Warning: Permanently added '10.128.0.253' (ED25519) to the list of known hosts.
2023/11/11 22:06:09 ignoring optional flag "sandboxArg"="0"
2023/11/11 22:06:10 parsed 1 programs
2023/11/11 22:06:10 executed programs: 0
[   44.937594][   T23] kauditd_printk_skb: 68 callbacks suppressed
[   44.937604][   T23] audit: type=1400 audit(1699740370.120:144): avc:  denied  { mounton } for  pid=404 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   45.021554][   T23] audit: type=1400 audit(1699740370.130:145): avc:  denied  { mount } for  pid=404 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   45.180972][  T410] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.187810][  T410] bridge0: port 1(bridge_slave_0) entered disabled state
[   45.195292][  T410] device bridge_slave_0 entered promiscuous mode
[   45.204036][  T410] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.211090][  T410] bridge0: port 2(bridge_slave_1) entered disabled state
[   45.218473][  T410] device bridge_slave_1 entered promiscuous mode
[   45.230427][  T414] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.237339][  T414] bridge0: port 1(bridge_slave_0) entered disabled state
[   45.244861][  T414] device bridge_slave_0 entered promiscuous mode
[   45.253856][  T414] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.260803][  T414] bridge0: port 2(bridge_slave_1) entered disabled state
[   45.268023][  T414] device bridge_slave_1 entered promiscuous mode
[   45.433942][  T421] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.440854][  T421] bridge0: port 1(bridge_slave_0) entered disabled state
[   45.448057][  T421] device bridge_slave_0 entered promiscuous mode
[   45.462410][  T424] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.469314][  T424] bridge0: port 1(bridge_slave_0) entered disabled state
[   45.476545][  T424] device bridge_slave_0 entered promiscuous mode
[   45.489073][   T23] audit: type=1400 audit(1699740370.670:146): avc:  denied  { create } for  pid=410 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   45.494044][  T422] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.509585][   T23] audit: type=1400 audit(1699740370.670:147): avc:  denied  { write } for  pid=410 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   45.516702][  T422] bridge0: port 1(bridge_slave_0) entered disabled state
[   45.537018][   T23] audit: type=1400 audit(1699740370.670:148): avc:  denied  { read } for  pid=410 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   45.564998][  T422] device bridge_slave_0 entered promiscuous mode
[   45.571763][  T421] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.578590][  T421] bridge0: port 2(bridge_slave_1) entered disabled state
[   45.586741][  T421] device bridge_slave_1 entered promiscuous mode
[   45.603727][  T424] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.610638][  T424] bridge0: port 2(bridge_slave_1) entered disabled state
[   45.617919][  T424] device bridge_slave_1 entered promiscuous mode
[   45.624426][  T422] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.631385][  T422] bridge0: port 2(bridge_slave_1) entered disabled state
[   45.638753][  T422] device bridge_slave_1 entered promiscuous mode
[   45.653688][  T410] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.661755][  T410] bridge0: port 2(bridge_slave_1) entered forwarding state
[   45.668949][  T410] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.675738][  T410] bridge0: port 1(bridge_slave_0) entered forwarding state
[   45.740143][  T423] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.747111][  T423] bridge0: port 1(bridge_slave_0) entered disabled state
[   45.754671][  T423] device bridge_slave_0 entered promiscuous mode
[   45.779839][  T423] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.786672][  T423] bridge0: port 2(bridge_slave_1) entered disabled state
[   45.794332][  T423] device bridge_slave_1 entered promiscuous mode
[   45.861788][  T124] bridge0: port 1(bridge_slave_0) entered disabled state
[   45.870042][  T124] bridge0: port 2(bridge_slave_1) entered disabled state
[   45.878319][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   45.885677][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   45.922217][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   45.930669][  T124] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.937487][  T124] bridge0: port 1(bridge_slave_0) entered forwarding state
[   45.945078][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   45.953639][  T124] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.960493][  T124] bridge0: port 2(bridge_slave_1) entered forwarding state
[   46.014187][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   46.022420][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   46.081822][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   46.115447][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   46.123035][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   46.130629][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   46.138722][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   46.147112][  T367] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.153941][  T367] bridge0: port 1(bridge_slave_0) entered forwarding state
[   46.161823][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   46.169728][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   46.177490][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   46.189153][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   46.196449][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   46.204068][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   46.212451][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   46.220673][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.227487][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   46.265162][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   46.274396][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   46.282381][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   46.290508][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   46.298249][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   46.306528][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   46.314507][  T367] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.321349][  T367] bridge0: port 1(bridge_slave_0) entered forwarding state
