Warning: Permanently added '10.128.1.105' (ED25519) to the list of known hosts.
2024/03/31 00:07:18 ignoring optional flag "sandboxArg"="0"
2024/03/31 00:07:18 parsed 1 programs
2024/03/31 00:07:18 executed programs: 0
[   41.134619][   T23] kauditd_printk_skb: 69 callbacks suppressed
[   41.134628][   T23] audit: type=1400 audit(1711843638.539:145): avc:  denied  { mounton } for  pid=403 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   41.168706][   T23] audit: type=1400 audit(1711843638.539:146): avc:  denied  { mount } for  pid=403 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   41.401849][  T413] bridge0: port 1(bridge_slave_0) entered blocking state
[   41.408777][  T413] bridge0: port 1(bridge_slave_0) entered disabled state
[   41.416105][  T413] device bridge_slave_0 entered promiscuous mode
[   41.441602][  T413] bridge0: port 2(bridge_slave_1) entered blocking state
[   41.448776][  T413] bridge0: port 2(bridge_slave_1) entered disabled state
[   41.456392][  T413] device bridge_slave_1 entered promiscuous mode
[   41.465843][  T412] bridge0: port 1(bridge_slave_0) entered blocking state
[   41.472811][  T412] bridge0: port 1(bridge_slave_0) entered disabled state
[   41.479991][  T412] device bridge_slave_0 entered promiscuous mode
[   41.490977][  T412] bridge0: port 2(bridge_slave_1) entered blocking state
[   41.498117][  T412] bridge0: port 2(bridge_slave_1) entered disabled state
[   41.505609][  T412] device bridge_slave_1 entered promiscuous mode
[   41.527166][  T417] bridge0: port 1(bridge_slave_0) entered blocking state
[   41.534091][  T417] bridge0: port 1(bridge_slave_0) entered disabled state
[   41.541309][  T417] device bridge_slave_0 entered promiscuous mode
[   41.553466][  T417] bridge0: port 2(bridge_slave_1) entered blocking state
[   41.560305][  T417] bridge0: port 2(bridge_slave_1) entered disabled state
[   41.567842][  T417] device bridge_slave_1 entered promiscuous mode
[   41.595865][  T418] bridge0: port 1(bridge_slave_0) entered blocking state
[   41.603110][  T418] bridge0: port 1(bridge_slave_0) entered disabled state
[   41.610590][  T418] device bridge_slave_0 entered promiscuous mode
[   41.632155][  T416] bridge0: port 1(bridge_slave_0) entered blocking state
[   41.639141][  T416] bridge0: port 1(bridge_slave_0) entered disabled state
[   41.647321][  T416] device bridge_slave_0 entered promiscuous mode
[   41.670430][  T418] bridge0: port 2(bridge_slave_1) entered blocking state
[   41.677788][  T418] bridge0: port 2(bridge_slave_1) entered disabled state
[   41.685672][  T418] device bridge_slave_1 entered promiscuous mode
[   41.700813][  T416] bridge0: port 2(bridge_slave_1) entered blocking state
[   41.708313][  T416] bridge0: port 2(bridge_slave_1) entered disabled state
[   41.715891][  T416] device bridge_slave_1 entered promiscuous mode
[   41.738136][  T421] bridge0: port 1(bridge_slave_0) entered blocking state
[   41.745335][  T421] bridge0: port 1(bridge_slave_0) entered disabled state
[   41.753071][  T421] device bridge_slave_0 entered promiscuous mode
[   41.760017][  T421] bridge0: port 2(bridge_slave_1) entered blocking state
[   41.767059][  T421] bridge0: port 2(bridge_slave_1) entered disabled state
[   41.774450][  T421] device bridge_slave_1 entered promiscuous mode
[   41.873954][   T23] audit: type=1400 audit(1711843639.279:147): avc:  denied  { create } for  pid=413 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   41.910423][   T23] audit: type=1400 audit(1711843639.279:148): avc:  denied  { write } for  pid=413 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   41.953087][   T23] audit: type=1400 audit(1711843639.279:149): avc:  denied  { read } for  pid=413 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   41.960514][  T413] bridge0: port 2(bridge_slave_1) entered blocking state
[   41.980234][  T413] bridge0: port 2(bridge_slave_1) entered forwarding state
[   41.987485][  T413] bridge0: port 1(bridge_slave_0) entered blocking state
[   41.994253][  T413] bridge0: port 1(bridge_slave_0) entered forwarding state
[   42.034784][  T412] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.041656][  T412] bridge0: port 2(bridge_slave_1) entered forwarding state
[   42.048956][  T412] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.055783][  T412] bridge0: port 1(bridge_slave_0) entered forwarding state
[   42.066665][  T417] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.073676][  T417] bridge0: port 2(bridge_slave_1) entered forwarding state
[   42.080852][  T417] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.087910][  T417] bridge0: port 1(bridge_slave_0) entered forwarding state
[   42.101619][  T418] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.108698][  T418] bridge0: port 2(bridge_slave_1) entered forwarding state
[   42.116062][  T418] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.123783][  T418] bridge0: port 1(bridge_slave_0) entered forwarding state
