Warning: Permanently added '10.128.10.0' (ECDSA) to the list of known hosts.
2023/05/11 20:56:05 ignoring optional flag "sandboxArg"="0"
2023/05/11 20:56:05 parsed 1 programs
2023/05/11 20:56:05 executed programs: 0
[   38.640479][   T23] kauditd_printk_skb: 69 callbacks suppressed
[   38.640488][   T23] audit: type=1400 audit(1683838565.139:145): avc:  denied  { mounton } for  pid=400 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   38.695603][   T23] audit: type=1400 audit(1683838565.139:146): avc:  denied  { mount } for  pid=400 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   38.729437][  T405] bridge0: port 1(bridge_slave_0) entered blocking state
[   38.736505][  T405] bridge0: port 1(bridge_slave_0) entered disabled state
[   38.745832][  T405] device bridge_slave_0 entered promiscuous mode
[   38.756493][  T405] bridge0: port 2(bridge_slave_1) entered blocking state
[   38.763474][  T405] bridge0: port 2(bridge_slave_1) entered disabled state
[   38.771073][  T405] device bridge_slave_1 entered promiscuous mode
[   38.972828][  T405] bridge0: port 2(bridge_slave_1) entered blocking state
[   38.979717][  T405] bridge0: port 2(bridge_slave_1) entered forwarding state
[   38.991880][  T407] bridge0: port 1(bridge_slave_0) entered blocking state
[   38.998940][  T407] bridge0: port 1(bridge_slave_0) entered disabled state
[   39.006590][  T407] device bridge_slave_0 entered promiscuous mode
[   39.016690][  T407] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.023617][  T407] bridge0: port 2(bridge_slave_1) entered disabled state
[   39.031113][  T407] device bridge_slave_1 entered promiscuous mode
[   39.046469][  T422] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.053306][  T422] bridge0: port 1(bridge_slave_0) entered disabled state
[   39.060691][  T422] device bridge_slave_0 entered promiscuous mode
[   39.074055][  T416] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.081044][  T416] bridge0: port 1(bridge_slave_0) entered disabled state
[   39.088347][  T416] device bridge_slave_0 entered promiscuous mode
[   39.094911][  T419] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.101938][  T419] bridge0: port 1(bridge_slave_0) entered disabled state
[   39.109148][  T419] device bridge_slave_0 entered promiscuous mode
[   39.126772][  T422] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.133690][  T422] bridge0: port 2(bridge_slave_1) entered disabled state
[   39.141175][  T422] device bridge_slave_1 entered promiscuous mode
[   39.151126][  T416] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.158120][  T416] bridge0: port 2(bridge_slave_1) entered disabled state
[   39.166147][  T416] device bridge_slave_1 entered promiscuous mode
[   39.185443][  T419] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.192373][  T419] bridge0: port 2(bridge_slave_1) entered disabled state
[   39.200098][  T419] device bridge_slave_1 entered promiscuous mode
[   39.328679][  T417] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.335905][  T417] bridge0: port 1(bridge_slave_0) entered disabled state
[   39.343833][  T417] device bridge_slave_0 entered promiscuous mode
[   39.353765][  T417] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.360622][  T417] bridge0: port 2(bridge_slave_1) entered disabled state
[   39.367999][  T417] device bridge_slave_1 entered promiscuous mode
[   39.444504][   T74] bridge0: port 2(bridge_slave_1) entered disabled state
[   39.453236][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   39.461076][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   39.484033][  T125] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   39.493745][  T125] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   39.501933][  T125] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.509001][  T125] bridge0: port 1(bridge_slave_0) entered forwarding state
[   39.516667][  T125] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   39.526269][  T125] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.533806][  T125] bridge0: port 2(bridge_slave_1) entered forwarding state
[   39.567565][  T125] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   39.576464][  T125] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   39.624411][  T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   39.641010][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   39.649283][   T74] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.657608][   T74] bridge0: port 1(bridge_slave_0) entered forwarding state
[   39.664973][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   39.673137][   T74] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.680179][   T74] bridge0: port 2(bridge_slave_1) entered forwarding state
[   39.705575][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   39.714388][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   39.722616][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   39.730502][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   39.738801][   T74] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.745740][   T74] bridge0: port 1(bridge_slave_0) entered forwarding state
[   39.752924][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   39.761400][   T74] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.768725][   T74] bridge0: port 2(bridge_slave_1) entered forwarding state