[   46.328504][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   46.336877][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   46.344875][  T367] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.351715][  T367] bridge0: port 2(bridge_slave_1) entered forwarding state
[   46.359941][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   46.379128][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   46.386594][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   46.394101][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   46.402848][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   46.410998][  T107] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.417810][  T107] bridge0: port 1(bridge_slave_0) entered forwarding state
[   46.450145][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   46.457621][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   46.465004][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   46.472281][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   46.480747][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   46.488675][  T107] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.495519][  T107] bridge0: port 1(bridge_slave_0) entered forwarding state
[   46.503149][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   46.511529][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   46.519543][  T107] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.526964][  T107] bridge0: port 2(bridge_slave_1) entered forwarding state
[   46.534193][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   46.542347][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   46.550238][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   46.558131][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   46.566011][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   46.574239][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   46.582445][  T107] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.589273][  T107] bridge0: port 2(bridge_slave_1) entered forwarding state
[   46.609164][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   46.616788][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   46.625130][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   46.633378][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   46.641747][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   46.649836][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   46.657530][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   46.665328][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   46.673560][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   46.689282][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   46.697328][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   46.718102][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   46.726545][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   46.735019][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   46.743076][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   46.772416][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   46.780676][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   46.788690][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   46.797113][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   46.805546][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   46.814275][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   46.834930][   T23] audit: type=1400 audit(1699740372.020:149): avc:  denied  { mounton } for  pid=410 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=1955 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[   46.871410][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   46.880946][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   46.884988][   T23] audit: type=1400 audit(1699740372.070:150): avc:  denied  { sys_admin } for  pid=446 comm="syz-executor.0" capability=21  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[   46.888898][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   46.918415][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   46.925848][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   46.933103][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   46.941357][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   46.949505][  T366] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.956913][  T366] bridge0: port 1(bridge_slave_0) entered forwarding state
[   46.964431][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   46.972610][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   46.981046][  T366] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.987866][  T366] bridge0: port 2(bridge_slave_1) entered forwarding state
