Warning: Permanently added '10.128.1.136' (ED25519) to the list of known hosts. [ 25.802478][ T23] audit: type=1400 audit(1742863438.890:66): avc: denied { execmem } for pid=352 comm="syz-executor107" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 25.810786][ T352] cgroup1: Unknown subsys name 'net' [ 25.821740][ T23] audit: type=1400 audit(1742863438.900:67): avc: denied { mounton } for pid=352 comm="syz-executor107" path="/syzcgroup/unified" dev="sda1" ino=1926 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 25.827065][ T352] cgroup1: Unknown subsys name 'net_prio' [ 25.849533][ T23] audit: type=1400 audit(1742863438.900:68): avc: denied { mount } for pid=352 comm="syz-executor107" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 25.877561][ T352] cgroup1: Unknown subsys name 'devices' [ 25.883991][ T23] audit: type=1400 audit(1742863438.970:69): avc: denied { unmount } for pid=352 comm="syz-executor107" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 25.990560][ T352] cgroup1: Unknown subsys name 'hugetlb' [ 25.996189][ T352] cgroup1: Unknown subsys name 'rlimit' [ 26.179782][ T23] audit: type=1400 audit(1742863439.270:70): avc: denied { mounton } for pid=352 comm="syz-executor107" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 26.204720][ T23] audit: type=1400 audit(1742863439.270:71): avc: denied { mount } for pid=352 comm="syz-executor107" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 26.233453][ T354] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 26.242170][ T23] audit: type=1400 audit(1742863439.330:72): avc: denied { relabelto } for pid=354 comm="mkswap" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 26.267385][ T23] audit: type=1400 audit(1742863439.330:73): avc: denied { write } for pid=354 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 26.299103][ T23] audit: type=1400 audit(1742863439.390:74): avc: denied { read } for pid=352 comm="syz-executor107" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 26.324671][ T23] audit: type=1400 audit(1742863439.390:75): avc: denied { open } for pid=352 comm="syz-executor107" path="/root/swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 26.350871][ T352] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 26.537870][ T362] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.544724][ T362] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.552335][ T362] device bridge_slave_0 entered promiscuous mode [ 26.584143][ T361] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.591031][ T361] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.598537][ T361] device bridge_slave_0 entered promiscuous mode [ 26.605081][ T362] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.612120][ T362] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.619593][ T362] device bridge_slave_1 entered promiscuous mode [ 26.642140][ T361] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.649088][ T361] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.656307][ T361] device bridge_slave_1 entered promiscuous mode [ 26.739739][ T365] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.746590][ T365] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.754144][ T365] device bridge_slave_0 entered promiscuous mode [ 26.760882][ T363] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.767931][ T363] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.775258][ T363] device bridge_slave_0 entered promiscuous mode [ 26.786267][ T363] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.793353][ T363] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.800880][ T363] device bridge_slave_1 entered promiscuous mode [ 26.817802][ T365] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.824644][ T365] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.832089][ T365] device bridge_slave_1 entered promiscuous mode [ 26.857428][ T364] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.864283][ T364] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.871978][ T364] device bridge_slave_0 entered promiscuous mode [ 26.882822][ T364] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.889691][ T364] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.897086][ T364] device bridge_slave_1 entered promiscuous mode [ 27.075467][ T361] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.082343][ T361] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.089474][ T361] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.096204][ T361] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.114081][ T362] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.120947][ T362] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.128075][ T362] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.134819][ T362] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.157086][ T364] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.163972][ T364] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.171126][ T364] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.177973][ T364] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.210684][ T365] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.217547][ T365] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.224713][ T365] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.231562][ T365] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.272320][ T363] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.279281][ T363] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.286395][ T363] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.293179][ T363] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.307542][ T103] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.314625][ T103] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.321849][ T103] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.329122][ T103] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.336103][ T103] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.343203][ T103] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.350423][ T103] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.357710][ T103] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.364690][ T103] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.372220][ T103] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.380091][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 27.387426][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 27.408186][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 27.416419][ T103] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.423264][ T103] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.446772][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 27.454240][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 27.462681][ T103] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.469534][ T103] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.478464][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 27.485739][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 27.501337][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 27.509397][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 27.517926][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 27.526589][ T103] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.533441][ T103] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.552096][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 27.560655][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 27.568830][ T103] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.575656][ T103] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.583479][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 27.592062][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 27.600479][ T103] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.607319][ T103] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.614526][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 27.623200][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 27.631388][ T103] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.638324][ T103] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.645476][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 27.653773][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 27.661867][ T103] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.668712][ T103] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.697530][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 27.706052][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 27.714218][ T103] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.721060][ T103] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.729916][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 27.738693][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 27.768810][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 27.777031][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 27.785421][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 27.793439][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 27.801511][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 27.809885][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 