[ 29.220580][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 29.232719][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 29.245931][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 29.258273][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 29.268540][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 29.359126][ T364] syz-executor.0 (364) used greatest stack depth: 19896 bytes left
[ 29.919910][ T7] device bridge_slave_1 left promiscuous mode
[ 29.925894][ T7] bridge0: port 2(bridge_slave_1) entered disabled state
[ 29.933259][ T7] device bridge_slave_0 left promiscuous mode
[ 29.939307][ T7] bridge0: port 1(bridge_slave_0) entered disabled state
Warning: Permanently added '10.128.1.102' (ED25519) to the list of known hosts.
2024/11/22 08:50:17 parsed 1 programs
2024/11/22 08:50:17 executed programs: 0
[ 36.351002][ T23] kauditd_printk_skb: 11 callbacks suppressed
[ 36.351010][ T23] audit: type=1400 audit(1732265417.869:87): avc: denied { mounton } for pid=403 comm="syz-executor.2" path="/syzcgroup/unified" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[ 36.360874][ T405] cgroup1: Unknown subsys name 'perf_event'
[ 36.380966][ T406] cgroup1: Unknown subsys name 'perf_event'
[ 36.386704][ T403] cgroup1: Unknown subsys name 'perf_event'
[ 36.392628][ T407] cgroup1: Unknown subsys name 'perf_event'
[ 36.398412][ T409] cgroup1: Unknown subsys name 'perf_event'
[ 36.405520][ T406] cgroup1: Unknown subsys name 'net_cls'
[ 36.409415][ T403] cgroup1: Unknown subsys name 'net_cls'
[ 36.415659][ T407] cgroup1: Unknown subsys name 'net_cls'
[ 36.420030][ T409] cgroup1: Unknown subsys name 'net_cls'
[ 36.431892][ T410] cgroup1: Unknown subsys name 'perf_event'
[ 36.438031][ T410] cgroup1: Unknown subsys name 'net_cls'
[ 36.440138][ T23] audit: type=1400 audit(1732265417.869:88): avc: denied { mounton } for pid=405 comm="syz-executor.3" path="/syzcgroup/cpu" dev="sda1" ino=1931 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 36.445307][ T405] cgroup1: Unknown subsys name 'net_cls'
[ 36.630655][ T407] bridge0: port 1(bridge_slave_0) entered blocking state
[ 36.637496][ T407] bridge0: port 1(bridge_slave_0) entered disabled state
[ 36.644937][ T407] device bridge_slave_0 entered promiscuous mode
[ 36.679941][ T407] bridge0: port 2(bridge_slave_1) entered blocking state
[ 36.686778][ T407] bridge0: port 2(bridge_slave_1) entered disabled state
[ 36.694387][ T407] device bridge_slave_1 entered promiscuous mode
[ 36.717102][ T406] bridge0: port 1(bridge_slave_0) entered blocking state
[ 36.724167][ T406] bridge0: port 1(bridge_slave_0) entered disabled state
[ 36.731441][ T406] device bridge_slave_0 entered promiscuous mode
[ 36.747346][ T406] bridge0: port 2(bridge_slave_1) entered blocking state
[ 36.754230][ T406] bridge0: port 2(bridge_slave_1) entered disabled state
[ 36.761473][ T406] device bridge_slave_1 entered promiscuous mode
[ 36.821801][ T403] bridge0: port 1(bridge_slave_0) entered blocking state
[ 36.829099][ T403] bridge0: port 1(bridge_slave_0) entered disabled state
[ 36.836402][ T403] device bridge_slave_0 entered promiscuous mode
[ 36.843114][ T405] bridge0: port 1(bridge_slave_0) entered blocking state
[ 36.850222][ T405] bridge0: port 1(bridge_slave_0) entered disabled state
[ 36.857571][ T405] device bridge_slave_0 entered promiscuous mode
[ 36.864278][ T410] bridge0: port 1(bridge_slave_0) entered blocking state
[ 36.871230][ T410] bridge0: port 1(bridge_slave_0) entered disabled state
[ 36.878463][ T410] device bridge_slave_0 entered promiscuous mode
[ 36.892442][ T403] bridge0: port 2(bridge_slave_1) entered blocking state
[ 36.899344][ T403] bridge0: port 2(bridge_slave_1) entered disabled state
[ 36.906496][ T403] device bridge_slave_1 entered promiscuous mode
[ 36.913103][ T405] bridge0: port 2(bridge_slave_1) entered blocking state
[ 36.919969][ T405] bridge0: port 2(bridge_slave_1) entered disabled state
[ 36.927277][ T405] device bridge_slave_1 entered promiscuous mode
[ 36.937332][ T410] bridge0: port 2(bridge_slave_1) entered blocking state
[ 36.944257][ T410] bridge0: port 2(bridge_slave_1) entered disabled state
