[�[0;32m OK �[0m] Started Getty on tty3.
[�[0;32m OK �[0m] Started Getty on tty2.
[�[0;32m OK �[0m] Started Serial Getty on ttyS0.
[�[0;32m OK �[0m] Started Getty on tty1.
[�[0;32m OK �[0m] Started getty on tty2-tty6 if dbus and logind are not available.
Debian GNU/Linux 9 syzkaller ttyS0
Warning: Permanently added '10.128.10.46' (ECDSA) to the list of known hosts.
syzkaller login: [ 59.480406][ T6821] IPVS: ftp: loaded support on port[0] = 21
[ 59.570494][ T6821] chnl_net:caif_netlink_parms(): no params data found
[ 59.624858][ T6821] bridge0: port 1(bridge_slave_0) entered blocking state
[ 59.632202][ T6821] bridge0: port 1(bridge_slave_0) entered disabled state
[ 59.640982][ T6821] device bridge_slave_0 entered promiscuous mode
[ 59.649667][ T6821] bridge0: port 2(bridge_slave_1) entered blocking state
[ 59.657199][ T6821] bridge0: port 2(bridge_slave_1) entered disabled state
[ 59.665884][ T6821] device bridge_slave_1 entered promiscuous mode
[ 59.685875][ T6821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 59.696672][ T6821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 59.718154][ T6821] team0: Port device team_slave_0 added
[ 59.725532][ T6821] team0: Port device team_slave_1 added
[ 59.742807][ T6821] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 59.749749][ T6821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 59.776953][ T6821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 59.789584][ T6821] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 59.797032][ T6821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 59.823451][ T6821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 59.886327][ T6821] device hsr_slave_0 entered promiscuous mode
[ 59.952673][ T6821] device hsr_slave_1 entered promiscuous mode
[ 60.089939][ T6821] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 60.115918][ T6821] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 60.175119][ T6821] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 60.234953][ T6821] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 60.288943][ T6821] bridge0: port 2(bridge_slave_1) entered blocking state
[ 60.296090][ T6821] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 60.303852][ T6821] bridge0: port 1(bridge_slave_0) entered blocking state
[ 60.310904][ T6821] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 60.354734][ T6821] 8021q: adding VLAN 0 to HW filter on device bond0
[ 60.368475][ T3654] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 60.377943][ T3654] bridge0: port 1(bridge_slave_0) entered disabled state
[ 60.386342][ T3654] bridge0: port 2(bridge_slave_1) entered disabled state
[ 60.394675][ T3654] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 60.408486][ T6821] 8021q: adding VLAN 0 to HW filter on device team0
[ 60.418911][ T2521] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 60.428890][ T2521] bridge0: port 1(bridge_slave_0) entered blocking state
[ 60.435996][ T2521] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 60.448082][ T3654] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 60.457007][ T3654] bridge0: port 2(bridge_slave_1) entered blocking state
[ 60.464106][ T3654] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 60.485886][ T3653] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 60.495542][ T3653] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 60.511685][ T6821] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 60.524279][ T6821] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 60.536428][ T3653] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 60.544592][ T3653] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 60.554075][ T3653] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 60.563299][ T3653] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 60.583514][ T2521] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 60.590869][ T2521] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 60.604444][ T6821] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 60.623357][ T2521] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 60.632066][ T2521] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 60.660300][ T6821] device veth0_vlan entered promiscuous mode
