Warning: Permanently added '10.128.1.168' (ED25519) to the list of known hosts.
2023/12/07 22:42:40 ignoring optional flag "sandboxArg"="0"
2023/12/07 22:42:40 parsed 1 programs
2023/12/07 22:42:40 executed programs: 0
[   39.514303][   T23] kauditd_printk_skb: 68 callbacks suppressed
[   39.514310][   T23] audit: type=1400 audit(1701988960.800:144): avc:  denied  { mounton } for  pid=400 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   39.547877][   T23] audit: type=1400 audit(1701988960.840:145): avc:  denied  { mount } for  pid=400 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   39.726613][  T409] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.733710][  T409] bridge0: port 1(bridge_slave_0) entered disabled state
[   39.741742][  T409] device bridge_slave_0 entered promiscuous mode
[   39.750983][  T409] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.758222][  T409] bridge0: port 2(bridge_slave_1) entered disabled state
[   39.768012][  T409] device bridge_slave_1 entered promiscuous mode
[   39.843585][  T413] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.850760][  T413] bridge0: port 1(bridge_slave_0) entered disabled state
[   39.858461][  T413] device bridge_slave_0 entered promiscuous mode
[   39.865902][  T413] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.873086][  T413] bridge0: port 2(bridge_slave_1) entered disabled state
[   39.880450][  T413] device bridge_slave_1 entered promiscuous mode
[   40.000484][  T419] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.008086][  T419] bridge0: port 1(bridge_slave_0) entered disabled state
[   40.015764][  T419] device bridge_slave_0 entered promiscuous mode
[   40.029357][  T414] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.036320][  T414] bridge0: port 1(bridge_slave_0) entered disabled state
[   40.043787][  T414] device bridge_slave_0 entered promiscuous mode
[   40.054595][  T414] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.061615][  T414] bridge0: port 2(bridge_slave_1) entered disabled state
[   40.069465][  T414] device bridge_slave_1 entered promiscuous mode
[   40.084888][  T419] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.091913][  T419] bridge0: port 2(bridge_slave_1) entered disabled state
[   40.099538][  T419] device bridge_slave_1 entered promiscuous mode
[   40.106209][  T415] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.113274][  T415] bridge0: port 1(bridge_slave_0) entered disabled state
[   40.120655][  T415] device bridge_slave_0 entered promiscuous mode
[   40.131156][  T415] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.138238][  T415] bridge0: port 2(bridge_slave_1) entered disabled state
[   40.145878][  T415] device bridge_slave_1 entered promiscuous mode
[   40.184515][   T23] audit: type=1400 audit(1701988961.470:146): avc:  denied  { create } for  pid=413 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   40.208010][   T23] audit: type=1400 audit(1701988961.470:147): avc:  denied  { write } for  pid=413 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   40.212462][  T421] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.229497][   T23] audit: type=1400 audit(1701988961.470:148): avc:  denied  { read } for  pid=413 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   40.236615][  T421] bridge0: port 1(bridge_slave_0) entered disabled state
[   40.265535][  T421] device bridge_slave_0 entered promiscuous mode
[   40.276555][  T421] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.283574][  T421] bridge0: port 2(bridge_slave_1) entered disabled state
[   40.290776][  T421] device bridge_slave_1 entered promiscuous mode
[   40.387232][  T413] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.394396][  T413] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.401457][  T413] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.408278][  T413] bridge0: port 1(bridge_slave_0) entered forwarding state
[   40.436731][  T409] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.443612][  T409] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.450889][  T409] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.458120][  T409] bridge0: port 1(bridge_slave_0) entered forwarding state
[   40.512053][  T414] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.519319][  T414] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.526666][  T414] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.534662][  T414] bridge0: port 1(bridge_slave_0) entered forwarding state
[   40.559001][  T415] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.565883][  T415] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.573238][  T415] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.580310][  T415] bridge0: port 1(bridge_slave_0) entered forwarding state
