Warning: Permanently added '10.128.0.19' (ECDSA) to the list of known hosts. [ 74.642021][ T8485] IPVS: ftp: loaded support on port[0] = 21 [ 74.729491][ T8485] chnl_net:caif_netlink_parms(): no params data found [ 74.783678][ T8485] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.790888][ T8485] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.799220][ T8485] device bridge_slave_0 entered promiscuous mode [ 74.810658][ T8485] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.817763][ T8485] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.826804][ T8485] device bridge_slave_1 entered promiscuous mode [ 74.848243][ T8485] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.859443][ T8485] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.882710][ T8485] team0: Port device team_slave_0 added [ 74.890902][ T8485] team0: Port device team_slave_1 added [ 74.907989][ T8485] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 74.915236][ T8485] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.941818][ T8485] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 74.955000][ T8485] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 74.962094][ T8485] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.988116][ T8485] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.014699][ T8485] device hsr_slave_0 entered promiscuous mode [ 75.021448][ T8485] device hsr_slave_1 entered promiscuous mode [ 75.123437][ T8485] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 75.133674][ T8485] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 75.143401][ T8485] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 75.154101][ T8485] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 75.179220][ T8485] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.186547][ T8485] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.194441][ T8485] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.201598][ T8485] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.248082][ T8485] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.263655][ T3203] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 75.274975][ T3203] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.284331][ T3203] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.293407][ T3203] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 75.307115][ T8485] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.319410][ T3203] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 75.328038][ T3203] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.335174][ T3203] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.348105][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 75.357796][ T3000] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.364911][ T3000] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.384514][ T3203] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 75.393371][ T3203] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 75.405846][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 75.418763][ T3203] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 75.433636][ T8485] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 75.446600][ T8485] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 75.456291][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 75.475774][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 75.483449][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 75.496399][ T8485] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.522572][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 75.535814][ T3203] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 75.545275][ T3203] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 75.553446][ T3203] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 75.564581][ T8485] device veth0_vlan entered promiscuous mode [ 75.577614][ T8485] device veth1_vlan entered promiscuous mode [ 75.601303][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 75.609343][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 75.618543][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 75.631218][ T8485] device veth0_macvtap entered promiscuous mode [ 75.642766][ T8485] device veth1_macvtap entered promiscuous mode [ 75.662819][ T8485] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.671991][ T3203] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 75.683107][ T3203] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 75.696611][ T8485] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 75.705211][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 75.717687][ T8485] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 executing program [ 75.727898][ T8485] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.736795][ T8485] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.745849][ T8485] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.789352][ T8485] ================================================================== [ 75.797696][ T8485] BUG: KASAN: slab-out-of-bounds in skb_segment+0x14ba/0x37a0 [ 75.805213][ T8485] Read of size 2324 at addr ffff8880203272f7 by task syz-executor375/8485 [ 75.813748][ T8485] [ 75.816077][ T8485] CPU: 0 PID: 8485 Comm: syz-executor375 Not tainted 5.11.0-rc3-syzkaller #0 [ 75.824822][ T8485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 75.834888][ T8485] Call Trace: [ 75.838159][ T8485] dump_stack+0x107/0x163 [ 75.842482][ T8485] ? skb_segment+0x14ba/0x37a0 [ 75.847248][ T8485] ? skb_segment+0x14ba/0x37a0 [ 75.851998][ T8485] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 75.859012][ T8485] ? skb_segment+0x14ba/0x37a0 [ 75.863762][ T8485] ? skb_segment+0x14ba/0x37a0 [ 75.868528][ T8485] kasan_report.cold+0x79/0xd5 [ 75.873283][ T8485] ? skb_segment+0x14ba/0x37a0 [ 75.878034][ T8485] check_memory_region+0x13d/0x180 [ 75.883135][ T8485] memcpy+0x20/0x60 [ 75.886936][ T8485] skb_segment+0x14ba/0x37a0 [ 75.891533][ T8485] ? pskb_extract+0x2b0/0x2b0 [ 75.896213][ T8485] ? __skb_checksum+0x890/0x890 [ 75.901047][ T8485] ? skb_send_sock_locked+0x730/0x730 [ 75.906406][ T8485] ? reqsk_fastopen_remove+0x620/0x620 [ 75.911858][ T8485] udp4_ufo_fragment+0x4ae/0x700 [ 75.916789][ T8485] ? skb_udp_tunnel_segment+0x1e70/0x1e70 [ 75.922496][ T8485] inet_gso_segment+0x502/0x1110 [ 75.927431][ T8485] skb_mac_gso_segment+0x26e/0x530 [ 75.932530][ T8485] ? inet_sk_set_state+0x90/0x90 [ 75.937464][ T8485] ? skb_network_protocol+0x560/0x560 [ 75.942830][ T8485] __skb_gso_segment+0x330/0x6e0 [ 75.947760][ T8485] validate_xmit_skb+0x69e/0xee0 [ 75.952691][ T8485] __dev_queue_xmit+0x988/0x2dd0 [ 75.957624][ T8485] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 75.962932][ T8485] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 75.969176][ T8485] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 75.974883][ T8485] ? virtio_net_hdr_to_skb.constprop.0+0x423/0xa70 [ 75.981377][ T8485] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 75.987606][ T8485] ? packet_parse_headers+0x11d/0x490 [ 75.992979][ T8485] ? prb_fill_curr_block+0x5d0/0x5d0 [ 75.998258][ T8485] packet_sendmsg+0x2406/0x52a0 [ 76.003132][ T8485] ? aa_sk_perm+0x316/0xaa0 [ 76.007641][ T8485] ? packet_cached_dev_get+0x250/0x250 [ 76.013086][ T8485] ? aa_af_perm+0x230/0x230 [ 76.017577][ T8485] ? find_held_lock+0x2d/0x110 [ 76.022333][ T8485] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 76.028563][ T8485] ? packet_cached_dev_get+0x250/0x250 [ 76.034024][ T8485] sock_sendmsg+0xcf/0x120 [ 76.038430][ T8485] __sys_sendto+0x21c/0x320 [ 76.042921][ T8485] ? __ia32_sys_getpeername+0xb0/0xb0 [ 76.048291][ T8485] ? packet_do_bind+0x454/0xc00 [ 76.053192][ T8485] ? __sys_bind+0x111/0x250 [ 76.057681][ T8485] ? __ia32_sys_socketpair+0xf0/0xf0 [ 76.062967][ T8485] __x64_sys_sendto+0xdd/0x1b0 [ 76.067716][ T8485] ? lockdep_hardirqs_on+0x79/0x100 [ 76.072914][ T8485] ? syscall_enter_from_user_mode+0x1d/0x50 [ 76.078793][ T8485] do_syscall_64+0x2d/0x70 [ 76.083195][ T8485] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 76.089098][ T8485] RIP: 0033:0x4436e9 [ 76.092981][ T8485] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb 0d fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 76.112591][ T8485] RSP: 002b:00007fff3f536368 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 76.121007][ T8485] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004436e9 [ 76.128978][ T8485] RDX: 000000000000fc13 RSI: 0000000020000280 RDI: 0000000000000003 [ 76.136935][ T8485] RBP: 00007fff3f536380 R08: 0000000000000000 R09: 000000000000002f [ 76.144892][ T8485] R10: 0000000000000800 R11: 0000000000000246 R12: 00007fff3f536390 [ 76.152861][ T8485] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 76.160832][ T8485] [ 76.163144][ T8485] Allocated by task 6488: [ 76.167467][ T8485] kasan_save_stack+0x1b/0x40 [ 76.172131][ T8485] ____kasan_kmalloc.constprop.0+0x82/0xa0 [ 76.177924][ T8485] kmem_cache_alloc+0x1c6/0x440 [ 76.182764][ T8485] shmem_alloc_inode+0x18/0x40 [ 76.187529][ T8485] alloc_inode+0x61/0x230 [ 76.191840][ T8485] new_inode+0x27/0x2f0 [ 76.195981][ T8485] shmem_get_inode+0x195/0xc10 [ 76.200750][ T8485] shmem_symlink+0xe2/0x7c0 [ 76.205239][ T8485] vfs_symlink+0x44e/0x690 [ 76.209645][ T8485] do_symlinkat+0x258/0x2c0 [ 76.214151][ T8485] do_syscall_64+0x2d/0x70 [ 76.218552][ T8485] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 76.224434][ T8485] [ 76.226762][ T8485] The buggy address belongs to the object at ffff8880203272a0 [ 76.226762][ T8485] which belongs to the cache shmem_inode_cache of size 1312 [ 76.241404][ T8485] The buggy address is located 87 bytes inside of [ 76.241404][ T8485] 1312-byte region [ffff8880203272a0, ffff8880203277c0) [ 76.254663][ T8485] The buggy address belongs to the page: [ 76.260290][ T8485] page:00000000d4822373 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x20324 [ 76.270440][ T8485] head:00000000d4822373 order:2 compound_mapcount:0 compound_pincount:0 [ 76.278746][ T8485] flags: 0xfff00000010200(slab|head) [ 76.284037][ T8485] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff8880101bea00 [ 76.292605][ T8485] raw: 0000000000000000 00000000000b000b 00000001ffffffff 0000000000000000 [ 76.301165][ T8485] page dumped because: kasan: bad access detected [ 76.307570][ T8485] [ 76.309877][ T8485] Memory state around the buggy address: [ 76.315489][ T8485] ffff888020327680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 76.323533][ T8485] ffff888020327700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 76.331593][ T8485] >ffff888020327780: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 76.339629][ T8485] ^ [ 76.345779][ T8485] ffff888020327800: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 76.353824][ T8485] ffff888020327880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 76.361890][ T8485] ================================================================== [ 76.369930][ T8485] Disabling lock debugging due to kernel taint [ 76.376153][ T8485] Kernel panic - not syncing: panic_on_warn set ... [ 76.382742][ T8485] CPU: 0 PID: 8485 Comm: syz-executor375 Tainted: G B 5.11.0-rc3-syzkaller #0 [ 76.392899][ T8485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.402956][ T8485] Call Trace: [ 76.406235][ T8485] dump_stack+0x107/0x163 [ 76.410589][ T8485] ? skb_segment+0x1460/0x37a0 [ 76.415338][ T8485] panic+0x306/0x73d [ 76.419218][ T8485] ? __warn_printk+0xf3/0xf3 [ 76.423792][ T8485] ? skb_segment+0x14ba/0x37a0 [ 76.428536][ T8485] ? trace_hardirqs_on+0x38/0x1c0 [ 76.433563][ T8485] ? trace_hardirqs_on+0x51/0x1c0 [ 76.438574][ T8485] ? skb_segment+0x14ba/0x37a0 [ 76.443338][ T8485] ? skb_segment+0x14ba/0x37a0 [ 76.448083][ T8485] end_report+0x58/0x5e [ 76.452221][ T8485] kasan_report.cold+0x67/0xd5 [ 76.456981][ T8485] ? skb_segment+0x14ba/0x37a0 [ 76.461724][ T8485] check_memory_region+0x13d/0x180 [ 76.466828][ T8485] memcpy+0x20/0x60 [ 76.470618][ T8485] skb_segment+0x14ba/0x37a0 [ 76.475192][ T8485] ? pskb_extract+0x2b0/0x2b0 [ 76.479861][ T8485] ? __skb_checksum+0x890/0x890 [ 76.484701][ T8485] ? skb_send_sock_locked+0x730/0x730 [ 76.490060][ T8485] ? reqsk_fastopen_remove+0x620/0x620 [ 76.495506][ T8485] udp4_ufo_fragment+0x4ae/0x700 [ 76.500425][ T8485] ? skb_udp_tunnel_segment+0x1e70/0x1e70 [ 76.506126][ T8485] inet_gso_segment+0x502/0x1110 [ 76.511062][ T8485] skb_mac_gso_segment+0x26e/0x530 [ 76.516157][ T8485] ? inet_sk_set_state+0x90/0x90 [ 76.521076][ T8485] ? skb_network_protocol+0x560/0x560 [ 76.526431][ T8485] __skb_gso_segment+0x330/0x6e0 [ 76.531366][ T8485] validate_xmit_skb+0x69e/0xee0 [ 76.536288][ T8485] __dev_queue_xmit+0x988/0x2dd0 [ 76.541213][ T8485] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 76.546480][ T8485] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 76.552706][ T8485] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 76.558406][ T8485] ? virtio_net_hdr_to_skb.constprop.0+0x423/0xa70 [ 76.564917][ T8485] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 76.571158][ T8485] ? packet_parse_headers+0x11d/0x490 [ 76.576512][ T8485] ? prb_fill_curr_block+0x5d0/0x5d0 [ 76.581780][ T8485] packet_sendmsg+0x2406/0x52a0 [ 76.586616][ T8485] ? aa_sk_perm+0x316/0xaa0 [ 76.591100][ T8485] ? packet_cached_dev_get+0x250/0x250 [ 76.596541][ T8485] ? aa_af_perm+0x230/0x230 [ 76.601025][ T8485] ? find_held_lock+0x2d/0x110 [ 76.605771][ T8485] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 76.612011][ T8485] ? packet_cached_dev_get+0x250/0x250 [ 76.617450][ T8485] sock_sendmsg+0xcf/0x120 [ 76.621881][ T8485] __sys_sendto+0x21c/0x320 [ 76.626365][ T8485] ? __ia32_sys_getpeername+0xb0/0xb0 [ 76.631717][ T8485] ? packet_do_bind+0x454/0xc00 [ 76.636565][ T8485] ? __sys_bind+0x111/0x250 [ 76.641047][ T8485] ? __ia32_sys_socketpair+0xf0/0xf0 [ 76.646316][ T8485] __x64_sys_sendto+0xdd/0x1b0 [ 76.651076][ T8485] ? lockdep_hardirqs_on+0x79/0x100 [ 76.656260][ T8485] ? syscall_enter_from_user_mode+0x1d/0x50 [ 76.662135][ T8485] do_syscall_64+0x2d/0x70 [ 76.666534][ T8485] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 76.672412][ T8485] RIP: 0033:0x4436e9 [ 76.676286][ T8485] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb 0d fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 76.695874][ T8485] RSP: 002b:00007fff3f536368 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 76.704286][ T8485] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004436e9 [ 76.712239][ T8485] RDX: 000000000000fc13 RSI: 0000000020000280 RDI: 0000000000000003 [ 76.720191][ T8485] RBP: 00007fff3f536380 R08: 0000000000000000 R09: 000000000000002f [ 76.728140][ T8485] R10: 0000000000000800 R11: 0000000000000246 R12: 00007fff3f536390 [ 76.736089][ T8485] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 76.744714][ T8485] Kernel Offset: disabled [ 76.749048][ T8485] Rebooting in 86400 seconds..