Warning: Permanently added '10.128.0.124' (ED25519) to the list of known hosts.
2023/07/20 21:27:00 parsed 1 programs
2023/07/20 21:27:00 executed programs: 0
[   42.751344][   T23] kauditd_printk_skb: 57 callbacks suppressed
[   42.751351][   T23] audit: type=1400 audit(1689888420.089:133): avc:  denied  { mounton } for  pid=402 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   42.782709][   T23] audit: type=1400 audit(1689888420.099:134): avc:  denied  { mount } for  pid=402 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   42.805366][  T407] cgroup1: Unknown subsys name 'perf_event'
[   42.807925][   T23] audit: type=1400 audit(1689888420.149:135): avc:  denied  { mounton } for  pid=407 comm="syz-executor.2" path="/syzcgroup/unified" dev="sda1" ino=1946 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   42.813053][  T407] cgroup1: Unknown subsys name 'net_cls'
[   42.837404][   T23] audit: type=1400 audit(1689888420.149:136): avc:  denied  { mount } for  pid=407 comm="syz-executor.2" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   42.845722][  T409] cgroup1: Unknown subsys name 'perf_event'
[   42.871234][  T413] cgroup1: Unknown subsys name 'perf_event'
[   42.875515][  T411] cgroup1: Unknown subsys name 'perf_event'
[   42.877688][  T413] cgroup1: Unknown subsys name 'net_cls'
[   42.883736][  T415] cgroup1: Unknown subsys name 'perf_event'
[   42.888335][   T23] audit: type=1400 audit(1689888420.179:137): avc:  denied  { mounton } for  pid=409 comm="syz-executor.3" path="/syzcgroup/unified" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[   42.905108][  T411] cgroup1: Unknown subsys name 'net_cls'
[   42.920636][  T409] cgroup1: Unknown subsys name 'net_cls'
[   42.929746][  T415] cgroup1: Unknown subsys name 'net_cls'
[   42.930264][  T416] cgroup1: Unknown subsys name 'perf_event'
[   42.954820][  T416] cgroup1: Unknown subsys name 'net_cls'
[   43.052575][  T407] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.059670][  T407] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.067052][  T407] device bridge_slave_0 entered promiscuous mode
[   43.090284][  T407] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.097405][  T407] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.104839][  T407] device bridge_slave_1 entered promiscuous mode
[   43.203175][  T415] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.210801][  T415] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.218590][  T415] device bridge_slave_0 entered promiscuous mode
[   43.234663][  T413] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.241509][  T413] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.249127][  T413] device bridge_slave_0 entered promiscuous mode
[   43.270148][  T416] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.277354][  T416] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.284845][  T416] device bridge_slave_0 entered promiscuous mode
[   43.291520][  T415] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.298982][  T415] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.306438][  T415] device bridge_slave_1 entered promiscuous mode
[   43.314003][  T413] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.320965][  T413] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.328610][  T413] device bridge_slave_1 entered promiscuous mode
[   43.342710][   T23] audit: type=1400 audit(1689888420.679:138): avc:  denied  { write } for  pid=407 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   43.358394][  T416] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.364555][   T23] audit: type=1400 audit(1689888420.699:139): avc:  denied  { read } for  pid=407 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   43.371576][  T416] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.398696][  T416] device bridge_slave_1 entered promiscuous mode
[   43.417926][  T411] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.424894][  T411] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.432636][  T411] device bridge_slave_0 entered promiscuous mode
[   43.445342][  T411] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.452519][  T411] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.460103][  T411] device bridge_slave_1 entered promiscuous mode
[   43.535943][  T409] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.544843][  T409] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.552959][  T409] device bridge_slave_0 entered promiscuous mode
[   43.561556][  T409] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.568742][  T409] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.576399][  T409] device bridge_slave_1 entered promiscuous mode
[   43.629764][  T407] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.636819][  T407] bridge0: port 2(bridge_slave_1) entered forwarding state
[   43.644643][  T407] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.651734][  T407] bridge0: port 1(bridge_slave_0) entered forwarding state
[   43.751597][  T413] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.758946][  T413] bridge0: port 2(bridge_slave_1) entered forwarding state
[   43.766158][  T413] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.773166][  T413] bridge0: port 1(bridge_slave_0) entered forwarding state
[   43.780809][   T23] audit: type=1400 audit(1689888421.129:140): avc:  denied  { append } for  pid=145 comm="syslogd" name="messages" dev="tmpfs" ino=953 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   43.804893][   T23] audit: type=1400 audit(1689888421.129:141): avc:  denied  { open } for  pid=145 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=953 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   43.817600][  T415] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.828514][   T23] audit: type=1400 audit(1689888421.129:142): avc:  denied  { getattr } for  pid=145 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=953 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   43.835341][  T415] bridge0: port 2(bridge_slave_1) entered forwarding state
[   43.835462][  T415] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.835469][  T415] bridge0: port 1(bridge_slave_0) entered forwarding state
[   43.842695][  T416] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.888551][  T416] bridge0: port 2(bridge_slave_1) entered forwarding state
[   43.895774][  T416] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.902866][  T416] bridge0: port 1(bridge_slave_0) entered forwarding state