[   42.152071][  T416] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.159166][  T416] bridge0: port 2(bridge_slave_1) entered forwarding state
[   42.166528][  T416] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.173808][  T416] bridge0: port 1(bridge_slave_0) entered forwarding state
[   42.205972][  T421] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.213323][  T421] bridge0: port 2(bridge_slave_1) entered forwarding state
[   42.220688][  T421] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.227628][  T421] bridge0: port 1(bridge_slave_0) entered forwarding state
[   42.242584][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   42.251575][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   42.259750][  T365] bridge0: port 1(bridge_slave_0) entered disabled state
[   42.267655][  T365] bridge0: port 2(bridge_slave_1) entered disabled state
[   42.275443][  T365] bridge0: port 1(bridge_slave_0) entered disabled state
[   42.283163][  T365] bridge0: port 1(bridge_slave_0) entered disabled state
[   42.290164][  T365] bridge0: port 1(bridge_slave_0) entered disabled state
[   42.297257][  T365] bridge0: port 2(bridge_slave_1) entered disabled state
[   42.304643][  T365] bridge0: port 2(bridge_slave_1) entered disabled state
[   42.312051][  T365] bridge0: port 2(bridge_slave_1) entered disabled state
[   42.319153][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   42.327210][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   42.335021][  T365] bridge0: port 1(bridge_slave_0) entered disabled state
[   42.342300][  T365] bridge0: port 2(bridge_slave_1) entered disabled state
[   42.350039][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   42.357544][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   42.370469][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   42.377718][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   42.385137][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   42.393651][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   42.401847][   T74] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.408665][   T74] bridge0: port 1(bridge_slave_0) entered forwarding state
[   42.416250][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   42.424594][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   42.432916][   T74] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.440014][   T74] bridge0: port 2(bridge_slave_1) entered forwarding state
[   42.470821][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   42.478183][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   42.496920][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   42.505071][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   42.513734][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   42.521714][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   42.539450][  T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   42.546929][  T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   42.554664][  T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   42.563044][  T364] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   42.571163][  T364] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.577994][  T364] bridge0: port 1(bridge_slave_0) entered forwarding state
[   42.585314][  T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   42.593572][  T364] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   42.601826][  T364] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.608752][  T364] bridge0: port 2(bridge_slave_1) entered forwarding state
[   42.630841][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   42.638965][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   42.647459][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   42.655323][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   42.662651][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   42.670281][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   42.678593][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   42.686924][  T365] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.694310][  T365] bridge0: port 1(bridge_slave_0) entered forwarding state
[   42.701773][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   42.710860][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   42.718973][  T365] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.725924][  T365] bridge0: port 2(bridge_slave_1) entered forwarding state
[   42.757113][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   42.765654][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   42.774509][  T365] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.781357][  T365] bridge0: port 1(bridge_slave_0) entered forwarding state
[   42.789505][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   42.798243][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   42.806882][  T365] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.813929][  T365] bridge0: port 2(bridge_slave_1) entered forwarding state
