Warning: Permanently added '10.128.0.203' (ED25519) to the list of known hosts. 2024/04/26 00:54:37 ignoring optional flag "sandboxArg"="0" 2024/04/26 00:54:37 parsed 1 programs 2024/04/26 00:54:37 executed programs: 0 [ 46.299584][ T23] kauditd_printk_skb: 68 callbacks suppressed [ 46.299597][ T23] audit: type=1400 audit(1714092877.360:144): avc: denied { mounton } for pid=406 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 46.332153][ T23] audit: type=1400 audit(1714092877.360:145): avc: denied { mount } for pid=406 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 46.606177][ T415] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.613239][ T415] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.621977][ T415] device bridge_slave_0 entered promiscuous mode [ 46.631130][ T415] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.639186][ T415] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.647693][ T415] device bridge_slave_1 entered promiscuous mode [ 46.663946][ T418] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.671479][ T418] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.679291][ T418] device bridge_slave_0 entered promiscuous mode [ 46.686569][ T418] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.693688][ T418] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.701776][ T418] device bridge_slave_1 entered promiscuous mode [ 46.786563][ T416] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.796105][ T416] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.805702][ T416] device bridge_slave_0 entered promiscuous mode [ 46.830327][ T424] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.838655][ T424] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.846984][ T424] device bridge_slave_0 entered promiscuous mode [ 46.854698][ T416] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.862066][ T416] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.871611][ T416] device bridge_slave_1 entered promiscuous mode [ 46.878663][ T425] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.886607][ T425] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.894553][ T425] device bridge_slave_0 entered promiscuous mode [ 46.911546][ T424] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.918553][ T424] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.926510][ T424] device bridge_slave_1 entered promiscuous mode [ 46.963709][ T425] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.970918][ T425] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.978965][ T425] device bridge_slave_1 entered promiscuous mode [ 47.013408][ T422] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.021020][ T422] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.029542][ T422] device bridge_slave_0 entered promiscuous mode [ 47.057616][ T422] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.064940][ T422] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.073033][ T422] device bridge_slave_1 entered promiscuous mode [ 47.193611][ T23] audit: type=1400 audit(1714092878.240:146): avc: denied { create } for pid=418 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 47.218601][ T23] audit: type=1400 audit(1714092878.240:147): avc: denied { write } for pid=418 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 47.240120][ T23] audit: type=1400 audit(1714092878.240:148): avc: denied { read } for pid=418 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 47.279693][ T425] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.286723][ T425] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.294029][ T425] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.301034][ T425] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.311393][ T422] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.318790][ T422] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.326055][ T422] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.332966][ T422] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.341818][ T424] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.348756][ T424] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.355873][ T424] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.362633][ T424] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.376377][ T418] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.383821][ T418] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.391105][ T418] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.398496][ T418] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.415040][ T415] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.422203][ T415] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.429367][ T415] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.436149][ T415] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.490569][ T416] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.497525][ T416] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.504685][ T416] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.511594][ T416] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.543416][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.551453][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.559099][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.566196][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.573327][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.582263][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.589546][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.597166][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.604477][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.611549][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.618800][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.626203][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.634170][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.660533][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 47.668618][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.675930][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 47.683456][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.691528][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 47.699962][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.708292][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.715324][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.722628][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 47.730658][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.738075][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 47.746460][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.754830][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.761832][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.774175][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 47.781793][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.789543][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 47.797975][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.806650][ T367] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.813605][ T367] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.820931][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 47.829583][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.838024][ T367] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.845049][ T367] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.852425][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 47.860773][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.868821][ T367] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.875775][ T367] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.906092][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 47.914718][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.923150][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.930534][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.938569][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 47.947271][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.955655][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.962698][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.969991][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 47.978790][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.987115][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.994230][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.001545][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.009938][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.018095][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.025024][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.064698][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 48.072882][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.085477][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 48.093789][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.101901][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.110173][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.118741][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.127011][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.133861][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.141046][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 48.149308][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.157348][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 48.165258][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.173359][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 48.181850][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.190125][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 48.198385][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.214121][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.222012][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.263708][ T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 48.272147][ T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 48.280959][ T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 48.289143][ T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 48.297520][ T365] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.306736][ T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 48.314656][ T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.346755][ T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 48.355579][ T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 48.363850][ T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 48.371897][ T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 48.380540][ T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.389609][ T366] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.398102][ T366] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.405083][ T366] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.412414][ T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.420705][ T366] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.428901][ T366] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.435845][ T366] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.442962][ T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 48.451484][ T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 48.485299][ T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 48.494234][ T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 48.502160][ T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 48.511723][ T366] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.520693][ T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 48.554781][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 48.563448][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 48.572010][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 48.580799][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 48.589173][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.597435][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 48.625204][ T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 48.633296][ T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 48.641787][ T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 48.664646][ T23] audit: type=1400 audit(1714092879.730:149): avc: denied { mounton } for pid=422 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=9977 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 48.694938][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 48.703956][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 48.713006][ T23] audit: type=1400 audit(1714092879.770:150): avc: denied { sys_admin } for pid=448 comm="syz-executor.0" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 48.714887][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 48.742358][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 48.750842][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 48.759271][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 48.767794][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 48.776469][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 48.793979][ T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 48.802274][ T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 48.810988][ T366] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 48.820015][ T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 48.848019][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 48.857939][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 48.866464][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 48.874965][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 48.883294][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 48.892359][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 48.901002][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 48.909565][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 48.918012][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 48.926677][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2024/04/26 00:54:42 executed programs: 143 2024/04/26 00:54:47 executed programs: 480 2024/04/26 00:54:52 executed programs: 785 2024/04/26 00:54:57 executed programs: 1167 [ 66.856119][ T24] cfg80211: failed to load regulatory.db [ 69.343656][ T5803] ================================================================== [ 69.351925][ T5803] BUG: KASAN: use-after-free in detach_if_pending+0x188/0x360 [ 69.359461][ T5803] Write of size 8 at addr ffff8881e0c3f1c8 by task syz-executor.4/5803 [ 69.368176][ T5803] [ 69.370529][ T5803] CPU: 0 PID: 5803 Comm: syz-executor.4 Not tainted 5.4.268-syzkaller-04873-g2d5d8240a7cb #0 [ 69.381640][ T5803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 69.392196][ T5803] Call Trace: [ 69.395745][ T5803] dump_stack+0x1d8/0x241 [ 69.400450][ T5803] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 69.407755][ T5803] ? printk+0xd1/0x111 [ 69.412417][ T5803] ? detach_if_pending+0x188/0x360 [ 69.418070][ T5803] ? wake_up_klogd+0xb2/0xf0 [ 69.422926][ T5803] ? detach_if_pending+0x188/0x360 [ 69.428956][ T5803] print_address_description+0x8c/0x600 [ 69.434789][ T5803] ? panic+0x896/0x896 [ 69.438893][ T5803] ? detach_if_pending+0x188/0x360 [ 69.444496][ T5803] __kasan_report+0xf3/0x120 [ 69.449372][ T5803] ? detach_if_pending+0x188/0x360 [ 69.454665][ T5803] kasan_report+0x30/0x60 [ 69.459244][ T5803] detach_if_pending+0x188/0x360 [ 69.464093][ T5803] del_timer_sync+0x13c/0x230 [ 69.468638][ T5803] ? find_next_bit+0x7b/0x100 [ 69.473274][ T5803] ? try_to_del_timer_sync+0x150/0x150 [ 69.478883][ T5803] ? pcpu_chunk_relocate+0xdc/0x3a0 [ 69.484380][ T5803] tun_flow_uninit+0x2c/0x280 [ 69.489329][ T5803] ? free_percpu+0x359/0x910 [ 69.494123][ T5803] tun_free_netdev+0x77/0x190 [ 69.498845][ T5803] ? tun_xdp+0x3f0/0x3f0 [ 69.503418][ T5803] netdev_run_todo+0xb7f/0xdf0 [ 69.508196][ T5803] ? netdev_refcnt_read+0x1c0/0x1c0 [ 69.513301][ T5803] ? kfree+0x123/0x370 [ 69.517352][ T5803] ? tun_chr_close+0x8f/0x130 [ 69.521937][ T5803] tun_chr_close+0xc1/0x130 [ 69.526444][ T5803] ? tun_chr_open+0x500/0x500 [ 69.531408][ T5803] __fput+0x262/0x680 [ 69.535429][ T5803] task_work_run+0x140/0x170 [ 69.539851][ T5803] do_exit+0xcaf/0x2bc0 [ 69.544363][ T5803] ? netif_carrier_on+0xed/0x2b0 [ 69.549603][ T5803] ? put_task_struct+0x80/0x80 [ 69.554193][ T5803] ? __tun_chr_ioctl+0xad4/0x1d00 [ 69.559495][ T5803] ? _raw_spin_lock_irqsave+0x210/0x210 [ 69.567315][ T5803] do_group_exit+0x138/0x300 [ 69.571865][ T5803] get_signal+0xdb1/0x1440 [ 69.576868][ T5803] do_signal+0xb0/0x11f0 [ 69.581076][ T5803] ? ioctl_preallocate+0x250/0x250 [ 69.587128][ T5803] ? signal_fault+0x1e0/0x1e0 [ 69.593646][ T5803] ? __fget+0x407/0x490 [ 69.601129][ T5803] ? switch_fpu_return+0x1d4/0x410 [ 69.609501][ T5803] ? fput_many+0x15e/0x1b0 [ 69.615797][ T5803] exit_to_usermode_loop+0xc0/0x1a0 [ 69.622408][ T5803] prepare_exit_to_usermode+0x199/0x200 [ 69.630854][ T5803] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 69.638734][ T5803] [ 69.641767][ T5803] The buggy address belongs to the page: [ 69.649722][ T5803] page:ffffea0007830fc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 69.660721][ T5803] flags: 0x8000000000000000() [ 69.666066][ T5803] raw: 8000000000000000 0000000000000000 dead000000000122 0000000000000000 [ 69.674851][ T5803] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 69.684395][ T5803] page dumped because: kasan: bad access detected [ 69.691031][ T5803] page_owner tracks the page as freed [ 69.696456][ T5803] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x146dc0(GFP_USER|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_COMP|__GFP_ZERO) [ 69.711028][ T5803] prep_new_page+0x18f/0x370 [ 69.715762][ T5803] get_page_from_freelist+0x2d13/0x2d90 [ 69.721305][ T5803] __alloc_pages_nodemask+0x393/0x840 [ 69.727045][ T5803] kmalloc_order_trace+0x2a/0x100 [ 69.732097][ T5803] kvmalloc_node+0x7e/0xf0 [ 69.736508][ T5803] alloc_netdev_mqs+0x85/0xc70 [ 69.741101][ T5803] tun_set_iff+0x51f/0xdc0 [ 69.745480][ T5803] __tun_chr_ioctl+0x8a9/0x1d00 [ 69.750542][ T5803] do_vfs_ioctl+0x742/0x1720 [ 69.755092][ T5803] __x64_sys_ioctl+0xd4/0x110 [ 69.759559][ T5803] do_syscall_64+0xca/0x1c0 [ 69.764368][ T5803] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 69.770084][ T5803] page last free stack trace: [ 69.774691][ T5803] __free_pages_ok+0x847/0x950 [ 69.779384][ T5803] __free_pages+0x91/0x140 [ 69.783799][ T5803] device_release+0x6b/0x190 [ 69.788583][ T5803] kobject_put+0x1e6/0x2f0 [ 69.793030][ T5803] netdev_run_todo+0xc44/0xdf0 [ 69.797692][ T5803] tun_chr_close+0xc1/0x130 [ 69.802917][ T5803] __fput+0x262/0x680 [ 69.806713][ T5803] task_work_run+0x140/0x170 [ 69.811137][ T5803] exit_to_usermode_loop+0x190/0x1a0 [ 69.816556][ T5803] prepare_exit_to_usermode+0x199/0x200 [ 69.822122][ T5803] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 69.827952][ T5803] [ 69.830944][ T5803] Memory state around the buggy address: [ 69.837137][ T5803] ffff8881e0c3f080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 69.845807][ T5803] ffff8881e0c3f100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 69.855121][ T5803] >ffff8881e0c3f180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 69.863847][ T5803] ^ [ 69.870282][ T5803] ffff8881e0c3f200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 69.878434][ T5803] ffff8881e0c3f280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 69.886324][ T5803] ================================================================== [ 69.894820][ T5803] Disabling lock debugging due to kernel taint 2024/04/26 00:55:02 executed programs: 1510 [ 72.453527][ C1] kasan: CONFIG_KASAN_INLINE enabled [ 72.458730][ C1] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 72.467019][ C1] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 72.474447][ C1] CPU: 1 PID: 162 Comm: udevd Tainted: G B 5.4.268-syzkaller-04873-g2d5d8240a7cb #0 [ 72.485213][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 72.496113][ C1] RIP: 0010:__run_timers+0x7b0/0xbe0 [ 72.501604][ C1] Code: 89 e7 e8 53 3c 3f 00 4d 89 2c 24 4d 85 ed 74 2e e8 45 68 0f 00 49 83 c5 08 4c 89 e8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 ef e8 22 3c 3f 00 4d 89 65 00 eb 05 e8 17 [ 72.521966][ C1] RSP: 0018:ffff8881f6f09d60 EFLAGS: 00010802 [ 72.527919][ C1] RAX: 1bd5a00000000025 RBX: 1ffff1103c187e39 RCX: dffffc0000000000 [ 72.536007][ C1] RDX: 0000000000000101 RSI: 0000000000000008 RDI: ffff8881e0c3f1c8 [ 72.543974][ C1] RBP: ffff8881f6f09ec8 R08: dffffc0000000000 R09: 0000000000000003 [ 72.552462][ C1] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff8881f6f09e28 [ 72.560753][ C1] R13: dead00000000012a R14: 1ffff1103c187e38 R15: ffff8881e0c3f1c8 [ 72.569073][ C1] FS: 00007fad23c97c80(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 72.577913][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 72.584702][ C1] CR2: 00007f87821013a5 CR3: 00000001ed29a000 CR4: 00000000003406a0 [ 72.592696][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 72.600966][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 72.609488][ C1] Call Trace: [ 72.612612][ C1] [ 72.615409][ C1] ? __die+0xb4/0x100 [ 72.619331][ C1] ? die+0x26/0x50 [ 72.622894][ C1] ? do_general_protection+0x266/0x3c0 [ 72.628289][ C1] ? do_trap+0x340/0x340 [ 72.632535][ C1] ? check_preemption_disabled+0x9f/0x320 [ 72.638333][ C1] ? round_jiffies+0x99/0xb0 [ 72.642975][ C1] ? general_protection+0x28/0x30 [ 72.647831][ C1] ? __run_timers+0x7b0/0xbe0 [ 72.652898][ C1] ? enqueue_timer+0x300/0x300 [ 72.657915][ C1] ? check_preemption_disabled+0x9f/0x320 [ 72.663638][ C1] ? debug_smp_processor_id+0x20/0x20 [ 72.668962][ C1] ? lapic_next_event+0x5b/0x70 [ 72.673916][ C1] run_timer_softirq+0x63/0xf0 [ 72.678772][ C1] __do_softirq+0x23b/0x6b7 [ 72.683317][ C1] irq_exit+0x195/0x1c0 [ 72.687309][ C1] smp_apic_timer_interrupt+0x11a/0x460 [ 72.692957][ C1] apic_timer_interrupt+0xf/0x20 [ 72.697828][ C1] [ 72.700672][ C1] ? preempt_count_sub+0x62/0x160 [ 72.705623][ C1] ? unwind_next_frame+0x176a/0x1ea0 [ 72.710920][ C1] ? do_sys_open+0x39c/0x810 [ 72.715444][ C1] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 72.721446][ C1] ? unwind_next_frame+0x181e/0x1ea0 [ 72.726767][ C1] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 72.733077][ C1] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 72.739034][ C1] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 72.745513][ C1] ? do_syscall_64+0xca/0x1c0 [ 72.750546][ C1] ? __unwind_start+0x708/0x890 [ 72.755484][ C1] ? deref_stack_reg+0x1f0/0x1f0 [ 72.760242][ C1] ? stack_trace_save+0x1c0/0x1c0 [ 72.765187][ C1] ? stack_trace_save+0x1c0/0x1c0 [ 72.770233][ C1] ? do_sys_open+0x39c/0x810 [ 72.774646][ C1] ? stack_trace_save+0x1c0/0x1c0 [ 72.780024][ C1] ? arch_stack_walk+0x111/0x140 [ 72.785404][ C1] ? do_syscall_64+0xca/0x1c0 [ 72.790009][ C1] ? stack_trace_save+0x118/0x1c0 [ 72.794885][ C1] ? stack_trace_snprint+0x170/0x170 [ 72.800125][ C1] ? __kasan_kmalloc+0x171/0x210 [ 72.804861][ C1] ? path_openat+0x2992/0x3480 [ 72.809549][ C1] ? __kasan_kmalloc+0x171/0x210 [ 72.814549][ C1] ? kernfs_fop_open+0x849/0xac0 [ 72.820031][ C1] ? do_dentry_open+0x964/0x1130 [ 72.824964][ C1] ? path_openat+0x2992/0x3480 [ 72.830272][ C1] ? do_filp_open+0x20b/0x450 [ 72.834786][ C1] ? do_sys_open+0x39c/0x810 [ 72.839607][ C1] ? kmem_cache_alloc_trace+0xdc/0x260 [ 72.845319][ C1] ? kernfs_fop_open+0x849/0xac0 [ 72.850094][ C1] ? kernfs_fop_open+0x849/0xac0 [ 72.855062][ C1] ? kernfs_fop_mmap+0x3a0/0x3a0 [ 72.859831][ C1] ? do_dentry_open+0x964/0x1130 [ 72.864853][ C1] ? finish_open+0xd0/0xd0 [ 72.869731][ C1] ? memcpy+0x38/0x50 [ 72.873536][ C1] ? path_openat+0x2992/0x3480 [ 72.878466][ C1] ? do_filp_open+0x450/0x450 [ 72.883245][ C1] ? do_sys_open+0x357/0x810 [ 72.887605][ C1] ? do_syscall_64+0xca/0x1c0 [ 72.892213][ C1] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 72.898126][ C1] ? do_filp_open+0x20b/0x450 [ 72.902998][ C1] ? vfs_tmpfile+0x280/0x280 [ 72.907618][ C1] ? _raw_spin_unlock+0x49/0x60 [ 72.913194][ C1] ? __alloc_fd+0x4c1/0x560 [ 72.917747][ C1] ? do_sys_open+0x39c/0x810 [ 72.922312][ C1] ? check_preemption_disabled+0x153/0x320 [ 72.928036][ C1] ? file_open_root+0x490/0x490 [ 72.932919][ C1] ? task_work_run+0x158/0x170 [ 72.937736][ C1] ? do_syscall_64+0xca/0x1c0 [ 72.942349][ C1] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 72.948428][ C1] Modules linked in: [ 72.952193][ C1] ---[ end trace c0e7fd3672fdb987 ]--- [ 72.957854][ C1] RIP: 0010:__run_timers+0x7b0/0xbe0 [ 72.963039][ C1] Code: 89 e7 e8 53 3c 3f 00 4d 89 2c 24 4d 85 ed 74 2e e8 45 68 0f 00 49 83 c5 08 4c 89 e8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 ef e8 22 3c 3f 00 4d 89 65 00 eb 05 e8 17 [ 72.983856][ C1] RSP: 0018:ffff8881f6f09d60 EFLAGS: 00010802 [ 72.990262][ C1] RAX: 1bd5a00000000025 RBX: 1ffff1103c187e39 RCX: dffffc0000000000 [ 72.998394][ C1] RDX: 0000000000000101 RSI: 0000000000000008 RDI: ffff8881e0c3f1c8 [ 73.006299][ C1] RBP: ffff8881f6f09ec8 R08: dffffc0000000000 R09: 0000000000000003 [ 73.014129][ C1] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff8881f6f09e28 [ 73.022240][ C1] R13: dead00000000012a R14: 1ffff1103c187e38 R15: ffff8881e0c3f1c8 [ 73.030776][ C1] FS: 00007fad23c97c80(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 73.039796][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 73.046510][ C1] CR2: 00007f87821013a5 CR3: 00000001ed29a000 CR4: 00000000003406a0 [ 73.054409][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 73.062391][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 73.070299][ C1] Kernel panic - not syncing: Fatal exception in interrupt [ 74.257500][ C1] Shutting down cpus with NMI [ 74.262602][ C1] Kernel Offset: disabled [ 74.267619][ C1] Rebooting in 86400 seconds..