[   46.995096][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   47.003310][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   47.011678][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   47.019747][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   47.027874][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   47.039189][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   47.071102][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   47.081114][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   47.108184][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   47.118145][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   47.160504][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   47.168627][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   47.176756][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   47.185276][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   47.193747][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   47.202034][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   47.210003][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   47.218157][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   47.244446][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   47.253091][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   47.283055][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   47.294033][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   47.320424][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   47.328638][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   47.337735][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   47.355133][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   47.364434][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   47.372718][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   47.394781][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   47.402649][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   47.444864][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   47.454263][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   47.489138][  T455] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   47.500801][  T455] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   47.523000][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   47.531279][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2023/11/11 22:06:15 executed programs: 193
2023/11/11 22:06:20 executed programs: 394
2023/11/11 22:06:25 executed programs: 782
2023/11/11 22:06:30 executed programs: 1113
[   66.369782][   T74] cfg80211: failed to load regulatory.db
2023/11/11 22:06:35 executed programs: 1465
2023/11/11 22:06:40 executed programs: 1739
2023/11/11 22:06:46 executed programs: 2065
[   84.580771][T11602] ==================================================================
[   84.588666][T11602] BUG: KASAN: use-after-free in detach_if_pending+0x188/0x360
[   84.595945][T11602] Write of size 8 at addr ffff8881e19df1c8 by task syz-executor.2/11602
[   84.604268][T11602] 
[   84.606447][T11602] CPU: 1 PID: 11602 Comm: syz-executor.2 Not tainted 5.4.254-syzkaller-04743-g2ac128c04e33 #0
[   84.616507][T11602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
[   84.626489][T11602] Call Trace:
[   84.629623][T11602]  dump_stack+0x1d8/0x241
[   84.633785][T11602]  ? nf_ct_l4proto_log_invalid+0x258/0x258
[   84.639430][T11602]  ? printk+0xd1/0x111
[   84.643333][T11602]  ? detach_if_pending+0x188/0x360
[   84.648279][T11602]  ? wake_up_klogd+0xb2/0xf0
[   84.652706][T11602]  ? detach_if_pending+0x188/0x360
[   84.657660][T11602]  print_address_description+0x8c/0x600
[   84.663032][T11602]  ? panic+0x896/0x896
[   84.666948][T11602]  ? detach_if_pending+0x188/0x360
[   84.672664][T11602]  __kasan_report+0xf3/0x120
[   84.677092][T11602]  ? detach_if_pending+0x188/0x360
[   84.682038][T11602]  kasan_report+0x30/0x60
[   84.686209][T11602]  detach_if_pending+0x188/0x360
[   84.690979][T11602]  del_timer_sync+0x13c/0x230
[   84.695492][T11602]  ? find_next_bit+0xcd/0x100
[   84.700030][T11602]  ? try_to_del_timer_sync+0x150/0x150
[   84.705300][T11602]  ? pcpu_chunk_relocate+0xdc/0x3a0
[   84.710349][T11602]  tun_flow_uninit+0x2c/0x280
[   84.714858][T11602]  ? free_percpu+0x359/0x910
[   84.719291][T11602]  tun_free_netdev+0x77/0x190
[   84.723896][T11602]  ? tun_xdp+0x3f0/0x3f0
[   84.727984][T11602]  netdev_run_todo+0xb7f/0xdf0
[   84.732578][T11602]  ? netdev_refcnt_read+0x1c0/0x1c0
[   84.737603][T11602]  ? kfree+0x123/0x370
[   84.741504][T11602]  tun_chr_close+0xc1/0x130
[   84.745924][T11602]  ? tun_chr_open+0x500/0x500
[   84.750442][T11602]  __fput+0x262/0x680
[   84.754267][T11602]  task_work_run+0x140/0x170
[   84.758785][T11602]  exit_to_usermode_loop+0x190/0x1a0
[   84.763904][T11602]  prepare_exit_to_usermode+0x199/0x200
[   84.769279][T11602]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   84.775012][T11602] 
[   84.777173][T11602] The buggy address belongs to the page:
[   84.782646][T11602] page:ffffea00078677c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0
[   84.791591][T11602] flags: 0x8000000000000000()
[   84.796096][T11602] raw: 8000000000000000 0000000000000000 dead000000000122 0000000000000000
[   84.804519][T11602] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   84.813050][T11602] page dumped because: kasan: bad access detected
[   84.819389][T11602] page_owner tracks the page as freed
[   84.824600][T11602] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x146dc0(GFP_USER|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_COMP|__GFP_ZERO)
[   84.838743][T11602]  prep_new_page+0x18f/0x370
[   84.843164][T11602]  get_page_from_freelist+0x2d13/0x2d90
[   84.848631][T11602]  __alloc_pages_nodemask+0x393/0x840
[   84.854011][T11602]  kmalloc_order_trace+0x2a/0x100
[   84.858872][T11602]  kvmalloc_node+0x7e/0xf0
[   84.863125][T11602]  alloc_netdev_mqs+0x85/0xc70
[   84.867730][T11602]  tun_set_iff+0x51f/0xdc0
[   84.872238][T11602]  __tun_chr_ioctl+0x860/0x1d50
[   84.876928][T11602]  do_vfs_ioctl+0x742/0x1720
[   84.881356][T11602]  __x64_sys_ioctl+0xd4/0x110
[   84.885868][T11602]  do_syscall_64+0xca/0x1c0
[   84.890381][T11602]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   84.897244][T11602] page last free stack trace:
[   84.901761][T11602]  __free_pages_ok+0x847/0x950