[ 36.951502][ T410] device bridge_slave_1 entered promiscuous mode
[ 36.998932][ T409] bridge0: port 1(bridge_slave_0) entered blocking state
[ 37.005771][ T409] bridge0: port 1(bridge_slave_0) entered disabled state
[ 37.013329][ T409] device bridge_slave_0 entered promiscuous mode
[ 37.024055][ T409] bridge0: port 2(bridge_slave_1) entered blocking state
[ 37.031024][ T409] bridge0: port 2(bridge_slave_1) entered disabled state
[ 37.038314][ T409] device bridge_slave_1 entered promiscuous mode
[ 37.210221][ T403] bridge0: port 2(bridge_slave_1) entered blocking state
[ 37.217149][ T403] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 37.224313][ T403] bridge0: port 1(bridge_slave_0) entered blocking state
[ 37.231055][ T403] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 37.249350][ T407] bridge0: port 2(bridge_slave_1) entered blocking state
[ 37.256207][ T407] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 37.263331][ T407] bridge0: port 1(bridge_slave_0) entered blocking state
[ 37.270099][ T407] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 37.293205][ T410] bridge0: port 2(bridge_slave_1) entered blocking state
[ 37.300067][ T410] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 37.307282][ T410] bridge0: port 1(bridge_slave_0) entered blocking state
[ 37.314093][ T410] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 37.353378][ T406] bridge0: port 2(bridge_slave_1) entered blocking state
[ 37.360232][ T406] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 37.367319][ T406] bridge0: port 1(bridge_slave_0) entered blocking state
[ 37.374139][ T406] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 37.404362][ T7] bridge0: port 1(bridge_slave_0) entered disabled state
[ 37.411997][ T7] bridge0: port 2(bridge_slave_1) entered disabled state
[ 37.419563][ T7] bridge0: port 1(bridge_slave_0) entered disabled state
[ 37.426499][ T7] bridge0: port 2(bridge_slave_1) entered disabled state
[ 37.433622][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 37.440943][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 37.449145][ T7] bridge0: port 2(bridge_slave_1) entered disabled state
[ 37.456091][ T7] bridge0: port 1(bridge_slave_0) entered disabled state
[ 37.463215][ T7] bridge0: port 2(bridge_slave_1) entered disabled state
[ 37.489148][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 37.496970][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 37.505179][ T7] bridge0: port 1(bridge_slave_0) entered blocking state
[ 37.512157][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 37.520451][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 37.528457][ T7] bridge0: port 2(bridge_slave_1) entered blocking state
[ 37.535330][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 37.544143][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 37.552208][ T7] bridge0: port 2(bridge_slave_1) entered blocking state
[ 37.559038][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 37.591333][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 37.600844][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 37.609051][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 37.616386][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 37.639332][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 37.647669][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 37.656023][ T7] bridge0: port 1(bridge_slave_0) entered blocking state
[ 37.662875][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 37.670172][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 37.678325][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 37.686798][ T7] bridge0: port 2(bridge_slave_1) entered blocking state
