Warning: Permanently added '10.128.0.76' (ECDSA) to the list of known hosts.
2023/06/24 21:35:56 ignoring optional flag "sandboxArg"="0"
2023/06/24 21:35:57 parsed 1 programs
2023/06/24 21:35:57 executed programs: 0
[   41.815305][   T23] kauditd_printk_skb: 69 callbacks suppressed
[   41.815313][   T23] audit: type=1400 audit(1687642557.069:145): avc:  denied  { mounton } for  pid=403 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   41.847304][   T23] audit: type=1400 audit(1687642557.069:146): avc:  denied  { mount } for  pid=403 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   42.031199][  T409] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.038127][  T409] bridge0: port 1(bridge_slave_0) entered disabled state
[   42.045397][  T409] device bridge_slave_0 entered promiscuous mode
[   42.053187][  T409] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.060430][  T409] bridge0: port 2(bridge_slave_1) entered disabled state
[   42.067621][  T409] device bridge_slave_1 entered promiscuous mode
[   42.141213][  T411] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.148181][  T411] bridge0: port 1(bridge_slave_0) entered disabled state
[   42.155593][  T411] device bridge_slave_0 entered promiscuous mode
[   42.168485][  T411] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.175508][  T411] bridge0: port 2(bridge_slave_1) entered disabled state
[   42.184513][  T411] device bridge_slave_1 entered promiscuous mode
[   42.208769][  T412] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.215869][  T412] bridge0: port 1(bridge_slave_0) entered disabled state
[   42.224121][  T412] device bridge_slave_0 entered promiscuous mode
[   42.231234][  T420] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.238655][  T420] bridge0: port 1(bridge_slave_0) entered disabled state
[   42.246594][  T420] device bridge_slave_0 entered promiscuous mode
[   42.273895][  T412] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.281359][  T412] bridge0: port 2(bridge_slave_1) entered disabled state
[   42.289185][  T412] device bridge_slave_1 entered promiscuous mode
[   42.298937][  T420] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.306187][  T420] bridge0: port 2(bridge_slave_1) entered disabled state
[   42.313992][  T420] device bridge_slave_1 entered promiscuous mode
[   42.359517][  T421] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.366629][  T421] bridge0: port 1(bridge_slave_0) entered disabled state
[   42.375288][  T421] device bridge_slave_0 entered promiscuous mode
[   42.385660][  T421] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.393920][  T421] bridge0: port 2(bridge_slave_1) entered disabled state
[   42.401159][  T421] device bridge_slave_1 entered promiscuous mode
[   42.503921][  T422] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.511047][  T422] bridge0: port 1(bridge_slave_0) entered disabled state
[   42.518936][  T422] device bridge_slave_0 entered promiscuous mode
[   42.548530][  T409] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.555727][  T409] bridge0: port 2(bridge_slave_1) entered forwarding state
[   42.563414][  T409] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.571041][  T409] bridge0: port 1(bridge_slave_0) entered forwarding state
[   42.579586][  T422] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.587617][  T422] bridge0: port 2(bridge_slave_1) entered disabled state
[   42.595363][  T422] device bridge_slave_1 entered promiscuous mode
[   42.633195][  T411] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.640915][  T411] bridge0: port 2(bridge_slave_1) entered forwarding state
[   42.648348][  T411] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.655290][  T411] bridge0: port 1(bridge_slave_0) entered forwarding state
[   42.687025][  T421] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.693994][  T421] bridge0: port 2(bridge_slave_1) entered forwarding state
[   42.701283][  T421] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.708325][  T421] bridge0: port 1(bridge_slave_0) entered forwarding state
[   42.741787][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   42.751844][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   42.761115][  T366] bridge0: port 1(bridge_slave_0) entered disabled state
[   42.768462][  T366] bridge0: port 2(bridge_slave_1) entered disabled state
[   42.776161][  T366] bridge0: port 1(bridge_slave_0) entered disabled state
[   42.783648][  T366] bridge0: port 2(bridge_slave_1) entered disabled state
