Warning: Permanently added '10.128.0.98' (ECDSA) to the list of known hosts. syzkaller login: [ 75.983321][ T8410] IPVS: ftp: loaded support on port[0] = 21 [ 76.131609][ T8410] chnl_net:caif_netlink_parms(): no params data found [ 76.227430][ T8410] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.236666][ T8410] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.246456][ T8410] device bridge_slave_0 entered promiscuous mode [ 76.257397][ T8410] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.265735][ T8410] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.274406][ T8410] device bridge_slave_1 entered promiscuous mode [ 76.296524][ T8410] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.308314][ T8410] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 76.342151][ T8410] team0: Port device team_slave_0 added [ 76.352683][ T8410] team0: Port device team_slave_1 added [ 76.372672][ T8410] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 76.380044][ T8410] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.408123][ T8410] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 76.422164][ T8410] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 76.429432][ T8410] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.456015][ T8410] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 76.483691][ T8410] device hsr_slave_0 entered promiscuous mode [ 76.490879][ T8410] device hsr_slave_1 entered promiscuous mode [ 76.604511][ T8410] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 76.617639][ T8410] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 76.628874][ T8410] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 76.640312][ T8410] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 76.671370][ T8410] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.679804][ T8410] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.687902][ T8410] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.695247][ T8410] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.746830][ T8410] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.763385][ T4830] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 76.776173][ T4830] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.786745][ T4830] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.795925][ T4830] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 76.812207][ T8410] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.824738][ T4830] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 76.835708][ T4830] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.843920][ T4830] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.857888][ T2936] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 76.869084][ T2936] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.876264][ T2936] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.899444][ T4539] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 76.913539][ T4539] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 76.924847][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 76.942365][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 76.955890][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 76.969085][ T8410] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 76.991225][ T2936] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 77.000249][ T2936] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 77.015855][ T8410] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 77.038781][ T2936] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 77.063181][ T2936] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 77.073212][ T2936] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 77.082751][ T2936] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 77.094854][ T8410] device veth0_vlan entered promiscuous mode [ 77.109401][ T8410] device veth1_vlan entered promiscuous mode [ 77.117571][ T2936] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 77.148178][ T2936] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 77.157687][ T2936] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 77.172567][ T8410] device veth0_macvtap entered promiscuous mode [ 77.183852][ T8410] device veth1_macvtap entered promiscuous mode [ 77.206310][ T8410] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 77.215074][ T2936] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 77.224677][ T2936] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 77.233775][ T2936] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 77.243572][ T2936] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 77.258059][ T8410] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.267048][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 77.277520][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 77.291889][ T8410] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.301302][ T8410] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.311534][ T8410] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.320964][ T8410] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.463629][ T194] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.492525][ T194] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 executing program [ 77.510641][ T289] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.520963][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 