[   84.906359][T11602]  __free_pages+0x91/0x140
[   84.910618][T11602]  device_release+0x6b/0x190
[   84.915041][T11602]  kobject_put+0x1e6/0x2f0
[   84.919291][T11602]  netdev_run_todo+0xc44/0xdf0
[   84.924096][T11602]  tun_chr_close+0xc1/0x130
[   84.928623][T11602]  __fput+0x262/0x680
[   84.932438][T11602]  task_work_run+0x140/0x170
[   84.936938][T11602]  exit_to_usermode_loop+0x190/0x1a0
[   84.942145][T11602]  prepare_exit_to_usermode+0x199/0x200
[   84.947700][T11602]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   84.953514][T11602] 
[   84.955681][T11602] Memory state around the buggy address:
[   84.961153][T11602]  ffff8881e19df080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   84.969178][T11602]  ffff8881e19df100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   84.977060][T11602] >ffff8881e19df180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   84.985140][T11602]                                               ^
[   84.991607][T11602]  ffff8881e19df200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   84.999818][T11602]  ffff8881e19df280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   85.007900][T11602] ==================================================================
[   85.015798][T11602] Disabling lock debugging due to kernel taint
2023/11/11 22:06:51 executed programs: 2436
[   87.993700][T12436] kasan: CONFIG_KASAN_INLINE enabled
[   87.998916][T12436] kasan: GPF could be caused by NULL-ptr deref or user memory access
[   88.007074][T12436] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[   88.013844][T12436] CPU: 1 PID: 12436 Comm: syz-executor.1 Tainted: G    B             5.4.254-syzkaller-04743-g2ac128c04e33 #0
[   88.025356][T12436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
[   88.035188][T12436] RIP: 0010:detach_if_pending+0x179/0x360
[   88.040738][T12436] Code: e8 03 42 80 3c 20 00 74 08 48 89 ef e8 50 5b 3f 00 48 89 5d 00 48 85 db 74 46 e8 a2 99 0f 00 48 83 c3 08 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 df e8 28 5b 3f 00 48 89 2b 80 7c 24 0c
[   88.060535][T12436] RSP: 0018:ffff8881e0807b50 EFLAGS: 00010802
[   88.066437][T12436] RAX: 1bd5a00000000025 RBX: dead00000000012a RCX: ffff8881e5b23f00
[   88.074243][T12436] RDX: 0000000000000000 RSI: 0000000010000001 RDI: 0000000080400000
[   88.082054][T12436] RBP: ffff8881e22771c0 R08: ffffffff8154a8da R09: 0000000000000003
[   88.089954][T12436] R10: ffffffffffffffff R11: dffffc0000000001 R12: dffffc0000000000
[   88.097872][T12436] R13: ffff8881e19df1c0 R14: ffff8881e19df1c8 R15: 1ffff1103c33be39
[   88.105762][T12436] FS:  000055555567e480(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[   88.115307][T12436] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   88.121726][T12436] CR2: 00007ffe73583108 CR3: 00000001e856e000 CR4: 00000000003406a0
[   88.129541][T12436] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   88.137346][T12436] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   88.145158][T12436] Call Trace:
[   88.148296][T12436]  ? __die+0xb4/0x100
[   88.152109][T12436]  ? die+0x26/0x50
[   88.155665][T12436]  ? do_general_protection+0x266/0x3c0
[   88.161071][T12436]  ? check_preempt_wakeup+0x41a/0x9f0
[   88.166514][T12436]  ? do_trap+0x340/0x340
[   88.170604][T12436]  ? general_protection+0x28/0x30
[   88.175549][T12436]  ? detach_if_pending+0x7a/0x360
[   88.180410][T12436]  ? detach_if_pending+0x179/0x360
[   88.185435][T12436]  del_timer_sync+0x13c/0x230
[   88.189953][T12436]  ? find_next_bit+0x7b/0x100
[   88.194463][T12436]  ? try_to_del_timer_sync+0x150/0x150
[   88.199756][T12436]  ? pcpu_chunk_relocate+0xdc/0x3a0
[   88.204798][T12436]  tun_flow_uninit+0x2c/0x280
[   88.209312][T12436]  ? free_percpu+0x359/0x910
[   88.213735][T12436]  tun_free_netdev+0x77/0x190
[   88.218243][T12436]  ? tun_xdp+0x3f0/0x3f0
[   88.222332][T12436]  netdev_run_todo+0xb7f/0xdf0
[   88.226937][T12436]  ? netdev_refcnt_read+0x1c0/0x1c0
[   88.231976][T12436]  ? kfree+0x123/0x370
[   88.235867][T12436]  tun_chr_close+0xc1/0x130
[   88.240207][T12436]  ? tun_chr_open+0x500/0x500
[   88.244721][T12436]  __fput+0x262/0x680
[   88.248543][T12436]  task_work_run+0x140/0x170
[   88.252975][T12436]  exit_to_usermode_loop+0x190/0x1a0
[   88.258081][T12436]  prepare_exit_to_usermode+0x199/0x200
[   88.263467][T12436]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   88.269188][T12436] Modules linked in:
[   88.273055][T12436] ---[ end trace 7d039117ff9a137d ]---
[   88.278439][T12436] RIP: 0010:detach_if_pending+0x179/0x360
[   88.283989][T12436] Code: e8 03 42 80 3c 20 00 74 08 48 89 ef e8 50 5b 3f 00 48 89 5d 00 48 85 db 74 46 e8 a2 99 0f 00 48 83 c3 08 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 df e8 28 5b 3f 00 48 89 2b 80 7c 24 0c
[   88.303609][T12436] RSP: 0018:ffff8881e0807b50 EFLAGS: 00010802
[   88.309503][T12436] RAX: 1bd5a00000000025 RBX: dead00000000012a RCX: ffff8881e5b23f00
[   88.317667][T12436] RDX: 0000000000000000 RSI: 0000000010000001 RDI: 0000000080400000
[   88.325608][T12436] RBP: ffff8881e22771c0 R08: ffffffff8154a8da R09: 0000000000000003
[   88.333436][T12436] R10: ffffffffffffffff R11: dffffc0000000001 R12: dffffc0000000000
[   88.341223][T12436] R13: ffff8881e19df1c0 R14: ffff8881e19df1c8 R15: 1ffff1103c33be39
[   88.349212][T12436] FS:  000055555567e480(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[   88.358071][T12436] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   88.364495][T12436] CR2: 00007ffe73583108 CR3: 00000001e856e000 CR4: 00000000003406a0
[   88.372483][T12436] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   88.380280][T12436] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   88.388090][T12436] Kernel panic - not syncing: Fatal exception
[   88.394325][T12436] Kernel Offset: disabled
[   88.398714][T12436] Rebooting in 86400 seconds..