[   39.777736][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   39.803208][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   39.811282][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   39.833033][  T361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   39.840999][  T361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   39.848763][  T361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   39.857386][  T361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   39.905976][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   39.914756][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   39.924699][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   39.933161][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   39.941938][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   39.950885][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   39.959781][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   39.968261][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   39.976853][   T74] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.984111][   T74] bridge0: port 1(bridge_slave_0) entered forwarding state
[   39.991609][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   39.999785][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   40.007952][   T74] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.015121][   T74] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.022464][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   40.030360][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   40.038605][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   40.046632][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   40.054573][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   40.062742][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   40.070042][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   40.078373][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   40.086476][   T74] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.093652][   T74] bridge0: port 1(bridge_slave_0) entered forwarding state
[   40.101051][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   40.109459][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   40.118136][   T74] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.125125][   T74] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.132904][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   40.141111][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   40.149012][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   40.156270][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   40.163444][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   40.172356][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   40.180896][   T74] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.187852][   T74] bridge0: port 1(bridge_slave_0) entered forwarding state
[   40.195532][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   40.203763][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   40.211910][   T74] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.218852][   T74] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.266718][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   40.274952][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   40.286146][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   40.294163][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   40.302314][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   40.309885][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   40.317424][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   40.325945][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   40.333975][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   40.342472][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   40.350941][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   40.359218][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   40.367469][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   40.375524][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   40.383179][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   40.391546][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   40.399875][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   40.407907][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   40.416015][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   40.441983][   T23] audit: type=1400 audit(1683838566.939:147): avc:  denied  { mounton } for  pid=405 comm="syz-executor.2" path="/dev/binderfs" dev="devtmpfs" ino=10787 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[   40.442317][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   40.476157][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   40.485863][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   40.494241][   T23] audit: type=1400 audit(1683838566.989:148): avc:  denied  { sys_admin } for  pid=441 comm="syz-executor.2" capability=21  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[   40.494733][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   40.524242][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   40.532470][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   40.540612][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   40.571362][  