[   43.921059][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   43.929478][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   43.938817][   T18] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.947122][   T18] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.954683][   T18] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.962022][   T18] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.969447][   T18] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.976831][   T18] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.984178][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   43.992719][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   44.001529][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   44.009578][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   44.044802][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   44.066048][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   44.074114][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   44.104725][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   44.112135][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   44.119539][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   44.128449][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   44.137454][   T18] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.144280][   T18] bridge0: port 1(bridge_slave_0) entered forwarding state
[   44.152073][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   44.160945][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   44.169363][   T18] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.176311][   T18] bridge0: port 2(bridge_slave_1) entered forwarding state
[   44.183913][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   44.191575][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   44.198912][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   44.207266][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   44.215378][   T18] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.222380][   T18] bridge0: port 1(bridge_slave_0) entered forwarding state
[   44.248238][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   44.257415][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   44.270967][   T18] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.278116][   T18] bridge0: port 2(bridge_slave_1) entered forwarding state
[   44.285598][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   44.293899][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   44.326052][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   44.334246][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   44.342844][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   44.351031][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   44.359320][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   44.367662][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   44.375895][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   44.383877][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   44.404479][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   44.412709][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   44.421197][   T18] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.428459][   T18] bridge0: port 1(bridge_slave_0) entered forwarding state
[   44.436426][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   44.446714][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   44.455077][   T18] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.462263][   T18] bridge0: port 2(bridge_slave_1) entered forwarding state
[   44.469660][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   44.477711][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   44.485683][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   44.493956][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   44.524030][  T125] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   44.532654][  T125] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   44.541118][  T125] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   44.548902][  T125] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   44.556187][  T125] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   44.565247][  T125] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   44.573523][  T125] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.580561][  T125] bridge0: port 1(bridge_slave_0) entered forwarding state
[   44.588158][  T125] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   44.596555][  T125] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   44.604335][  T125] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   44.612011][  T125] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   44.619878][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   44.635181][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   44.643398][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   44.651816][  T107] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.659013][  T107] bridge0: port 2(bridge_slave_1) entered forwarding state
[   44.667056][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   44.675555][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   44.694684][  T125] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   44.702711][  T125] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   44.710730][  T125] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   44.719138][  T125] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   44.727459][  T125] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.734367][  T125] bridge0: port 1(bridge_slave_0) entered forwarding state
[   44.742443][  T125] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   44.750563][  T125] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   44.759029][  T125] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.766075][  T125] bridge0: port 2(bridge_slave_1) entered forwarding state
[   44.775127][  T125] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   44.789814][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   44.809296][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   44.825126][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   44.833357][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   44.841828][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   44.849858][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   44.858154][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   44.880523][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   44.889818][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   44.899536][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   44.909054][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   44.917739][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   44.940295][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   44.949171][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   44.965788][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   45.004286][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   45.017123][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   