Warning: Permanently added '10.128.10.6' (ED25519) to the list of known hosts.
2023/09/28 22:14:23 ignoring optional flag "sandboxArg"="0"
2023/09/28 22:14:23 parsed 1 programs
2023/09/28 22:14:23 executed programs: 0
[   43.140867][   T23] kauditd_printk_skb: 68 callbacks suppressed
[   43.140879][   T23] audit: type=1400 audit(1695939263.590:144): avc:  denied  { mounton } for  pid=402 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   43.177745][   T23] audit: type=1400 audit(1695939263.590:145): avc:  denied  { mount } for  pid=402 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   43.443968][  T413] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.451391][  T413] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.458927][  T413] device bridge_slave_0 entered promiscuous mode
[   43.466171][  T408] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.474156][  T408] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.484118][  T408] device bridge_slave_0 entered promiscuous mode
[   43.516674][  T413] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.533197][  T413] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.540970][  T413] device bridge_slave_1 entered promiscuous mode
[   43.548192][  T408] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.556391][  T408] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.564175][  T408] device bridge_slave_1 entered promiscuous mode
[   43.685060][  T417] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.692606][  T417] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.700502][  T417] device bridge_slave_0 entered promiscuous mode
[   43.707691][  T421] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.714968][  T421] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.722776][  T421] device bridge_slave_0 entered promiscuous mode
[   43.739667][  T415] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.747559][  T415] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.754861][  T415] device bridge_slave_0 entered promiscuous mode
[   43.761824][  T419] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.769737][  T419] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.777431][  T419] device bridge_slave_0 entered promiscuous mode
[   43.784365][  T417] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.792709][  T417] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.800821][  T417] device bridge_slave_1 entered promiscuous mode
[   43.807512][  T421] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.814866][  T421] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.822916][  T421] device bridge_slave_1 entered promiscuous mode
[   43.837613][  T415] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.844783][  T415] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.852664][  T415] device bridge_slave_1 entered promiscuous mode
[   43.866700][  T419] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.873543][  T419] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.881708][  T419] device bridge_slave_1 entered promiscuous mode
[   44.012393][   T23] audit: type=1400 audit(1695939264.460:146): avc:  denied  { create } for  pid=413 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   44.055401][   T23] audit: type=1400 audit(1695939264.490:147): avc:  denied  { write } for  pid=413 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   44.089642][  T413] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.090001][   T23] audit: type=1400 audit(1695939264.490:148): avc:  denied  { read } for  pid=413 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   44.097098][  T413] bridge0: port 2(bridge_slave_1) entered forwarding state
[   44.097279][  T413] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.139066][  T413] bridge0: port 1(bridge_slave_0) entered forwarding state
[   44.171966][  T408] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.179959][  T408] bridge0: port 2(bridge_slave_1) entered forwarding state
[   44.187759][  T408] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.196244][  T408] bridge0: port 1(bridge_slave_0) entered forwarding state
[   44.273713][  T417] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.285430][  T417] bridge0: port 2(bridge_slave_1) entered forwarding state
[   44.293888][  T417] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.302406][  T417] bridge0: port 1(bridge_slave_0) entered forwarding state
[   44.321935][  T421] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.332361][  T421] bridge0: port 2(bridge_slave_1) entered forwarding state
[   44.339958][  T421] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.347851][  T421] bridge0: port 1(bridge_slave_0) entered forwarding state
[   44.363469][  T415] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.371844][  T415] bridge0: port 2(bridge_slave_1) entered forwarding state
[   44.380997][  T415] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.390574][  T415] bridge0: port 1(bridge_slave_0) entered forwarding state
[   44.404661][   T18] bridge0: port 1(bridge_slave_0) entered disabled state
