Warning: Permanently added '10.128.0.35' (ECDSA) to the list of known hosts. syzkaller login: [ 92.101889][ T9981] IPVS: ftp: loaded support on port[0] = 21 [ 92.154711][ T9981] chnl_net:caif_netlink_parms(): no params data found [ 92.191303][ T9981] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.198797][ T9981] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.207002][ T9981] device bridge_slave_0 entered promiscuous mode [ 92.215910][ T9981] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.223124][ T9981] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.231197][ T9981] device bridge_slave_1 entered promiscuous mode [ 92.249706][ T9981] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.260666][ T9981] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.281358][ T9981] team0: Port device team_slave_0 added [ 92.288843][ T9981] team0: Port device team_slave_1 added [ 92.305028][ T9981] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.311992][ T9981] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.338095][ T9981] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.350694][ T9981] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.357933][ T9981] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.383992][ T9981] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.466446][ T9981] device hsr_slave_0 entered promiscuous mode [ 92.524043][ T9981] device hsr_slave_1 entered promiscuous mode [ 92.652043][ T9981] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 92.696784][ T9981] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 92.756296][ T9981] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 92.796393][ T9981] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 92.858004][ T9981] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.865328][ T9981] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.873059][ T9981] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.880224][ T9981] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.926751][ T9981] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.939812][ T2895] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 92.951907][ T2895] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.960158][ T2895] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.968542][ T2895] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 92.982383][ T9981] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.995033][ T3041] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 93.003853][ T3041] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.010938][ T3041] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.023440][ T2895] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 93.033066][ T2895] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.040702][ T2895] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.067947][ T2909] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 93.077262][ T2909] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 93.086808][ T2909] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 93.096730][ T2909] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 93.108792][ T3041] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 93.119300][ T9981] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 93.137756][ T2909] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 93.146189][ T2909] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 93.160749][ T9981] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.179151][ T3041] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 93.187919][ T3041] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 93.214499][ T2914] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 93.223275][ T2914] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 93.233332][ T2914] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 93.242147][ T2914] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 