Warning: Permanently added '10.128.1.145' (ECDSA) to the list of known hosts.
2023/04/20 06:01:27 ignoring optional flag "sandboxArg"="0"
2023/04/20 06:01:27 parsed 1 programs
2023/04/20 06:01:27 executed programs: 0
[   39.440111][   T22] kauditd_printk_skb: 61 callbacks suppressed
[   39.440118][   T22] audit: type=1400 audit(1681970487.179:144): avc:  denied  { mounton } for  pid=334 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   39.475516][   T22] audit: type=1400 audit(1681970487.199:145): avc:  denied  { mount } for  pid=334 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   39.507269][   T22] audit: type=1400 audit(1681970487.239:146): avc:  denied  { mounton } for  pid=340 comm="syz-executor.1" path="/syzcgroup/unified" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[   39.520657][  T342] cgroup1: Unknown subsys name 'perf_event'
[   39.532374][  T340] cgroup1: Unknown subsys name 'perf_event'
[   39.539225][  T343] cgroup1: Unknown subsys name 'perf_event'
[   39.545186][  T340] cgroup1: Unknown subsys name 'net_cls'
[   39.558621][  T343] cgroup1: Unknown subsys name 'net_cls'
[   39.565627][   T22] audit: type=1400 audit(1681970487.259:147): avc:  denied  { mount } for  pid=342 comm="syz-executor.4" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   39.575644][  T342] cgroup1: Unknown subsys name 'net_cls'
[   39.596130][  T346] cgroup1: Unknown subsys name 'perf_event'
[   39.617991][  T346] cgroup1: Unknown subsys name 'net_cls'
[   39.620638][  T348] cgroup1: Unknown subsys name 'perf_event'
[   39.626481][  T347] cgroup1: Unknown subsys name 'perf_event'
[   39.630478][  T348] cgroup1: Unknown subsys name 'net_cls'
[   39.636063][  T347] cgroup1: Unknown subsys name 'net_cls'
[   39.804179][  T340] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.811808][  T340] bridge0: port 1(bridge_slave_0) entered disabled state
[   39.819742][  T340] device bridge_slave_0 entered promiscuous mode
[   39.846682][  T342] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.854008][  T342] bridge0: port 1(bridge_slave_0) entered disabled state
[   39.861563][  T342] device bridge_slave_0 entered promiscuous mode
[   39.873866][  T340] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.881061][  T340] bridge0: port 2(bridge_slave_1) entered disabled state
[   39.888943][  T340] device bridge_slave_1 entered promiscuous mode
[   39.898914][  T342] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.905939][  T342] bridge0: port 2(bridge_slave_1) entered disabled state
[   39.913489][  T342] device bridge_slave_1 entered promiscuous mode
[   39.936155][  T343] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.943618][  T343] bridge0: port 1(bridge_slave_0) entered disabled state
[   39.951294][  T343] device bridge_slave_0 entered promiscuous mode
[   39.975248][  T348] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.982368][  T348] bridge0: port 1(bridge_slave_0) entered disabled state
[   39.990041][  T348] device bridge_slave_0 entered promiscuous mode
[   39.996688][  T343] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.003777][  T343] bridge0: port 2(bridge_slave_1) entered disabled state
[   40.011481][  T343] device bridge_slave_1 entered promiscuous mode
[   40.039017][  T348] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.046182][  T348] bridge0: port 2(bridge_slave_1) entered disabled state
[   40.053902][  T348] device bridge_slave_1 entered promiscuous mode
[   40.068720][  T347] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.075961][  T347] bridge0: port 1(bridge_slave_0) entered disabled state
[   40.083669][  T347] device bridge_slave_0 entered promiscuous mode
[   40.117953][  T347] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.124996][  T347] bridge0: port 2(bridge_slave_1) entered disabled state
[   40.133005][  T347] device bridge_slave_1 entered promiscuous mode
[   40.160010][  T346] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.167266][  T346] bridge0: port 1(bridge_slave_0) entered disabled state
[   40.175229][  T346] device bridge_slave_0 entered promiscuous mode
[   40.185662][  T346] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.192733][  T346] bridge0: port 2(bridge_slave_1) entered disabled state
[   40.200164][  T346] device bridge_slave_1 entered promiscuous mode
[   40.348175][  T342] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.355322][  T342] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.363007][  T342] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.370668][  T342] bridge0: port 1(bridge_slave_0) entered forwarding state
[   40.413495][  T348] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.420748][  T348] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.428514][  T348] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.435656][  T348] bridge0: port 1(bridge_slave_0) entered forwarding state