[ 37.693653][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 37.710464][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 37.718402][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 37.731308][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 37.738995][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 37.762034][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 37.770193][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 37.778018][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 37.785870][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 37.794749][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 37.803156][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 37.837228][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 37.844805][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 37.852334][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 37.861455][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 37.870540][ T7] bridge0: port 1(bridge_slave_0) entered blocking state
[ 37.877367][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 37.884658][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 37.892814][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 37.900837][ T7] bridge0: port 2(bridge_slave_1) entered blocking state
[ 37.907737][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 37.914984][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 37.923425][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 37.931653][ T7] bridge0: port 1(bridge_slave_0) entered blocking state
[ 37.938485][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 37.945809][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 37.954195][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 37.962254][ T7] bridge0: port 2(bridge_slave_1) entered blocking state
[ 37.969083][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 37.976412][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 37.984809][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 37.992674][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 38.000787][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 38.008511][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 38.016880][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 38.042720][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 38.050843][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 38.059676][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 38.067756][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 38.076419][ T7] bridge0: port 1(bridge_slave_0) entered blocking state
[ 38.083261][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 38.090933][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 38.099064][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 38.107198][ T7] bridge0: port 2(bridge_slave_1) entered blocking state
[ 38.114120][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 38.121452][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 38.129835][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 38.137930][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 38.161515][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 38.169911][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 38.177653][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 38.186384][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 38.195200][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 38.203794][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 38.217077][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 38.237420][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 38.245705][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 38.253925][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 38.261790][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 38.285928][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 38.294202][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 38.302268][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 38.310388][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 38.336362][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 38.344584][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 38.352706][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 38.361168][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 38.369272][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 38.377567][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 38.385963][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 38.394515][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 