93.251849][ T9981] device veth0_vlan entered promiscuous mode [ 93.263945][ T9981] device veth1_vlan entered promiscuous mode [ 93.287665][ T3041] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 93.296663][ T3041] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 93.305749][ T3041] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 93.314785][ T3041] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 93.326801][ T9981] device veth0_macvtap entered promiscuous mode [ 93.339017][ T9981] device veth1_macvtap entered promiscuous mode [ 93.357152][ T9981] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.366879][ T2914] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 93.375463][ T2914] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 93.383721][ T2914] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 93.392400][ T2914] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 93.405921][ T9981] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.413434][ T3041] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 93.423240][ T3041] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 93.614544][ T9985] FAULT_INJECTION: forcing a failure. [ 93.614544][ T9985] name failslab, interval 1, probability 0, space 0, times 1 [ 93.627447][ T9985] CPU: 1 PID: 9985 Comm: syz-executor951 Not tainted 5.5.0-syzkaller #0 [ 93.635882][ T9985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 93.646107][ T9985] Call Trace: [ 93.649406][ T9985] dump_stack+0x197/0x210 [ 93.653850][ T9985] should_fail.cold+0xa/0x15 [ 93.658442][ T9985] ? fault_create_debugfs_attr+0x180/0x180 [ 93.664269][ T9985] ? ___might_sleep+0x163/0x2c0 [ 93.669379][ T9985] __should_failslab+0x121/0x190 [ 93.674319][ T9985] should_failslab+0x9/0x14 [ 93.678817][ T9985] kmem_cache_alloc_trace+0x2d3/0x790 [ 93.684769][ T9985] add+0xf83/0x1970 [ 93.688705][ T9985] wg_allowedips_insert_v4+0xf6/0x160 [ 93.694165][ T9985] ? wg_allowedips_free+0x390/0x390 [ 93.699361][ T9985] ? __nla_parse+0x43/0x60 [ 93.703793][ T9985] set_peer+0xfb9/0x1150 [ 93.708107][ T9985] ? wg_get_device_start+0x410/0x410 [ 93.713395][ T9985] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 93.719678][ T9985] ? full_name_hash+0xc0/0x100 [ 93.724541][ T9985] ? __nla_parse+0x43/0x60 [ 93.729167][ T9985] wg_set_device+0xbd4/0x1350 [ 93.733897][ T9985] ? set_peer+0x1150/0x1150 [ 93.738420][ T9985] ? __nla_parse+0x43/0x60 [ 93.742853][ T9985] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 93.749219][ T9985] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x300 [ 93.755567][ T9985] genl_rcv_msg+0x67d/0xea0 [ 93.760080][ T9985] ? genl_family_rcv_msg_attrs_parse+0x300/0x300 [ 93.766407][ T9985] ? __kasan_check_read+0x11/0x20 [ 93.771540][ T9985] ? find_held_lock+0x35/0x130 [ 93.776380][ T9985] netlink_rcv_skb+0x177/0x450 [ 93.781145][ T9985] ? genl_family_rcv_msg_attrs_parse+0x300/0x300 [ 93.787575][ T9985] ? netlink_ack+0xb50/0xb50 [ 93.792162][ T9985] ? __kasan_check_write+0x14/0x20 [ 93.797283][ T9985] ? netlink_deliver_tap+0x248/0xbf0 [ 93.802696][ T9985] genl_rcv+0x29/0x40 [ 93.806740][ T9985] netlink_unicast+0x59e/0x7e0 [ 93.811515][ T9985] ? netlink_attachskb+0x870/0x870 [ 93.816712][ T9985] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 93.822427][ T9985] ? __check_object_size+0x3d/0x437 [ 93.827649][ T9985] netlink_sendmsg+0x91c/0xea0 [ 93.832431][ T9985] ? netlink_unicast+0x7e0/0x7e0 [ 93.838790][ T9985] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 93.844338][ T9985] ? apparmor_socket_sendmsg+0x2a/0x30 [ 93.850083][ T9985] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 93.856326][ T9985] ? security_socket_sendmsg+0x8d/0xc0 [ 93.861802][ T9985] ? netlink_unicast+0x7e0/0x7e0 [ 93.866761][ T9985] sock_sendmsg+0xd7/0x130 [ 93.871239][ T9985] ____sys_sendmsg+0x753/0x880 [ 93.876005][ T9985] ? kernel_sendmsg+0x50/0x50 [ 93.880855][ T9985] ? __kasan_check_read+0x11/0x20 [ 93.885881][ T9985] ? __lock_acquire+0x8a0/0x4a00 [ 93.890920][ T9985] ___sys_sendmsg+0x100/0x170 [ 93.895632][ T9985] ? sendmsg_copy_msghdr+0x70/0x70 [ 93.900750][ T9985] ? lock_downgrade+0x920/0x920 [ 93.905589][ T9985] ? rcu_read_lock_held_common+0x130/0x130 [ 93.911394][ T9985] ? vfs_write+0x34c/0x5d0 [ 93.915891][ T9985] ? find_held_lock+0x35/0x130 [ 93.920686][ T9985] ? vfs_write+0x34c/0x5d0 [ 93.925138][ T9985] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 93.931556][ T9985] ? __fget_light+0x1ad/0x270 [ 93.936291][ T9985] ? __fdget+0x1b/0x20 [ 93.940357][ T9985] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 93.946596][ T9985] __sys_sendmsg+0x105/0x1d0 [ 93.952142][ T9985] ? __sys_sendmsg_sock+0xc0/0xc0 [ 93.957178][ T9985] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 93.962663][ T9985] ? do_syscall_64+0x26/0x790 [ 93.967391][ T9985] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 93.973466][ T9985] ? do_syscall_64+0x26/0x790 [ 93.978279][ T9985] __x64_sys_sendmsg+0x78/0xb0 [ 93.983084][ T9985] do_syscall_64+0xfa/0x790 [ 93.987588][ T9985] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 93.993476][ T9985] RIP: 0033:0x447029 [ 93.997375][ T9985] Code: e8 ac cb 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b ce fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 94.017059][ T9985] RSP: 002b:00007fff1971ecd8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 94.025668][ T9985] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000447029 [ 94.033633][ T9985] RDX: 0000000000000000 RSI: 0000000020001340 RDI: 0000000000000003 [ 94.041697][ T9985] RBP: 0000000000000000 R08: 0000000000000002 R09: 0000000001bbbbbb [ 94.049764][ T9985] R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff [ 94.057727][ T9985] R13: 0000000000000004 R14: 0000000000000000 R15: 0000000000000000 executing program [ 94.080517][ T9986] ================================================================== [ 94.088798][ T9986] BUG: KASAN: use-after-free in __list_del_entry_valid+0xdc/0xf5 [ 94.096507][ T9986] Read of size 8 at addr ffff8880a9ac3db8 by task syz-executor951/9986 [ 94.104809][ T9986] [ 94.107252][ T9986] CPU: 1 PID: 9986 Comm: syz-executor951 Not tainted 5.5.0-syzkaller #0 [ 94.115593][ T9986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 94.125643][ T9986] Call Trace: [ 94.128946][ T9986] dump_stack+0x197/0x210 [ 94.133262][ T9986] ? __list_del_entry_valid+0xdc/0xf5 [ 94.138677][ T9986] print_address_description.constprop.0.cold+0xd4/0x30b [ 94.145711][ T9986] ? __list_del_entry_valid+0xdc/0xf5 [ 94.151169][ T9986] ? __list_del_entry_valid+0xdc/0xf5 [ 94.157103][ T9986] __kasan_report.cold+0x1b/0x32 [ 94.162028][ T9986] ? __list_del_entry_valid+0xdc/0xf5 [ 94.167404][ T9986] kasan_report+0x12/0x20 [ 94.171807][ T9986] __asan_report_load8_noabort+0x14/0x20 [ 94.177588][ T9986] __list_del_entry_valid+0xdc/0xf5 [ 94.182892][ T9986] root_remove_peer_lists+0x24f/0x4b0 [ 94.188271][ T9986] ? root_free_rcu+0x320/0x320 [ 94.193032][ T9986] ? __kasan_check_read+0x11/0x20 [ 94.198410][ T9986] ? lock_acquire+0x190/0x410 [ 94.203487][ T9986] wg_allowedips_free+0x232/0x390 [ 94.208566][ T9986] ? wg_allowedips_init+0x90/0x90 [ 94.213614][ T9986] wg_peer_remove_all+0xd5/0x620 [ 94.218598][ T9986] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 94.224851][ T9986] ? full_name_hash+0xc0/0x100 [ 94.230607][ T9986] ? wg_peer_remove+0x340/0x340 [ 94.235646][ T9986] wg_set_device+0xd01/0x1350 [ 94.240664][ T9986] ? set_peer+0x1150/0x1150 [ 94.245171][ T9986] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 94.251669][ T9986] ? __nla_parse+0x43/0x60 [ 94.256092][ T9986] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 94.262389][ T9986] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x300 [ 94.268836][ T9986] genl_rcv_msg+0x67d/0xea0 [ 94.273454][ T9986] ? genl_family_rcv_msg_attrs_parse+0x300/0x300 [ 94.280125][ T9986] ? __kasan_check_read+0x11/0x20 [ 94.285467][ T9986] ? find_held_lock+0x35/0x130 [ 94.290354][ T9986] netlink_rcv_skb+0x177/0x450 [ 94.295268][ T9986] ? genl_family_rcv_msg_attrs_parse+0x300/0x300 [ 94.301620][ T9986] ? netlink_ack+0xb50/0xb50 [ 94.306844][ T9986] ? __kasan_check_write+0x14/0x20 [ 94.311960][ T9986] ? netlink_deliver_tap+0x248/0xbf0 [ 94.317858][ T9986] genl_rcv+0x29/0x40 [ 94.322138][ T9986] netlink_unicast+0x59e/0x7e0 [ 94.326993][ T9986] ? netlink_attachskb+0x870/0x870 [ 94.332129][ T9986] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 94.337872][ T9986] ? __check_object_size+0x3d/0x437 [ 94.343089][ T9986] netlink_sendmsg+0x91c/0xea0 [ 94.347903][ T9986] ? netlink_unicast+0x7e0/0x7e0 [ 94.352936][ T9986] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 94.358550][ T9986] ? apparmor_socket_sendmsg+0x2a/0x30 [ 94.364307][ T9986] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 94.370655][ T9986] ? security_socket_sendmsg+0x8d/0xc0 [ 94.376625][ T9986] ? netlink_unicast+0x7e0/0x7e0 [ 94.381714][ T9986] sock_sendmsg+0xd7/0x130 [ 94.386203][ T9986] ____sys_sendmsg+0x753/0x880 [ 94.390975][ T9986] ? kernel_sendmsg+0x50/0x50 [ 94.395743][ T9986] ? __kasan_check_read+0x11/0x20 [ 94.400945][ T9986] ? __lock_acquire+0x8a0/0x4a00 [ 94.405897][ T9986] ___sys_sendmsg+0x100/0x170 [ 94.410679][ T9986] ? sendmsg_copy_msghdr+0x70/0x70 [ 94.416297][ T9986] ? lock_downgrade+0x920/0x920 [ 94.421150][ T9986] ? rcu_read_lock_held_common+0x130/0x130 [ 94.427047][ T9986] ? vfs_write+0x34c/0x5d0 [ 94.431464][ T9986] ? find_held_lock+0x35/0x130 [ 94.436477][ T9986] ? vfs_write+0x34c/0x5d0 [ 94.441013][ T9986] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 94.447540][ T9986] ? __fget_light+0x1ad/0x270 [ 94.452213][ T9986] ? __fdget+0x1b/0x20 [ 94.456277][ T9986] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 94.462537][ T9986] __sys_sendmsg+0x105/0x1d0 [ 94.467134][ T9986] ? __sys_sendmsg_sock+0xc0/0xc0 [ 94.472284][ T9986] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 94.477846][ T9986] ? do_syscall_64+0x26/0x790 [ 94.482570][ T9986] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 94.488699][ T9986] ? do_syscall_64+0x26/0x790 [ 94.493511][ T9986] __x64_sys_sendmsg+0x78/0xb0 [ 94.498300][ T9986] do_syscall_64+0xfa/0x790 [ 94.502855][ T9986] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 94.509006][ T9986] RIP: 0033:0x447029 [ 94.512897][ T9986] Code: e8 ac cb 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b ce fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 94.532569][ T9986] RSP: 002b:00007fff1971ecd8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 94.541134][ T9986] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000447029 [ 94.549141][ T9986] RDX: 0000000000000000 RSI: 0000000020001340 RDI: 0000000000000003 [ 94.557209][ T9986] RBP: 0000000000000000 R08: 0000000000000002 R09: 0000000000000000 [ 94.565191][ T9986] R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff [ 94.573760][ T9986] R13: 0000000000000004 R14: 0000000000000000 R15: 0000000000000000 [ 94.581751][ T9986] [ 94.585284][ T9986] Allocated by task 9985: [ 94.589863][ T9986] save_stack+0x23/0x90 [ 94.594008][ T9986] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 94.599765][ T9986] kasan_kmalloc+0x9/0x10 [ 94.604190][ T9986] kmem_cache_alloc_trace+0x158/0x790 [ 94.609594][ T9986] add+0x70a/0x1970 [ 94.613490][ T9986] wg_allowedips_insert_v4+0xf6/0x160 [ 94.618995][ T9986] set_peer+0xfb9/0x1150 [ 94.623423][ T9986] wg_set_device+0xbd4/0x1350 [ 94.628152][ T9986] genl_rcv_msg+0x67d/0xea0 [ 94.632655][ T9986] netlink_rcv_skb+0x177/0x450 [ 94.637473][ T9986] genl_rcv+0x29/0x40 [ 94.641640][ T9986] netlink_unicast+0x59e/0x7e0 [ 94.646942][ T9986] netlink_sendmsg+0x91c/0xea0 [ 94.651725][ T9986] sock_sendmsg+0xd7/0x130 [ 94.656149][ T9986] ____sys_sendmsg+0x753/0x880 [ 94.660906][ T9986] ___sys_sendmsg+0x100/0x170 [ 94.665576][ T9986] __sys_sendmsg+0x105/0x1d0 [ 94.670168][ T9986] __x64_sys_sendmsg+0x78/0xb0 [ 94.674927][ T9986] do_syscall_64+0xfa/0x790 [ 94.679449][ T9986] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 94.685321][ T9986] [ 94.687697][ T9986] Freed by task 9985: [ 94.691766][ T9986] save_stack+0x23/0x90 [ 94.695914][ T9986] __kasan_slab_free+0x102/0x150 [ 94.700839][ T9986] kasan_slab_free+0xe/0x10 [ 94.705361][ T9986] kfree+0x10a/0x2c0 [ 94.709250][ T9986] add+0x12d2/0x1970 [ 94.713352][ T9986] wg_allowedips_insert_v4+0xf6/0x160 [ 94.718812][ T9986] set_peer+0xfb9/0x1150 [ 94.723077][ T9986] wg_set_device+0xbd4/0x1350 [ 94.727744][ T9986] genl_rcv_msg+0x67d/0xea0 [ 94.732367][ T9986] netlink_rcv_skb+0x177/0x450 [ 94.737184][ T9986] genl_rcv+0x29/0x40 [ 94.741158][ T9986] netlink_unicast+0x59e/0x7e0 [ 94.745913][ T9986] netlink_sendmsg+0x91c/0xea0 [ 94.750820][ T9986] sock_sendmsg+0xd7/0x130 [ 94.755237][ T9986] ____sys_sendmsg+0x753/0x880 [ 94.760002][ T9986] ___sys_sendmsg+0x100/0x170 [ 94.764676][ T9986] __sys_sendmsg+0x105/0x1d0 [ 94.769460][ T9986] __x64_sys_sendmsg+0x78/0xb0 [ 94.774282][ T9986] do_syscall_64+0xfa/0x790 [ 94.778792][ T9986] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 94.784900][ T9986] [ 94.787264][ T9986] The buggy address belongs to the object at ffff8880a9ac3d80 [ 94.787264][ T9986] which belongs to the cache kmalloc-64 of size 64 [ 94.801140][ T9986] The buggy address is located 56 bytes inside of [ 94.801140][ T9986] 64-byte region [ffff8880a9ac3d80, ffff8880a9ac3dc0) [ 94.814280][ T9986] The buggy address belongs to the page: [ 94.820000][ T9986] page:ffffea0002a6b0c0 refcount:1 mapcount:0 mapping:ffff8880aa400380 index:0x0 [ 94.829107][ T9986] raw: 00fffe0000000200 ffffea00025f2888 ffff8880aa401348 ffff8880aa400380 [ 94.837700][ T9986] raw: 0000000000000000 ffff8880a9ac3000 0000000100000020 0000000000000000 [ 94.846286][ T9986] page dumped because: kasan: bad access detected [ 94.852707][ T9986] [ 94.855044][ T9986] Memory state around the buggy address: [ 94.860675][ T9986] ffff8880a9ac3c80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 94.869053][ T9986] ffff8880a9ac3d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 94.877235][ T9986] >ffff8880a9ac3d80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 94.885282][ T9986] ^ [ 94.891288][ T9986] ffff8880a9ac3e00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 94.899352][ T9986] ffff8880a9ac3e80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 94.907633][ T9986] ================================================================== [ 94.916062][ T9986] Disabling lock debugging due to kernel taint [ 94.927376][ T9986] Kernel panic - not syncing: panic_on_warn set ... [ 94.933972][ T9986] CPU: 1 PID: 9986 Comm: syz-executor951 Tainted: G B 5.5.0-syzkaller #0 [ 94.943811][ T9986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 94.953952][ T9986] Call Trace: [ 94.957247][ T9986] dump_stack+0x197/0x210 [ 94.961671][ T9986] panic+0x2e3/0x75c [ 94.965578][ T9986] ? add_taint.cold+0x16/0x16 [ 94.970372][ T9986] ? __list_del_entry_valid+0xdc/0xf5 [ 94.975755][ T9986] ? preempt_schedule+0x4b/0x60 [ 94.980611][ T9986] ? ___preempt_schedule+0x16/0x18 [ 94.985715][ T9986] ? trace_hardirqs_on+0x5e/0x240 [ 94.990729][ T9986] ? __list_del_entry_valid+0xdc/0xf5 [ 94.996094][ T9986] end_report+0x47/0x4f [ 95.000235][ T9986] ? __list_del_entry_valid+0xdc/0xf5 [ 95.005724][ T9986] __kasan_report.cold+0xe/0x32 [ 95.010683][ T9986] ? __list_del_entry_valid+0xdc/0xf5 [ 95.016047][ T9986] kasan_report+0x12/0x20 [ 95.020375][ T9986] __asan_report_load8_noabort+0x14/0x20 [ 95.026106][ T9986] __list_del_entry_valid+0xdc/0xf5 [ 95.031301][ T9986] root_remove_peer_lists+0x24f/0x4b0 [ 95.036666][ T9986] ? root_free_rcu+0x320/0x320 [ 95.041420][ T9986] ? __kasan_check_read+0x11/0x20 [ 95.046555][ T9986] ? lock_acquire+0x190/0x410 [ 95.051457][ T9986] wg_allowedips_free+0x232/0x390 [ 95.056540][ T9986] ? wg_allowedips_init+0x90/0x90 [ 95.061558][ T9986] wg_peer_remove_all+0xd5/0x620 [ 95.066497][ T9986] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 95.072788][ T9986] ? full_name_hash+0xc0/0x100 [ 95.077549][ T9986] ? wg_peer_remove+0x340/0x340 [ 95.082449][ T9986] wg_set_device+0xd01/0x1350 [ 95.087132][ T9986] ? set_peer+0x1150/0x1150 [ 95.091628][ T9986] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 95.098589][ T9986] ? __nla_parse+0x43/0x60 [ 95.103023][ T9986] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 95.109325][ T9986] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x300 [ 95.115650][ T9986] genl_rcv_msg+0x67d/0xea0 [ 95.120153][ T9986] ? genl_family_rcv_msg_attrs_parse+0x300/0x300 [ 95.126469][ T9986] ? __kasan_check_read+0x11/0x20 [ 95.131491][ T9986] ? find_held_lock+0x35/0x130 [ 95.136357][ T9986] netlink_rcv_skb+0x177/0x450 [ 95.141114][ T9986] ? genl_family_rcv_msg_attrs_parse+0x300/0x300 [ 95.147553][ T9986] ? netlink_ack+0xb50/0xb50 [ 95.152355][ T9986] ? __kasan_check_write+0x14/0x20 [ 95.157471][ T9986] ? netlink_deliver_tap+0x248/0xbf0 [ 95.162760][ T9986] genl_rcv+0x29/0x40 [ 95.166736][ T9986] netlink_unicast+0x59e/0x7e0 [ 95.171550][ T9986] ? netlink_attachskb+0x870/0x870 [ 95.176699][ T9986] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 95.182410][ T9986] ? __check_object_size+0x3d/0x437 [ 95.187630][ T9986] netlink_sendmsg+0x91c/0xea0 [ 95.192522][ T9986] ? netlink_unicast+0x7e0/0x7e0 [ 95.197588][ T9986] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 95.203127][ T9986] ? apparmor_socket_sendmsg+0x2a/0x30 [ 95.208584][ T9986] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 95.214943][ T9986] ? security_socket_sendmsg+0x8d/0xc0 [ 95.220597][ T9986] ? netlink_unicast+0x7e0/0x7e0 [ 95.225685][ T9986] sock_sendmsg+0xd7/0x130 [ 95.230155][ T9986] ____sys_sendmsg+0x753/0x880 [ 95.234965][ T9986] ? kernel_sendmsg+0x50/0x50 [ 95.239633][ T9986] ? __kasan_check_read+0x11/0x20 [ 95.244823][ T9986] ? __lock_acquire+0x8a0/0x4a00 [ 95.249799][ T9986] ___sys_sendmsg+0x100/0x170 [ 95.254546][ T9986] ? sendmsg_copy_msghdr+0x70/0x70 [ 95.259654][ T9986] ? lock_downgrade+0x920/0x920 [ 95.264521][ T9986] ? rcu_read_lock_held_common+0x130/0x130 [ 95.270317][ T9986] ? vfs_write+0x34c/0x5d0 [ 95.274747][ T9986] ? find_held_lock+0x35/0x130 [ 95.279507][ T9986] ? vfs_write+0x34c/0x5d0 [ 95.283949][ T9986] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 95.290187][ T9986] ? __fget_light+0x1ad/0x270 [ 95.294867][ T9986] ? __fdget+0x1b/0x20 [ 95.298929][ T9986] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 95.305165][ T9986] __sys_sendmsg+0x105/0x1d0 [ 95.309842][ T9986] ? __sys_sendmsg_sock+0xc0/0xc0 [ 95.315023][ T9986] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 95.320464][ T9986] ? do_syscall_64+0x26/0x790 [ 95.325142][ T9986] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 95.332480][ T9986] ? do_syscall_64+0x26/0x790 [ 95.337156][ T9986] __x64_sys_sendmsg+0x78/0xb0 [ 95.341917][ T9986] do_syscall_64+0xfa/0x790 [ 95.346443][ T9986] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 95.352323][ T9986] RIP: 0033:0x447029 [ 95.356415][ T9986] Code: e8 ac cb 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b ce fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 95.376054][ T9986] RSP: 002b:00007fff1971ecd8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 95.384508][ T9986] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000447029 [ 95.392508][ T9986] RDX: 0000000000000000 RSI: 0000000020001340 RDI: 0000000000000003 [ 95.400524][ T9986] RBP: 0000000000000000 R08: 0000000000000002 R09: 0000000000000000 [ 95.408482][ T9986] R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff [ 95.416446][ T9986] R13: 0000000000000004 R14: 0000000000000000 R15: 0000000000000000 [ 95.426470][ T9986] Kernel Offset: disabled [ 95.430839][ T9986] Rebooting in 86400 seconds..