[   40.612534][  T421] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.619552][  T421] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.626634][  T421] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.633480][  T421] bridge0: port 1(bridge_slave_0) entered forwarding state
[   40.667283][  T419] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.674162][  T419] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.681320][  T419] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.688135][  T419] bridge0: port 1(bridge_slave_0) entered forwarding state
[   40.709249][  T363] bridge0: port 1(bridge_slave_0) entered disabled state
[   40.717041][  T363] bridge0: port 2(bridge_slave_1) entered disabled state
[   40.724731][  T363] bridge0: port 1(bridge_slave_0) entered disabled state
[   40.731942][  T363] bridge0: port 2(bridge_slave_1) entered disabled state
[   40.740209][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   40.747893][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   40.755578][  T363] bridge0: port 1(bridge_slave_0) entered disabled state
[   40.763047][  T363] bridge0: port 2(bridge_slave_1) entered disabled state
[   40.770377][  T363] bridge0: port 1(bridge_slave_0) entered disabled state
[   40.777905][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   40.786311][  T363] bridge0: port 2(bridge_slave_1) entered disabled state
[   40.793688][  T363] bridge0: port 2(bridge_slave_1) entered disabled state
[   40.800906][  T363] bridge0: port 1(bridge_slave_0) entered disabled state
[   40.808229][  T363] bridge0: port 2(bridge_slave_1) entered disabled state
[   40.826629][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   40.834192][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   40.841542][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   40.849976][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   40.858137][  T358] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.864994][  T358] bridge0: port 1(bridge_slave_0) entered forwarding state
[   40.872231][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   40.881642][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   40.889702][  T358] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.896533][  T358] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.913025][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   40.921389][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   40.929615][   T74] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.936519][   T74] bridge0: port 1(bridge_slave_0) entered forwarding state
[   40.944030][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   40.951907][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   40.959804][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   40.968086][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   40.976707][   T74] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.983571][   T74] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.990923][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   40.999239][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   41.007555][   T74] bridge0: port 1(bridge_slave_0) entered blocking state
[   41.014715][   T74] bridge0: port 1(bridge_slave_0) entered forwarding state
[   41.022383][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   41.030809][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   41.039038][   T74] bridge0: port 2(bridge_slave_1) entered blocking state
[   41.045895][   T74] bridge0: port 2(bridge_slave_1) entered forwarding state
[   41.074468][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   41.082622][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   41.091212][  T358] bridge0: port 2(bridge_slave_1) entered blocking state
[   41.098260][  T358] bridge0: port 2(bridge_slave_1) entered forwarding state
[   41.106547][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   41.114975][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   41.122762][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   41.131043][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   41.139124][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   41.157986][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   41.204981][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   41.213939][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   41.222021][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   41.231018][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   41.239303][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   41.247360][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   41.255379][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   41.263493][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   41.271545][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   41.279909][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   41.288030][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   41.296275][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   41.303655][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   41.311073][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   41.319339][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   41.327502][   T74] bridge0: port 1(bridge_slave_0) entered blocking state
