] ? __run_timers+0x84e/0xbe0
[ 55.321391][ C1] ? call_timer_fn+0x2a/0x390
[ 55.325904][ C1] call_timer_fn+0x36/0x390
[ 55.330262][ C1] __run_timers+0x879/0xbe0
[ 55.334683][ C1] ? enqueue_timer+0x300/0x300
[ 55.339271][ C1] ? check_preemption_disabled+0x9f/0x320
[ 55.344826][ C1] ? debug_smp_processor_id+0x20/0x20
[ 55.350124][ C1] ? lapic_next_event+0x5b/0x70
[ 55.354838][ C1] run_timer_softirq+0x63/0xf0
[ 55.359414][ C1] __do_softirq+0x23b/0x6b7
[ 55.363750][ C1] ? sched_clock_cpu+0x18/0x3a0
[ 55.368469][ C1] irq_exit+0x195/0x1c0
[ 55.372426][ C1] smp_apic_timer_interrupt+0x11a/0x490
[ 55.377896][ C1] apic_timer_interrupt+0xf/0x20
[ 55.382662][ C1]
[ 55.385444][ C1] RIP: 0010:default_idle+0x1f/0x30
[ 55.390397][ C1] Code: 90 90 90 90 90 90 90 90 90 90 90 e8 8b af da fd bf 01 00 00 00 89 c6 e8 ef 93 d1 fc 0f 1f 44 00 00 0f 00 2d 23 a3 4d 00 fb f4 6c af da fd bf ff ff ff ff 89 c6 e9 d0 93 d1 fc 41 57 41 56 53
[ 55.409943][ C1] RSP: 0018:ffff8881f5df7d78 EFLAGS: 000002d2 ORIG_RAX: ffffffffffffff13
[ 55.418179][ C1] RAX: 0000000000000001 RBX: dffffc0000000000 RCX: ffff8881f5dc3f00
[ 55.425990][ C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001
[ 55.433816][ C1] RBP: ffff8881f5df7e80 R08: ffffffff8231cd01 R09: ffffed103ebb87e1
[ 55.441619][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: ffffffff864c4d68
[ 55.449514][ C1] R13: ffff8881f5dc3f00 R14: 1ffff1103ebb87e0 R15: 0000000000000001
[ 55.457431][ C1] ? check_preemption_disabled+0x91/0x320
[ 55.463024][ C1] ? default_idle+0x11/0x30
[ 55.467308][ C1] do_idle+0x248/0x660
[ 55.471215][ C1] ? idle_inject_timer_fn+0x60/0x60
[ 55.476251][ C1] ? __wake_up_locked+0xb7/0x110
[ 55.481030][ C1] ? complete+0x60/0xb0
[ 55.485620][ C1] cpu_startup_entry+0x14/0x20
[ 55.490308][ C1] start_secondary+0x3a5/0x460
[ 55.494907][ C1] ? native_play_dead+0x260/0x260
[ 55.499767][ C1] secondary_startup_64+0xa4/0xb0
[ 55.504628][ C1] Modules linked in:
[ 55.508467][ C1] CR2: 0000000000000000
[ 55.512456][ C1] ---[ end trace 7dd3b9331ee38fcb ]---
[ 55.517821][ C1] RIP: 0010:0x0
[ 55.521123][ C1] Code: Bad RIP value.
[ 55.525031][ C1] RSP: 0018:ffff8881f6f09d18 EFLAGS: 00010202
[ 55.530922][ C1] RAX: ffffffff8154e8ca RBX: 0000000000000101 RCX: ffff8881f5dc3f00
[ 55.538822][ C1] RDX: 0000000080000101 RSI: 0000000000000000 RDI: ffff8881e8a371c0
[ 55.546642][ C1] RBP: ffff8881f6f09ec8 R08: ffffffff8154e50e R09: 0000000000000003
[ 55.554471][ C1] R10: ffffffffffffffff R11: dffffc0000000001 R12: 00000000ffff9f88
[ 55.562256][ C1] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8881e8a371c0
[ 55.570156][ C1] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 55.579008][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 55.585439][ C1] CR2: ffffffffffffffd6 CR3: 00000001ec4f6000 CR4: 00000000003406a0
[ 55.593244][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 55.601066][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 55.609129][ C1] Kernel panic - not syncing: Fatal exception in interrupt
[ 55.616332][ C1] Kernel Offset: disabled
[ 55.620449][ C1] Rebooting in 86400 seconds..