[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.15.198' (ECDSA) to the list of known hosts. syzkaller login: [ 69.788859][ T7046] IPVS: ftp: loaded support on port[0] = 21 [ 69.880406][ T7046] chnl_net:caif_netlink_parms(): no params data found [ 69.933436][ T7046] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.941966][ T7046] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.950765][ T7046] device bridge_slave_0 entered promiscuous mode [ 69.959463][ T7046] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.967364][ T7046] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.975123][ T7046] device bridge_slave_1 entered promiscuous mode [ 69.997078][ T7046] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.008303][ T7046] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.031072][ T7046] team0: Port device team_slave_0 added [ 70.039289][ T7046] team0: Port device team_slave_1 added [ 70.058588][ T7046] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.065556][ T7046] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.092390][ T7046] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.105291][ T7046] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.112853][ T7046] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.140360][ T7046] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.209138][ T7046] device hsr_slave_0 entered promiscuous mode [ 70.266688][ T7046] device hsr_slave_1 entered promiscuous mode [ 70.405359][ T7046] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 70.450158][ T7046] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 70.509069][ T7046] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 70.568913][ T7046] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 70.641570][ T7046] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.648755][ T7046] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.656699][ T7046] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.663761][ T7046] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.709539][ T7046] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.722235][ T4112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 70.732987][ T4112] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.741419][ T4112] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.749632][ T4112] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 70.762887][ T7046] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.773638][ T3549] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 70.783144][ T3549] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.790262][ T3549] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.802796][ T4112] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 70.811788][ T4112] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.818966][ T4112] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.839751][ T3549] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 70.849486][ T3549] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 70.861132][ T4112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 70.870682][ T4112] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 70.885776][ T4112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 70.894502][ T4112] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 70.903598][ T4112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 70.912560][ T4112] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 70.922343][ T7046] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 70.941790][ T4112] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 70.951132][ T4112] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 70.968511][ T7046] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 70.987196][ T4112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 70.997503][ T4112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 71.017503][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 71.025946][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 71.035116][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 71.044202][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 71.053813][ T7046] device veth0_vlan entered promiscuous mode [ 71.065917][ T7046] device veth1_vlan entered promiscuous mode [ 71.087588][ T3549] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 71.097692][ T3549] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 71.105995][ T3549] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 71.114441][ T3549] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 71.126364][ T7046] device veth0_macvtap entered promiscuous mode [ 71.138067][ T7046] device veth1_macvtap entered promiscuous mode [ 71.156633][ T7046] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 71.164318][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 71.173754][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 71.182428][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 71.191453][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 71.203535][ T7046] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 71.211684][ T4112] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 71.220505][ T4112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 74.466881][ C0] ================================================================== [ 74.475114][ C0] BUG: KASAN: use-after-free in ip_icmp_error+0x52a/0x5a0 [ 74.482200][ C0] Read of size 1 at addr ffff88809120d7ff by task ksoftirqd/0/9 [ 74.489822][ C0] [ 74.492130][ C0] CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 5.7.0-rc6-syzkaller #0 [ 74.500164][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 74.510190][ C0] Call Trace: [ 74.513462][ C0] dump_stack+0x188/0x20d [ 74.517786][ C0] print_address_description.constprop.0.cold+0xd3/0x413 [ 74.524784][ C0] ? skb_splice_bits+0x1a0/0x1a0 [ 74.529693][ C0] ? __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 74.535472][ C0] ? vprintk_func+0x81/0x17e [ 74.540035][ C0] ? ip_icmp_error+0x52a/0x5a0 [ 74.544770][ C0] __kasan_report.cold+0x20/0x38 [ 74.549684][ C0] ? ip_icmp_error+0x52a/0x5a0 [ 74.554420][ C0] ? ip_icmp_error+0x52a/0x5a0 [ 74.559168][ C0] kasan_report+0x33/0x50 [ 74.563485][ C0] ip_icmp_error+0x52a/0x5a0 [ 74.568053][ C0] tcp_v4_err+0x9b2/0x1d00 [ 74.572461][ C0] ? tcp_v4_do_rcv+0x8b0/0x8b0 [ 74.577199][ C0] icmp_socket_deliver+0x1e4/0x360 [ 74.582287][ C0] icmp_unreach+0x33b/0xab0 [ 74.586783][ C0] icmp_rcv+0xee6/0x15f0 [ 74.591004][ C0] ip_protocol_deliver_rcu+0x57/0x880 [ 74.596363][ C0] ip_local_deliver_finish+0x220/0x360 [ 74.602158][ C0] ip_local_deliver+0x1c8/0x4e0 [ 74.606997][ C0] ? ip_local_deliver_finish+0x360/0x360 [ 74.612612][ C0] ? ip_rcv+0x24e/0x3c0 [ 74.616759][ C0] ? ip_protocol_deliver_rcu+0x880/0x880 [ 74.622363][ C0] ? lock_downgrade+0x840/0x840 [ 74.627199][ C0] ? ip_rcv_finish_core.isra.0+0x606/0x1ec0 [ 74.633089][ C0] ip_rcv_finish+0x1da/0x2f0 [ 74.637653][ C0] ip_rcv+0xd0/0x3c0 [ 74.641523][ C0] ? ip_local_deliver+0x4e0/0x4e0 [ 74.646536][ C0] ? ip_rcv_finish_core.isra.0+0x1ec0/0x1ec0 [ 74.652504][ C0] ? ip_local_deliver+0x4e0/0x4e0 [ 74.657506][ C0] __netif_receive_skb_one_core+0x114/0x180 [ 74.663374][ C0] ? __netif_receive_skb_core+0x31c0/0x31c0 [ 74.669242][ C0] ? do_raw_spin_lock+0x129/0x2e0 [ 74.674250][ C0] ? rwlock_bug.part.0+0x90/0x90 [ 74.679178][ C0] __netif_receive_skb+0x27/0x1c0 [ 74.684193][ C0] process_backlog+0x21e/0x7a0 [ 74.688938][ C0] ? net_rx_action+0x25f/0x1070 [ 74.693784][ C0] net_rx_action+0x4c2/0x1070 [ 74.698446][ C0] ? napi_busy_loop+0x9e0/0x9e0 [ 74.703285][ C0] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 74.709243][ C0] __do_softirq+0x26c/0x9f7 [ 74.713722][ C0] ? takeover_tasklets+0x810/0x810 [ 74.718806][ C0] run_ksoftirqd+0x89/0x100 [ 74.723289][ C0] smpboot_thread_fn+0x653/0x9e0 [ 74.728220][ C0] ? __smpboot_create_thread.part.0+0x340/0x340 [ 74.734434][ C0] ? __kthread_parkme+0x13f/0x1e0 [ 74.739446][ C0] ? __smpboot_create_thread.part.0+0x340/0x340 [ 74.745675][ C0] kthread+0x388/0x470 [ 74.749731][ C0] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 74.755617][ C0] ret_from_fork+0x24/0x30 [ 74.760021][ C0] [ 74.762337][ C0] Allocated by task 4096: [ 74.766639][ C0] save_stack+0x1b/0x40 [ 74.770771][ C0] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 74.776397][ C0] kmem_cache_alloc+0x11b/0x740 [ 74.781221][ C0] getname_flags+0xd2/0x5b0 [ 74.785695][ C0] do_mkdirat+0x8d/0x280 [ 74.789924][ C0] do_syscall_64+0xf6/0x7d0 [ 74.794398][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 74.800258][ C0] [ 74.802558][ C0] Freed by task 4096: [ 74.806511][ C0] save_stack+0x1b/0x40 [ 74.810649][ C0] __kasan_slab_free+0xf7/0x140 [ 74.815495][ C0] kmem_cache_free+0x7f/0x320 [ 74.820154][ C0] putname+0xe1/0x120 [ 74.824125][ C0] filename_parentat.isra.0+0x38c/0x400 [ 74.829648][ C0] filename_create+0x9e/0x4a0 [ 74.834303][ C0] do_mkdirat+0xa0/0x280 [ 74.838611][ C0] do_syscall_64+0xf6/0x7d0 [ 74.843110][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 74.848970][ C0] [ 74.851286][ C0] The buggy address belongs to the object at ffff88809120c800 [ 74.851286][ C0] which belongs to the cache names_cache of size 4096 [ 74.865412][ C0] The buggy address is located 4095 bytes inside of [ 74.865412][ C0] 4096-byte region [ffff88809120c800, ffff88809120d800) [ 74.878825][ C0] The buggy address belongs to the page: [ 74.884433][ C0] page:ffffea0002448300 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 head:ffffea0002448300 order:1 compound_mapcount:0 [ 74.897860][ C0] flags: 0xfffe0000010200(slab|head) [ 74.903132][ C0] raw: 00fffe0000010200 ffffea0002448388 ffffea00024cd888 ffff8880aa1ec000 [ 74.911699][ C0] raw: 0000000000000000 ffff88809120c800 0000000100000001 0000000000000000 [ 74.920267][ C0] page dumped because: kasan: bad access detected [ 74.926658][ C0] [ 74.928972][ C0] Memory state around the buggy address: [ 74.934574][ C0] ffff88809120d680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 74.942607][ C0] ffff88809120d700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 74.950641][ C0] >ffff88809120d780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 74.958681][ C0] ^ [ 74.966632][ C0] ffff88809120d800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.974697][ C0] ffff88809120d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.982748][ C0] ================================================================== [ 74.990826][ C0] Disabling lock debugging due to kernel taint [ 74.997049][ C0] Kernel panic - not syncing: panic_on_warn set ... [ 75.003634][ C0] CPU: 0 PID: 9 Comm: ksoftirqd/0 Tainted: G B 5.7.0-rc6-syzkaller #0 [ 75.013166][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 75.023236][ C0] Call Trace: [ 75.026525][ C0] dump_stack+0x188/0x20d [ 75.030844][ C0] panic+0x2e3/0x75c [ 75.034732][ C0] ? add_taint.cold+0x16/0x16 [ 75.039555][ C0] ? ip_icmp_error+0x52a/0x5a0 [ 75.044289][ C0] ? trace_hardirqs_on+0x55/0x220 [ 75.049283][ C0] ? ip_icmp_error+0x52a/0x5a0 [ 75.054030][ C0] end_report+0x4d/0x53 [ 75.058158][ C0] __kasan_report.cold+0xd/0x38 [ 75.062978][ C0] ? ip_icmp_error+0x52a/0x5a0 [ 75.067719][ C0] ? ip_icmp_error+0x52a/0x5a0 [ 75.072467][ C0] kasan_report+0x33/0x50 [ 75.076777][ C0] ip_icmp_error+0x52a/0x5a0 [ 75.081339][ C0] tcp_v4_err+0x9b2/0x1d00 [ 75.085931][ C0] ? tcp_v4_do_rcv+0x8b0/0x8b0 [ 75.090664][ C0] icmp_socket_deliver+0x1e4/0x360 [ 75.095756][ C0] icmp_unreach+0x33b/0xab0 [ 75.100235][ C0] icmp_rcv+0xee6/0x15f0 [ 75.104470][ C0] ip_protocol_deliver_rcu+0x57/0x880 [ 75.109815][ C0] ip_local_deliver_finish+0x220/0x360 [ 75.115243][ C0] ip_local_deliver+0x1c8/0x4e0 [ 75.120062][ C0] ? ip_local_deliver_finish+0x360/0x360 [ 75.125661][ C0] ? ip_rcv+0x24e/0x3c0 [ 75.129785][ C0] ? ip_protocol_deliver_rcu+0x880/0x880 [ 75.135399][ C0] ? lock_downgrade+0x840/0x840 [ 75.140236][ C0] ? ip_rcv_finish_core.isra.0+0x606/0x1ec0 [ 75.146100][ C0] ip_rcv_finish+0x1da/0x2f0 [ 75.150672][ C0] ip_rcv+0xd0/0x3c0 [ 75.154536][ C0] ? ip_local_deliver+0x4e0/0x4e0 [ 75.159530][ C0] ? ip_rcv_finish_core.isra.0+0x1ec0/0x1ec0 [ 75.165490][ C0] ? ip_local_deliver+0x4e0/0x4e0 [ 75.170484][ C0] __netif_receive_skb_one_core+0x114/0x180 [ 75.176353][ C0] ? __netif_receive_skb_core+0x31c0/0x31c0 [ 75.182224][ C0] ? do_raw_spin_lock+0x129/0x2e0 [ 75.187217][ C0] ? rwlock_bug.part.0+0x90/0x90 [ 75.192124][ C0] __netif_receive_skb+0x27/0x1c0 [ 75.197117][ C0] process_backlog+0x21e/0x7a0 [ 75.201850][ C0] ? net_rx_action+0x25f/0x1070 [ 75.206681][ C0] net_rx_action+0x4c2/0x1070 [ 75.211347][ C0] ? napi_busy_loop+0x9e0/0x9e0 [ 75.216168][ C0] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 75.222118][ C0] __do_softirq+0x26c/0x9f7 [ 75.226594][ C0] ? takeover_tasklets+0x810/0x810 [ 75.231682][ C0] run_ksoftirqd+0x89/0x100 [ 75.236179][ C0] smpboot_thread_fn+0x653/0x9e0 [ 75.241087][ C0] ? __smpboot_create_thread.part.0+0x340/0x340 [ 75.247300][ C0] ? __kthread_parkme+0x13f/0x1e0 [ 75.252293][ C0] ? __smpboot_create_thread.part.0+0x340/0x340 [ 75.258513][ C0] kthread+0x388/0x470 [ 75.262551][ C0] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 75.268693][ C0] ret_from_fork+0x24/0x30 [ 75.274367][ C0] Kernel Offset: disabled [ 75.278680][ C0] Rebooting in 86400 seconds..