[   41.334435][   T74] bridge0: port 1(bridge_slave_0) entered forwarding state
[   41.341909][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   41.350645][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   41.358650][   T74] bridge0: port 2(bridge_slave_1) entered blocking state
[   41.366185][   T74] bridge0: port 2(bridge_slave_1) entered forwarding state
[   41.373951][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   41.393505][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   41.400754][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   41.408486][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   41.444704][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   41.453354][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   41.461883][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   41.470386][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   41.478961][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   41.487322][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   41.495865][    T5] bridge0: port 1(bridge_slave_0) entered blocking state
[   41.502724][    T5] bridge0: port 1(bridge_slave_0) entered forwarding state
[   41.510217][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   41.518732][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   41.527172][    T5] bridge0: port 2(bridge_slave_1) entered blocking state
[   41.534188][    T5] bridge0: port 2(bridge_slave_1) entered forwarding state
[   41.541599][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   41.549493][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   41.557607][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   41.566344][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   41.574800][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   41.614452][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   41.622770][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   41.631996][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   41.640089][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   41.648674][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   41.656699][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   41.664919][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   41.673179][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   41.681500][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   41.689964][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   41.698183][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   41.718253][   T23] audit: type=1400 audit(1701988963.000:149): avc:  denied  { mounton } for  pid=413 comm="syz-executor.4" path="/dev/binderfs" dev="devtmpfs" ino=926 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[   41.744926][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   41.758089][   T23] audit: type=1400 audit(1701988963.040:150): avc:  denied  { sys_admin } for  pid=442 comm="syz-executor.4" capability=21  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[   41.760126][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   41.787782][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   41.796046][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   41.838805][  T106] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   41.848070][  T106] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   41.857141][  T106] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   41.865982][  T106] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   41.874467][  T106] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   41.882640][  T106] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   41.891088][  T106] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   41.899621][  T106] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   41.908059][  T106] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   41.916449][  T106] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   41.940974][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   41.949762][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   41.960280][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   41.969090][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   42.006848][  T106] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   42.015342][  T106] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   42.024605][  T106] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   42.033283][  T106] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   42.041660][  T106] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   42.051913][  T106] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   42.060725][  T106] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   42.069122][  T106] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   42.077756][  T106] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   42.086787][  T106] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2023/12/07 22:42:46 executed programs: 208
