Warning: Permanently added '10.128.0.235' (ED25519) to the list of known hosts. 2024/02/15 23:02:43 ignoring optional flag "sandboxArg"="0" 2024/02/15 23:02:44 parsed 1 programs 2024/02/15 23:02:44 executed programs: 0 [ 43.074904][ T23] kauditd_printk_skb: 68 callbacks suppressed [ 43.074914][ T23] audit: type=1400 audit(1708038164.080:144): avc: denied { mounton } for pid=404 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 43.105989][ T23] audit: type=1400 audit(1708038164.100:145): avc: denied { mount } for pid=404 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 43.362985][ T414] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.369993][ T414] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.377632][ T414] device bridge_slave_0 entered promiscuous mode [ 43.420144][ T414] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.427187][ T414] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.435031][ T414] device bridge_slave_1 entered promiscuous mode [ 43.448038][ T423] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.455137][ T423] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.462686][ T423] device bridge_slave_0 entered promiscuous mode [ 43.474481][ T423] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.481336][ T423] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.489126][ T423] device bridge_slave_1 entered promiscuous mode [ 43.516122][ T409] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.522980][ T409] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.530917][ T409] device bridge_slave_0 entered promiscuous mode [ 43.543175][ T409] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.550428][ T409] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.557957][ T409] device bridge_slave_1 entered promiscuous mode [ 43.611564][ T421] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.620049][ T421] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.628653][ T421] device bridge_slave_0 entered promiscuous mode [ 43.639532][ T421] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.646659][ T421] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.654611][ T421] device bridge_slave_1 entered promiscuous mode [ 43.668558][ T422] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.677781][ T422] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.685632][ T422] device bridge_slave_0 entered promiscuous mode [ 43.693320][ T422] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.701021][ T422] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.709019][ T422] device bridge_slave_1 entered promiscuous mode [ 43.750141][ T420] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.757188][ T420] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.765139][ T420] device bridge_slave_0 entered promiscuous mode [ 43.796534][ T420] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.803497][ T420] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.811848][ T420] device bridge_slave_1 entered promiscuous mode [ 43.915123][ T23] audit: type=1400 audit(1708038164.920:146): avc: denied { create } for pid=414 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 43.938013][ T23] audit: type=1400 audit(1708038164.920:147): avc: denied { write } for pid=422 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 43.959829][ T23] audit: type=1400 audit(1708038164.920:148): avc: denied { read } for pid=422 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 43.971152][ T414] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.987482][ T414] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.994785][ T414] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.001998][ T414] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.031229][ T422] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.038111][ T422] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.046274][ T422] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.053101][ T422] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.087873][ T423] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.094867][ T423] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.102029][ T423] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.108913][ T423] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.133145][ T421] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.140115][ T421] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.147470][ T421] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.154348][ T421] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.213985][ T420] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.220869][ T420] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.228144][ T420] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.235194][ T420] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.246946][ T409] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.253881][ T409] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.261439][ T409] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.268648][ T409] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.292956][ T364] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.301271][ T364] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.309051][ T364] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.316484][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.324221][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.332485][ T364] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.339653][ T364] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.346960][ T364] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.354073][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.362344][ T364] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.369544][ T364] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.377774][ T364] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.385234][ T364] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.392172][ T364] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.418779][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 44.427484][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.436921][ T364] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.444229][ T364] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.451568][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 44.459698][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.467379][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 44.475719][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.484493][ T364] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.491362][ T364] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.498980][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 44.507689][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.515822][ T364] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.523113][ T364] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.544699][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 44.553110][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.561882][ T364] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.568763][ T364] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.576265][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.585713][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.600590][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 44.608427][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.616327][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 44.625628][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.633766][ T362] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.640834][ T362] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.695805][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 44.704039][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 44.712927][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 44.721758][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 44.730463][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.738391][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 44.746766][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.785460][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 44.794250][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 44.802993][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 44.813097][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 44.821673][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 44.829401][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.836887][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 44.845674][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.853997][ T364] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.861044][ T364] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.868645][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 44.877841][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.886048][ T364] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.893006][ T364] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.901512][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 44.910526][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.918993][ T364] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.926026][ T364] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.933342][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.941355][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.949367][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 44.956983][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.993631][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 45.002942][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 45.011777][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 45.020813][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 45.029604][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 45.038171][ T362] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.045184][ T362] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.052767][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 45.060898][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 45.069512][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 45.078315][ T362] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.085510][ T362] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.092760][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 45.101094][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 45.109090][ T362] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.115961][ T362] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.123450][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 45.132212][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 45.144409][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 45.153216][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 45.161936][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 45.171127][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 45.199039][ T23] audit: type=1400 audit(1708038166.200:149): avc: denied { mounton } for pid=421 comm="syz-executor.4" path="/dev/binderfs" dev="devtmpfs" ino=809 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 45.228192][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 45.235627][ T23] audit: type=1400 audit(1708038166.230:150): avc: denied { sys_admin } for pid=445 comm="syz-executor.4" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 45.237371][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 45.265879][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 45.274103][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 45.282943][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 45.291687][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 45.314000][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 45.322547][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 45.330706][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 45.339770][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 45.354525][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 45.387390][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 45.402493][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 45.412187][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 45.434071][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 45.442692][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 45.454743][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 45.462727][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 45.471763][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 45.480022][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 45.494553][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 45.502324][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 45.510348][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 45.519447][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 45.561300][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 45.570209][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 45.599193][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 45.608615][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 45.629615][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 45.640308][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 45.654574][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 45.663159][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 45.708524][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 45.718164][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 45.727791][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 45.736350][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 45.746393][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 45.755407][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 45.769808][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 45.778714][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 45.787696][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 45.796296][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 45.847534][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 45.864893][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2024/02/15 23:02:49 executed programs: 180 2024/02/15 23:02:54 executed programs: 582 2024/02/15 23:02:59 executed programs: 941 2024/02/15 23:03:04 executed programs: 1221 [ 66.454644][ T74] cfg80211: failed to load regulatory.db 2024/02/15 23:03:09 executed programs: 1584 2024/02/15 23:03:14 executed programs: 1990 2024/02/15 23:03:19 executed programs: 2328 2024/02/15 23:03:24 executed programs: 2690 2024/02/15 23:03:29 executed programs: 2986 2024/02/15 23:03:34 executed programs: 3351 2024/02/15 23:03:39 executed programs: 3749 2024/02/15 23:03:45 executed programs: 4174 2024/02/15 23:03:50 executed programs: 4577 2024/02/15 23:03:55 executed programs: 4979 2024/02/15 23:04:00 executed programs: 5318 2024/02/15 23:04:05 executed programs: 5649 2024/02/15 23:04:10 executed programs: 5999 2024/02/15 23:04:15 executed programs: 6404 2024/02/15 23:04:20 executed programs: 6724 2024/02/15 23:04:25 executed programs: 7081 2024/02/15 23:04:30 executed programs: 7408 2024/02/15 23:04:35 executed programs: 7738 [ 155.600279][T30788] ================================================================== [ 155.608884][T30788] BUG: KASAN: use-after-free in enqueue_timer+0xb7/0x300 [ 