[   40.470094][  T347] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.477232][  T347] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.484591][  T347] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.491667][  T347] bridge0: port 1(bridge_slave_0) entered forwarding state
[   40.500242][  T340] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.507465][  T340] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.516068][  T340] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.523873][  T340] bridge0: port 1(bridge_slave_0) entered forwarding state
[   40.535737][  T346] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.542997][  T346] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.550615][  T346] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.557939][  T346] bridge0: port 1(bridge_slave_0) entered forwarding state
[   40.579775][  T343] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.587894][  T343] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.595619][  T343] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.602806][  T343] bridge0: port 1(bridge_slave_0) entered forwarding state
[   40.614076][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   40.622812][  T311] bridge0: port 1(bridge_slave_0) entered disabled state
[   40.630410][  T311] bridge0: port 2(bridge_slave_1) entered disabled state
[   40.638951][  T311] bridge0: port 1(bridge_slave_0) entered disabled state
[   40.646384][  T311] bridge0: port 2(bridge_slave_1) entered disabled state
[   40.654060][  T311] bridge0: port 1(bridge_slave_0) entered disabled state
[   40.661501][  T311] bridge0: port 2(bridge_slave_1) entered disabled state
[   40.669518][  T311] bridge0: port 1(bridge_slave_0) entered disabled state
[   40.676768][  T311] bridge0: port 2(bridge_slave_1) entered disabled state
[   40.684398][  T311] bridge0: port 1(bridge_slave_0) entered disabled state
[   40.691939][  T311] bridge0: port 2(bridge_slave_1) entered disabled state
[   40.699455][  T311] bridge0: port 1(bridge_slave_0) entered disabled state
[   40.707107][  T311] bridge0: port 2(bridge_slave_1) entered disabled state
[   40.730726][  T120] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   40.739698][  T120] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.746798][  T120] bridge0: port 1(bridge_slave_0) entered forwarding state
[   40.788574][  T120] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   40.798191][  T120] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   40.828142][  T120] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   40.836588][  T120] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.844154][  T120] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.852216][  T120] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   40.861196][  T120] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.869274][  T120] bridge0: port 1(bridge_slave_0) entered forwarding state
[   40.877329][  T120] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   40.885736][  T120] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.892913][  T120] bridge0: port 1(bridge_slave_0) entered forwarding state
[   40.900415][  T120] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   40.908816][  T120] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.915925][  T120] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.923374][  T120] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   40.931672][  T120] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   40.939748][  T120] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   40.948060][  T120] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   40.956115][  T120] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   40.963972][  T120] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   40.971536][  T120] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   40.980247][  T120] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   40.988639][  T120] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.995788][  T120] bridge0: port 2(bridge_slave_1) entered forwarding state
[   41.003718][  T120] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   41.011703][  T120] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   41.048592][  T120] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   41.058112][  T120] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   41.066596][  T120] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   41.075914][  T120] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   41.083745][  T120] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   41.092196][  T120] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   41.100621][  T120] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   41.108801][  T120] bridge0: port 1(bridge_slave_0) entered blocking state
[   41.115808][  T120] bridge0: port 1(bridge_slave_0) entered forwarding state
[   41.123384][  T120] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   41.131825][  T120] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   41.140320][  T120] bridge0: port 2(bridge_slave_1) entered blocking state