27.817190][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 27.825374][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 27.833260][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 27.841439][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 27.849606][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 27.857936][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 27.865959][ T103] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.872810][ T103] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.880154][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 27.888432][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 27.896450][ T103] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.903301][ T103] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.939189][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 27.948936][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 27.956786][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 27.965947][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 27.974505][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 27.982786][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 27.991011][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 27.998861][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 28.006554][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 28.014825][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 28.023267][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 28.031269][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 28.063806][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 28.071933][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 28.082786][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 28.091564][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 28.101136][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 28.115832][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 28.123895][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 28.132318][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 28.143075][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 28.151233][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 28.172234][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 28.180730][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 28.189586][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 28.197792][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 28.205966][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 28.214326][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 28.247924][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 28.255937][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 28.264473][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 28.273338][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 28.281942][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 28.290350][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready executing program executing program [ 28.307363][ T361] request_module fs-gadgetfs succeeded, but still no fs? [ 28.314453][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 28.323289][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 28.342721][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 28.397207][ C1] hrtimer: interrupt took 15838 ns [ 28.582984][ T363] IPv6: batadv_slave_0: Failed to add prefix route for address fe80::3d; dropping [ 28.984168][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 29.003083][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 29.026686][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 29.037721][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 29.054897][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 29.077629][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 29.118849][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 29.434455][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 29.445389][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 29.455523][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 29.472540][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 29.668363][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 29.698959][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program executing program executing program executing program executing program [ 34.177282][ T23] kauditd_printk_skb: 22 callbacks suppressed [ 34.177292][ T23] audit: type=1400 audit(1742863447.100:98): avc: denied { map_read map_write } for pid=386 