Warning: Permanently added '10.128.0.91' (ED25519) to the list of known hosts.
2024/01/25 19:52:42 ignoring optional flag "sandboxArg"="0"
2024/01/25 19:52:42 parsed 1 programs
[   52.155103][   T23] audit: type=1400 audit(1706212362.500:66): avc:  denied  { getattr } for  pid=373 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   52.178887][   T23] audit: type=1400 audit(1706212362.520:67): avc:  denied  { read } for  pid=373 comm="syz-execprog" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   52.201748][   T23] audit: type=1400 audit(1706212362.520:68): avc:  denied  { open } for  pid=373 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   52.225220][   T23] audit: type=1400 audit(1706212362.520:69): avc:  denied  { read } for  pid=373 comm="syz-execprog" name="raw-gadget" dev="devtmpfs" ino=158 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   52.248132][   T23] audit: type=1400 audit(1706212362.520:70): avc:  denied  { open } for  pid=373 comm="syz-execprog" path="/dev/raw-gadget" dev="devtmpfs" ino=158 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   52.254095][  T378] cgroup1: Unknown subsys name 'net'
[   52.276542][   T23] audit: type=1400 audit(1706212362.590:71): avc:  denied  { mounton } for  pid=378 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   52.278379][  T378] cgroup1: Unknown subsys name 'net_prio'
[   52.304786][   T23] audit: type=1400 audit(1706212362.590:72): avc:  denied  { mount } for  pid=378 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   52.305934][  T378] cgroup1: Unknown subsys name 'devices'
[   52.334599][   T23] audit: type=1400 audit(1706212362.680:73): avc:  denied  { unmount } for  pid=378 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   52.506082][  T378] cgroup1: Unknown subsys name 'hugetlb'
[   52.512305][  T378] cgroup1: Unknown subsys name 'rlimit'
[   52.644771][   T23] audit: type=1400 audit(1706212362.990:74): avc:  denied  { mounton } for  pid=378 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   52.669719][   T23] audit: type=1400 audit(1706212362.990:75): avc:  denied  { mount } for  pid=378 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   52.704836][  T381] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
2024/01/25 19:52:43 executed programs: 0
[   52.821671][  T378] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   53.345477][  T393] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.352801][  T393] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.361075][  T393] device bridge_slave_0 entered promiscuous mode
[   53.397230][  T393] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.404286][  T393] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.412589][  T393] device bridge_slave_1 entered promiscuous mode
[   53.481174][  T396] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.488312][  T396] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.496890][  T396] device bridge_slave_0 entered promiscuous mode
[   53.520172][  T396] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.527343][  T396] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.536615][  T396] device bridge_slave_1 entered promiscuous mode
[   53.643803][  T395] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.651008][  T395] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.658882][  T395] device bridge_slave_0 entered promiscuous mode
[   53.697905][  T395] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.704987][  T395] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.713070][  T395] device bridge_slave_1 entered promiscuous mode
[   53.761879][  T398] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.768853][  T398] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.777262][  T398] device bridge_slave_0 entered promiscuous mode
[   53.794210][  T398] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.801234][  T398] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.809509][  T398] device bridge_slave_1 entered promiscuous mode
[   53.853757][  T397] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.860863][  T397] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.869431][  T397] device bridge_slave_0 entered promiscuous mode
[   53.910093][  T397] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.917084][  T397] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.925441][  T397] device bridge_slave_1 entered promiscuous mode
[   54.301526][  T393] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.308410][  T393] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.315768][  T393] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.322846][  T393] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.351456][  T108] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.358714][  T108] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.585079][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   54.593107][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   54.601680][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   54.609624][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   54.624512][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   54.632531][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   54.640718][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   54.649915][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   54.658509][    T5] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.665481][    T5] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.673674][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   54.699824][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   54.708347][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   54.716935][  T108] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.723973][  T108] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.733031][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   54.741516][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   54.749869][  T108] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.756706][  T108] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.764327][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   54.773293][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   54.781710][  T108] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.788637][  T108] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.820784][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   54.828723][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   