[   42.791523][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   42.799256][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   42.841032][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   42.849308][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   42.900277][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   42.908724][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   42.917059][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   42.925534][  T366] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.932733][  T366] bridge0: port 1(bridge_slave_0) entered forwarding state
[   42.951729][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   42.959705][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   42.968305][  T124] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.975213][  T124] bridge0: port 2(bridge_slave_1) entered forwarding state
[   42.995886][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   43.003680][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   43.011889][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   43.020278][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   43.028674][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   43.036724][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   43.065326][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   43.075169][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   43.084780][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   43.093794][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   43.102706][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   43.110198][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   43.117467][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   43.125928][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   43.134501][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   43.143080][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   43.151448][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   43.159831][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   43.168251][  T365] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.175313][  T365] bridge0: port 1(bridge_slave_0) entered forwarding state
[   43.183166][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   43.196934][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   43.205368][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   43.213746][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.220581][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   43.242522][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   43.250802][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   43.259299][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   43.267586][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   43.276383][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   43.283781][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   43.291291][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   43.299848][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   43.308288][  T365] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.315744][  T365] bridge0: port 1(bridge_slave_0) entered forwarding state
[   43.323270][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   43.332085][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   43.340220][  T365] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.347465][  T365] bridge0: port 1(bridge_slave_0) entered forwarding state
[   43.354905][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   43.363288][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   43.371969][  T365] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.378888][  T365] bridge0: port 2(bridge_slave_1) entered forwarding state
[   43.386446][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   43.394856][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   43.403418][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   43.433694][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   43.442062][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   43.451748][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   43.461237][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   43.470029][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   43.478715][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   43.502218][   T23] audit: type=1400 audit(1687642558.759:147): avc:  denied  { mounton } for  pid=409 comm="syz-executor.2" path="/dev/binderfs" dev="devtmpfs" ino=10706 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[   43.549529][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   43.551862][   T23] audit: type=1400 audit(1687642558.809:148): avc:  denied  { sys_admin } for  pid=447 comm="syz-executor.2" capability=21  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[   