[   41.147337][  T120] bridge0: port 2(bridge_slave_1) entered forwarding state
[   41.155270][  T120] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   41.163484][  T120] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   41.189317][  T120] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   41.197909][  T120] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   41.206323][  T120] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   41.214874][  T120] bridge0: port 1(bridge_slave_0) entered blocking state
[   41.221937][  T120] bridge0: port 1(bridge_slave_0) entered forwarding state
[   41.229358][  T120] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   41.237485][  T120] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   41.245864][  T120] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   41.254451][  T120] bridge0: port 2(bridge_slave_1) entered blocking state
[   41.261676][  T120] bridge0: port 2(bridge_slave_1) entered forwarding state
[   41.269341][  T120] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   41.278070][  T120] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   41.286454][  T120] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   41.294779][  T120] bridge0: port 1(bridge_slave_0) entered blocking state
[   41.302124][  T120] bridge0: port 1(bridge_slave_0) entered forwarding state
[   41.309659][  T120] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   41.318273][  T120] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   41.326585][  T120] bridge0: port 2(bridge_slave_1) entered blocking state
[   41.333623][  T120] bridge0: port 2(bridge_slave_1) entered forwarding state
[   41.341252][  T120] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   41.349758][  T120] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   41.367764][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   41.376717][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   41.408005][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   41.416819][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   41.426690][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   41.447814][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   41.455960][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   41.464895][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   41.473600][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   41.482121][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   41.490932][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   41.516162][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   41.524955][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   41.533800][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   41.542687][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   41.569424][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   41.578626][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   41.586829][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   41.596107][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   41.605359][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   41.617521][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   41.626204][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   41.634519][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   41.643333][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   41.657576][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   41.682231][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   41.691877][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   41.701368][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   41.736406][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   41.746414][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   41.755163][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   41.789599][  T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   41.800440][  T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   41.809590][  T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   41.836601][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   41.846263][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   41.854979][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   41.863606][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   41.881992][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   41.891412][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   41.900713][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   41.909751][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   41.941289][  T120] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   41.950073][  T120] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   41.975716][  T382] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   41.984869][  T382] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2023/04/20 06:01:32 executed programs: 100
2023/04/20 06:01:37 executed programs: 276