[   44.413175][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   44.421468][   T18] bridge0: port 2(bridge_slave_1) entered disabled state
[   44.431571][   T18] bridge0: port 1(bridge_slave_0) entered disabled state
[   44.439076][   T18] bridge0: port 2(bridge_slave_1) entered disabled state
[   44.448108][   T18] bridge0: port 1(bridge_slave_0) entered disabled state
[   44.456527][   T18] bridge0: port 1(bridge_slave_0) entered disabled state
[   44.466630][   T18] bridge0: port 1(bridge_slave_0) entered disabled state
[   44.475727][   T18] bridge0: port 2(bridge_slave_1) entered disabled state
[   44.483422][   T18] bridge0: port 2(bridge_slave_1) entered disabled state
[   44.492736][   T18] bridge0: port 2(bridge_slave_1) entered disabled state
[   44.524398][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   44.535861][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   44.546168][    T5] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.555303][    T5] bridge0: port 1(bridge_slave_0) entered forwarding state
[   44.564633][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   44.574994][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   44.585565][    T5] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.595181][    T5] bridge0: port 2(bridge_slave_1) entered forwarding state
[   44.639696][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   44.651810][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   44.660754][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   44.671769][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   44.697185][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   44.706411][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   44.739524][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   44.750692][  T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   44.776730][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   44.786280][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   44.797517][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   44.807016][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   44.817116][  T107] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.824628][  T107] bridge0: port 1(bridge_slave_0) entered forwarding state
[   44.833444][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   44.843284][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   44.851983][  T107] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.859246][  T107] bridge0: port 2(bridge_slave_1) entered forwarding state
[   44.866910][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   44.876778][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   44.884472][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   44.894955][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   44.905071][  T107] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.913783][  T107] bridge0: port 1(bridge_slave_0) entered forwarding state
[   44.922427][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   44.932321][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   44.942379][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   44.951076][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   44.960349][  T107] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.967494][  T107] bridge0: port 2(bridge_slave_1) entered forwarding state
[   45.010163][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   45.020222][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   45.033369][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   45.044767][   T18] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.053213][   T18] bridge0: port 1(bridge_slave_0) entered forwarding state
[   45.064127][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   45.077067][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   45.086127][   T18] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.094470][   T18] bridge0: port 2(bridge_slave_1) entered forwarding state
[   45.104042][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   45.115811][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   45.127648][   T18] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.136584][   T18] bridge0: port 1(bridge_slave_0) entered forwarding state
[   45.144994][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   45.157396][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   45.169384][   T18] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.178058][   T18] bridge0: port 2(bridge_slave_1) entered forwarding state
[   45.187807][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   45.197414][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   45.207512][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   45.241356][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   45.250296][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   45.259382][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   45.270931][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   45.279954][   T18] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.287465][   T18] bridge0: port 1(bridge_slave_0) entered forwarding state