38.402804][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 38.411201][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 38.419519][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 38.448086][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 38.460273][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 38.468368][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 38.498168][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 38.506263][ T23] audit: type=1400 audit(1732265420.019:89): avc: denied { map_create } for pid=433 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 38.509155][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 38.544271][ T23] audit: type=1400 audit(1732265420.059:90): avc: denied { map_read map_write } for pid=433 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 38.558690][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 38.573789][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 38.582016][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 38.590182][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 38.617651][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 38.626493][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 38.635000][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 38.643355][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 38.651844][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 38.659950][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 38.684557][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 38.695178][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 38.704473][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 38.712940][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2024/11/22 08:50:22 executed programs: 97
2024/11/22 08:50:27 executed programs: 262
[ 50.812087][ T1670] ==================================================================
[ 50.820173][ T1670] BUG: KASAN: use-after-free in enqueue_timer+0xb7/0x300
[ 50.827196][ T1670] Write of size 8 at addr ffff8881e20931c8 by task syz-executor.4/1670
[ 50.835346][ T1670]
[ 50.837530][ T1670] CPU: 0 PID: 1670 Comm: syz-executor.4 Not tainted 5.4.284-syzkaller-04999-gd4ce9fcac38b #0
[ 50.847501][ T1670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 50.857404][ T1670] Call Trace:
[ 50.860531][ T1670] dump_stack+0x1d8/0x241
[ 50.864695][ T1670] ? nf_ct_l4proto_log_invalid+0x258/0x258
[ 50.870331][ T1670] ? printk+0xd1/0x111
[ 50.874235][ T1670] ? enqueue_timer+0xb7/0x300
[ 50.878750][ T1670] ? wake_up_klogd+0xb2/0xf0
[ 50.883176][ T1670] ? enqueue_timer+0xb7/0x300
[ 50.887872][ T1670] print_address_description+0x8c/0x600
[ 50.893242][ T1670] ? panic+0x89d/0x89d
[ 50.897153][ T1670] ? enqueue_timer+0xb7/0x300
[ 50.901664][ T1670] __kasan_report+0xf3/0x120
[ 50.906089][ T1670] ? enqueue_timer+0xb7/0x300
[ 50.910868][ T1670] kasan_report+0x30/0x60
[ 50.915117][ T1670] enqueue_timer+0xb7/0x300
[ 50.919455][ T1670] internal_add_timer+0x240/0x430
[ 50.924424][ T1670] __mod_timer+0x6f1/0x13e0
[ 50.928742][ T1670] ? mod_timer_pending+0x20/0x20
[ 50.933528][ T1670] ? selinux_tun_dev_alloc_security+0x4d/0x130
[ 50.939509][ T1670] ? selinux_tun_dev_alloc_security+0x5e/0x130
[ 50.945498][ T1670] ? init_timer_key+0x2d/0x1f0
[ 50.950093][ T1670] tun_net_init+0x287/0x540
[ 50.954436][ T1670] register_netdevice+0x1c0/0x12a0
[ 50.959387][ T1670] ? memset+0x1f/0x40
[ 50.963198][ T1670] ? netdev_update_lockdep_key+0x10/0x10
[ 50.968757][ T1670] ? alloc_netdev_mqs+0x99d/0xc70
[ 50.973614][ T1670] tun_set_iff+0x7f7/0xdc0
[ 50.977866][ T1670] __tun_chr_ioctl+0x8a9/0x1d00
[ 50.982553][ T1670] ? tun_flow_create+0x250/0x250
[ 50.987344][ T1670] ? tun_chr_poll+0x670/0x670
[ 50.991839][ T1670] do_vfs_ioctl+0x742/0x1720
[ 50.996457][ T1670] ? ioctl_preallocate+0x250/0x250
[ 51.001495][ T1670] ? __fget+0x407/0x490
[ 51.005494][ T1670] ? fget_many+0x20/0x20
[ 51.009555][ T1670] ? switch_fpu_return+0x1d4/0x410
[ 51.014502][ T1670] ? security_file_ioctl+0x7d/0xa0
[ 51.019446][ T1670] __x64_sys_ioctl+0xd4/0x110
[ 51.023963][ T1670] do_syscall_64+0xca/0x1c0
[ 51.028325][ T1670] entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 51.034138][ T1670] RIP: 0033:0x454b09