2023/04/20 06:01:42 executed programs: 436
2023/04/20 06:01:47 executed programs: 593
2023/04/20 06:01:52 executed programs: 750
[   66.897887][   T67] cfg80211: failed to load regulatory.db
2023/04/20 06:01:57 executed programs: 903
2023/04/20 06:02:02 executed programs: 1052
2023/04/20 06:02:07 executed programs: 1199
2023/04/20 06:02:12 executed programs: 1365
2023/04/20 06:02:17 executed programs: 1537
2023/04/20 06:02:22 executed programs: 1702
2023/04/20 06:02:27 executed programs: 1864
2023/04/20 06:02:32 executed programs: 2009
2023/04/20 06:02:37 executed programs: 2157
2023/04/20 06:02:42 executed programs: 2316
[  118.088653][T12505] ==================================================================
[  118.096874][T12505] BUG: KASAN: use-after-free in detach_if_pending+0x157/0x340
[  118.104576][T12505] Write of size 8 at addr ffff8881eb54f1c8 by task syz-executor.2/12505
[  118.112949][T12505] 
[  118.115388][T12505] CPU: 0 PID: 12505 Comm: syz-executor.2 Not tainted 5.4.233-syzkaller-00011-g0108362f3305 #0
[  118.125857][T12505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[  118.136153][T12505] Call Trace:
[  118.139543][T12505]  dump_stack+0x1d8/0x241
[  118.143844][T12505]  ? nf_ct_l4proto_log_invalid+0x258/0x258
[  118.149628][T12505]  ? printk+0xd1/0x111
[  118.153667][T12505]  ? detach_if_pending+0x157/0x340
[  118.158777][T12505]  print_address_description+0x8c/0x600
[  118.164320][T12505]  ? _raw_spin_unlock_irqrestore+0x57/0x80
[  118.170463][T12505]  ? try_to_wake_up+0xada/0x15f0
[  118.175566][T12505]  ? detach_if_pending+0x157/0x340
[  118.180992][T12505]  __kasan_report+0xf3/0x120
[  118.185551][T12505]  ? detach_if_pending+0x157/0x340
[  118.191609][T12505]  kasan_report+0x30/0x60
[  118.195915][T12505]  detach_if_pending+0x157/0x340
[  118.200837][T12505]  del_timer_sync+0x170/0x250
[  118.205486][T12505]  tun_flow_uninit+0x2c/0x280
[  118.210130][T12505]  ? free_percpu+0x359/0x910
[  118.214701][T12505]  tun_free_netdev+0x77/0x190
[  118.219921][T12505]  ? tun_xdp+0x3b0/0x3b0
[  118.224274][T12505]  netdev_run_todo+0xae0/0xd50
[  118.229115][T12505]  ? netdev_refcnt_read+0x190/0x190
[  118.234300][T12505]  ? kfree+0xeb/0x320
[  118.238263][T12505]  ? tun_chr_close+0x8f/0x130
[  118.242960][T12505]  tun_chr_close+0xc1/0x130
[  118.247468][T12505]  ? tun_chr_open+0x4b0/0x4b0
[  118.252155][T12505]  __fput+0x262/0x680
[  118.256125][T12505]  task_work_run+0x140/0x170
[  118.261146][T12505]  get_signal+0x1374/0x13f0
[  118.265723][T12505]  ? tun_chr_poll+0x670/0x670
[  118.270376][T12505]  do_signal+0xb0/0x11f0
[  118.274588][T12505]  ? ioctl_preallocate+0x250/0x250
[  118.279754][T12505]  ? check_preemption_disabled+0x9f/0x320
[  118.285528][T12505]  ? signal_fault+0x1e0/0x1e0
[  118.290277][T12505]  ? __fget+0x407/0x490
[  118.294599][T12505]  ? task_work_add+0x100/0x120
[  118.299605][T12505]  ? fput_many+0x165/0x1b0
[  118.304213][T12505]  exit_to_usermode_loop+0xc0/0x1a0
[  118.309505][T12505]  prepare_exit_to_usermode+0x199/0x200
[  118.315146][T12505]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  118.321099][T12505] 
[  118.323399][T12505] The buggy address belongs to the page:
[  118.329252][T12505] page:ffffea0007ad53c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0
[  118.338763][T12505] flags: 0x8000000000000000()
[  118.344116][T12505] raw: 8000000000000000 0000000000000000 ffffea0007ad53c8 0000000000000000
[  118.353257][T12505] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  118.362009][T12505] page dumped because: kasan: bad access detected
[  118.368571][T12505] page_owner tracks the page as freed
[  118.374247][T12505] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x46dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_COMP|__GFP_ZERO)
[  118.388646][T12505]  prep_new_page+0x18f/0x370
[  118.393209][T12505]  get_page_from_freelist+0x2ce8/0x2d70
[  118.398734][T12505]  __alloc_pages_nodemask+0x393/0x840
[  118.404077][T12505]  kmalloc_order_trace+0x2a/0x100
[  118.409101][T12505]  kvmalloc_node+0x7e/0xf0
[  118.413502][T12505]  alloc_netdev_mqs+0x85/0xc70
[  118.418234][T12505]  tun_set_iff+0x516/0x10c0
[  118.422720][T12505]  __tun_chr_ioctl+0x806/0x1ed0
[  118.427724][T12505]  do_vfs_ioctl+0x742/0x1720
[  118.432290][T12505]  __x64_sys_ioctl+0xd4/0x110
[  118.436940][T12505]  do_syscall_64+0xca/0x1c0
[  118.441487][T12505]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  118.447347][T12505] page last free stack trace:
[  118.452010][T12505]  __free_pages_ok+0x83d/0x940
[  118.456743][T12505]  __free_pages+0x91/0x140
[  118.461216][T12505]  device_release+0x6b/0x190
[  118.465786][T12505]  kobject_put+0x1e6/0x2f0
[  118.470173][T12505]  netdev_run_todo+0xba5/0xd50
[  118.475014][T12505]  tun_chr_close+0xc1/0x130
[  118.479486][T12505]  __fput+0x262/0x680
[  118.483440][T12505]  task_work_run+0x140/0x170
[  118.488018][T12505]  exit_to_usermode_loop+0x18b/0x1a0
[  118.493273][T12505]  prepare_exit_to_usermode+0x199/0x200