[ 60.667819][ T3653] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 60.676583][ T3653] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 60.685636][ T3653] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 60.693696][ T3653] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 60.707372][ T6821] device veth1_vlan entered promiscuous mode
[ 60.729056][ T3653] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 60.737713][ T3653] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 60.746426][ T3653] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 60.755657][ T3653] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 60.767676][ T6821] device veth0_macvtap entered promiscuous mode
[ 60.777736][ T6821] device veth1_macvtap entered promiscuous mode
[ 60.795141][ T6821] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 60.802951][ T2521] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 60.810949][ T2521] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 60.819707][ T2521] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 60.829678][ T2521] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 60.842800][ T6821] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 60.850029][ T2521] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 60.860049][ T2521] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
executing program
[ 64.162828][ C1] ==================================================================
[ 64.170981][ C1] BUG: KASAN: use-after-free in ip_icmp_error+0x52a/0x5a0
[ 64.178061][ C1] Read of size 1 at addr ffff888093024fff by task swapper/1/0
[ 64.185524][ C1]
[ 64.187831][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.7.0-rc7-next-20200526-syzkaller #0
[ 64.196905][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 64.206933][ C1] Call Trace:
[ 64.210190][ C1]
[ 64.213054][ C1] dump_stack+0x18f/0x20d
[ 64.217371][ C1] ? ip_icmp_error+0x52a/0x5a0
[ 64.222110][ C1] ? ip_icmp_error+0x52a/0x5a0
[ 64.226849][ C1] print_address_description.constprop.0.cold+0xd3/0x413
[ 64.233842][ C1] ? memcpy+0x39/0x60
[ 64.237798][ C1] ? vprintk_func+0x97/0x1a6
[ 64.242361][ C1] ? ip_icmp_error+0x52a/0x5a0
[ 64.247095][ C1] kasan_report.cold+0x1f/0x37
[ 64.251846][ C1] ? skb_clone+0x190/0x3c0
[ 64.256246][ C1] ? ip_icmp_error+0x52a/0x5a0
[ 64.260984][ C1] ip_icmp_error+0x52a/0x5a0
[ 64.265550][ C1] tcp_v4_err+0x99e/0x1ce0
[ 64.269942][ C1] ? tcp_v4_do_rcv+0x8b0/0x8b0
[ 64.274682][ C1] icmp_socket_deliver+0x1e1/0x360
[ 64.279768][ C1] icmp_unreach+0x33b/0xab0
[ 64.284245][ C1] icmp_rcv+0xee6/0x15f0
[ 64.288496][ C1] ip_protocol_deliver_rcu+0x57/0x880
[ 64.293840][ C1] ? check_preemption_disabled+0x38/0x220
[ 64.299532][ C1] ip_local_deliver_finish+0x220/0x360
[ 64.304964][ C1] ip_local_deliver+0x1c8/0x4e0
[ 64.309785][ C1] ? ip_local_deliver_finish+0x360/0x360
[ 64.315389][ C1] ? ip_rcv+0x244/0x3c0
[ 64.319542][ C1] ? ip_protocol_deliver_rcu+0x880/0x880
[ 64.325146][ C1] ? lock_downgrade+0x840/0x840
[ 64.329966][ C1] ? ip_rcv_finish_core.isra.0+0x606/0x1ea0
[ 64.335860][ C1] ip_rcv_finish+0x1da/0x2f0
[ 64.340442][ C1] ip_rcv+0xd0/0x3c0
[ 64.344312][ C1] ? ip_local_deliver+0x4e0/0x4e0
[ 64.349310][ C1] ? ip_rcv_finish_core.isra.0+0x1ea0/0x1ea0
[ 64.355265][ C1] ? ip_local_deliver+0x4e0/0x4e0
[ 64.360262][ C1] __netif_receive_skb_one_core+0x114/0x180
[ 64.366139][ C1] ? __netif_receive_skb_core+0x33f0/0x33f0
[ 64.372015][ C1] ? do_raw_spin_lock+0x120/0x2d0
[ 64.377028][ C1] ? rwlock_bug.part.0+0x90/0x90