54.836812][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   54.844591][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   54.853613][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   54.862421][  T108] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.869373][  T108] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.877046][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   54.885842][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   54.894295][  T108] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.901166][  T108] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.943427][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   54.952633][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   54.961808][   T74] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.968738][   T74] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.977651][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   54.986550][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   54.994916][   T74] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.001773][   T74] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.009580][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   55.017761][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   55.026150][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   55.034367][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   55.042965][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   55.051142][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   55.060029][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   55.102631][  T380] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   55.114423][  T380] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   55.131423][  T380] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   55.149060][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   55.156664][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   55.164576][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   55.172863][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   55.201984][  T380] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   55.210987][  T380] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   55.237053][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   55.245844][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   55.254454][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   55.263236][    T5] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.270119][    T5] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.313612][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   55.323477][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   55.332035][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   55.341474][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   55.349986][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   55.358388][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   55.367386][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   55.375980][  T108] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.382900][  T108] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.412490][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   55.439960][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   55.448627][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   55.470136][  T380] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   55.478569][  T380] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   55.487595][  T380] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   55.496125][  T380] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   55.518370][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   55.527068][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   55.535945][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   55.544572][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   55.576390][  T380] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   55.586910][  T380] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   55.595792][  T380] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   55.604216][  T380] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   55.629008][  T380] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   55.638016][  T380] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   55.679048][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   55.687733][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   55.696952][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   55.706248][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   55.715090][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   55.724122][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   55.733140][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   55.742204][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   55.788129][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   55.811467][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   55.821971][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   55.828968][    C0] hrtimer: interrupt took 44220 ns
[   55.830723][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   55.844236][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   55.853255][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   55.891682][  T399] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   55.906007][  T399] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   56.141710][  T425] device pim6reg1 entered promiscuous mode
[   56.281483][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   56.295291][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   56.316524][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   56.336613][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   56.600787][  T434] device pim6reg1 entered promiscuous mode
[   56.820116][  T435] device pim6reg1 entered promiscuous mode
[   56.859490][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   56.868269][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   56.899746][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   56.908254][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   57.047841][  T430] syz-executor.3 (430) used greatest stack depth: 21592 bytes left
[   57.225470][  T446] device pim6reg1 entered promiscuous mode
[   57.440681][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   57.453595][  T418] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   58.414563][  T475] device pim6reg1 entered promiscuous mode
