Warning: Permanently added '10.128.1.36' (ECDSA) to the list of known hosts. syzkaller login: [ 79.673103][ T9535] IPVS: ftp: loaded support on port[0] = 21 [ 79.735961][ T9535] chnl_net:caif_netlink_parms(): no params data found [ 79.767800][ T9535] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.775615][ T9535] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.784248][ T9535] device bridge_slave_0 entered promiscuous mode [ 79.792851][ T9535] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.800757][ T9535] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.808587][ T9535] device bridge_slave_1 entered promiscuous mode [ 79.826688][ T9535] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.839300][ T9535] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.859642][ T9535] team0: Port device team_slave_0 added [ 79.867743][ T9535] team0: Port device team_slave_1 added [ 79.919473][ T9535] device hsr_slave_0 entered promiscuous mode [ 79.977319][ T9535] device hsr_slave_1 entered promiscuous mode [ 80.102711][ T9535] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 80.159791][ T9535] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 80.199620][ T9535] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 80.240367][ T9535] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 80.308703][ T9535] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.315859][ T9535] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.323753][ T9535] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.330858][ T9535] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.370063][ T9535] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.386186][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 80.396175][ T22] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.415488][ T22] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.424626][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 80.437727][ T9535] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.448666][ T3021] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 80.457924][ T3021] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.464969][ T3021] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.489313][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 80.497928][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.504973][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.513792][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 80.522718][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 80.532145][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 80.542803][ T3021] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 80.557070][ T3021] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 80.568839][ T9535] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 80.588383][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 80.595964][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 80.610021][ T9535] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.629220][ T3021] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 80.648304][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 80.656619][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 80.664549][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready executing program [ 80.675743][ T9535] device veth0_vlan entered promiscuous mode [ 80.688462][ T9535] device veth1_vlan entered promiscuous mode [ 80.727302][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 80.735467][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 80.757989][ T9535] ================================================================== [ 80.766279][ T9535] BUG: KASAN: slab-out-of-bounds in macvlan_broadcast+0x547/0x620 [ 80.774253][ T9535] Read of size 4 at addr ffff8880a3e97001 by task syz-executor010/9535 [ 80.782477][ T9535] [ 80.784791][ T9535] CPU: 1 PID: 9535 Comm: syz-executor010 Not tainted 5.5.0-rc4-syzkaller #0 [ 80.793635][ T9535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 80.803698][ T9535] Call Trace: [ 80.806994][ T9535] dump_stack+0x197/0x210 [ 80.811327][ T9535] ? macvlan_broadcast+0x547/0x620 [ 80.816442][ T9535] print_address_description.constprop.0.cold+0xd4/0x30b [ 80.823500][ T9535] ? macvlan_broadcast+0x547/0x620 [ 80.828611][ T9535] ? macvlan_broadcast+0x547/0x620 [ 80.833708][ T9535] __kasan_report.cold+0x1b/0x41 [ 80.838655][ T9535] ? validate_xmit_xfrm+0x3d0/0xf10 [ 80.843833][ T9535] ? macvlan_broadcast+0x547/0x620 [ 80.848944][ T9535] kasan_report+0x12/0x20 [ 80.853252][ T9535] __asan_report_load_n_noabort+0xf/0x20 [ 80.858891][ T9535] macvlan_broadcast+0x547/0x620 [ 80.863810][ T9535] ? validate_xmit_skb+0x81f/0xe50 [ 80.868920][ T9535] macvlan_start_xmit+0x402/0x77f [ 80.873933][ T9535] dev_direct_xmit+0x419/0x630 [ 80.878685][ T9535] ? cache_grow_begin.cold+0x2e/0x2f [ 80.884046][ T9535] ? validate_xmit_skb_list+0x150/0x150 [ 80.889588][ T9535] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 80.895803][ T9535] ? netdev_pick_tx+0x14e/0xb00 [ 80.900641][ T9535] packet_direct_xmit+0x1a9/0x250 [ 80.905658][ T9535] packet_sendmsg+0x260d/0x6220 [ 80.910504][ T9535] ? ___might_sleep+0x163/0x2c0 [ 80.915343][ T9535] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 80.921573][ T9535] ? aa_label_sk_perm+0x91/0xf0 [ 80.926411][ T9535] ? packet_notifier+0x880/0x880 [ 80.931366][ T9535] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 80.936891][ T9535] ? apparmor_socket_sendmsg+0x2a/0x30 [ 80.942327][ T9535] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 80.948548][ T9535] ? security_socket_sendmsg+0x8d/0xc0 [ 80.953986][ T9535] ? packet_notifier+0x880/0x880 [ 80.958904][ T9535] sock_sendmsg+0xd7/0x130 [ 80.963297][ T9535] __sys_sendto+0x262/0x380 [ 80.967781][ T9535] ? __ia32_sys_getpeername+0xb0/0xb0 [ 80.975060][ T9535] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 80.982857][ T9535] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 80.988417][ T9535] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 80.994394][ T9535] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 80.999846][ T9535] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 81.005398][ T9535] ? do_syscall_64+0x26/0x790 [ 81.010161][ T9535] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 81.016228][ T9535] __x64_sys_sendto+0xe1/0x1a0 [ 81.020989][ T9535] do_syscall_64+0xfa/0x790 [ 81.025474][ T9535] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 81.031341][ T9535] RIP: 0033:0x442be9 [ 81.035217][ T9535] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 81.054799][ T9535] RSP: 002b:00007ffc93af2a98 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 81.063189][ T9535] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000442be9 [ 81.071148][ T9535] RDX: 000000000000000e RSI: 0000000020000080 RDI: 0000000000000003 [ 81.079106][ T9535] RBP: 0000000000000004 R08: 0000000000000000 R09: 0000000000000000 [ 81.087063][ T9535] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 81.095013][ T9535] R13: 0000000000404160 R14: 0000000000000000 R15: 0000000000000000 [ 81.102972][ T9535] [ 81.105275][ T9535] Allocated by task 8694: [ 81.109583][ T9535] save_stack+0x23/0x90 [ 81.113729][ T9535] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 81.119355][ T9535] kasan_slab_alloc+0xf/0x20 [ 81.124020][ T9535] kmem_cache_alloc+0x121/0x710 [ 81.128848][ T9535] dup_fd+0x85/0xb70 [ 81.132733][ T9535] copy_process+0x1fd7/0x7230 [ 81.137392][ T9535] _do_fork+0x146/0x1090 [ 81.141656][ T9535] __x64_sys_clone+0x19a/0x260 [ 81.146553][ T9535] do_syscall_64+0xfa/0x790 [ 81.151055][ T9535] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 81.156928][ T9535] [ 81.159242][ T9535] Freed by task 8699: [ 81.163219][ T9535] save_stack+0x23/0x90 [ 81.167359][ T9535] __kasan_slab_free+0x102/0x150 [ 81.172293][ T9535] kasan_slab_free+0xe/0x10 [ 81.176788][ T9535] kmem_cache_free+0x86/0x320 [ 81.181459][ T9535] put_files_struct+0x282/0x2f0 [ 81.186286][ T9535] exit_files+0x83/0xb0 [ 81.190424][ T9535] do_exit+0x8b5/0x2ef0 [ 81.194560][ T9535] do_group_exit+0x135/0x360 [ 81.199139][ T9535] __x64_sys_exit_group+0x44/0x50 [ 81.204152][ T9535] do_syscall_64+0xfa/0x790 [ 81.208634][ T9535] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 81.214507][ T9535] [ 81.216822][ T9535] The buggy address belongs to the object at ffff8880a3e970c0 [ 81.216822][ T9535] which belongs to the cache files_cache of size 832 [ 81.230850][ T9535] The buggy address is located 191 bytes to the left of [ 81.230850][ T9535] 832-byte region [ffff8880a3e970c0, ffff8880a3e97400) [ 81.244536][ T9535] The buggy address belongs to the page: [ 81.250146][ T9535] page:ffffea00028fa5c0 refcount:1 mapcount:0 mapping:ffff8880aa5ed700 index:0xffff8880a3e970c0 [ 81.260544][ T9535] raw: 00fffe0000000200 ffffea00028a0d08 