155.615826][T30788] Write of size 8 at addr ffff8881ea4d71c8 by task syz-executor.2/30788 [ 155.624091][T30788] [ 155.626367][T30788] CPU: 0 PID: 30788 Comm: syz-executor.2 Not tainted 5.4.265-syzkaller-04843-g1b3143b9b166 #0 [ 155.636754][T30788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 155.647930][T30788] Call Trace: [ 155.651245][T30788] dump_stack+0x1d8/0x241 [ 155.655620][T30788] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 155.662293][T30788] ? printk+0xd1/0x111 [ 155.666191][T30788] ? enqueue_timer+0xb7/0x300 [ 155.670697][T30788] ? wake_up_klogd+0xb2/0xf0 [ 155.675227][T30788] ? enqueue_timer+0xb7/0x300 [ 155.679979][T30788] print_address_description+0x8c/0x600 [ 155.685636][T30788] ? panic+0x896/0x896 [ 155.689961][T30788] ? enqueue_timer+0xb7/0x300 [ 155.694477][T30788] __kasan_report+0xf3/0x120 [ 155.699015][T30788] ? enqueue_timer+0xb7/0x300 [ 155.703531][T30788] kasan_report+0x30/0x60 [ 155.707773][T30788] enqueue_timer+0xb7/0x300 [ 155.712102][T30788] internal_add_timer+0x240/0x430 [ 155.717060][T30788] __mod_timer+0x6f1/0x13e0 [ 155.721389][T30788] ? mod_timer_pending+0x20/0x20 [ 155.726177][T30788] ? selinux_tun_dev_alloc_security+0x4d/0x130 [ 155.732248][T30788] ? selinux_tun_dev_alloc_security+0x5e/0x130 [ 155.738566][T30788] ? init_timer_key+0x2d/0x1f0 [ 155.743325][T30788] tun_net_init+0x287/0x540 [ 155.747922][T30788] register_netdevice+0x1c0/0x12a0 [ 155.752925][T30788] ? netdev_update_lockdep_key+0x10/0x10 [ 155.758620][T30788] ? memset+0x1f/0x40 [ 155.762636][T30788] tun_set_iff+0x7f7/0xdc0 [ 155.767175][T30788] __tun_chr_ioctl+0x8a9/0x1d00 [ 155.772170][T30788] ? tun_flow_create+0x250/0x250 [ 155.777205][T30788] ? tun_chr_poll+0x670/0x670 [ 155.781804][T30788] do_vfs_ioctl+0x742/0x1720 [ 155.786454][T30788] ? ioctl_preallocate+0x250/0x250 [ 155.791472][T30788] ? __fget+0x407/0x490 [ 155.795454][T30788] ? fget_many+0x20/0x20 [ 155.799796][T30788] ? switch_fpu_return+0x1d4/0x410 [ 155.804836][T30788] ? security_file_ioctl+0x7d/0xa0 [ 155.809865][T30788] __x64_sys_ioctl+0xd4/0x110 [ 155.814731][T30788] do_syscall_64+0xca/0x1c0 [ 155.819158][T30788] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 155.825075][T30788] [ 155.827377][T30788] The buggy address belongs to the page: [ 155.832959][T30788] page:ffffea0007a935c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 155.842253][T30788] flags: 0x8000000000000000() [ 155.846767][T30788] raw: 8000000000000000 0000000000000000 ffffea0007a935c8 0000000000000000 [ 155.855295][T30788] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 155.863719][T30788] page dumped because: kasan: bad access detected [ 155.870053][T30788] page_owner tracks the page as freed [ 155.875252][T30788] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x146dc0(GFP_USER|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_COMP|__GFP_ZERO) [ 155.889900][T30788] prep_new_page+0x18f/0x370 [ 155.894465][T30788] get_page_from_freelist+0x2d13/0x2d90 [ 155.900276][T30788] __alloc_pages_nodemask+0x393/0x840 [ 155.905858][T30788] kmalloc_order_trace+0x2a/0x100 [ 155.910829][T30788] kvmalloc_node+0x7e/0xf0 [ 155.915175][T30788] alloc_netdev_mqs+0x85/0xc70 [ 155.919894][T30788] tun_set_iff+0x51f/0xdc0 [ 155.924298][T30788] __tun_chr_ioctl+0x8a9/0x1d00 [ 155.929198][T30788] do_vfs_ioctl+0x742/0x1720 [ 155.934077][T30788] __x64_sys_ioctl+0xd4/0x110 [ 155.938955][T30788] do_syscall_64+0xca/0x1c0 [ 155.943268][T30788] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 155.949167][T30788] page last free stack trace: [ 155.953681][T30788] __free_pages_ok+0x847/0x950 [ 155.958276][T30788] __free_pages+0x91/0x140 [ 155.962613][T30788] device_release+0x6b/0x190 [ 155.967215][T30788] kobject_put+0x1e6/0x2f0 [ 155.971473][T30788] tun_set_iff+0x870/0xdc0 [ 155.975735][T30788] __tun_chr_ioctl+0x8a9/0x1d00 [ 155.980443][T30788] do_vfs_ioctl+0x742/0x1720 [ 155.984946][T30788] __x64_sys_ioctl+0xd4/0x110 [ 155.989551][T30788] do_syscall_64+0xca/0x1c0 [ 155.993959][T30788] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 155.999772][T30788] [ 156.002025][T30788] Memory state around the buggy address: [ 156.007590][T30788] ffff8881ea4d7080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 156.015766][T30788] ffff8881ea4d7100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 156.023753][T30788] >ffff8881ea4d7180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 156.032005][T30788] ^ [ 156.038854][T30788] ffff8881ea4d7200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 156.048067][T30788] ffff8881ea4d7280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 156.056053][T30788] ================================================================== [ 156.063942][T30788] Disabling lock debugging due to kernel taint 2024/02/15 23:04:40 executed programs: 8093 [ 163.094250][ C0] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 163.102072][ C0] #PF: supervisor instruction fetch in kernel mode [ 163.109264][ C0] #PF: error_code(0x0010) - not-present page [ 163.115517][ C0] PGD 0 P4D 0 [ 163.118723][ C0] Oops: 0010 [#1] PREEMPT SMP KASAN [ 163.123846][ C0] CPU: 0 PID: 566 Comm: udevd Tainted: G B 5.4.265-syzkaller-04843-g1b3143b9b166 #0 [ 163.134746][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 163.145135][ C0] RIP: 0010:0x0 [ 163.148955][ C0] Code: Bad RIP value. [ 163.153070][ C0] RSP: 0018:ffff8881f6e09d18 EFLAGS: 00010206 [ 163.159239][ C0] RAX: ffffffff8154e38a RBX: 0000000000000100 RCX: ffff8881e9cfaf40 [ 163.167607][ C0] RDX: 0000000080000100 RSI: 0000000000000000 RDI: ffff8881ea4d71c0 [ 163.175770][ C0] RBP: ffff8881f6e09ec8 R08: ffffffff8154dfce R09: 0000000000000003 [ 163.183664][ C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: 00000000ffffc9c0 [ 163.191467][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8881ea4d71c0 [ 163.199500][ C0] FS: 00007f561b781c80(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 163.208857][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 163.215563][ C0] CR2: ffffffffffffffd6 CR3: 00000001eaf26000 CR4: 00000000003406b0 [ 163.223557][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 163.231445][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 163.239261][ C0] Call Trace: [ 163.242377][ C0] [ 163.245079][ C0] ? __die+0xb4/0x100 [ 163.248900][ C0] ? no_context+0xbda/0xe50 [ 163.253425][ C0] ? enqueue_timer+0x165/0x300 [ 163.258025][ C0] ? is_prefetch+0x4b0/0x4b0 [ 163.262447][ C0] ? _raw_spin_unlock_irqrestore+0x57/0x80 [ 163.268365][ C0] ? __do_page_fault+0xa7d/0xbb0 [ 163.273910][ C0] ? __bad_area_nosemaphore+0xc0/0x460 [ 163.279204][ C0] ? page_fault+0x2f/0x40 [ 163.283733][ C0] ? __run_timers+0x84e/0xbe0 [ 163.288496][ C0] ? call_timer_fn+0x2a/0x390 [ 163.293046][ C0] call_timer_fn+0x36/0x390 [ 163.297438][ C0] __run_timers+0x879/0xbe0 [ 163.301977][ C0] ? enqueue_timer+0x300/0x300 [ 163.307725][ C0] ? check_preemption_disabled+0x9f/0x320 [ 163.314265][ C0] ? debug_smp_processor_id+0x20/0x20 [ 163.320889][ C0] ? lapic_next_event+0x5b/0x70 [ 163.325744][ C0] run_timer_softirq+0x63/0xf0 [ 163.330972][ C0] __do_softirq+0x23b/0x6b7 [ 163.335462][ C0] irq_exit+0x195/0x1c0 [ 163.339720][ C0] smp_apic_timer_interrupt+0x11a/0x460 [ 163.345213][ C0] apic_timer_interrupt+0xf/0x20 [ 163.350266][ C0] [ 163.353153][ C0] ? format_decode+0x62b/0x1f10 [ 163.358233][ C0] ? format_decode+0x7e2/0x1f10 [ 163.362856][ C0] ? __sanitizer_cov_trace_cmp8+0x70/0x70 [ 163.368593][ C0] ? format_decode+0x3a9/0x1f10 [ 163.373296][ C0] ? pointer+0xb10/0xb10 [ 163.377446][ C0] ? vsnprintf+0x1c70/0x1c70 [ 163.381886][ C0] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 163.388125][ C0] ? vsnprintf+0x152/0x1c70 [ 163.392459][ C0] ? ptr_to_hashval+0x60/0x60 [ 163.396974][ C0] ? add_uevent_var+0x1c0/0x440 [ 163.401821][ C0] ? __kasan_kmalloc+0x171/0x210 [ 163.406652][ C0] ? do_syscall_64+0xca/0x1c0 [ 163.411191][ C0] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 163.417818][ C0] ? kobject_uevent_env+0x710/0x710 [ 163.423196][ C0] ? base_probe+0x60/0x60 [ 163.427630][ C0] ? device_get_devnode+0x2d9/0x2e0 [ 163.432652][ C0] ? dev_uevent+0x219/0x6f0 [ 163.437114][ C0] ? dev_uevent_name+0xa0/0xa0 [ 163.441706][ C0] ? uevent_show+0x158/0x320 [ 163.446135][ C0] ? uevent_show+0x19a/0x320 [ 163.450646][ C0] ? dev_attr_show+0x50/0xb0 [ 163.455702][ C0] ? device_get_ownership+0xa0/0xa0 [ 163.460766][ C0] ? sysfs_kf_seq_show+0x265/0x3e0 [ 163.465852][ C0] ? seq_read+0x4df/0xe60 [ 163.470251][ C0] ? vfs_submount+0xb0/0xb0 [ 163.474718][ C0] ? kernfs_notify_workfn+0x530/0x530 [ 163.480788][ C0] ? __vfs_read+0x103/0x730 [ 163.485684][ C0] ? rw_verify_area+0x360/0x360 [ 163.490504][ C0] ? __fsnotify_update_child_dentry_flags+0x290/0x290 [ 163.497451][ C0] ? __fsnotify_parent+0x310/0x310 [ 163.502400][ C0] ? security_file_permission+0x1dc/0x2f0 [ 163.508054][ C0] ? vfs_read+0x148/0x360 [ 163.512210][ C0] ? ksys_read+0x199/0x2c0 [ 163.516562][ C0] ? debug_smp_processor_id+0x20/0x20 [ 163.521870][ C0] ? vfs_write+0x4e0/0x4e0 [ 163.526235][ C0] ? do_syscall_64+0xca/0x1c0 [ 163.530895][ C0] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 163.537118][ C0] Modules linked in: [ 163.541112][ C0] CR2: 0000000000000000 [ 163.545181][ C0] ---[ end trace ffd2d3f8f2b3ee73 ]--- [ 163.550473][ C0] RIP: 0010:0x0 [ 163.553782][ C0] Code: Bad RIP value. [ 163.557677][ C0] RSP: 0018:ffff8881f6e09d18 EFLAGS: 00010206 [ 163.564469][ C0] RAX: ffffffff8154e38a RBX: 0000000000000100 RCX: ffff8881e9cfaf40 [ 163.572835][ C0] RDX: 0000000080000100 RSI: 0000000000000000 RDI: ffff8881ea4d71c0 [ 163.581056][ C0] RBP: ffff8881f6e09ec8 R08: ffffffff8154dfce R09: 0000000000000003 [ 163.590212][ C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: 00000000ffffc9c0 [ 163.598533][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8881ea4d71c0 [ 163.607199][ C0] FS: 00007f561b781c80(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 163.616828][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 163.623526][ C0] CR2: ffffffffffffffd6 CR3: 00000001eaf26000 CR4: 00000000003406b0 [ 163.631868][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 163.640726][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 163.649436][ C0] Kernel panic - not syncing: Fatal exception in interrupt [ 163.659745][ C0] Kernel Offset: disabled [ 163.663964][ C0] Rebooting in 86400 seconds..