[   42.821641][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   42.829647][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   42.837926][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   42.845893][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   42.853805][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   42.861780][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   42.869784][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   42.878360][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   42.903352][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   42.912337][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   42.920116][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   42.928115][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   42.936474][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   42.945016][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   42.953056][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   42.961276][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   42.969015][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   42.977257][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   43.000154][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   43.007927][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   43.040657][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   43.048471][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   43.057408][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   43.065494][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   43.073256][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   43.080739][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   43.089071][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   43.097692][   T74] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.104601][   T74] bridge0: port 1(bridge_slave_0) entered forwarding state
[   43.112096][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   43.120657][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   43.128577][   T74] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.135426][   T74] bridge0: port 2(bridge_slave_1) entered forwarding state
[   43.151306][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   43.165874][   T23] audit: type=1400 audit(1711843640.569:150): avc:  denied  { mounton } for  pid=413 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=10756 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[   43.181192][  T369] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   43.205616][   T23] audit: type=1400 audit(1711843640.609:151): avc:  denied  { sys_admin } for  pid=445 comm="syz-executor.0" capability=21  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[   43.206560][  T369] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   43.236552][  T369] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   43.275310][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   43.284966][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   43.293275][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   43.301807][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   43.310257][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   43.319572][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   43.327771][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   43.335981][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   43.344064][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   43.352151][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   43.360242][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   43.368447][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   43.376949][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   43.385255][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   43.393831][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   43.402136][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   43.423471][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   43.435681][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   43.444910][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   43.453009][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   43.522566][  T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   43.536099][  T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   43.564430][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   43.572662][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   43.593473][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   43.604606][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   43.612994][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   43.621613][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   43.637640][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   43.647141][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2024/03/31 00:07:23 executed programs: 163
2024/03/31 00:07:28 executed programs: 614