2023/12/07 22:42:51 executed programs: 486
[   54.212377][ T3527] ==================================================================
[   54.220567][ T3527] BUG: KASAN: use-after-free in detach_if_pending+0x188/0x360
[   54.228211][ T3527] Write of size 8 at addr ffff8881dbbcf1c8 by task syz-executor.4/3527
[   54.236604][ T3527] 
[   54.238778][ T3527] CPU: 1 PID: 3527 Comm: syz-executor.4 Not tainted 5.4.259-syzkaller-04797-g1303f659c2b1 #0
[   54.249007][ T3527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[   54.258875][ T3527] Call Trace:
[   54.262013][ T3527]  dump_stack+0x1d8/0x241
[   54.266180][ T3527]  ? nf_ct_l4proto_log_invalid+0x258/0x258
[   54.271939][ T3527]  ? printk+0xd1/0x111
[   54.275801][ T3527]  ? detach_if_pending+0x188/0x360
[   54.280782][ T3527]  ? wake_up_klogd+0xb2/0xf0
[   54.285167][ T3527]  ? detach_if_pending+0x188/0x360
[   54.290121][ T3527]  print_address_description+0x8c/0x600
[   54.295612][ T3527]  ? panic+0x896/0x896
[   54.299492][ T3527]  ? detach_if_pending+0x188/0x360
[   54.304525][ T3527]  __kasan_report+0xf3/0x120
[   54.308951][ T3527]  ? detach_if_pending+0x188/0x360
[   54.313983][ T3527]  kasan_report+0x30/0x60
[   54.318152][ T3527]  detach_if_pending+0x188/0x360
[   54.322935][ T3527]  del_timer_sync+0x13c/0x230
[   54.327533][ T3527]  ? try_to_del_timer_sync+0x150/0x150
[   54.332906][ T3527]  ? pcpu_chunk_relocate+0xdc/0x3a0
[   54.337946][ T3527]  tun_flow_uninit+0x2c/0x280
[   54.342461][ T3527]  ? free_percpu+0x359/0x910
[   54.346906][ T3527]  tun_free_netdev+0x77/0x190
[   54.351390][ T3527]  ? tun_xdp+0x3f0/0x3f0
[   54.355566][ T3527]  netdev_run_todo+0xb7f/0xdf0
[   54.360158][ T3527]  ? netdev_refcnt_read+0x1c0/0x1c0
[   54.365194][ T3527]  ? kfree+0x123/0x370
[   54.369098][ T3527]  tun_chr_close+0xc1/0x130
[   54.373523][ T3527]  ? tun_chr_open+0x500/0x500
[   54.378130][ T3527]  __fput+0x262/0x680
[   54.381944][ T3527]  task_work_run+0x140/0x170
[   54.386375][ T3527]  exit_to_usermode_loop+0x190/0x1a0
[   54.391578][ T3527]  prepare_exit_to_usermode+0x199/0x200
[   54.396958][ T3527]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   54.402687][ T3527] 
[   54.404940][ T3527] The buggy address belongs to the page:
[   54.410414][ T3527] page:ffffea00076ef300 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 compound_mapcount: 0
[   54.421546][ T3527] flags: 0x8000000000010000(head)
[   54.426413][ T3527] raw: 8000000000010000 dead000000000100 dead000000000122 0000000000000000
[   54.434931][ T3527] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   54.443632][ T3527] page dumped because: kasan: bad access detected
[   54.449870][ T3527] page_owner tracks the page as allocated
[   54.455614][ T3527] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x146dc0(GFP_USER|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_COMP|__GFP_ZERO)
[   54.469843][ T3527]  prep_new_page+0x18f/0x370
[   54.474262][ T3527]  get_page_from_freelist+0x2d13/0x2d90
[   54.479999][ T3527]  __alloc_pages_nodemask+0x393/0x840
[   54.485302][ T3527]  kmalloc_order_trace+0x2a/0x100
[   54.490332][ T3527]  kvmalloc_node+0x7e/0xf0
[   54.494637][ T3527]  alloc_netdev_mqs+0x85/0xc70
[   54.499376][ T3527]  tun_set_iff+0x51f/0xdc0
[   54.503910][ T3527]  __tun_chr_ioctl+0x8a9/0x1d00
[   54.508858][ T3527]  do_vfs_ioctl+0x742/0x1720
[   54.514336][ T3527]  __x64_sys_ioctl+0xd4/0x110
[   54.518958][ T3527]  do_syscall_64+0xca/0x1c0
[   54.523546][ T3527]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   54.529349][ T3527] page last free stack trace:
[   54.534039][ T3527]  __free_pages_ok+0x847/0x950
[   54.538679][ T3527]  __free_pages+0x91/0x140
[   54.543064][ T3527]  device_release+0x6b/0x190
[   54.547578][ T3527]  kobject_put+0x1e6/0x2f0
[   54.551913][ T3527]  netdev_run_todo+0xc44/0xdf0
[   54.556614][ T3527]  tun_chr_close+0xc1/0x130
[   54.561060][ T3527]  __fput+0x262/0x680
[   54.564972][ T3527]  task_work_run+0x140/0x170
[   54.569390][ T3527]  exit_to_usermode_loop+0x190/0x1a0
[   54.574515][ T3527]  prepare_exit_to_usermode+0x199/0x200
[   54.579893][ T3527]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   54.585789][ T3527] 
[   54.588247][ T3527] Memory state around the buggy address:
[   54.593730][ T3527]  ffff8881dbbcf080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   54.601616][ T3527]  ffff8881dbbcf100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   54.609776][ T3527] >ffff8881dbbcf180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   54.618374][ T3527]                                               ^