[ 64.381941][ C1] __netif_receive_skb+0x27/0x1c0
[ 64.386939][ C1] process_backlog+0x21e/0x7a0
[ 64.391689][ C1] ? lockdep_hardirqs_on_prepare+0x1bc/0x590
[ 64.397652][ C1] net_rx_action+0x4e1/0x10d0
[ 64.402304][ C1] ? napi_busy_loop+0x9e0/0x9e0
[ 64.407143][ C1] ? rcu_read_lock_any_held.part.0+0x50/0x50
[ 64.413108][ C1] ? lockdep_hardirqs_on_prepare+0x1bc/0x590
[ 64.419077][ C1] __do_softirq+0x268/0x9ee
[ 64.423556][ C1] irq_exit+0x192/0x1d0
[ 64.427684][ C1] smp_apic_timer_interrupt+0x19e/0x600
[ 64.433220][ C1] apic_timer_interrupt+0xf/0x20
[ 64.438125][ C1]
[ 64.441035][ C1] RIP: 0010:native_safe_halt+0xe/0x10
[ 64.446376][ C1] Code: cc cc cc cc cc cc cc cc cc cc cc cc e9 07 00 00 00 0f 00 2d 44 b9 4a 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d 34 b9 4a 00 fb f4 cc 41 56 41 55 41 54 55 53 e8 b3 eb 82 f9 e8 5e 66 fd ff 0f 1f
[ 64.465950][ C1] RSP: 0018:ffffc90000d3fc70 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
[ 64.474334][ C1] RAX: ffff8880a95f4340 RBX: 0000000000000000 RCX: 1ffffffff1519a2e
[ 64.482279][ C1] RDX: 0000000000000000 RSI: ffffffff87ddf958 RDI: ffff8880a95f4bc8
[ 64.490220][ C1] RBP: ffff8880a6444064 R08: 0000000000000000 R09: 0000000000000001
[ 64.498165][ C1] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880a6444064
[ 64.506121][ C1] R13: 1ffff920001a7f99 R14: ffff8880a6444065 R15: 0000000000000001
[ 64.514079][ C1] ? acpi_safe_halt+0x88/0x110
[ 64.518820][ C1] acpi_safe_halt+0x8d/0x110
[ 64.523381][ C1] acpi_idle_do_entry+0xa9/0xe0
[ 64.528203][ C1] acpi_idle_enter+0x437/0xb20
[ 64.532942][ C1] ? acpi_idle_enter_bm+0x2d0/0x2d0
[ 64.538113][ C1] ? kvm_clock_read+0x14/0x30
[ 64.542782][ C1] ? kvm_sched_clock_read+0x5/0x10
[ 64.547862][ C1] ? sched_clock+0x2a/0x40
[ 64.552260][ C1] ? sched_clock_cpu+0x18/0x1b0
[ 64.557093][ C1] ? check_preemption_disabled+0x38/0x220
[ 64.562789][ C1] cpuidle_enter_state+0xdb/0xd50
[ 64.567798][ C1] ? check_preemption_disabled+0x38/0x220
[ 64.573493][ C1] cpuidle_enter+0x4a/0xa0
[ 64.577898][ C1] do_idle+0x42f/0x690
[ 64.581941][ C1] ? arch_cpu_idle_exit+0x70/0x70
[ 64.586941][ C1] cpu_startup_entry+0x14/0x20
[ 64.591688][ C1] start_secondary+0x2f8/0x410
[ 64.596453][ C1] ? set_cpu_sibling_map+0x1ed0/0x1ed0
[ 64.601887][ C1] secondary_startup_64+0xa4/0xb0
[ 64.606885][ C1]
[ 64.609183][ C1] The buggy address belongs to the page:
[ 64.614803][ C1] page:ffffea00024c0900 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0
[ 64.623885][ C1] flags: 0xfffe0000000000()
[ 64.628377][ C1] raw: 00fffe0000000000 ffffea00024c0948 ffffea00024ef4c8 0000000000000000
[ 64.636933][ C1] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 64.645489][ C1] page dumped because: kasan: bad access detected
[ 64.651877][ C1]
[ 64.654189][ C1] Memory state around the buggy address:
[ 64.659791][ C1] ffff888093024e80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 64.667829][ C1] ffff888093024f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 64.675863][ C1] >ffff888093024f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 64.683892][ C1] ^
[ 64.691849][ C1] ffff888093025000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 64.699890][ C1] ffff888093025080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 64.707919][ C1] ==================================================================
[ 64.715945][ C1] Disabling lock debugging due to kernel taint
[ 64.722088][ C1] Kernel panic - not syncing: panic_on_warn set ...
[ 64.728656][ C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G B 5.7.0-rc7-next-20200526-syzkaller #0
[ 64.739123][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 64.749170][ C1] Call Trace:
[ 64.752446][ C1]
[ 64.755293][ C1] dump_stack+0x18f/0x20d
[ 64.759617][ C1] ? ip_icmp_error+0x4f0/0x5a0
[ 64.764365][ C1] panic+0x2e3/0x75c
[ 64.768248][ C1] ? __warn_printk+0xf3/0xf3
[ 64.772806][ C1] ? ip_icmp_error+0x52a/0x5a0