[   45.295148][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   45.304010][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   45.313235][   T18] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.320932][   T18] bridge0: port 2(bridge_slave_1) entered forwarding state
[   45.328110][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   45.336277][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   45.345002][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   45.353329][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   45.362556][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   45.394199][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   45.402732][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   45.411948][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   45.421165][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   45.431191][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   45.439585][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   45.448462][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   45.467283][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   45.485520][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   45.494409][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   45.502970][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   45.512065][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   45.545655][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   45.556207][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   45.565169][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   45.574895][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   45.583426][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   45.592273][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   45.602442][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   45.613032][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   45.622852][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   45.632363][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   45.699046][   T23] audit: type=1400 audit(1695939266.150:149): avc:  denied  { mounton } for  pid=413 comm="syz-executor.3" path="/dev/binderfs" dev="devtmpfs" ino=10983 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[   45.701363][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   45.732203][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   45.741015][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   45.749608][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   45.757990][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   45.762776][   T23] audit: type=1400 audit(1695939266.210:150): avc:  denied  { sys_admin } for  pid=444 comm="syz-executor.3" capability=21  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[   45.766910][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   45.796487][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   45.805421][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   45.813889][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   45.822391][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   45.832515][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   45.840631][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   45.848843][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   45.857026][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   45.865116][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   45.873308][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   45.881632][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   45.890408][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   45.898862][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   45.908211][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   45.917558][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   45.927608][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   45.965553][  T362] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   45.973853][  T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   45.982972][  T362] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   45.993959][  T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   46.003267][  T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   46.011695][  T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   46.023846][  T362] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   46.032373][  T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   46.041074][  T362] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   46.050353][  T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   46.092718][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   46.102292][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   46.112609][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   46.126703][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   46.135126][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   46.146294][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   46.156218][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   46.165138][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2023/09/28 22:14:28 executed programs: 149
