Warning: Permanently added '10.128.1.80' (ECDSA) to the list of known hosts. syzkaller login: [ 70.751290][ T8390] IPVS: ftp: loaded support on port[0] = 21 [ 70.848769][ T8390] chnl_net:caif_netlink_parms(): no params data found [ 70.901996][ T8390] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.909549][ T8390] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.918134][ T8390] device bridge_slave_0 entered promiscuous mode [ 70.928604][ T8390] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.935803][ T8390] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.943697][ T8390] device bridge_slave_1 entered promiscuous mode [ 70.964442][ T8390] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.976196][ T8390] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.000442][ T8390] team0: Port device team_slave_0 added [ 71.007939][ T8390] team0: Port device team_slave_1 added [ 71.026751][ T8390] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 71.033936][ T8390] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.060275][ T8390] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 71.073600][ T8390] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 71.080780][ T8390] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.107174][ T8390] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 71.135056][ T8390] device hsr_slave_0 entered promiscuous mode [ 71.141988][ T8390] device hsr_slave_1 entered promiscuous mode [ 71.246539][ T8390] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 71.258517][ T8390] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 71.270465][ T8390] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 71.282185][ T8390] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 71.306644][ T8390] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.313880][ T8390] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.322059][ T8390] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.329313][ T8390] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.374018][ T8390] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.389707][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 71.402667][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.412317][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.422664][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 71.436388][ T8390] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.451347][ T2938] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 71.459854][ T2938] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.467018][ T2938] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.479396][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 71.487832][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.494970][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.520988][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 71.530342][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 71.538688][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 71.551712][ T8390] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 71.566895][ T8390] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 71.576727][ T8598] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 71.585601][ T8598] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 71.608824][ T8390] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.616971][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 71.625373][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 71.651983][ T2938] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 71.666051][ T8598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 71.677941][ T8598] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 71.687363][ T8598] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 71.697834][ T8390] device veth0_vlan entered promiscuous mode [ 71.710238][ T8390] device veth1_vlan entered promiscuous mode [ 71.735475][ T8390] device veth0_macvtap entered promiscuous mode [ 71.743212][ T8598] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 71.753768][ T8598] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 71.763515][ T8598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 71.772596][ T8598] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 71.783661][ T8390] device veth1_macvtap entered promiscuous mode [ 71.803927][ T8390] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 71.812589][ T8598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 71.828895][ T8390] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 71.837521][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 71.847237][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 71.861200][ T8390] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.870277][ T8390] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 executing program [ 71.879015][ T8390] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.888944][ T8390] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.938907][ T8390] ================================================================== [ 71.947384][ T8390] BUG: KASAN: slab-out-of-bounds in eth_header_parse_protocol+0xdc/0xe0 [ 71.955738][ T8390] Read of size 2 at addr ffff888143f1dc0b by task syz-executor807/8390 [ 71.964071][ T8390] [ 71.966387][ T8390] CPU: 1 PID: 8390 Comm: syz-executor807 Not tainted 5.12.0-rc4-syzkaller #0 [ 71.975184][ T8390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 71.985238][ T8390] Call Trace: [ 71.988523][ T8390] dump_stack+0x141/0x1d7 [ 71.992872][ T8390] ? eth_header_parse_protocol+0xdc/0xe0 [ 71.998507][ T8390] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 72.006244][ T8390] ? llc_sysctl_exit+0x60/0x60 [ 72.011024][ T8390] ? eth_header_parse_protocol+0xdc/0xe0 [ 72.016954][ T8390] ? eth_header_parse_protocol+0xdc/0xe0 [ 72.022823][ T8390] kasan_report.cold+0x7c/0xd8 [ 72.027785][ T8390] ? eth_header_parse_protocol+0xdc/0xe0 [ 72.033425][ T8390] ? llc_sysctl_exit+0x60/0x60 [ 72.038182][ T8390] eth_header_parse_protocol+0xdc/0xe0 [ 72.043635][ T8390] virtio_net_hdr_to_skb.constprop.0+0x99d/0xcd0 [ 72.050473][ T8390] ? tpacket_destruct_skb+0x860/0x860 [ 72.055855][ T8390] packet_sendmsg+0x233c/0x5300 [ 72.060709][ T8390] ? print_bfs_bug+0xc0/0x2c0 [ 72.065409][ T8390] ? aa_sk_perm+0x31b/0xab0 [ 72.069908][ T8390] ? packet_create+0xac0/0xac0 [ 72.074760][ T8390] ? aa_af_perm+0x230/0x230 [ 72.079281][ T8390] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.085530][ T8390] ? packet_create+0xac0/0xac0 [ 72.090289][ T8390] sock_sendmsg+0xcf/0x120 [ 72.094729][ T8390] sock_write_iter+0x289/0x3c0 [ 72.099510][ T8390] ? sock_sendmsg+0x120/0x120 [ 72.104199][ T8390] ? aa_path_link+0x2f0/0x2f0 [ 72.108887][ T8390] ? __lock_acquire+0x16b3/0x54c0 [ 72.113910][ T8390] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.120155][ T8390] new_sync_write+0x426/0x650 [ 72.124834][ T8390] ? new_sync_read+0x6e0/0x6e0 [ 72.129698][ T8390] ? packet_do_bind+0x4af/0xce0 [ 72.134547][ T8390] ? apparmor_file_permission+0x26e/0x4e0 [ 72.140374][ T8390] vfs_write+0x796/0xa30 [ 72.144611][ T8390] ksys_write+0x1ee/0x250 [ 72.151019][ T8390] ? __ia32_sys_read+0xb0/0xb0 [ 72.155872][ T8390] ? syscall_enter_from_user_mode+0x27/0x70 [ 72.161781][ T8390] do_syscall_64+0x2d/0x70 [ 72.166471][ T8390] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 72.172373][ T8390] RIP: 0033:0x4436c9 [ 72.176267][ T8390] Code: 28 c3 e8 4a 15 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 72.196024][ T8390] RSP: 002b:00007fffcbea0b08 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 72.204529][ T8390] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004436c9 [ 72.212497][ T8390] RDX: 000000000000005a RSI: 0000000020000700 RDI: 0000000000000003 [ 72.220465][ T8390] RBP: 0000000000000003 R08: bb1414ac00000000 R09: bb1414ac00000000 [ 72.228584][ T8390] R10: bb1414ac00000000 R11: 0000000000000246 R12: 00007fffcbea0b20 [ 72.236574][ T8390] R13: 00007fffcbea0b14 R14: 0000000000000003 R15: 0000000000000000 [ 72.244555][ T8390] [ 72.246871][ T8390] Allocated by task 1: [ 72.250922][ T8390] kasan_save_stack+0x1b/0x40 [ 72.255607][ T8390] __kasan_kmalloc+0x99/0xc0 [ 72.260293][ T8390] bdi_alloc+0x43/0x140 [ 72.264434][ T8390] blk_alloc_queue+0xfd/0x700 [ 72.269103][ T8390] brd_alloc+0x128/0x460 [ 72.273352][ T8390] brd_init+0x166/0x4ac [ 72.277530][ T8390] do_one_initcall+0x103/0x650 [ 72.282299][ T8390] kernel_init_freeable+0x63e/0x6c2 [ 72.287486][ T8390] kernel_init+0xd/0x1b8 [ 72.291913][ T8390] ret_from_fork+0x1f/0x30 [ 72.296368][ T8390] [ 72.298700][ T8390] The buggy address belongs to the object at ffff888143f1c000 [ 72.298700][ T8390] which belongs to the cache kmalloc-4k of size 4096 [ 72.312745][ T8390] The buggy address is located 3083 bytes to the right of [ 72.312745][ T8390] 4096-byte region [ffff888143f1c000, ffff888143f1d000) [ 72.326713][ T8390] The buggy address belongs to the page: [ 72.332338][ T8390] page:ffffea00050fc600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x143f18 [ 72.342588][ T8390] head:ffffea00050fc600 order:3 compound_mapcount:0 compound_pincount:0 [ 72.350908][ T8390] flags: 0x57ff00000010200(slab|head) [ 72.356298][ T8390] raw: 057ff00000010200 dead000000000100 dead000000000122 ffff888010842140 [ 72.364895][ T8390] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 72.373469][ T8390] page dumped because: kasan: bad access detected [ 72.379887][ T8390] [ 72.382219][ T8390] Memory state around the buggy address: [ 72.387835][ T8390] ffff888143f1db00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.395883][ T8390] ffff888143f1db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.403934][ T8390] >ffff888143f1dc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.411997][ T8390] ^ [ 72.416308][ T8390] ffff888143f1dc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.424354][ T8390] ffff888143f1dd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.432577][ T8390] ================================================================== [ 72.440630][ T8390] Disabling lock debugging due to kernel taint [ 72.448645][ T8390] Kernel panic - not syncing: panic_on_warn set ... [ 72.455277][ T8390] CPU: 1 PID: 8390 Comm: syz-executor807 Tainted: G B 5.12.0-rc4-syzkaller #0 [ 72.465437][ T8390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.475930][ T8390] Call Trace: [ 72.479322][ T8390] dump_stack+0x141/0x1d7 [ 72.483657][ T8390] panic+0x306/0x73d [ 72.487573][ T8390] ? __warn_printk+0xf3/0xf3 [ 72.492194][ T8390] ? preempt_schedule_common+0x59/0xc0 [ 72.497663][ T8390] ? llc_sysctl_exit+0x60/0x60 [ 72.502433][ T8390] ? eth_header_parse_protocol+0xdc/0xe0 [ 72.508068][ T8390] ? preempt_schedule_thunk+0x16/0x18 [ 72.513450][ T8390] ? trace_hardirqs_on+0x38/0x1c0 [ 72.518483][ T8390] ? trace_hardirqs_on+0x51/0x1c0 [ 72.523517][ T8390] ? llc_sysctl_exit+0x60/0x60 [ 72.528286][ T8390] ? eth_header_parse_protocol+0xdc/0xe0 [ 72.533925][ T8390] ? eth_header_parse_protocol+0xdc/0xe0 [ 72.539569][ T8390] end_report.cold+0x5a/0x5a [ 72.544531][ T8390] kasan_report.cold+0x6a/0xd8 [ 72.549303][ T8390] ? eth_header_parse_protocol+0xdc/0xe0 [ 72.554955][ T8390] ? llc_sysctl_exit+0x60/0x60 [ 72.559725][ T8390] eth_header_parse_protocol+0xdc/0xe0 [ 72.565213][ T8390] virtio_net_hdr_to_skb.constprop.0+0x99d/0xcd0 [ 72.571559][ T8390] ? tpacket_destruct_skb+0x860/0x860 [ 72.576963][ T8390] packet_sendmsg+0x233c/0x5300 [ 72.581830][ T8390] ? print_bfs_bug+0xc0/0x2c0 [ 72.586538][ T8390] ? aa_sk_perm+0x31b/0xab0 [ 72.591076][ T8390] ? packet_create+0xac0/0xac0 [ 72.595851][ T8390] ? aa_af_perm+0x230/0x230 [ 72.600373][ T8390] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.607068][ T8390] ? packet_create+0xac0/0xac0 [ 72.611851][ T8390] sock_sendmsg+0xcf/0x120 [ 72.616289][ T8390] sock_write_iter+0x289/0x3c0 [ 72.621065][ T8390] ? sock_sendmsg+0x120/0x120 [ 72.625756][ T8390] ? aa_path_link+0x2f0/0x2f0 [ 72.630459][ T8390] ? __lock_acquire+0x16b3/0x54c0 [ 72.635664][ T8390] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.642187][ T8390] new_sync_write+0x426/0x650 [ 72.647228][ T8390] ? new_sync_read+0x6e0/0x6e0 [ 72.652086][ T8390] ? packet_do_bind+0x4af/0xce0 [ 72.656950][ T8390] ? apparmor_file_permission+0x26e/0x4e0 [ 72.662685][ T8390] vfs_write+0x796/0xa30 [ 72.666940][ T8390] ksys_write+0x1ee/0x250 [ 72.671274][ T8390] ? __ia32_sys_read+0xb0/0xb0 [ 72.676563][ T8390] ? syscall_enter_from_user_mode+0x27/0x70 [ 72.682464][ T8390] do_syscall_64+0x2d/0x70 [ 72.686897][ T8390] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 72.692828][ T8390] RIP: 0033:0x4436c9 [ 72.696730][ T8390] Code: 28 c3 e8 4a 15 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 72.716344][ T8390] RSP: 002b:00007fffcbea0b08 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 72.724770][ T8390] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004436c9 [ 72.732748][ T8390] RDX: 000000000000005a RSI: 0000000020000700 RDI: 0000000000000003 [ 72.741941][ T8390] RBP: 0000000000000003 R08: bb1414ac00000000 R09: bb1414ac00000000 [ 72.749921][ T8390] R10: bb1414ac00000000 R11: 0000000000000246 R12: 00007fffcbea0b20 [ 72.757920][ T8390] R13: 00007fffcbea0b14 R14: 0000000000000003 R15: 0000000000000000 [ 72.766718][ T8390] Kernel Offset: disabled [ 72.771041][ T8390] Rebooting in 86400 seconds..