[ 51.037854][ T1670] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b4 ff ff ff f7 d8 64 89 01 48
[ 51.057300][ T1670] RSP: 002b:00007f0d656d60f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 51.065626][ T1670] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 0000000000454b09
[ 51.073438][ T1670] RDX: 0000000020000300 RSI: 00000000400454ca RDI: 0000000000000003
[ 51.081249][ T1670] RBP: 00000000000005b8 R08: 0000000000000000 R09: 0000000000000000
[ 51.089063][ T1670] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004e4b40
[ 51.096871][ T1670] R13: 00007f0d656d6674 R14: 000000000054bf00 R15: 00000000004fb940
[ 51.104685][ T1670]
[ 51.106848][ T1670] The buggy address belongs to the page:
[ 51.112327][ T1670] page:ffffea00078824c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0
[ 51.121456][ T1670] flags: 0x8000000000000000()
[ 51.125972][ T1670] raw: 8000000000000000 0000000000000000 ffffea0007882488 0000000000000000
[ 51.134389][ T1670] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 51.142812][ T1670] page dumped because: kasan: bad access detected
[ 51.149073][ T1670] page_owner tracks the page as freed
[ 51.154275][ T1670] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x46dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_COMP|__GFP_ZERO)
[ 51.168516][ T1670] prep_new_page+0x18f/0x370
[ 51.172924][ T1670] get_page_from_freelist+0x2d13/0x2d90
[ 51.178307][ T1670] __alloc_pages_nodemask+0x393/0x840
[ 51.183518][ T1670] kmalloc_order_trace+0x2a/0x100
[ 51.188383][ T1670] kvmalloc_node+0x7e/0xf0
[ 51.192731][ T1670] alloc_netdev_mqs+0x85/0xc70
[ 51.197326][ T1670] tun_set_iff+0x51f/0xdc0
[ 51.201581][ T1670] __tun_chr_ioctl+0x8a9/0x1d00
[ 51.206271][ T1670] do_vfs_ioctl+0x742/0x1720
[ 51.210696][ T1670] __x64_sys_ioctl+0xd4/0x110
[ 51.215212][ T1670] do_syscall_64+0xca/0x1c0
[ 51.219550][ T1670] entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 51.225311][ T1670] page last free stack trace:
[ 51.229789][ T1670] __free_pages_ok+0x847/0x950
[ 51.234390][ T1670] __free_pages+0x91/0x140
[ 51.238642][ T1670] device_release+0x6b/0x190
[ 51.243172][ T1670] kobject_put+0x1e6/0x2f0
[ 51.247450][ T1670] tun_set_iff+0x870/0xdc0
[ 51.251679][ T1670] __tun_chr_ioctl+0x8a9/0x1d00
[ 51.256365][ T1670] do_vfs_ioctl+0x742/0x1720
[ 51.260802][ T1670] __x64_sys_ioctl+0xd4/0x110
[ 51.265302][ T1670] do_syscall_64+0xca/0x1c0
[ 51.269645][ T1670] entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 51.275367][ T1670]
[ 51.277537][ T1670] Memory state around the buggy address:
[ 51.283009][ T1670] ffff8881e2093080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 51.290905][ T1670] ffff8881e2093100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 51.298804][ T1670] >ffff8881e2093180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 51.306701][ T1670] ^
2024/11/22 08:50:32 executed programs: 413
[ 51.312954][ T1670] ffff8881e2093200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 51.320849][ T1670] ffff8881e2093280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 51.328748][ T1670] ==================================================================
[ 51.336661][ T1670] Disabling lock debugging due to kernel taint
[ 54.148601][ C0] BUG: kernel NULL pointer dereference, address: 0000000000000000
[ 54.156223][ C0] #PF: supervisor instruction fetch in kernel mode
[ 54.162554][ C0] #PF: error_code(0x0010) - not-present page
[ 54.168370][ C0] PGD 1f29f7067 P4D 1f29f7067 PUD 1f29f8067 PMD 0
[ 54.174712][ C0] Oops: 0010 [#1] PREEMPT SMP KASAN
[ 54.179744][ C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 5.4.284-syzkaller-04999-gd4ce9fcac38b #0
[ 54.190411][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 54.200312][ C0] RIP: 0010:0x0
[ 54.203694][ C0] Code: Bad RIP value.
[ 54.207683][ C0] RSP: 0018:ffff8881f6e09d18 EFLAGS: 00010202
[ 54.213690][ C0] RAX: ffffffff8154d56a RBX: 0000000000000101 RCX: ffffffff85e1ad00
[ 54.221508][ C0] RDX: 0000000080000101 RSI: 0000000000000000 RDI: ffff8881e20931c0
[ 54.229489][ C0] RBP: ffff8881f6e09ec8 R08: ffffffff8154d1ae R09: 0000000000000003