2023/09/28 22:14:33 executed programs: 546
2023/09/28 22:14:38 executed programs: 881
[   59.028834][ T4112] ==================================================================
[   59.036849][ T4112] BUG: KASAN: use-after-free in enqueue_timer+0xb7/0x300
[   59.043695][ T4112] Write of size 8 at addr ffff8881dca3b1c8 by task syz-executor.1/4112
[   59.051767][ T4112] 
[   59.054020][ T4112] CPU: 1 PID: 4112 Comm: syz-executor.1 Not tainted 5.4.249-syzkaller-04720-ga1b9dbe5628a #0
[   59.064924][ T4112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   59.075107][ T4112] Call Trace:
[   59.078239][ T4112]  dump_stack+0x1d8/0x241
[   59.082671][ T4112]  ? nf_ct_l4proto_log_invalid+0x258/0x258
[   59.088390][ T4112]  ? printk+0xd1/0x111
[   59.092633][ T4112]  ? enqueue_timer+0xb7/0x300
[   59.097273][ T4112]  ? wake_up_klogd+0xb2/0xf0
[   59.102072][ T4112]  ? enqueue_timer+0xb7/0x300
[   59.106674][ T4112]  print_address_description+0x8c/0x600
[   59.112457][ T4112]  ? panic+0x896/0x896
[   59.116387][ T4112]  ? enqueue_timer+0xb7/0x300
[   59.121038][ T4112]  __kasan_report+0xf3/0x120
[   59.127314][ T4112]  ? enqueue_timer+0xb7/0x300
[   59.132947][ T4112]  kasan_report+0x30/0x60
[   59.138739][ T4112]  enqueue_timer+0xb7/0x300
[   59.143245][ T4112]  internal_add_timer+0x240/0x430
[   59.148349][ T4112]  __mod_timer+0x6f1/0x13e0
[   59.153036][ T4112]  ? mod_timer_pending+0x20/0x20
[   59.158327][ T4112]  ? selinux_tun_dev_alloc_security+0x4d/0x130
[   59.164671][ T4112]  ? selinux_tun_dev_alloc_security+0x5e/0x130
[   59.170789][ T4112]  ? init_timer_key+0x2d/0x1f0
[   59.175650][ T4112]  tun_net_init+0x287/0x540
[   59.179991][ T4112]  register_netdevice+0x1c0/0x12a0
[   59.185134][ T4112]  ? netdev_update_lockdep_key+0x10/0x10
[   59.191379][ T4112]  ? memset+0x1f/0x40
[   59.195201][ T4112]  tun_set_iff+0x7f7/0xdc0
[   59.199545][ T4112]  __tun_chr_ioctl+0x860/0x1d50
[   59.204499][ T4112]  ? tun_flow_create+0x250/0x250
[   59.209619][ T4112]  ? tun_chr_poll+0x670/0x670
[   59.214670][ T4112]  do_vfs_ioctl+0x742/0x1720
[   59.219186][ T4112]  ? ioctl_preallocate+0x250/0x250
[   59.224995][ T4112]  ? __fget+0x407/0x490
[   59.229029][ T4112]  ? fget_many+0x20/0x20
[   59.233365][ T4112]  ? switch_fpu_return+0x1d4/0x410
[   59.238699][ T4112]  ? security_file_ioctl+0x7d/0xa0
[   59.243633][ T4112]  __x64_sys_ioctl+0xd4/0x110
[   59.248641][ T4112]  do_syscall_64+0xca/0x1c0
[   59.253829][ T4112]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   59.259872][ T4112] 
[   59.262028][ T4112] The buggy address belongs to the page:
[   59.267617][ T4112] page:ffffea0007728ec0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0
[   59.276646][ T4112] flags: 0x8000000000000000()
[   59.281398][ T4112] raw: 8000000000000000 0000000000000000 ffffea0007728e88 0000000000000000
[   59.291020][ T4112] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   59.299733][ T4112] page dumped because: kasan: bad access detected
[   59.306480][ T4112] page_owner tracks the page as freed
[   59.313481][ T4112] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x146dc0(GFP_USER|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_COMP|__GFP_ZERO)
[   59.330793][ T4112]  prep_new_page+0x18f/0x370
[   59.335589][ T4112]  get_page_from_freelist+0x2d13/0x2d90
[   59.341503][ T4112]  __alloc_pages_nodemask+0x393/0x840
[   59.346968][ T4112]  kmalloc_order_trace+0x2a/0x100
[   59.352788][ T4112]  kvmalloc_node+0x7e/0xf0
[   59.357117][ T4112]  alloc_netdev_mqs+0x85/0xc70
[   59.361855][ T4112]  tun_set_iff+0x51f/0xdc0
[   59.366548][ T4112]  __tun_chr_ioctl+0x860/0x1d50
[   59.371403][ T4112]  do_vfs_ioctl+0x742/0x1720
[   59.376017][ T4112]  __x64_sys_ioctl+0xd4/0x110
[   59.380609][ T4112]  do_syscall_64+0xca/0x1c0
[   59.384977][ T4112]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   59.390671][ T4112] page last free stack trace:
[   59.395205][ T4112]  __free_pages_ok+0x847/0x950
[   59.399880][ T4112]  __free_pages+0x91/0x140
[   59.404793][ T4112]  device_release+0x6b/0x190
[   59.409533][ T4112]  kobject_put+0x1e6/0x2f0
[   59.414299][ T4112]  tun_set_iff+0x870/0xdc0
[   59.418661][ T4112]  __tun_chr_ioctl+0x860/0x1d50
[   59.423462][ T4112]  do_vfs_ioctl+0x742/0x1720
[   59.428611][ T4112]  __x64_sys_ioctl+0xd4/0x110
[   59.433332][ T4112]  do_syscall_64+0xca/0x1c0
[   59.437992][ T4112]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   59.443700][ T4112] 
[   59.445867][ T4112] Memory state around the buggy address:
[   59.451346][ T4112]  ffff8881dca3b080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   59.459333][ T4112]  ffff8881dca3b100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   59.467256][ T4112] >ffff8881dca3b180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   59.476095][ T4112]                                               ^