43.558648][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   43.588819][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.595959][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   43.603244][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   43.612044][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   43.620139][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   43.628554][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   43.636368][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   43.643983][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   43.651458][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   43.659772][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   43.668505][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.676008][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   43.683700][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   43.692086][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   43.700211][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.707548][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   43.714925][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   43.738160][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   43.746677][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   43.757001][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   43.765680][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   43.774908][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   43.783572][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   43.802627][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   43.812941][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   43.838310][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   43.846586][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   43.854693][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   43.863356][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   43.871469][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   43.879677][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   43.904391][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   43.913420][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   43.921843][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   43.930267][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   43.945537][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   43.955807][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   43.965441][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   43.995998][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   44.016945][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   44.026814][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   44.036062][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   44.044918][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   44.053880][  T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   44.085727][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   44.095834][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   44.106370][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   44.117249][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   44.125841][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   44.134265][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   44.143034][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   44.151533][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   44.198607][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   44.208515][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   44.216895][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   44.226516][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   44.235156][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   44.243909][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   46.539238][ T1055] ==================================================================
[   46.547215][ T1055] BUG: KASAN: use-after-free in detach_if_pending+0x188/0x360
[   46.554494][ T1055] Write of size 8 at addr ffff8881e423f1c8 by task syz-executor.1/1055
[   46.562558][ T1055] 
[   46.565102][ T1055] CPU: 0 PID: 1055 Comm: syz-executor.1 Not tainted 5.4.242-syzkaller-00080-gf5af01b60cfa #0
[   46.575495][ T1055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   46.585909][ T1055] Call Trace:
[   46.589229][ T1055]  dump_stack+0x1d8/0x241
[   46.593477][ T1055]  ? nf_ct_l4proto_log_invalid+0x258/0x258
[   46.599281][ T1055]  ? printk+0xd1/0x111
[   46.603370][ T1055]  ? detach_if_pending+0x188/0x360
[   46.608319][ T1055]  ? wake_up_klogd+0xb2/0xf0
[   46.613392][ T1055]  ? detach_if_pending+0x188/0x360