[ 54.237299][ C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: 00000000ffff9f28
[ 54.245122][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8881e20931c0
[ 54.253006][ C0] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 54.261852][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 54.268201][ C0] CR2: ffffffffffffffd6 CR3: 00000001f29f6000 CR4: 00000000003406b0
[ 54.276006][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 54.283902][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 54.291735][ C0] Call Trace:
[ 54.294839][ C0]
[ 54.297539][ C0] ? __die+0xb4/0x100
[ 54.301355][ C0] ? no_context+0xac7/0xd20
[ 54.305691][ C0] ? enqueue_timer+0x165/0x300
[ 54.310295][ C0] ? is_prefetch+0x4b0/0x4b0
[ 54.314750][ C0] ? _raw_spin_unlock_irqrestore+0x57/0x80
[ 54.320364][ C0] ? __do_page_fault+0xa72/0xbb0
[ 54.325133][ C0] ? __bad_area_nosemaphore+0xc0/0x470
[ 54.330428][ C0] ? page_fault+0x2f/0x40
[ 54.334594][ C0] ? __run_timers+0x84e/0xbe0
[ 54.339122][ C0] ? call_timer_fn+0x2a/0x390
[ 54.343622][ C0] call_timer_fn+0x36/0x390
[ 54.347961][ C0] __run_timers+0x879/0xbe0
[ 54.352310][ C0] ? enqueue_timer+0x300/0x300
[ 54.356899][ C0] ? check_preemption_disabled+0x9f/0x320
[ 54.362464][ C0] ? debug_smp_processor_id+0x20/0x20
[ 54.367737][ C0] ? lapic_next_event+0x5b/0x70
[ 54.372348][ C0] run_timer_softirq+0x63/0xf0
[ 54.376950][ C0] __do_softirq+0x23b/0x6b7
[ 54.381290][ C0] ? sched_clock_cpu+0x18/0x3a0
[ 54.385980][ C0] irq_exit+0x195/0x1c0
[ 54.389965][ C0] smp_apic_timer_interrupt+0x11a/0x460
[ 54.395355][ C0] apic_timer_interrupt+0xf/0x20
[ 54.400118][ C0]
[ 54.402898][ C0] RIP: 0010:default_idle+0x1f/0x30
[ 54.407849][ C0] Code: 90 90 90 90 90 90 90 90 90 90 90 e8 7b ef df fd bf 01 00 00 00 89 c6 e8 df 25 d7 fc 0f 1f 44 00 00 0f 00 2d b3 35 53 00 fb f4 5c ef df fd bf ff ff ff ff 89 c6 e9 c0 25 d7 fc 41 57 41 56 53
[ 54.427288][ C0] RSP: 0018:ffffffff85e07d18 EFLAGS: 000002d2 ORIG_RAX: ffffffffffffff13
[ 54.435717][ C0] RAX: 0000000000000000 RBX: dffffc0000000000 RCX: ffffffff85e1ad00
[ 54.443515][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[ 54.451326][ C0] RBP: ffffffff85e07e20 R08: ffffffff823179a1 R09: fffffbfff0bc35a1
[ 54.459140][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: ffffffff864b84a8
[ 54.467035][ C0] R13: ffffffff85e1ad00 R14: 1ffffffff0bc35a0 R15: 0000000000000000
[ 54.474868][ C0] ? check_preemption_disabled+0x91/0x320
[ 54.480409][ C0] ? default_idle+0x11/0x30
[ 54.484771][ C0] do_idle+0x248/0x660
[ 54.488672][ C0] ? check_preemption_disabled+0x9f/0x320
[ 54.494291][ C0] ? idle_inject_timer_fn+0x60/0x60
[ 54.499328][ C0] cpu_startup_entry+0x14/0x20
[ 54.503929][ C0] ? time_init+0x33/0x33
[ 54.508029][ C0] start_kernel+0x6d9/0x81d
[ 54.512442][ C0] ? arch_call_rest_init+0xa/0xa
[ 54.517212][ C0] ? kasan_early_init+0x22d/0x27d
[ 54.522063][ C0] ? check_loader_disabled_bsp+0x95/0x16c
[ 54.527617][ C0] ? load_ucode_bsp+0xde/0x105
[ 54.532304][ C0] secondary_startup_64+0xa4/0xb0
[ 54.537180][ C0] Modules linked in:
[ 54.540909][ C0] CR2: 0000000000000000
[ 54.544907][ C0] ---[ end trace b03c2b5169e2c9fb ]---
[ 54.550190][ C0] RIP: 0010:0x0
[ 54.553489][ C0] Code: Bad RIP value.
[ 54.557385][ C0] RSP: 0018:ffff8881f6e09d18 EFLAGS: 00010202
[ 54.563288][ C0] RAX: ffffffff8154d56a RBX: 0000000000000101 RCX: ffffffff85e1ad00
[ 54.571099][ C0] RDX: 0000000080000101 RSI: 0000000000000000 RDI: ffff8881e20931c0
[ 54.579093][ C0] RBP: ffff8881f6e09ec8 R08: ffffffff8154d1ae R09: 0000000000000003
[ 54.586892][ C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: 00000000ffff9f28
[ 54.594704][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8881e20931c0
[ 54.602516][ C0] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 54.611283][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 54.617820][ C0] CR2: ffffffffffffffd6 CR3: 00000001f29f6000 CR4: 00000000003406b0
[ 54.625638][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 54.633546][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 54.641338][ C0] Kernel panic - not syncing: Fatal exception in interrupt
[ 54.648557][ C0] Kernel Offset: disabled
[ 54.652672][ C0] Rebooting in 86400 seconds..