45.025703][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   45.033818][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   45.042567][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   45.051313][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   45.059906][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   45.092435][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   45.100921][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   45.110791][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   45.140977][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   45.149655][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   45.158194][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   45.166559][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   45.193922][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   45.210733][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   45.220401][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   45.228943][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   45.263402][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   45.272041][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   45.280553][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   45.289373][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   45.576186][  T476] ==================================================================
[   45.584190][  T476] BUG: KASAN: use-after-free in detach_if_pending+0x188/0x360
[   45.591568][  T476] Write of size 8 at addr ffff8881ec5c31c8 by task syz-executor.2/476
[   45.599625][  T476] 
[   45.602067][  T476] CPU: 1 PID: 476 Comm: syz-executor.2 Not tainted 5.4.242-syzkaller-00086-g14e059a4e07a #0
[   45.612003][  T476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[   45.621928][  T476] Call Trace:
[   45.625062][  T476]  dump_stack+0x1d8/0x241
[   45.629227][  T476]  ? nf_ct_l4proto_log_invalid+0x258/0x258
[   45.634949][  T476]  ? printk+0xd1/0x111
[   45.638868][  T476]  ? detach_if_pending+0x188/0x360
[   45.643809][  T476]  ? wake_up_klogd+0xb2/0xf0
[   45.648272][  T476]  ? detach_if_pending+0x188/0x360
[   45.653194][  T476]  print_address_description+0x8c/0x600
[   45.658572][  T476]  ? panic+0x896/0x896
[   45.662466][  T476]  ? detach_if_pending+0x188/0x360
[   45.667409][  T476]  __kasan_report+0xf3/0x120
[   45.671838][  T476]  ? detach_if_pending+0x188/0x360
[   45.676784][  T476]  kasan_report+0x30/0x60
[   45.681265][  T476]  detach_if_pending+0x188/0x360
[   45.686002][  T476]  del_timer_sync+0x13c/0x230
[   45.691255][  T476]  ? try_to_del_timer_sync+0x150/0x150
[   45.696683][  T476]  ? pcpu_chunk_relocate+0xdc/0x3a0
[   45.701731][  T476]  tun_flow_uninit+0x2c/0x280
[   45.706308][  T476]  ? free_percpu+0x359/0x910
[   45.710777][  T476]  tun_free_netdev+0x77/0x190
[   45.715381][  T476]  ? tun_xdp+0x3f0/0x3f0
[   45.719546][  T476]  netdev_run_todo+0xb7f/0xdf0
[   45.724261][  T476]  ? netdev_refcnt_read+0x1c0/0x1c0
[   45.729357][  T476]  ? kfree+0x123/0x370
[   45.733272][  T476]  tun_chr_close+0xc1/0x130
[   45.738647][  T476]  ? tun_chr_open+0x530/0x530
[   45.743328][  T476]  __fput+0x262/0x680
[   45.747426][  T476]  task_work_run+0x140/0x170
[   45.752098][  T476]  exit_to_usermode_loop+0x190/0x1a0
[   45.758706][  T476]  prepare_exit_to_usermode+0x199/0x200
[   45.764301][  T476]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   45.770331][  T476] 
[   45.772734][  T476] The buggy address belongs to the page:
[   45.778609][  T476] page:ffffea0007b170c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0
[   45.787888][  T476] flags: 0x8000000000000000()
[   45.792401][  T476] raw: 8000000000000000 0000000000000000 ffffea0007b17088 0000000000000000
[   45.800999][  T476] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   45.809403][  T476] page dumped because: kasan: bad access detected
[   45.815650][  T476] page_owner tracks the page as freed
[   45.820880][  T476] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x46dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_COMP|__GFP_ZERO)
[   45.835293][  T476]  prep_new_page+0x18f/0x370
[   45.839957][  T476]  get_page_from_freelist+0x2d13/0x2d90
[   45.845606][  T476]  __alloc_pages_nodemask+0x393/0x840
[   45.851585][  T476]  kmalloc_order_trace+0x2a/0x100
[   45.857041][  T476]  kvmalloc_node+0x7e/0xf0
[   45.861444][  T476]  alloc_netdev_mqs+0x85/0xc70
[   45.866648][  T476]  tun_set_iff+0x51f/0xdc0
[   45.870988][  T476]  __tun_chr_ioctl+0x860/0x1d50
[   45.876197][  T476]  do_vfs_ioctl+0x742/0x1720
[   45.880797][  T476]  __x64_sys_ioctl+0xd4/0x110
[   45.885562][  T476]  do_syscall_64+0xca/0x1c0
[   45.890301][  T476]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   45.896585][  T476] page last free stack trace:
[   45.901190][  T476]  __free_pages_ok+0x847/0x950
[   45.907200][  T476]  __free_pages+0x91/0x140
[   45.911731][  T476]  device_release+0x6b/0x190
[   45.916352][  T476]  kobject_put+0x1e6/0x2f0
[   45.920646][  T476]  netdev_run_todo+0xc44/0xdf0
[   45.925366][  T476]  tun_chr_close+0xc1/0x130
[   45.929716][  T476]  __fput+0x262/0x680
[   45.933525][  T476]  task_work_run+0x140/0x170
[   45.938032][  T476]  exit_to_usermode_loop+0x190/0x1a0
[   45.943411][  T476]  prepare_exit_to_usermode+0x199/0x200
[   45.948894][  T476]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   45.954907][  T476] 
[   45.957216][  T476] Memory state around the buggy address:
[   45.962704][  T476]  ffff8881ec5c3080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   45.970903][  T476]  ffff8881ec5c3100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   45.979052][  T476] >ffff8881ec5c3180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   45.987288][  T476]                                               ^
[   45.993639][  T476]  ffff8881ec5c3200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   46.002586][  T476]  ffff8881ec5c3280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   46.010555][  T476] ==================================================================
[   46.018532][  T476] Disabling lock debugging due to kernel taint
2023/07/20 21:27:05 executed programs: 76
[   49.134506][    C1] BUG: kernel NULL pointer dereference, address: 0000000000000000
[   49.142123][    C1] #PF: supervisor instruction fetch in kernel mode
[   49.148452][    C1] #PF: error_code(0x0010) - not-present page
[   49.154528][    C1] PGD 1dca10067 P4D 1dca10067 PUD 1dca11067 PMD 0 
[   49.161104][    C1] Oops: 0010 [#1] PREEMPT SMP KASAN
[   49.166076][    C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G    B             5.4.242-syzkaller-00086-g14e059a4e07a #0
[   49.177359][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[   49.187433][    C1] RIP: 0010:0x0
[   49.190733][    C1] Code: Bad RIP value.