T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   40.579696][  T354] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   40.588139][  T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   40.596822][  T354] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   40.605682][  T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   40.633947][  T354] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   40.642287][  T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   40.651173][  T354] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   40.659758][  T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   40.668196][  T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   40.705499][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   40.726379][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   40.744629][  T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   40.753441][  T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   40.784631][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   40.818117][  T125] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   40.833592][  T125] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   40.844973][  T125] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   40.853360][  T125] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   40.887294][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   40.896680][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   40.907231][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   40.915432][  T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2023/05/11 20:56:10 executed programs: 277
2023/05/11 20:56:15 executed programs: 677
[   50.866236][ T3794] ==================================================================
[   50.874134][ T3794] BUG: KASAN: use-after-free in detach_if_pending+0x188/0x360
[   50.881422][ T3794] Write of size 8 at addr ffff8881e08871c8 by task syz-executor.5/3794
[   50.889572][ T3794] 
[   50.891745][ T3794] CPU: 0 PID: 3794 Comm: syz-executor.5 Not tainted 5.4.233-syzkaller-00058-gf423d52eea72 #0
[   50.901729][ T3794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[   50.911710][ T3794] Call Trace:
[   50.914859][ T3794]  dump_stack+0x1d8/0x241
[   50.919018][ T3794]  ? nf_ct_l4proto_log_invalid+0x258/0x258
[   50.924926][ T3794]  ? printk+0xd1/0x111
[   50.929682][ T3794]  ? detach_if_pending+0x188/0x360
[   50.934651][ T3794]  ? wake_up_klogd+0xb2/0xf0
[   50.939225][ T3794]  ? detach_if_pending+0x188/0x360
[   50.944430][ T3794]  print_address_description+0x8c/0x600
[   50.949822][ T3794]  ? panic+0x896/0x896
[   50.953908][ T3794]  ? detach_if_pending+0x188/0x360
[   50.958928][ T3794]  __kasan_report+0xf3/0x120
[   50.963347][ T3794]  ? detach_if_pending+0x188/0x360
[   50.968309][ T3794]  kasan_report+0x30/0x60
[   50.972553][ T3794]  detach_if_pending+0x188/0x360
[   50.977320][ T3794]  del_timer_sync+0x13c/0x230
[   50.982198][ T3794]  ? find_next_bit+0x7b/0x100
[   50.986699][ T3794]  ? try_to_del_timer_sync+0x150/0x150
[   50.992005][ T3794]  ? pcpu_chunk_relocate+0xdc/0x3a0
[   50.997038][ T3794]  tun_flow_uninit+0x2c/0x280
[   51.001737][ T3794]  ? free_percpu+0x359/0x910
[   51.006313][ T3794]  tun_free_netdev+0x77/0x190
[   51.010940][ T3794]  ? tun_xdp+0x3f0/0x3f0
[   51.015138][ T3794]  netdev_run_todo+0xb7f/0xdf0
[   51.020127][ T3794]  ? netdev_refcnt_read+0x1c0/0x1c0
[   51.025163][ T3794]  ? kfree+0x123/0x370
[   51.029059][ T3794]  tun_chr_close+0xc1/0x130
[   51.033480][ T3794]  ? tun_chr_open+0x4b0/0x4b0
[   51.037993][ T3794]  __fput+0x262/0x680
[   51.041897][ T3794]  task_work_run+0x140/0x170
[   51.046513][ T3794]  exit_to_usermode_loop+0x190/0x1a0
[   51.051731][ T3794]  prepare_exit_to_usermode+0x199/0x200
[   51.057127][ T3794]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   51.063071][ T3794] 
[   51.065259][ T3794] The buggy address belongs to the page:
[   51.070723][ T3794] page:ffffea0007822100 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 compound_mapcount: 0
[   51.081679][ T3794] flags: 0x8000000000010000(head)
[   51.086671][ T3794] raw: 8000000000010000 dead000000000100 dead000000000122 0000000000000000
[   51.095350][ T3794] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   51.104051][ T3794] page dumped because: kasan: bad access detected
[   51.110502][ T3794] page_owner tracks the page as allocated
[   51.116118][ T3794] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x146dc0(GFP_USER|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_COMP|__GFP_ZERO)
[   51.130441][ T3794]  prep_new_page+0x18f/0x370
[   51.134888][ T3794]  get_page_from_freelist+0x2d13/0x2d90
[   51.140236][ T3794]  __alloc_pages_nodemask+0x393/0x840
[   51.145530][ T3794]  kmalloc_order_trace+0x2a/0x100
[   51.150397][ T3794]  kvmalloc_node+0x7e/0xf0
[   51.154659][ T3794]  alloc_netdev_mqs+0x85/0xc70
[   51.159243][ T3794]  tun_set_iff+0x513/0x11d0
[   51.163585][ T3794]  __tun_chr_ioctl+0x860/0x1d50
[   51.168281][ T3794]  do_vfs_ioctl+0x742/0x1720
[   51.172871][ T3794]  __x64_sys_ioctl+0xd4/0x110
[   51.177718][ T3794]  do_syscall_64+0xca/0x1c0
[   51.182360][ T3794]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   51.188056][ T3794] page last free stack trace:
[   51.192767][ T3794]  __free_pages_ok+0x847/0x950
[   51.197442][ T3794]  __free_pages+0x91/0x140