[ 64.777572][ C1] ? trace_hardirqs_on+0x55/0x220
[ 64.782570][ C1] ? ip_icmp_error+0x52a/0x5a0
[ 64.787300][ C1] ? ip_icmp_error+0x52a/0x5a0
[ 64.792034][ C1] end_report+0x4d/0x53
[ 64.796160][ C1] kasan_report.cold+0xd/0x37
[ 64.800816][ C1] ? skb_clone+0x190/0x3c0
[ 64.805203][ C1] ? ip_icmp_error+0x52a/0x5a0
[ 64.809953][ C1] ip_icmp_error+0x52a/0x5a0
[ 64.814520][ C1] tcp_v4_err+0x99e/0x1ce0
[ 64.818917][ C1] ? tcp_v4_do_rcv+0x8b0/0x8b0
[ 64.823650][ C1] icmp_socket_deliver+0x1e1/0x360
[ 64.828730][ C1] icmp_unreach+0x33b/0xab0
[ 64.833220][ C1] icmp_rcv+0xee6/0x15f0
[ 64.837434][ C1] ip_protocol_deliver_rcu+0x57/0x880
[ 64.842790][ C1] ? check_preemption_disabled+0x38/0x220
[ 64.848479][ C1] ip_local_deliver_finish+0x220/0x360
[ 64.853909][ C1] ip_local_deliver+0x1c8/0x4e0
[ 64.858729][ C1] ? ip_local_deliver_finish+0x360/0x360
[ 64.864327][ C1] ? ip_rcv+0x244/0x3c0
[ 64.868451][ C1] ? ip_protocol_deliver_rcu+0x880/0x880
[ 64.874053][ C1] ? lock_downgrade+0x840/0x840
[ 64.878870][ C1] ? ip_rcv_finish_core.isra.0+0x606/0x1ea0
[ 64.884732][ C1] ip_rcv_finish+0x1da/0x2f0
[ 64.889306][ C1] ip_rcv+0xd0/0x3c0
[ 64.893169][ C1] ? ip_local_deliver+0x4e0/0x4e0
[ 64.898161][ C1] ? ip_rcv_finish_core.isra.0+0x1ea0/0x1ea0
[ 64.904229][ C1] ? ip_local_deliver+0x4e0/0x4e0
[ 64.909264][ C1] __netif_receive_skb_one_core+0x114/0x180
[ 64.915127][ C1] ? __netif_receive_skb_core+0x33f0/0x33f0
[ 64.920989][ C1] ? do_raw_spin_lock+0x120/0x2d0
[ 64.926004][ C1] ? rwlock_bug.part.0+0x90/0x90
[ 64.930910][ C1] __netif_receive_skb+0x27/0x1c0
[ 64.935904][ C1] process_backlog+0x21e/0x7a0
[ 64.940641][ C1] ? lockdep_hardirqs_on_prepare+0x1bc/0x590
[ 64.946614][ C1] net_rx_action+0x4e1/0x10d0
[ 64.951262][ C1] ? napi_busy_loop+0x9e0/0x9e0
[ 64.956091][ C1] ? rcu_read_lock_any_held.part.0+0x50/0x50
[ 64.962041][ C1] ? lockdep_hardirqs_on_prepare+0x1bc/0x590
[ 64.967996][ C1] __do_softirq+0x268/0x9ee
[ 64.972473][ C1] irq_exit+0x192/0x1d0
[ 64.976601][ C1] smp_apic_timer_interrupt+0x19e/0x600
[ 64.982118][ C1] apic_timer_interrupt+0xf/0x20
[ 64.987107][ C1]
[ 64.990015][ C1] RIP: 0010:native_safe_halt+0xe/0x10
[ 64.995355][ C1] Code: cc cc cc cc cc cc cc cc cc cc cc cc e9 07 00 00 00 0f 00 2d 44 b9 4a 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d 34 b9 4a 00 fb f4 cc 41 56 41 55 41 54 55 53 e8 b3 eb 82 f9 e8 5e 66 fd ff 0f 1f
[ 65.014929][ C1] RSP: 0018:ffffc90000d3fc70 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
[ 65.023313][ C1] RAX: ffff8880a95f4340 RBX: 0000000000000000 RCX: 1ffffffff1519a2e
[ 65.031254][ C1] RDX: 0000000000000000 RSI: ffffffff87ddf958 RDI: ffff8880a95f4bc8
[ 65.039195][ C1] RBP: ffff8880a6444064 R08: 0000000000000000 R09: 0000000000000001
[ 65.047134][ C1] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880a6444064
[ 65.055076][ C1] R13: 1ffff920001a7f99 R14: ffff8880a6444065 R15: 0000000000000001
[ 65.063029][ C1] ? acpi_safe_halt+0x88/0x110
[ 65.067780][ C1] acpi_safe_halt+0x8d/0x110
[ 65.072338][ C1] acpi_idle_do_entry+0xa9/0xe0
[ 65.077158][ C1] acpi_idle_enter+0x437/0xb20
[ 65.081890][ C1] ? acpi_idle_enter_bm+0x2d0/0x2d0
[ 65.087060][ C1] ? kvm_clock_read+0x14/0x30
[ 65.091720][ C1] ? kvm_sched_clock_read+0x5/0x10
[ 65.096809][ C1] ? sched_clock+0x2a/0x40
[ 65.101193][ C1] ? sched_clock_cpu+0x18/0x1b0
[ 65.106057][ C1] ? check_preemption_disabled+0x38/0x220
[ 65.111760][ C1] cpuidle_enter_state+0xdb/0xd50
[ 65.116763][ C1] ? check_preemption_disabled+0x38/0x220
[ 65.122459][ C1] cpuidle_enter+0x4a/0xa0
[ 65.126849][ C1] do_idle+0x42f/0x690
[ 65.130891][ C1] ? arch_cpu_idle_exit+0x70/0x70
[ 65.135892][ C1] cpu_startup_entry+0x14/0x20
[ 65.140628][ C1] start_secondary+0x2f8/0x410
[ 65.145365][ C1] ? set_cpu_sibling_map+0x1ed0/0x1ed0
[ 65.150800][ C1] secondary_startup_64+0xa4/0xb0
[ 65.156864][ C1] Kernel Offset: disabled
[ 65.161172][ C1] Rebooting in 86400 seconds..