comm="syz-executor107" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 66.337628][ T13] cfg80211: failed to load regulatory.db executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 79.596171][ T493] syz-executor107 (493) used greatest stack depth: 22304 bytes left executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 103.894931][ T109] ================================================================== [ 103.902870][ T109] BUG: KASAN: slab-out-of-bounds in enqueue_timer+0xb7/0x300 [ 103.910037][ T109] Write of size 8 at addr ffff8881d6c071c8 by task kworker/1:2/109 [ 103.917753][ T109] [ 103.919944][ T109] CPU: 1 PID: 109 Comm: kworker/1:2 Not tainted 5.4.290-syzkaller-00002-g41adfeb3d639 #0 [ 103.929560][ T109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 103.939469][ T109] Workqueue: wg-crypt-wg0 wg_packet_tx_worker [ 103.945359][ T109] Call Trace: [ 103.948492][ T109] dump_stack+0x1d8/0x241 [ 103.952656][ T109] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 103.958298][ T109] ? printk+0xd1/0x111 [ 103.962206][ T109] ? enqueue_timer+0xb7/0x300 [ 103.966711][ T109] ? wake_up_klogd+0xb2/0xf0 [ 103.971143][ T109] ? enqueue_timer+0xb7/0x300 [ 103.975661][ T109] print_address_description+0x8c/0x600 [ 103.981035][ T109] ? panic+0x89d/0x89d [ 103.984943][ T109] ? enqueue_timer+0xb7/0x300 [ 103.989451][ T109] __kasan_report+0xf3/0x120 [ 103.993887][ T109] ? enqueue_timer+0xb7/0x300 [ 103.998391][ T109] kasan_report+0x30/0x60 [ 104.002994][ T109] enqueue_timer+0xb7/0x300 [ 104.007332][ T109] internal_add_timer+0x240/0x430 [ 104.012199][ T109] __mod_timer+0x6f1/0x13e0 [ 104.016540][ T109] ? mod_timer_pending+0x20/0x20 [ 104.021309][ T109] ? _raw_spin_unlock_irqrestore+0x57/0x80 [ 104.026946][ T109] ? try_to_wake_up+0x7c5/0x14f0 [ 104.031724][ T109] wg_timers_any_authenticated_packet_traversal+0x126/0x180 [ 104.038835][ T109] wg_packet_tx_worker+0x147/0x490 [ 104.043784][ T109] process_one_work+0x765/0xd20 [ 104.048469][ T109] worker_thread+0xaef/0x1470 [ 104.052983][ T109] kthread+0x2da/0x360 [ 104.056889][ T109] ? worker_clr_flags+0x170/0x170 [ 104.061745][ T109] ? kthread_blkcg+0xd0/0xd0 [ 104.066371][ T109] ret_from_fork+0x1f/0x30 [ 104.070622][ T109] [ 104.072788][ T109] Allocated by task 0: [ 104.076694][ T109] (stack is not available) [ 104.080945][ T109] [ 104.083132][ T109] Freed by task 0: [ 104.086673][ T109] (stack is not available) [ 104.090925][ T109] [ 104.093102][ T109] The buggy address belongs to the object at ffff8881d6c07000 [ 104.093102][ T109] which belongs to the cache kmalloc-512 of size 512 [ 104.107078][ T109] The buggy address is located 456 bytes inside of [ 104.107078][ T109] 512-byte region [ffff8881d6c07000, ffff8881d6c07200) [ 104.120184][ T109] The buggy address belongs to the page: [ 104.125661][ T109] page:ffffea00075b0100 refcount:1 mapcount:0 mapping:ffff8881f5c02500 index:0x0 compound_mapcount: 0 [ 104.136624][ T109] flags: 0x8000000000010200(slab|head) [ 104.141973][ T109] raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881f5c02500 [ 104.150389][ T109] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 104.158802][ T109] page dumped because: kasan: bad access detected [ 104.165057][ T109] page_owner tracks the page as allocated [ 104.170613][ T109] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d60c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL) [ 104.188577][ T109] prep_new_page+0x18f/0x370 [ 104.193000][ T109] get_page_from_freelist+0x2d13/0x2d90 [ 104.198383][ T109] __alloc_pages_nodemask+0x393/0x840 [ 104.203589][ T109] alloc_slab_page+0x39/0x3c0 [ 104.208102][ T109] new_slab+0x97/0x440 [ 104.212006][ T109] ___slab_alloc+0x2fe/0x490 [ 104.216433][ T109] __slab_alloc+0x62/0xa0 [ 104.220598][ T109] __kmalloc+0x19b/0x2e0 [ 104.224678][ T109] kvmalloc_node+0x7e/0xf0 [ 104.228932][ T109] alloc_netdev_mqs+0x5d7/0xc70 [ 104.233617][ T109] tun_set_iff+0x51f/0xdc0 [ 104.237872][ T109] __tun_chr_ioctl+0x8a9/0x1d00 [ 104.242558][ T109] do_vfs_ioctl+0x742/0x1720 [ 104.246985][ T109] __x64_sys_ioctl+0xd4/0x110 [ 104.251525][ T109] do_syscall_64+0xca/0x1c0 [ 104.255854][ T109] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 104.261561][ T109] page last free stack trace: [ 104.266080][ T109] __free_pages_ok+0x847/0x950 [ 104.270678][ T109] __free_pages+0x91/0x140 [ 104.274929][ T109] device_release+0x6b/0x190 [ 104.279359][ T109] kobject_put+0x1e6/0x2f0 [ 104.283609][ T109] tun_set_iff+0x870/0xdc0 [ 104.287865][ T109] __tun_chr_ioctl+0x8a9/0x1d00 [ 104.292552][ T109] do_vfs_ioctl+0x742/0x1720 [ 104.296976][ T109] __x64_sys_ioctl+0xd4/0x110 [ 104.301490][ T109] do_syscall_64+0xca/0x1c0 [ 104.305829][ T109] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 104.311552][ T109] [ 104.313722][ T109] Memory state around the buggy address: [ 104.319196][ T109] ffff8881d6c07080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 104.327094][ T109] ffff8881d6c07100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 104.334989][ T109] >ffff8881d6c07180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 104.342972][ T109] ^ [ 104.349312][ T109] ffff8881d6c07200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 104.357213][ T109] ffff8881d6c07280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 104.365103][ T109] ================================================================== [ 104.373000][ T109] Disabling lock debugging due to kernel taint executing program [ 104.903506][ C1] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 104.911138][ C1] #PF: supervisor instruction fetch in kernel mode [ 104.917485][ C1] #PF: error_code(0x0010) - not-present page [ 104.923289][ C1] PGD 0 P4D 0 [ 104.926506][ C1] Oops: 0010 [#1] PREEMPT SMP KASAN [ 104.931544][ C1] CPU: 1 PID: 558 Comm: syz-executor107 Tainted: G B 5.4.290-syzkaller-00002-g41adfeb3d639 #0 [ 104.942905][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 104.952830][ C1] RIP: 0010:0x0 [ 104.956102][ C1] Code: Bad RIP value. [ 104.960006][ C1] RSP: 0018:ffff8881f6f09d18 EFLAGS: 00010206 [ 104.965907][ C1] RAX: ffffffff8154e8ca RBX: 0000000000000100 RCX: ffff8881d7928fc0 [ 104.973717][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: ffff8881d6c071c0 [ 104.981532][ C1] RBP: ffff8881f6f09ec8 R08: ffffffff8154e50e R09: 0000000000000003 [ 104.989340][ C1] R10: ffffffffffffffff R11: dffffc0000000001 R12: 00000000ffffb310 [ 104.997156][ C1] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8881d6c071c0 [ 105.004963][ C1] FS: 000055555c492380(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 105.013727][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 105.020154][ C1] CR2: ffffffffffffffd6 CR3: 00000001ea07a000 CR4: 00000000003406a0 [ 105.027963][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 105.035777][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 105.043579][ C1] Call Trace: [ 105.046704][ C1] [ 105.049409][ C1] ? __die+0xb4/0x100 [ 105.053222][ C1] ? no_context+0xac7/0xd20 [ 105.057568][ C1] ? is_prefetch+0x4b0/0x4b0 [ 105.061993][ C1] ? wg_packet_send_staged_packets+0xe12/0x1430 [ 105.068074][ C1] ? __do_page_fault+0xa72/0xbb0 [ 105.072840][ C1] ? __bad_area_nosemaphore+0xc0/0x470 [ 105.078136][ C1] ? page_fault+0x2f/0x40 [ 105.082298][ C1] ? __run_timers+0x84e/0xbe0 [ 105.086812][ C1] ? call_timer_fn+0x2a/0x390 [ 105.091323][ C1] call_timer_fn+0x36/0x390 [ 105.095666][ C1] __run_timers+0x879/0xbe0 [ 105.100005][ C1] ? enqueue_timer+0x300/0x300 [ 105.104604][ C1] ? check_preemption_disabled+0x9f/0x320 [ 105.110246][ C1] ? debug_smp_processor_id+0x20/0x20 [ 105.115451][ C1] ? lapic_next_event+0x5b/0x70 [ 105.120148][ C1] run_timer_softirq+0x63/0xf0 [ 105.124740][ C1] __do_softirq+0x23b/0x6b7 [ 105.129085][ C1] irq_exit+0x195/0x1c0 [ 105.133083][ C1] smp_apic_timer_interrupt+0x11a/0x490 [ 105.138539][ C1] apic_timer_interrupt+0xf/0x20 [ 105.143481][ C1] [ 105.146294][ C1] RIP: 0010:__sanitizer_cov_trace_pc+0x22/0x50 [ 105.152302][ C1] Code: 90 90 90 90 90 90 90 90 48 8b 04 24 65 48 8b 0d 74 42 9e 7e 65 8b 15 79 42 9e 7e f7 c2 00 01 1f 00 74 01 c3 8b 91 00 0a 00 00 <83> fa 02 75 f4 48 8b 91 08 0a 00 00 48 8b 32 48 8d 7e 01 8b 89 04 [ 105.171719][ C1] RSP: 0018:ffff8881d736eee0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 105.179966][ C1] RAX: ffffffff8153c512 RBX: ffff8881d736f020 RCX: ffff8881d7928fc0 [ 105.187782][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 105.195592][ C1] RBP: 1ffff1103ae6de05 R08: ffffffff8153c4cf R09: ffff8881d736ef90 [ 105.203484][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff1103ae6de05 [ 105.211296][ C1] R13: 0000000000000006 R14: 0000000000000000 R15: 1ffff1103ae6de06 [ 105.219117][ C1] ? stack_trace_consume_entry+0x9f/0x240 [ 105.224668][ C1] ? stack_trace_consume_entry+0xe2/0x240 [ 105.230223][ C1] stack_trace_consume_entry+0xe2/0x240 [ 105.235603][ C1] ? htab_map_alloc+0x638/0x930 [ 105.240289][ C1] ? stack_trace_save+0x1c0/0x1c0 [ 105.245147][ C1] arch_stack_walk+0x105/0x140 [ 105.249754][ C1] ? htab_map_alloc+0x638/0x930 [ 105.254437][ C1] stack_trace_save+0x118/0x1c0 [ 105.259123][ C1] ? _raw_spin_unlock_irq+0x4a/0x60 [ 105.264157][ C1] ? stack_trace_snprint+0x170/0x170 [ 105.269281][ C1] ? __schedule+0xb0d/0x1320 [ 105.273709][ C1] save_stack+0x95/0x880 [ 105.277781][ C1] ? is_mmconf_reserved+0x430/0x430 [ 105.282821][ C1] ? __reset_page_owner+0x100/0x100 [ 105.287940][ C1] ? prep_new_page+0x18f/0x370 [ 105.292538][ C1] ? get_page_from_freelist+0x2d13/0x2d90 [ 105.298095][ C1] ? __alloc_pages_nodemask+0x393/0x840 [ 105.303472][ C1] ? pcpu_populate_chunk+0x1bb/0xd00 [ 105.308593][ C1] ? pcpu_alloc+0x79e/0x1050 [ 105.313144][ C1] ? prealloc_init+0x238/0x800 [ 105.317746][ C1] ? apic_timer_interrupt+0xa/0x20 [ 105.322694][ C1] __set_page_owner+0x33/0x1e0 [ 105.327294][ C1] prep_new_page+0x18f/0x370 [ 105.331811][ C1] get_page_from_freelist+0x2d13/0x2d90 [ 105.337186][ C1] ? update_load_avg+0x40f/0x1210 [ 105.342050][ C1] ? check_preemption_disabled+0x9f/0x320 [ 105.347603][ C1] ? apic_timer_interrupt+0xa/0x20 [ 105.352549][ C1] ? __alloc_pages_nodemask+0x840/0x840 [ 105.357932][ C1] ? _raw_spin_unlock_irqrestore+0x4d/0x80 [ 105.363574][ C1] __alloc_pages_nodemask+0x393/0x840 [ 105.368782][ C1] ? gfp_pfmemalloc_allowed+0x120/0x120 [ 105.374167][ C1] ? find_next_bit+0x7b/0x100 [ 105.378672][ C1] pcpu_populate_chunk+0x1bb/0xd00 [ 105.383626][ C1] ? _raw_spin_unlock_irqrestore+0x4d/0x80 [ 105.389261][ C1] ? find_next_bit+0xc3/0x100 [ 105.393772][ C1] pcpu_alloc+0x79e/0x1050 [ 105.398029][ C1] prealloc_init+0x238/0x800 [ 105.402454][ C1] htab_map_alloc+0x638/0x930 [ 105.406965][ C1] __se_sys_bpf+0x3291/0xbcb0 [ 105.411483][ C1] ? event_function+0x2c0/0x2c0 [ 105.416165][ C1] ? ctx_resched+0x2cf/0x390 [ 105.420592][ C1] ? __x64_sys_bpf+0x80/0x80 [ 105.425017][ C1] ? check_preemption_disabled+0x9f/0x320 [ 105.430575][ C1] ? __memcg_kmem_charge_memcg+0x140/0x140 [ 105.436213][ C1] ? check_preemption_disabled+0x9f/0x320 [ 105.441770][ C1] ? __alloc_pages_nodemask+0x393/0x840 [ 105.447249][ C1] ? debug_smp_processor_id+0x20/0x20 [ 105.452451][ C1] ? check_preemption_disabled+0x9f/0x320 [ 105.458010][ C1] ? check_preemption_disabled+0x9f/0x320 [ 105.463556][ C1] ? debug_smp_processor_id+0x20/0x20 [ 105.468761][ C1] ? debug_smp_processor_id+0x20/0x20 [ 105.473968][ C1] ? apic_timer_interrupt+0xa/0x20 [ 105.478918][ C1] ? check_preemption_disabled+0x91/0x320 [ 105.484474][ C1] ? __lru_cache_add+0x206/0x2b0 [ 105.489246][ C1] ? _raw_spin_unlock+0x49/0x60 [ 105.493930][ C1] ? handle_mm_fault+0x1cbe/0x4920 [ 105.498884][ C1] ? finish_fault+0x230/0x230 [ 105.503392][ C1] ? __se_sys_perf_event_open+0x3503/0x37c0 [ 105.509122][ C1] ? up_read+0x6f/0x1b0 [ 105.513112][ C1] ? down_write_trylock+0x130/0x130 [ 105.518145][ C1] ? check_preemption_disabled+0x153/0x320 [ 105.523792][ C1] ? __do_page_fault+0x725/0xbb0 [ 105.528563][ C1] do_syscall_64+0xca/0x1c0 [ 105.532902][ C1] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 105.538633][ C1] RIP: 0033:0x7ffb842fad19 [ 105.542887][ C1] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 1f 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 105.562415][ C1] RSP: 002b:00007ffcaf9f42d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 105.570662][ C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ffb842fad19 [ 105.578483][ C1] RDX: 0000000000000048 RSI: 0000200000000840 RDI: 0000000000000000 [ 105.586285][ C1] RBP: 0000000000000000 R08: 00007ffcaf9f3e40 R09: 00007ffcaf9f3e40 [ 105.594095][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 105.601908][ C1] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 105.609721][ C1] Modules linked in: [ 105.613467][ C1] CR2: 0000000000000000 [ 105.617452][ C1] ---[ end trace 192a5527b4d6daf4 ]--- [ 105.622740][ C1] RIP: 0010:0x0 [ 105.626041][ C1] Code: Bad RIP value. [ 105.629938][ C1] RSP: 0018:ffff8881f6f09d18 EFLAGS: 00010206 [ 105.635841][ C1] RAX: ffffffff8154e8ca RBX: 0000000000000100 RCX: ffff8881d7928fc0 [ 105.643655][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: ffff8881d6c071c0 [ 105.651466][ C1] RBP: ffff8881f6f09ec8 R08: ffffffff8154e50e R09: 0000000000000003 [ 105.659276][ C1] R10: ffffffffffffffff R11: dffffc0000000001 R12: 00000000ffffb310 [ 105.667095][ C1] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8881d6c071c0 [ 105.674987][ C1] FS: 000055555c492380(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 105.683749][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 105.690177][ C1] CR2: ffffffffffffffd6 CR3: 00000001ea07a000 CR4: 00000000003406a0 [ 105.697989][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 105.705797][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 105.713610][ C1] Kernel panic - not syncing: Fatal exception in interrupt [ 105.720877][ C1] Kernel Offset: disabled [ 105.725004][ C1] Rebooting in 86400 seconds..