ffffea0002803fc8 ffff8880aa5ed700 [ 81.269126][ T9535] raw: ffff8880a3e970c0 ffff8880a3e970c0 0000000100000001 0000000000000000 [ 81.277836][ T9535] page dumped because: kasan: bad access detected [ 81.284337][ T9535] [ 81.286658][ T9535] Memory state around the buggy address: [ 81.292291][ T9535] ffff8880a3e96f00: fb fb fb fb fb fb fc fc fc fc fb fb fb fb fb fb [ 81.300460][ T9535] ffff8880a3e96f80: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 81.308545][ T9535] >ffff8880a3e97000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 81.316589][ T9535] ^ [ 81.320679][ T9535] ffff8880a3e97080: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 81.328739][ T9535] ffff8880a3e97100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 81.336813][ T9535] ================================================================== [ 81.344866][ T9535] Disabling lock debugging due to kernel taint [ 81.351111][ T9535] Kernel panic - not syncing: panic_on_warn set ... [ 81.357709][ T9535] CPU: 1 PID: 9535 Comm: syz-executor010 Tainted: G B 5.5.0-rc4-syzkaller #0 [ 81.368089][ T9535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 81.378159][ T9535] Call Trace: [ 81.381449][ T9535] dump_stack+0x197/0x210 [ 81.385763][ T9535] panic+0x2e3/0x75c [ 81.389710][ T9535] ? add_taint.cold+0x16/0x16 [ 81.394433][ T9535] ? trace_hardirqs_on+0x5e/0x240 [ 81.399456][ T9535] ? trace_hardirqs_on+0x5e/0x240 [ 81.404487][ T9535] ? macvlan_broadcast+0x547/0x620 [ 81.409718][ T9535] end_report+0x47/0x4f [ 81.413947][ T9535] ? macvlan_broadcast+0x547/0x620 [ 81.419753][ T9535] __kasan_report.cold+0xe/0x41 [ 81.424625][ T9535] ? validate_xmit_xfrm+0x3d0/0xf10 [ 81.429810][ T9535] ? macvlan_broadcast+0x547/0x620 [ 81.435038][ T9535] kasan_report+0x12/0x20 [ 81.439460][ T9535] __asan_report_load_n_noabort+0xf/0x20 [ 81.445115][ T9535] macvlan_broadcast+0x547/0x620 [ 81.450057][ T9535] ? validate_xmit_skb+0x81f/0xe50 [ 81.455162][ T9535] macvlan_start_xmit+0x402/0x77f [ 81.460178][ T9535] dev_direct_xmit+0x419/0x630 [ 81.464918][ T9535] ? cache_grow_begin.cold+0x2e/0x2f [ 81.470194][ T9535] ? validate_xmit_skb_list+0x150/0x150 [ 81.475736][ T9535] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 81.481997][ T9535] ? netdev_pick_tx+0x14e/0xb00 [ 81.486865][ T9535] packet_direct_xmit+0x1a9/0x250 [ 81.491889][ T9535] packet_sendmsg+0x260d/0x6220 [ 81.496722][ T9535] ? ___might_sleep+0x163/0x2c0 [ 81.501648][ T9535] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 81.507879][ T9535] ? aa_label_sk_perm+0x91/0xf0 [ 81.512712][ T9535] ? packet_notifier+0x880/0x880 [ 81.517645][ T9535] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 81.523178][ T9535] ? apparmor_socket_sendmsg+0x2a/0x30 [ 81.528614][ T9535] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 81.534941][ T9535] ? security_socket_sendmsg+0x8d/0xc0 [ 81.540412][ T9535] ? packet_notifier+0x880/0x880 [ 81.545336][ T9535] sock_sendmsg+0xd7/0x130 [ 81.549750][ T9535] __sys_sendto+0x262/0x380 [ 81.554247][ T9535] ? __ia32_sys_getpeername+0xb0/0xb0 [ 81.559619][ T9535] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 81.565770][ T9535] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 81.571314][ T9535] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 81.577277][ T9535] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 81.582849][ T9535] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 81.588312][ T9535] ? do_syscall_64+0x26/0x790 [ 81.593083][ T9535] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 81.599153][ T9535] __x64_sys_sendto+0xe1/0x1a0 [ 81.603938][ T9535] do_syscall_64+0xfa/0x790 [ 81.608439][ T9535] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 81.614536][ T9535] RIP: 0033:0x442be9 [ 81.618450][ T9535] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 81.638563][ T9535] RSP: 002b:00007ffc93af2a98 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 81.646966][ T9535] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000442be9 [ 81.655614][ T9535] RDX: 000000000000000e RSI: 0000000020000080 RDI: 0000000000000003 [ 81.663573][ T9535] RBP: 0000000000000004 R08: 0000000000000000 R09: 0000000000000000 [ 81.671569][ T9535] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 81.679528][ T9535] R13: 0000000000404160 R14: 0000000000000000 R15: 0000000000000000 [ 81.688805][ T9535] Kernel Offset: disabled [ 81.693132][ T9535] Rebooting in 86400 seconds..