[   46.618634][ T1055]  print_address_description+0x8c/0x600
[   46.625989][ T1055]  ? panic+0x896/0x896
[   46.630301][ T1055]  ? detach_if_pending+0x188/0x360
[   46.635597][ T1055]  __kasan_report+0xf3/0x120
[   46.640503][ T1055]  ? detach_if_pending+0x188/0x360
[   46.645970][ T1055]  kasan_report+0x30/0x60
[   46.650373][ T1055]  detach_if_pending+0x188/0x360
[   46.655154][ T1055]  del_timer_sync+0x13c/0x230
[   46.659873][ T1055]  ? find_next_bit+0x7b/0x100
[   46.664622][ T1055]  ? try_to_del_timer_sync+0x150/0x150
[   46.670101][ T1055]  ? pcpu_chunk_relocate+0xdc/0x3a0
[   46.675580][ T1055]  tun_flow_uninit+0x2c/0x280
[   46.680430][ T1055]  ? free_percpu+0x359/0x910
[   46.684935][ T1055]  tun_free_netdev+0x77/0x190
[   46.689846][ T1055]  ? tun_xdp+0x3f0/0x3f0
[   46.694049][ T1055]  netdev_run_todo+0xb7f/0xdf0
[   46.699044][ T1055]  ? netdev_refcnt_read+0x1c0/0x1c0
[   46.704230][ T1055]  ? kfree+0x123/0x370
[   46.708199][ T1055]  tun_chr_close+0xc1/0x130
[   46.712620][ T1055]  ? tun_chr_open+0x530/0x530
[   46.717130][ T1055]  __fput+0x262/0x680
[   46.721044][ T1055]  task_work_run+0x140/0x170
[   46.725463][ T1055]  exit_to_usermode_loop+0x190/0x1a0
[   46.730948][ T1055]  prepare_exit_to_usermode+0x199/0x200
[   46.736692][ T1055]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   46.742647][ T1055] 
[   46.744848][ T1055] The buggy address belongs to the page:
[   46.750688][ T1055] page:ffffea0007908fc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0
[   46.760433][ T1055] flags: 0x8000000000000000()
[   46.765842][ T1055] raw: 8000000000000000 0000000000000000 ffffea0007908fc8 0000000000000000
[   46.774847][ T1055] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   46.783409][ T1055] page dumped because: kasan: bad access detected
[   46.790267][ T1055] page_owner tracks the page as freed
[   46.796087][ T1055] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x146dc0(GFP_USER|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_COMP|__GFP_ZERO)
[   46.811566][ T1055]  prep_new_page+0x18f/0x370
[   46.816749][ T1055]  get_page_from_freelist+0x2d13/0x2d90
[   46.822223][ T1055]  __alloc_pages_nodemask+0x393/0x840
[   46.827808][ T1055]  kmalloc_order_trace+0x2a/0x100
[   46.833252][ T1055]  kvmalloc_node+0x7e/0xf0
[   46.837578][ T1055]  alloc_netdev_mqs+0x85/0xc70
[   46.842614][ T1055]  tun_set_iff+0x51f/0xdc0
[   46.846952][ T1055]  __tun_chr_ioctl+0x860/0x1d50
[   46.851814][ T1055]  do_vfs_ioctl+0x742/0x1720
[   46.856431][ T1055]  __x64_sys_ioctl+0xd4/0x110
[   46.861385][ T1055]  do_syscall_64+0xca/0x1c0
[   46.866329][ T1055]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   46.872235][ T1055] page last free stack trace:
[   46.877079][ T1055]  __free_pages_ok+0x847/0x950
[   46.881936][ T1055]  __free_pages+0x91/0x140
[   46.886537][ T1055]  device_release+0x6b/0x190
[   46.891056][ T1055]  kobject_put+0x1e6/0x2f0
[   46.895305][ T1055]  netdev_run_todo+0xc44/0xdf0
[   46.900089][ T1055]  tun_chr_close+0xc1/0x130
[   46.904502][ T1055]  __fput+0x262/0x680
[   46.908323][ T1055]  task_work_run+0x140/0x170
[   46.912750][ T1055]  exit_to_usermode_loop+0x190/0x1a0
[   46.917878][ T1055]  prepare_exit_to_usermode+0x199/0x200
[   46.923542][ T1055]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   46.929707][ T1055] 
[   46.932142][ T1055] Memory state around the buggy address:
[   46.938526][ T1055]  ffff8881e423f080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   46.948142][ T1055]  ffff8881e423f100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   46.958694][ T1055] >ffff8881e423f180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   46.967372][ T1055]                                               ^
[   46.974573][ T1055]  ffff8881e423f200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
2023/06/24 21:36:02 executed programs: 137
[   46.983254][ T1055]  ffff8881e423f280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   46.991413][ T1055] ==================================================================
[   47.000301][ T1055] Disabling lock debugging due to kernel taint
[   50.217750][    C0] BUG: kernel NULL pointer dereference, address: 0000000000000000
[   50.225745][    C0] #PF: supervisor instruction fetch in kernel mode
[   50.232934][    C0] #PF: error_code(0x0010) - not-present page
[   50.238842][    C0] PGD 1eb909067 P4D 1eb909067 PUD 1eb900067 PMD 0 
[   50.245349][    C0] Oops: 0010 [#1] PREEMPT SMP KASAN
[   50.250937][    C0] CPU: 0 PID: 1992 Comm: syz-executor.2 Tainted: G    B             5.4.242-syzkaller-00080-gf5af01b60cfa #0
[   50.262837][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   50.273258][    C0] RIP: 0010:0x0