[   54.624632][ T3527]  ffff8881dbbcf200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   54.632786][ T3527]  ffff8881dbbcf280: 00 00 00 00 00 00 00 00 00 00 07 fe fe fe fe fe
[   54.641572][ T3527] ==================================================================
[   54.649783][ T3527] Disabling lock debugging due to kernel taint
2023/12/07 22:42:56 executed programs: 853
[   58.212842][    C1] kasan: CONFIG_KASAN_INLINE enabled
[   58.218401][    C1] kasan: GPF could be caused by NULL-ptr deref or user memory access
[   58.226371][    C1] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[   58.233482][    C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G    B             5.4.259-syzkaller-04797-g1303f659c2b1 #0
[   58.244585][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[   58.254834][    C1] RIP: 0010:__run_timers+0x7b0/0xbe0
[   58.259940][    C1] Code: 89 e7 e8 53 38 3f 00 4d 89 2c 24 4d 85 ed 74 2e e8 65 67 0f 00 49 83 c5 08 4c 89 e8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 ef e8 22 38 3f 00 4d 89 65 00 eb 05 e8 37
[   58.279558][    C1] RSP: 0018:ffff8881f6f09d60 EFLAGS: 00010802
[   58.285836][    C1] RAX: 1bd5a00000000025 RBX: 1ffff1103b779e39 RCX: dffffc0000000000
[   58.293839][    C1] RDX: 0000000080000102 RSI: 0000000000000008 RDI: ffff8881dbbcf1c8
[   58.301848][    C1] RBP: ffff8881f6f09ec8 R08: dffffc0000000000 R09: 0000000000000003
[   58.309891][    C1] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff8881f6f09e28
[   58.317690][    C1] R13: dead00000000012a R14: 1ffff1103b779e38 R15: ffff8881dbbcf1c8
[   58.325583][    C1] FS:  0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[   58.334463][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   58.340865][    C1] CR2: 00007f0e6a70fd80 CR3: 00000001ef498000 CR4: 00000000003406a0
[   58.348685][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   58.356534][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   58.364324][    C1] Call Trace:
[   58.367453][    C1]  <IRQ>
[   58.370119][    C1]  ? __die+0xb4/0x100
[   58.373928][    C1]  ? die+0x26/0x50
[   58.377485][    C1]  ? do_general_protection+0x266/0x3c0
[   58.382866][    C1]  ? do_trap+0x340/0x340
[   58.386951][    C1]  ? check_preemption_disabled+0x9f/0x320
[   58.392504][    C1]  ? round_jiffies+0x99/0xb0
[   58.396934][    C1]  ? general_protection+0x28/0x30
[   58.401788][    C1]  ? __run_timers+0x7b0/0xbe0
[   58.406505][    C1]  ? enqueue_timer+0x300/0x300
[   58.411359][    C1]  ? check_preemption_disabled+0x9f/0x320
[   58.416914][    C1]  ? debug_smp_processor_id+0x20/0x20
[   58.422210][    C1]  ? lapic_next_event+0x5b/0x70
[   58.426895][    C1]  run_timer_softirq+0x63/0xf0
[   58.431611][    C1]  __do_softirq+0x23b/0x6b7
[   58.436290][    C1]  ? sched_clock_cpu+0x18/0x3a0
[   58.441315][    C1]  irq_exit+0x195/0x1c0
[   58.445319][    C1]  smp_apic_timer_interrupt+0x11a/0x460
[   58.450687][    C1]  apic_timer_interrupt+0xf/0x20
[   58.455458][    C1]  </IRQ>
[   58.458249][    C1]  ? check_preemption_disabled+0x91/0x320
[   58.464077][    C1]  ? default_idle+0x1f/0x30
[   58.468650][    C1]  ? default_idle+0x11/0x30
[   58.472989][    C1]  ? do_idle+0x248/0x660
[   58.477074][    C1]  ? idle_inject_timer_fn+0x60/0x60
[   58.482108][    C1]  ? cpu_startup_entry+0x14/0x20
[   58.486883][    C1]  ? start_secondary+0x3a5/0x460
[   58.492455][    C1]  ? native_play_dead+0x260/0x260
[   58.497335][    C1]  ? secondary_startup_64+0xa4/0xb0
[   58.502441][    C1] Modules linked in:
[   58.506199][    C1] ---[ end trace 83727b38ab971e8a ]---
[   58.511490][    C1] RIP: 0010:__run_timers+0x7b0/0xbe0
[   58.516946][    C1] Code: 89 e7 e8 53 38 3f 00 4d 89 2c 24 4d 85 ed 74 2e e8 65 67 0f 00 49 83 c5 08 4c 89 e8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 ef e8 22 38 3f 00 4d 89 65 00 eb 05 e8 37
[   58.536837][    C1] RSP: 0018:ffff8881f6f09d60 EFLAGS: 00010802
[   58.542728][    C1] RAX: 1bd5a00000000025 RBX: 1ffff1103b779e39 RCX: dffffc0000000000
[   58.550542][    C1] RDX: 0000000080000102 RSI: 0000000000000008 RDI: ffff8881dbbcf1c8
[   58.558349][    C1] RBP: ffff8881f6f09ec8 R08: dffffc0000000000 R09: 0000000000000003
[   58.566193][    C1] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff8881f6f09e28
[   58.574233][    C1] R13: dead00000000012a R14: 1ffff1103b779e38 R15: ffff8881dbbcf1c8
[   58.582113][    C1] FS:  0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[   58.591052][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   58.597561][    C1] CR2: 00007f0e6a70fd80 CR3: 00000001ef498000 CR4: 00000000003406a0
[   58.605468][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   58.613386][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   58.621198][    C1] Kernel panic - not syncing: Fatal exception in interrupt
[   59.698970][    C1] Shutting down cpus with NMI
[   59.703895][    C1] Kernel Offset: disabled
[   59.708043][    C1] Rebooting in 86400 seconds..