2024/03/31 00:07:33 executed programs: 858
2024/03/31 00:07:38 executed programs: 1309
2024/03/31 00:07:43 executed programs: 1682
[   66.591632][   T13] cfg80211: failed to load regulatory.db
2024/03/31 00:07:48 executed programs: 2067
2024/03/31 00:07:53 executed programs: 2459
2024/03/31 00:07:58 executed programs: 2763
2024/03/31 00:08:03 executed programs: 3204
2024/03/31 00:08:08 executed programs: 3513
2024/03/31 00:08:13 executed programs: 3883
2024/03/31 00:08:18 executed programs: 4128
2024/03/31 00:08:24 executed programs: 4544
[  107.942718][T21825] ==================================================================
[  107.950621][T21825] BUG: KASAN: use-after-free in detach_if_pending+0x188/0x360
[  107.958246][T21825] Write of size 8 at addr ffff8881ea29f1c8 by task syz-executor.1/21825
[  107.966398][T21825] 
[  107.968575][T21825] CPU: 0 PID: 21825 Comm: syz-executor.1 Not tainted 5.4.268-syzkaller-04869-g47710d1d3563 #0
[  107.978637][T21825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[  107.988537][T21825] Call Trace:
[  107.991752][T21825]  dump_stack+0x1d8/0x241
[  107.996009][T21825]  ? nf_ct_l4proto_log_invalid+0x258/0x258
[  108.001913][T21825]  ? printk+0xd1/0x111
[  108.005807][T21825]  ? detach_if_pending+0x188/0x360
[  108.010754][T21825]  ? wake_up_klogd+0xb2/0xf0
[  108.016310][T21825]  ? detach_if_pending+0x188/0x360
[  108.021270][T21825]  print_address_description+0x8c/0x600
[  108.026635][T21825]  ? panic+0x896/0x896
[  108.030554][T21825]  ? detach_if_pending+0x188/0x360
[  108.035488][T21825]  __kasan_report+0xf3/0x120
[  108.039917][T21825]  ? detach_if_pending+0x188/0x360
[  108.044878][T21825]  kasan_report+0x30/0x60
[  108.049124][T21825]  detach_if_pending+0x188/0x360
[  108.053984][T21825]  del_timer_sync+0x13c/0x230
[  108.058495][T21825]  ? find_next_bit+0x7b/0x100
[  108.063003][T21825]  ? try_to_del_timer_sync+0x150/0x150
[  108.068345][T21825]  ? pcpu_chunk_relocate+0xdc/0x3a0
[  108.073427][T21825]  tun_flow_uninit+0x2c/0x280
[  108.077933][T21825]  ? free_percpu+0x359/0x910
[  108.082362][T21825]  tun_free_netdev+0x77/0x190
[  108.086957][T21825]  ? tun_xdp+0x3f0/0x3f0
[  108.091039][T21825]  netdev_run_todo+0xb7f/0xdf0
[  108.095725][T21825]  ? netdev_refcnt_read+0x1c0/0x1c0
[  108.100758][T21825]  ? kfree+0x123/0x370
[  108.104686][T21825]  tun_chr_close+0xc1/0x130
[  108.109566][T21825]  ? tun_chr_open+0x500/0x500
[  108.114028][T21825]  __fput+0x262/0x680
[  108.117931][T21825]  task_work_run+0x140/0x170
[  108.122355][T21825]  exit_to_usermode_loop+0x190/0x1a0
[  108.127668][T21825]  prepare_exit_to_usermode+0x199/0x200
[  108.133046][T21825]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  108.138766][T21825] 
[  108.140926][T21825] The buggy address belongs to the page:
[  108.146486][T21825] page:ffffea0007a8a7c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0
[  108.155431][T21825] flags: 0x8000000000000000()
[  108.159939][T21825] raw: 8000000000000000 0000000000000000 ffffffff07a80101 0000000000000000
[  108.168640][T21825] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  108.177213][T21825] page dumped because: kasan: bad access detected
[  108.183464][T21825] page_owner tracks the page as freed
[  108.188958][T21825] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x146dc0(GFP_USER|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_COMP|__GFP_ZERO)
[  108.203362][T21825]  prep_new_page+0x18f/0x370
[  108.207973][T21825]  get_page_from_freelist+0x2d13/0x2d90
[  108.213430][T21825]  __alloc_pages_nodemask+0x393/0x840
[  108.218619][T21825]  kmalloc_order_trace+0x2a/0x100
[  108.223481][T21825]  kvmalloc_node+0x7e/0xf0
[  108.227751][T21825]  alloc_netdev_mqs+0x85/0xc70
[  108.232342][T21825]  tun_set_iff+0x51f/0xdc0
[  108.236673][T21825]  __tun_chr_ioctl+0x8a9/0x1d00
[  108.241359][T21825]  do_vfs_ioctl+0x742/0x1720
[  108.245781][T21825]  __x64_sys_ioctl+0xd4/0x110
[  108.250558][T21825]  do_syscall_64+0xca/0x1c0
[  108.254907][T21825]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  108.260626][T21825] page last free stack trace:
[  108.265152][T21825]  __free_pages_ok+0x847/0x950
[  108.270190][T21825]  __free_pages+0x91/0x140
[  108.274455][T21825]  device_release+0x6b/0x190
[  108.279128][T21825]  kobject_put+0x1e6/0x2f0
[  108.283379][T21825]  netdev_run_todo+0xc44/0xdf0
[  108.287973][T21825]  tun_chr_close+0xc1/0x130
[  108.292479][T21825]  __fput+0x262/0x680
[  108.296294][T21825]  task_work_run+0x140/0x170
[  108.300819][T21825]  do_exit+0xcaf/0x2bc0
[  108.304800][T21825]  do_group_exit+0x138/0x300
[  108.309225][T21825]  get_signal+0xdb1/0x1440
[  108.313481][T21825]  do_signal+0xb0/0x11f0
[  108.317557][T21825]  exit_to_usermode_loop+0xc0/0x1a0
[  108.322682][T21825]  prepare_exit_to_usermode+0x199/0x200
[  108.328059][T21825]  ret_from_fork+0x15/0x30
[  108.332317][T21825] 
[  108.334478][T21825] Memory state around the buggy address:
[  108.339956][T21825]  ffff8881ea29f080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  108.347943][T21825]  ffff8881ea29f100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  108.355834][T21825] >ffff8881ea29f180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  108.363845][T21825]                                               ^
[  108.370097][T21825]  ffff8881ea29f200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  108.377997][T21825]  ffff8881ea29f280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  108.385892][T21825] ==================================================================
[  108.393975][T21825] Disabling lock debugging due to kernel taint
2024/03/31 00:08:29 executed programs: 4891
[  116.190372][    C1] kasan: CONFIG_KASAN_INLINE enabled
[  116.195563][    C1] kasan: GPF could be caused by NULL-ptr deref or user memory access
[  116.203464][    C1] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[  116.210239][    C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G    B             5.4.268-syzkaller-04869-g47710d1d3563 #0
[  116.221413][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[  116.231308][    C1] RIP: 0010:__run_timers+0x7b0/0xbe0
[  116.236427][    C1] Code: 89 e7 e8 53 3c 3f 00 4d 89 2c 24 4d 85 ed 74 2e e8 45 68 0f 00 49 83 c5 08 4c 89 e8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 ef e8 22 3c 3f 00 4d 89 65 00 eb 05 e8 17
[  116.256999][    C1] RSP: 0018:ffff8881f6f09d80 EFLAGS: 00010802
[  116.263243][    C1] RAX: 1bd5a00000000025 RBX: 1ffff1103d453e39 RCX: dffffc0000000000
[  116.271136][    C1] RDX: 0000000080000102 RSI: 0000000000000008 RDI: ffff8881ea29f1c8
[  116.278944][    C1] RBP: ffff8881f6f09ef8 R08: dffffc0000000000 R09: 0000000000000003
[  116.286755][    C1] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff8881f6f09e40
[  116.295090][    C1] R13: dead00000000012a R14: 1ffff1103d453e38 R15: ffff8881ea29f1c8
[  116.302987][    C1] FS:  0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[  116.312045][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  116.318713][    C1] CR2: 00007fdef84891a8 CR3: 00000001dc699000 CR4: 00000000003406a0
[  116.326634][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  116.334677][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  116.342662][    C1] Call Trace:
[  116.345789][    C1]  <IRQ>
[  116.348484][    C1]  ? __die+0xb4/0x100
[  116.352308][    C1]  ? die+0x26/0x50
[  116.355857][    C1]  ? do_general_protection+0x266/0x3c0
[  116.361174][    C1]  ? do_trap+0x340/0x340
[  116.365230][    C1]  ? debug_smp_processor_id+0x20/0x20
[  116.370521][    C1]  ? round_jiffies+0x99/0xb0
[  116.374953][    C1]  ? general_protection+0x28/0x30
[  116.379989][    C1]  ? __run_timers+0x7b0/0xbe0
[  116.384581][    C1]  ? enqueue_timer+0x300/0x300
[  116.389184][    C1]  ? check_preemption_disabled+0x9f/0x320
[  116.394738][    C1]  ? debug_smp_processor_id+0x20/0x20
[  116.399944][    C1]  run_timer_softirq+0x63/0xf0
[  116.404550][    C1]  __do_softirq+0x23b/0x6b7
[  116.408887][    C1]  ? debug_smp_processor_id+0x20/0x20
[  116.414217][    C1]  irq_exit+0x195/0x1c0
[  116.418618][    C1]  reschedule_interrupt+0xf/0x20
[  116.423512][    C1]  </IRQ>
[  116.426421][    C1]  ? check_preemption_disabled+0x91/0x320
[  116.431943][    C1]  ? default_idle+0x1f/0x30
[  116.436335][    C1]  ? default_idle+0x11/0x30
[  116.440615][    C1]  ? do_idle+0x248/0x660
[  116.444699][    C1]  ? idle_inject_timer_fn+0x60/0x60
[  116.449993][    C1]  ? cpu_startup_entry+0x14/0x20
[  116.454944][    C1]  ? start_secondary+0x3a5/0x460
[  116.459826][    C1]  ? native_play_dead+0x260/0x260
[  116.464830][    C1]  ? secondary_startup_64+0xa4/0xb0
[  116.469853][    C1] Modules linked in:
[  116.473621][    C1] ---[ end trace e0d6be3059002f74 ]---
[  116.478984][    C1] RIP: 0010:__run_timers+0x7b0/0xbe0
[  116.484109][    C1] Code: 89 e7 e8 53 3c 3f 00 4d 89 2c 24 4d 85 ed 74 2e e8 45 68 0f 00 49 83 c5 08 4c 89 e8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 ef e8 22 3c 3f 00 4d 89 65 00 eb 05 e8 17
[  116.503986][    C1] RSP: 0018:ffff8881f6f09d80 EFLAGS: 00010802
[  116.509906][    C1] RAX: 1bd5a00000000025 RBX: 1ffff1103d453e39 RCX: dffffc0000000000
[  116.517706][    C1] RDX: 0000000080000102 RSI: 0000000000000008 RDI: ffff8881ea29f1c8
[  116.525542][    C1] RBP: ffff8881f6f09ef8 R08: dffffc0000000000 R09: 0000000000000003
[  116.533409][    C1] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff8881f6f09e40
[  116.541237][    C1] R13: dead00000000012a R14: 1ffff1103d453e38 R15: ffff8881ea29f1c8
[  116.549037][    C1] FS:  0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[  116.557887][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  116.564311][    C1] CR2: 00007fdef84891a8 CR3: 00000001dc699000 CR4: 00000000003406a0
[  116.572295][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  116.580097][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  116.587909][    C1] Kernel panic - not syncing: Fatal exception in interrupt
[  116.595388][    C1] Kernel Offset: disabled
[  116.599712][    C1] Rebooting in 86400 seconds..