[   50.276579][    C0] Code: Bad RIP value.
[   50.280451][    C0] RSP: 0018:ffff8881f6e09d18 EFLAGS: 00010202
[   50.286535][    C0] RAX: ffffffff8154cc2a RBX: 0000000000000102 RCX: ffff8881e49fbf00
[   50.294515][    C0] RDX: 0000000000000102 RSI: 0000000000000000 RDI: ffff8881e423f1c0
[   50.302615][    C0] RBP: ffff8881f6e09ec8 R08: ffffffff8154c86e R09: 0000000000000003
[   50.311109][    C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: 00000000ffff9d98
[   50.319094][    C0] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8881e423f1c0
[   50.326989][    C0] FS:  0000555556a05400(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[   50.336290][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   50.343073][    C0] CR2: ffffffffffffffd6 CR3: 00000001e9edd000 CR4: 00000000003406b0
[   50.351050][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   50.358961][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   50.367494][    C0] Call Trace:
[   50.370915][    C0]  <IRQ>
[   50.373595][    C0]  call_timer_fn+0x36/0x390
[   50.377940][    C0]  __run_timers+0x879/0xbe0
[   50.382280][    C0]  ? enqueue_timer+0x300/0x300
[   50.387006][    C0]  ? check_preemption_disabled+0x9f/0x320
[   50.393065][    C0]  ? debug_smp_processor_id+0x20/0x20
[   50.398446][    C0]  ? lapic_next_event+0x5b/0x70
[   50.403660][    C0]  run_timer_softirq+0x63/0xf0
[   50.408349][    C0]  __do_softirq+0x23b/0x6b7
[   50.413215][    C0]  ? sched_clock_cpu+0x18/0x3a0
[   50.417990][    C0]  irq_exit+0x195/0x1c0
[   50.422145][    C0]  smp_apic_timer_interrupt+0x11a/0x460
[   50.427885][    C0]  apic_timer_interrupt+0xf/0x20
[   50.432828][    C0]  </IRQ>
[   50.435804][    C0]  ? check_preemption_disabled+0x91/0x320
[   50.441461][    C0]  ? _raw_spin_unlock_irq+0x45/0x60
[   50.446723][    C0]  ? finish_task_switch+0x130/0x590
[   50.452025][    C0]  ? __schedule+0xb0d/0x1320
[   50.456932][    C0]  ? timerqueue_add+0x258/0x280
[   50.462084][    C0]  ? is_mmconf_reserved+0x430/0x430
[   50.467684][    C0]  ? hrtimer_start_range_ns+0x9a3/0xad0
[   50.473480][    C0]  ? schedule+0x12c/0x1d0
[   50.477888][    C0]  ? futex_wait_queue_me+0x31f/0x690
[   50.483358][    C0]  ? futex_wait_setup+0x6c0/0x6c0
[   50.488464][    C0]  ? futex_wait_setup+0x540/0x6c0
[   50.493607][    C0]  ? futex_wait+0x2f5/0x890
[   50.498110][    C0]  ? do_futex+0x19f0/0x19f0
[   50.502613][    C0]  ? __remove_hrtimer+0x3b0/0x3b0
[   50.507563][    C0]  ? do_futex+0x13c1/0x19f0
[   50.512263][    C0]  ? enqueue_task+0xfa/0x480
[   50.517027][    C0]  ? wake_up_new_task+0x63f/0x8c0
[   50.521902][    C0]  ? blake2s_update+0x1c1/0x270
[   50.526854][    C0]  ? to_ratio+0x30/0x30
[   50.530916][    C0]  ? futex_exit_release+0x1e0/0x1e0
[   50.536049][    C0]  ? put_pid+0xd5/0x110
[   50.540149][    C0]  ? _copy_from_user+0xa6/0xe0
[   50.544835][    C0]  ? get_timespec64+0x197/0x270
[   50.549695][    C0]  ? dup_mm+0xf20/0xf20
[   50.553872][    C0]  ? timespec64_add_safe+0x220/0x220
[   50.559078][    C0]  ? ktime_get+0xf9/0x130
[   50.563324][    C0]  ? __se_sys_futex+0x355/0x470
[   50.568264][    C0]  ? down_write_trylock+0x130/0x130
[   50.573748][    C0]  ? __x64_sys_futex+0xf0/0xf0
[   50.578502][    C0]  ? __do_page_fault+0x725/0xbb0
[   50.583417][    C0]  ? __x64_sys_futex+0x1d/0xf0
[   50.588074][    C0]  ? do_syscall_64+0xca/0x1c0
[   50.592564][    C0]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   50.598811][    C0] Modules linked in:
[   50.602716][    C0] CR2: 0000000000000000
[   50.606882][    C0] ---[ end trace 0dfaccae42c7e85e ]---
[   50.612350][    C0] RIP: 0010:0x0
[   50.615652][    C0] Code: Bad RIP value.
[   50.619569][    C0] RSP: 0018:ffff8881f6e09d18 EFLAGS: 00010202
[   50.625636][    C0] RAX: ffffffff8154cc2a RBX: 0000000000000102 RCX: ffff8881e49fbf00
[   50.633820][    C0] RDX: 0000000000000102 RSI: 0000000000000000 RDI: ffff8881e423f1c0
[   50.641812][    C0] RBP: ffff8881f6e09ec8 R08: ffffffff8154c86e R09: 0000000000000003
[   50.649710][    C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: 00000000ffff9d98
[   50.658194][    C0] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8881e423f1c0
[   50.666485][    C0] FS:  0000555556a05400(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[   50.675696][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   50.682550][    C0] CR2: ffffffffffffffd6 CR3: 00000001e9edd000 CR4: 00000000003406b0
[   50.690838][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   50.699062][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   50.706963][    C0] Kernel panic - not syncing: Fatal exception in interrupt
[   50.714386][    C0] Kernel Offset: disabled
[   50.718591][    C0] Rebooting in 86400 seconds..