[  118.498821][T12505]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  118.504805][T12505] 
[  118.507121][T12505] Memory state around the buggy address:
[  118.512944][T12505]  ffff8881eb54f080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  118.521728][T12505]  ffff8881eb54f100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  118.529885][T12505] >ffff8881eb54f180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  118.538016][T12505]                                               ^
[  118.544655][T12505]  ffff8881eb54f200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  118.553684][T12505]  ffff8881eb54f280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  118.561994][T12505] ==================================================================
[  118.570916][T12505] Disabling lock debugging due to kernel taint
2023/04/20 06:02:47 executed programs: 2454
[  122.497365][    C1] kasan: CONFIG_KASAN_INLINE enabled
[  122.502845][    C1] kasan: GPF could be caused by NULL-ptr deref or user memory access
[  122.511000][    C1] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[  122.518114][    C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G    B             5.4.233-syzkaller-00011-g0108362f3305 #0
[  122.529575][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[  122.539923][    C1] RIP: 0010:__run_timers+0x6e8/0xae0
[  122.545283][    C1] Code: 89 e7 e8 6b b9 3c 00 4d 89 2c 24 4d 85 ed 74 2e e8 5d 35 0f 00 49 83 c5 08 4c 89 e8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 ef e8 3a b9 3c 00 4d 89 65 00 eb 05 e8 2f
[  122.565752][    C1] RSP: 0018:ffff8881f6f09d60 EFLAGS: 00010802
[  122.571989][    C1] RAX: 1bd5a00000000025 RBX: 1ffff1103d6a9e39 RCX: dffffc0000000000
[  122.580669][    C1] RDX: 0000000080000102 RSI: 0000000000000008 RDI: ffff8881eb54f1c8
[  122.589080][    C1] RBP: ffff8881f6f09ed8 R08: ffffffff815403df R09: ffffed103ede92f7
[  122.597050][    C1] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881f6f09e28
[  122.605289][    C1] R13: dead00000000012a R14: 1ffff1103d6a9e38 R15: ffff8881eb54f1c8
[  122.613643][    C1] FS:  0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[  122.622874][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  122.630137][    C1] CR2: 000000000051d7f0 CR3: 00000001dbd15000 CR4: 00000000003406e0
[  122.638410][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  122.646949][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  122.656161][    C1] Call Trace:
[  122.659709][    C1]  <IRQ>
[  122.662984][    C1]  ? enqueue_timer+0x2d0/0x2d0
[  122.668365][    C1]  ? check_preemption_disabled+0x9f/0x320
[  122.674500][    C1]  ? debug_smp_processor_id+0x20/0x20
[  122.680041][    C1]  run_timer_softirq+0x46/0x80
[  122.684797][    C1]  __do_softirq+0x22e/0x630
[  122.689453][    C1]  irq_exit+0x195/0x1c0
[  122.693706][    C1]  smp_apic_timer_interrupt+0x111/0x440
[  122.699229][    C1]  apic_timer_interrupt+0xf/0x20
[  122.704360][    C1]  </IRQ>
[  122.707315][    C1]  ? check_preemption_disabled+0x91/0x320
[  122.713276][    C1]  ? default_idle+0x1f/0x30
[  122.717871][    C1]  ? default_idle+0x11/0x30
[  122.722527][    C1]  ? do_idle+0x248/0x660
[  122.726957][    C1]  ? cpus_share_cache+0xe0/0xe0
[  122.731914][    C1]  ? idle_inject_timer_fn+0x60/0x60
[  122.737101][    C1]  ? __wake_up_locked+0xb7/0x110
[  122.742172][    C1]  ? complete+0x60/0xb0
[  122.746666][    C1]  ? cpu_startup_entry+0x14/0x20
[  122.751756][    C1]  ? start_secondary+0x365/0x400
[  122.756769][    C1]  ? native_play_dead+0x220/0x220
[  122.761801][    C1]  ? secondary_startup_64+0xa4/0xb0
[  122.767201][    C1] Modules linked in:
[  122.771174][    C1] ---[ end trace 9282377aa7b020ee ]---
[  122.776727][    C1] RIP: 0010:__run_timers+0x6e8/0xae0
[  122.782162][    C1] Code: 89 e7 e8 6b b9 3c 00 4d 89 2c 24 4d 85 ed 74 2e e8 5d 35 0f 00 49 83 c5 08 4c 89 e8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 ef e8 3a b9 3c 00 4d 89 65 00 eb 05 e8 2f
[  122.802366][    C1] RSP: 0018:ffff8881f6f09d60 EFLAGS: 00010802
[  122.808866][    C1] RAX: 1bd5a00000000025 RBX: 1ffff1103d6a9e39 RCX: dffffc0000000000
[  122.817170][    C1] RDX: 0000000080000102 RSI: 0000000000000008 RDI: ffff8881eb54f1c8
[  122.825338][    C1] RBP: ffff8881f6f09ed8 R08: ffffffff815403df R09: ffffed103ede92f7
[  122.833533][    C1] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881f6f09e28
[  122.841921][    C1] R13: dead00000000012a R14: 1ffff1103d6a9e38 R15: ffff8881eb54f1c8
[  122.850188][    C1] FS:  0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[  122.859592][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  122.867024][    C1] CR2: 000000000051d7f0 CR3: 00000001dbd15000 CR4: 00000000003406e0
[  122.875714][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  122.884255][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  122.892457][    C1] Kernel panic - not syncing: Fatal exception in interrupt
[  122.899863][    C1] Kernel Offset: disabled
[  122.904421][    C1] Rebooting in 86400 seconds..