2024/01/25 19:52:48 executed programs: 12
[   58.634323][  T466] device pim6reg1 entered promiscuous mode
[   58.900324][  T481] device pim6reg1 entered promiscuous mode
[   59.538117][  T499] device pim6reg1 entered promiscuous mode
[   60.109360][  T500] device pim6reg1 entered promiscuous mode
[   60.237385][  T503] device pim6reg1 entered promiscuous mode
[   60.405150][  T507] device pim6reg1 entered promiscuous mode
[   60.535978][  T513] device pim6reg1 entered promiscuous mode
[   60.852695][  T531] device pim6reg1 entered promiscuous mode
[   61.345218][  T539] device pim6reg1 entered promiscuous mode
[   61.842656][  T547] device pim6reg1 entered promiscuous mode
[   62.174012][  T556] device pim6reg1 entered promiscuous mode
[   62.325491][  T557] device pim6reg1 entered promiscuous mode
[   63.078089][  T581] device pim6reg1 entered promiscuous mode
[   63.412324][  T582] device pim6reg1 entered promiscuous mode
2024/01/25 19:52:54 executed programs: 32
[   63.795410][  T592] device pim6reg1 entered promiscuous mode
[   64.318899][  T613] device pim6reg1 entered promiscuous mode
[   64.932933][  T623] device pim6reg1 entered promiscuous mode
[   65.534566][  T650] ==================================================================
[   65.542593][  T650] BUG: KASAN: use-after-free in enqueue_timer+0xb7/0x300
[   65.549436][  T650] Write of size 8 at addr ffff8881dff4b1c8 by task syz-executor.2/650
[   65.557393][  T650] 
[   65.559689][  T650] CPU: 1 PID: 650 Comm: syz-executor.2 Not tainted 5.4.265-syzkaller-00033-g4d7b888b5774 #0
[   65.569649][  T650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[   65.579538][  T650] Call Trace:
[   65.582692][  T650]  dump_stack+0x1d8/0x241
[   65.586856][  T650]  ? nf_ct_l4proto_log_invalid+0x258/0x258
[   65.592499][  T650]  ? printk+0xd1/0x111
[   65.596396][  T650]  ? enqueue_timer+0xb7/0x300
[   65.600917][  T650]  ? wake_up_klogd+0xb2/0xf0
[   65.605337][  T650]  ? enqueue_timer+0xb7/0x300
[   65.609851][  T650]  print_address_description+0x8c/0x600
[   65.615238][  T650]  ? panic+0x896/0x896
[   65.619160][  T650]  ? enqueue_timer+0xb7/0x300
[   65.623649][  T650]  __kasan_report+0xf3/0x120
[   65.628080][  T650]  ? enqueue_timer+0xb7/0x300
[   65.632614][  T650]  kasan_report+0x30/0x60
[   65.636893][  T650]  enqueue_timer+0xb7/0x300
[   65.641214][  T650]  internal_add_timer+0x240/0x430
[   65.646083][  T650]  __mod_timer+0x6f1/0x13e0
[   65.650421][  T650]  ? mod_timer_pending+0x20/0x20
[   65.655194][  T650]  ? selinux_tun_dev_alloc_security+0x4d/0x130
[   65.661261][  T650]  ? selinux_tun_dev_alloc_security+0x5e/0x130
[   65.667358][  T650]  ? init_timer_key+0x2d/0x1f0
[   65.671963][  T650]  tun_net_init+0x287/0x540
[   65.676311][  T650]  register_netdevice+0x1c0/0x12a0
[   65.681252][  T650]  ? kasan_kmalloc_large+0x131/0x140
[   65.686453][  T650]  ? memset+0x1f/0x40
[   65.690265][  T650]  ? netdev_update_lockdep_key+0x10/0x10
[   65.695733][  T650]  ? alloc_netdev_mqs+0x99d/0xc70
[   65.700641][  T650]  tun_set_iff+0x7f7/0xdc0
[   65.705028][  T650]  __tun_chr_ioctl+0x8a9/0x1d00
[   65.709736][  T650]  ? tun_flow_create+0x250/0x250
[   65.714507][  T650]  ? tun_chr_poll+0x670/0x670
[   65.718995][  T650]  do_vfs_ioctl+0x742/0x1720
[   65.723433][  T650]  ? ioctl_preallocate+0x250/0x250
[   65.728386][  T650]  ? __fget+0x407/0x490
[   65.732371][  T650]  ? fget_many+0x20/0x20
[   65.736448][  T650]  ? switch_fpu_return+0x1d4/0x410
[   65.741392][  T650]  ? security_file_ioctl+0x7d/0xa0
[   65.746365][  T650]  __x64_sys_ioctl+0xd4/0x110
[   65.750854][  T650]  do_syscall_64+0xca/0x1c0
[   65.755198][  T650]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   65.761015][  T650] 
[   65.763167][  T650] The buggy address belongs to the page:
[   65.768646][  T650] page:ffffea00077fd2c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0
[   65.777576][  T650] flags: 0x8000000000000000()
[   65.782116][  T650] raw: 8000000000000000 0000000000000000 ffffea00077fd288 0000000000000000
[   65.790791][  T650] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   65.799352][  T650] page dumped because: kasan: bad access detected
[   65.805605][  T650] page_owner tracks the page as freed
[   65.810837][  T650] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x146dc0(GFP_USER|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_COMP|__GFP_ZERO)
[   65.825128][  T650]  prep_new_page+0x18f/0x370
[   65.829493][  T650]  get_page_from_freelist+0x2d13/0x2d90
[   65.834959][  T650]  __alloc_pages_nodemask+0x393/0x840
[   65.840176][  T650]  kmalloc_order_trace+0x2a/0x100
[   65.845025][  T650]  kvmalloc_node+0x7e/0xf0
[   65.849274][  T650]  alloc_netdev_mqs+0x85/0xc70
[   65.853875][  T650]  tun_set_iff+0x51f/0xdc0
[   65.858140][  T650]  __tun_chr_ioctl+0x8a9/0x1d00
[   65.862826][  T650]  do_vfs_ioctl+0x742/0x1720
[   65.867260][  T650]  __x64_sys_ioctl+0xd4/0x110
[   65.871784][  T650]  do_syscall_64+0xca/0x1c0
[   65.876108][  T650]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   65.881812][  T650] page last free stack trace:
[   65.886352][  T650]  __free_pages_ok+0x847/0x950
[   65.891149][  T650]  __free_pages+0x91/0x140
[   65.895390][  T650]  device_release+0x6b/0x190
[   65.899821][  T650]  kobject_put+0x1e6/0x2f0
[   65.904081][  T650]  netdev_run_todo+0xc44/0xdf0
[   65.908660][  T650]  tun_chr_close+0xc1/0x130
[   65.913020][  T650]  __fput+0x262/0x680
[   65.916822][  T650]  task_work_run+0x140/0x170
[   65.921254][  T650]  get_signal+0x13c6/0x1440
[   65.925604][  T650]  do_signal+0xb0/0x11f0
[   65.929879][  T650]  exit_to_usermode_loop+0xc0/0x1a0
[   65.935089][  T650]  prepare_exit_to_usermode+0x199/0x200
[   65.940459][  T650]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   65.946174][  T650] 
[   65.948347][  T650] Memory state around the buggy address:
[   65.954262][  T650]  ffff8881dff4b080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   65.962248][  T650]  ffff8881dff4b100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   65.970145][  T650] >ffff8881dff4b180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   65.978028][  T650]                                               ^
[   65.984288][  T650]  ffff8881dff4b200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   65.992282][  T650]  ffff8881dff4b280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   66.000268][  T650] ==================================================================
[   66.008247][  T650] Disabling lock debugging due to kernel taint