[   59.482373][ T4112]  ffff8881dca3b200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   59.490700][ T4112]  ffff8881dca3b280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   59.499545][ T4112] ==================================================================
[   59.507435][ T4112] Disabling lock debugging due to kernel taint
[   62.225380][    C1] kasan: CONFIG_KASAN_INLINE enabled
[   62.230775][    C1] kasan: GPF could be caused by NULL-ptr deref or user memory access
[   62.238676][    C1] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[   62.245466][    C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G    B             5.4.249-syzkaller-04720-ga1b9dbe5628a #0
[   62.256303][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   62.266397][    C1] RIP: 0010:__run_timers+0x7b0/0xbe0
[   62.271502][    C1] Code: 89 e7 e8 e3 26 3f 00 4d 89 2c 24 4d 85 ed 74 2e e8 85 66 0f 00 49 83 c5 08 4c 89 e8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 ef e8 b2 26 3f 00 4d 89 65 00 eb 05 e8 57
[   62.291291][    C1] RSP: 0018:ffff8881f6f09d60 EFLAGS: 00010007
[   62.297187][    C1] RAX: 0000000000000003 RBX: 1ffff1103b947639 RCX: dffffc0000000000
[   62.305905][    C1] RDX: 0000000080000102 RSI: 0000000000000008 RDI: ffff8881dca3b1c8
[   62.314153][    C1] RBP: ffff8881f6f09ec8 R08: dffffc0000000000 R09: 0000000000000003
[   62.322151][    C1] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff8881f6f09e20
[   62.329946][    C1] R13: 000000000000001f R14: 1ffff1103b947638 R15: ffff8881dca3b1c8
[   62.337997][    C1] FS:  0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[   62.346754][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   62.353284][    C1] CR2: 00007ffcd2da2f68 CR3: 00000001ed779000 CR4: 00000000003406a0
[   62.361106][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   62.369067][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   62.377269][    C1] Call Trace:
[   62.380390][    C1]  <IRQ>
[   62.383101][    C1]  ? __die+0xb4/0x100
[   62.387213][    C1]  ? die+0x26/0x50
[   62.391198][    C1]  ? do_general_protection+0x266/0x3c0
[   62.396853][    C1]  ? do_trap+0x340/0x340
[   62.400925][    C1]  ? check_preemption_disabled+0x9f/0x320
[   62.406621][    C1]  ? round_jiffies+0x99/0xb0
[   62.411035][    C1]  ? general_protection+0x28/0x30
[   62.415906][    C1]  ? __run_timers+0x7b0/0xbe0
[   62.420553][    C1]  ? enqueue_timer+0x300/0x300
[   62.425222][    C1]  ? check_preemption_disabled+0x9f/0x320
[   62.430753][    C1]  ? debug_smp_processor_id+0x20/0x20
[   62.435978][    C1]  ? lapic_next_event+0x5b/0x70
[   62.440671][    C1]  run_timer_softirq+0x63/0xf0
[   62.445424][    C1]  __do_softirq+0x23b/0x6b7
[   62.449745][    C1]  ? sched_clock_cpu+0x18/0x3a0
[   62.454432][    C1]  irq_exit+0x195/0x1c0
[   62.458424][    C1]  smp_apic_timer_interrupt+0x11a/0x460
[   62.464120][    C1]  apic_timer_interrupt+0xf/0x20
[   62.470079][    C1]  </IRQ>
[   62.473195][    C1]  ? check_preemption_disabled+0x91/0x320
[   62.479500][    C1]  ? default_idle+0x1f/0x30
[   62.483898][    C1]  ? default_idle+0x11/0x30
[   62.488568][    C1]  ? do_idle+0x248/0x660
[   62.492842][    C1]  ? idle_inject_timer_fn+0x60/0x60
[   62.497879][    C1]  ? __wake_up_locked+0xb7/0x110
[   62.502714][    C1]  ? complete+0x60/0xb0
[   62.507507][    C1]  ? cpu_startup_entry+0x14/0x20
[   62.512353][    C1]  ? start_secondary+0x3a0/0x460
[   62.518133][    C1]  ? native_play_dead+0x220/0x220
[   62.523670][    C1]  ? secondary_startup_64+0xa4/0xb0
[   62.528686][    C1] Modules linked in:
[   62.532426][    C1] ---[ end trace c5fa1af75d04cea0 ]---
[   62.537812][    C1] RIP: 0010:__run_timers+0x7b0/0xbe0
[   62.543086][    C1] Code: 89 e7 e8 e3 26 3f 00 4d 89 2c 24 4d 85 ed 74 2e e8 85 66 0f 00 49 83 c5 08 4c 89 e8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 ef e8 b2 26 3f 00 4d 89 65 00 eb 05 e8 57
[   62.563340][    C1] RSP: 0018:ffff8881f6f09d60 EFLAGS: 00010007
[   62.569324][    C1] RAX: 0000000000000003 RBX: 1ffff1103b947639 RCX: dffffc0000000000
[   62.577234][    C1] RDX: 0000000080000102 RSI: 0000000000000008 RDI: ffff8881dca3b1c8
[   62.585135][    C1] RBP: ffff8881f6f09ec8 R08: dffffc0000000000 R09: 0000000000000003
[   62.593017][    C1] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff8881f6f09e20
[   62.600857][    C1] R13: 000000000000001f R14: 1ffff1103b947638 R15: ffff8881dca3b1c8
[   62.608782][    C1] FS:  0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[   62.617674][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   62.624596][    C1] CR2: 00007ffcd2da2f68 CR3: 00000001ed779000 CR4: 00000000003406a0
[   62.632428][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   62.640398][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   62.648382][    C1] Kernel panic - not syncing: Fatal exception in interrupt
[   62.655764][    C1] Kernel Offset: disabled
[   62.659888][    C1] Rebooting in 86400 seconds..