[   49.194724][    C1] RSP: 0018:ffff8881f6f09d18 EFLAGS: 00010202
[   49.201947][    C1] RAX: ffffffff8154cd0a RBX: 0000000000000101 RCX: ffff8881f5dc0000
[   49.209852][    C1] RDX: 0000000000000101 RSI: 0000000000000000 RDI: ffff8881ec5c31c0
[   49.217651][    C1] RBP: ffff8881f6f09ec8 R08: ffffffff8154c94e R09: 0000000000000003
[   49.225467][    C1] R10: ffffffffffffffff R11: dffffc0000000001 R12: 00000000ffff9d30
[   49.233273][    C1] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8881ec5c31c0
[   49.241086][    C1] FS:  0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[   49.249853][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   49.256275][    C1] CR2: ffffffffffffffd6 CR3: 00000001dca0f000 CR4: 00000000003406a0
[   49.264088][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   49.272016][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   49.279823][    C1] Call Trace:
[   49.282959][    C1]  <IRQ>
[   49.285649][    C1]  call_timer_fn+0x36/0x390
[   49.290005][    C1]  __run_timers+0x879/0xbe0
[   49.294328][    C1]  ? enqueue_timer+0x300/0x300
[   49.298937][    C1]  ? check_preemption_disabled+0x9f/0x320
[   49.304505][    C1]  ? debug_smp_processor_id+0x20/0x20
[   49.309687][    C1]  ? lapic_next_event+0x5b/0x70
[   49.314730][    C1]  run_timer_softirq+0x63/0xf0
[   49.319337][    C1]  __do_softirq+0x23b/0x6b7
[   49.323664][    C1]  ? sched_clock_cpu+0x18/0x3a0
[   49.328535][    C1]  irq_exit+0x195/0x1c0
[   49.332513][    C1]  smp_apic_timer_interrupt+0x11a/0x460
[   49.338528][    C1]  apic_timer_interrupt+0xf/0x20
[   49.343675][    C1]  </IRQ>
[   49.346537][    C1]  ? check_preemption_disabled+0x91/0x320
[   49.352500][    C1]  ? default_idle+0x1f/0x30
[   49.357564][    C1]  ? default_idle+0x11/0x30
[   49.361898][    C1]  ? do_idle+0x248/0x660
[   49.365975][    C1]  ? idle_inject_timer_fn+0x60/0x60
[   49.371021][    C1]  ? __wake_up_locked+0xb7/0x110
[   49.375782][    C1]  ? complete+0x60/0xb0
[   49.379777][    C1]  ? cpu_startup_entry+0x14/0x20
[   49.384633][    C1]  ? start_secondary+0x3a0/0x460
[   49.389409][    C1]  ? native_play_dead+0x220/0x220
[   49.394442][    C1]  ? secondary_startup_64+0xa4/0xb0
[   49.399472][    C1] Modules linked in:
[   49.403204][    C1] CR2: 0000000000000000
[   49.407316][    C1] ---[ end trace 54bc331d37ec903f ]---
[   49.412598][    C1] RIP: 0010:0x0
[   49.415981][    C1] Code: Bad RIP value.
[   49.419967][    C1] RSP: 0018:ffff8881f6f09d18 EFLAGS: 00010202
[   49.425980][    C1] RAX: ffffffff8154cd0a RBX: 0000000000000101 RCX: ffff8881f5dc0000
[   49.434310][    C1] RDX: 0000000000000101 RSI: 0000000000000000 RDI: ffff8881ec5c31c0
[   49.442435][    C1] RBP: ffff8881f6f09ec8 R08: ffffffff8154c94e R09: 0000000000000003
[   49.450491][    C1] R10: ffffffffffffffff R11: dffffc0000000001 R12: 00000000ffff9d30
[   49.458978][    C1] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8881ec5c31c0
[   49.466825][    C1] FS:  0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[   49.475617][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   49.482016][    C1] CR2: ffffffffffffffd6 CR3: 00000001dca0f000 CR4: 00000000003406a0
[   49.489827][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   49.498235][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   49.506025][    C1] Kernel panic - not syncing: Fatal exception in interrupt
[   49.513180][    C1] Kernel Offset: disabled
[   49.517300][    C1] Rebooting in 86400 seconds..