[   51.201694][ T3794]  device_release+0x6b/0x190
[   51.206221][ T3794]  kobject_put+0x1e6/0x2f0
[   51.210557][ T3794]  netdev_run_todo+0xc44/0xdf0
[   51.215157][ T3794]  tun_chr_close+0xc1/0x130
[   51.219580][ T3794]  __fput+0x262/0x680
[   51.223582][ T3794]  task_work_run+0x140/0x170
[   51.228052][ T3794]  exit_to_usermode_loop+0x190/0x1a0
[   51.233785][ T3794]  prepare_exit_to_usermode+0x199/0x200
[   51.239679][ T3794]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   51.245395][ T3794] 
[   51.247609][ T3794] Memory state around the buggy address:
[   51.253051][ T3794]  ffff8881e0887080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   51.261158][ T3794]  ffff8881e0887100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   51.269044][ T3794] >ffff8881e0887180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   51.276939][ T3794]                                               ^
[   51.283277][ T3794]  ffff8881e0887200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   51.291181][ T3794]  ffff8881e0887280: 00 00 00 00 00 00 00 00 07 fe fe fe fe fe fe fe
[   51.299158][ T3794] ==================================================================
[   51.307143][ T3794] Disabling lock debugging due to kernel taint
2023/05/11 20:56:20 executed programs: 1041
[   54.135196][    C1] kasan: CONFIG_KASAN_INLINE enabled
[   54.140290][    C1] kasan: GPF could be caused by NULL-ptr deref or user memory access
[   54.148193][    C1] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[   54.154965][    C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G    B             5.4.233-syzkaller-00058-gf423d52eea72 #0
[   54.165637][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[   54.175538][    C1] RIP: 0010:__run_timers+0x7b0/0xbe0
[   54.180827][    C1] Code: 89 e7 e8 43 19 3f 00 4d 89 2c 24 4d 85 ed 74 2e e8 e5 60 0f 00 49 83 c5 08 4c 89 e8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 ef e8 12 19 3f 00 4d 89 65 00 eb 05 e8 b7
[   54.200702][    C1] RSP: 0018:ffff8881f6f09d60 EFLAGS: 00010802
[   54.206647][    C1] RAX: 1bd5a00000000025 RBX: 1ffff1103c110e39 RCX: dffffc0000000000
[   54.214593][    C1] RDX: 0000000080000102 RSI: 0000000000000008 RDI: ffff8881e08871c8
[   54.222399][    C1] RBP: ffff8881f6f09ec8 R08: dffffc0000000000 R09: 0000000000000003
[   54.230858][    C1] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff8881f6f09e20
[   54.239169][    C1] R13: dead00000000012a R14: 1ffff1103c110e38 R15: ffff8881e08871c8
[   54.247074][    C1] FS:  0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[   54.256097][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   54.262515][    C1] CR2: 0000000000000000 CR3: 00000001e1056000 CR4: 00000000003406a0
[   54.270455][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   54.278224][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   54.286243][    C1] Call Trace:
[   54.289348][    C1]  <IRQ>
[   54.292047][    C1]  ? enqueue_timer+0x300/0x300
[   54.296903][    C1]  ? check_preemption_disabled+0x9f/0x320
[   54.302459][    C1]  ? debug_smp_processor_id+0x20/0x20
[   54.307667][    C1]  ? lapic_next_event+0x5b/0x70
[   54.312366][    C1]  run_timer_softirq+0x63/0xf0
[   54.316971][    C1]  __do_softirq+0x23b/0x6b7
[   54.321480][    C1]  ? sched_clock_cpu+0x18/0x3a0
[   54.326373][    C1]  irq_exit+0x195/0x1c0
[   54.330373][    C1]  smp_apic_timer_interrupt+0x11a/0x460
[   54.335747][    C1]  apic_timer_interrupt+0xf/0x20
[   54.340521][    C1]  </IRQ>
[   54.343393][    C1]  ? check_preemption_disabled+0x91/0x320
[   54.349212][    C1]  ? default_idle+0x1f/0x30
[   54.353728][    C1]  ? default_idle+0x11/0x30
[   54.358270][    C1]  ? do_idle+0x248/0x660
[   54.362427][    C1]  ? idle_inject_timer_fn+0x60/0x60
[   54.367471][    C1]  ? cpu_startup_entry+0x14/0x20
[   54.372756][    C1]  ? start_secondary+0x3a0/0x460
[   54.377533][    C1]  ? native_play_dead+0x220/0x220
[   54.382405][    C1]  ? secondary_startup_64+0xa4/0xb0
[   54.387417][    C1] Modules linked in:
[   54.391154][    C1] ---[ end trace be8019b954bf2423 ]---
[   54.396458][    C1] RIP: 0010:__run_timers+0x7b0/0xbe0
[   54.401664][    C1] Code: 89 e7 e8 43 19 3f 00 4d 89 2c 24 4d 85 ed 74 2e e8 e5 60 0f 00 49 83 c5 08 4c 89 e8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 ef e8 12 19 3f 00 4d 89 65 00 eb 05 e8 b7
[   54.421194][    C1] RSP: 0018:ffff8881f6f09d60 EFLAGS: 00010802
[   54.427105][    C1] RAX: 1bd5a00000000025 RBX: 1ffff1103c110e39 RCX: dffffc0000000000
[   54.435245][    C1] RDX: 0000000080000102 RSI: 0000000000000008 RDI: ffff8881e08871c8
[   54.443144][    C1] RBP: ffff8881f6f09ec8 R08: dffffc0000000000 R09: 0000000000000003
[   54.451042][    C1] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff8881f6f09e20
[   54.458941][    C1] R13: dead00000000012a R14: 1ffff1103c110e38 R15: ffff8881e08871c8
[   54.466841][    C1] FS:  0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[   54.476202][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   54.482619][    C1] CR2: 0000000000000000 CR3: 00000001e1056000 CR4: 00000000003406a0
[   54.490555][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   54.498473][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   54.506350][    C1] Kernel panic - not syncing: Fatal exception in interrupt
[   54.513648][    C1] Kernel Offset: disabled
[   54.517780][    C1] Rebooting in 86400 seconds..