77.531110][ T289] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.546069][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 77.563813][ T8410] ================================================================== [ 77.572301][ T8410] BUG: KASAN: slab-out-of-bounds in ipvlan_queue_xmit+0x158f/0x18a0 [ 77.580314][ T8410] Read of size 4 at addr ffff88801bc5b7ff by task syz-executor326/8410 [ 77.588760][ T8410] [ 77.591092][ T8410] CPU: 0 PID: 8410 Comm: syz-executor326 Not tainted 5.12.0-rc4-syzkaller #0 [ 77.599880][ T8410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 77.609959][ T8410] Call Trace: [ 77.613278][ T8410] dump_stack+0x141/0x1d7 [ 77.617682][ T8410] ? ipvlan_queue_xmit+0x158f/0x18a0 [ 77.623199][ T8410] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 77.630297][ T8410] ? ipvlan_queue_xmit+0x158f/0x18a0 [ 77.635653][ T8410] ? ipvlan_queue_xmit+0x158f/0x18a0 [ 77.640985][ T8410] kasan_report.cold+0x7c/0xd8 [ 77.645793][ T8410] ? ipvlan_queue_xmit+0x158f/0x18a0 [ 77.651124][ T8410] ipvlan_queue_xmit+0x158f/0x18a0 [ 77.656327][ T8410] ? ipvlan_handle_mode_l3+0x140/0x140 [ 77.661916][ T8410] ? __sanitizer_cov_trace_switch+0x63/0xf0 [ 77.667877][ T8410] ? skb_crc32c_csum_help+0x70/0x70 [ 77.673252][ T8410] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 77.679275][ T8410] ? __might_fault+0xd3/0x180 [ 77.684024][ T8410] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 77.690404][ T8410] ? validate_xmit_xfrm+0x498/0x1050 [ 77.695725][ T8410] ? netif_skb_features+0x38d/0xb90 [ 77.700946][ T8410] ipvlan_start_xmit+0x45/0x190 [ 77.705932][ T8410] __dev_direct_xmit+0x527/0x730 [ 77.710907][ T8410] ? validate_xmit_skb_list+0x120/0x120 [ 77.716493][ T8410] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 77.722752][ T8410] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 77.729011][ T8410] ? netdev_pick_tx+0x150/0xb70 [ 77.733908][ T8410] ? packet_poll+0x600/0x600 [ 77.738533][ T8410] packet_direct_xmit+0x1a5/0x280 [ 77.743592][ T8410] packet_sendmsg+0x2405/0x52b0 [ 77.748484][ T8410] ? aa_sk_perm+0x31b/0xab0 [ 77.753014][ T8410] ? packet_cached_dev_get+0x250/0x250 [ 77.758830][ T8410] ? aa_af_perm+0x230/0x230 [ 77.763382][ T8410] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 77.769794][ T8410] ? packet_cached_dev_get+0x250/0x250 [ 77.775402][ T8410] sock_sendmsg+0xcf/0x120 [ 77.779845][ T8410] __sys_sendto+0x21c/0x320 [ 77.784390][ T8410] ? __ia32_sys_getpeername+0xb0/0xb0 [ 77.789794][ T8410] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 77.795852][ T8410] ? lock_downgrade+0x6e0/0x6e0 [ 77.800738][ T8410] __x64_sys_sendto+0xdd/0x1b0 [ 77.805537][ T8410] ? lockdep_hardirqs_on+0x79/0x100 [ 77.810755][ T8410] ? syscall_enter_from_user_mode+0x27/0x70 [ 77.816729][ T8410] do_syscall_64+0x2d/0x70 [ 77.821188][ T8410] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 77.827105][ T8410] RIP: 0033:0x44be69 [ 77.831029][ T8410] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c4 ff ff ff f7 d8 64 89 01 48 [ 77.850656][ T8410] RSP: 002b:00007ffc5c50a498 EFLAGS: 00000212 ORIG_RAX: 000000000000002c [ 77.859088][ T8410] RAX: ffffffffffffffda RBX: 0000000000000031 RCX: 000000000044be69 [ 77.867098][ T8410] RDX: 000000000000000e RSI: 0000000020000080 RDI: 0000000000000005 [ 77.875124][ T8410] RBP: 00007ffc5c50a530 R08: 0000000020000040 R09: 0000000000000014 [ 77.883193][ T8410] R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000047 [ 77.891200][ T8410] R13: 00007ffc5c50a4fa R14: 00007ffc5c50a510 R15: 00000000004bd4a0 [ 77.899245][ T8410] [ 77.901579][ T8410] Allocated by task 1: [ 77.905650][ T8410] kasan_save_stack+0x1b/0x40 [ 77.910500][ T8410] __kasan_kmalloc+0x99/0xc0 [ 77.915132][ T8410] tomoyo_realpath_from_path+0xc3/0x620 [ 77.920694][ T8410] tomoyo_path_perm+0x21b/0x400 [ 77.925681][ T8410] security_inode_getattr+0xcf/0x140 [ 77.931118][ T8410] vfs_statx+0x164/0x390 [ 77.935375][ T8410] __do_sys_newlstat+0x91/0x110 [ 77.940286][ T8410] do_syscall_64+0x2d/0x70 [ 77.944714][ T8410] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 77.950652][ T8410] [ 77.952972][ T8410] Freed by task 1: [ 77.956679][ T8410] kasan_save_stack+0x1b/0x40 [ 77.961461][ T8410] kasan_set_track+0x1c/0x30 [ 77.966097][ T8410] kasan_set_free_info+0x20/0x30 [ 77.971051][ T8410] __kasan_slab_free+0xf5/0x130 [ 77.975983][ T8410] slab_free_freelist_hook+0x92/0x210 [ 77.981421][ T8410] kfree+0xe5/0x7f0 [ 77.985233][ T8410] tomoyo_realpath_from_path+0x191/0x620 [ 77.990887][ T8410] tomoyo_path_perm+0x21b/0x400 [ 77.995750][ T8410] security_inode_getattr+0xcf/0x140 [ 78.001056][ T8410] vfs_statx+0x164/0x390 [ 78.005337][ T8410] __do_sys_newlstat+0x91/0x110 [ 78.010188][ T8410] do_syscall_64+0x2d/0x70 [ 78.014680][ T8410] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 78.020610][ T8410] [ 78.023179][ T8410] The buggy address belongs to the object at ffff88801bc5a000 [ 78.023179][ T8410] which belongs to the cache kmalloc-4k of size 4096 [ 78.037263][ T8410] The buggy address is located 2047 bytes to the right of [ 78.037263][ T8410] 4096-byte region [ffff88801bc5a000, ffff88801bc5b000) [ 78.051269][ T8410] The buggy address belongs to the page: [ 78.056907][ T8410] page:ffffea00006f1600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1bc58 [ 78.067370][ T8410] head:ffffea00006f1600 order:3 compound_mapcount:0 compound_pincount:0 [ 78.075802][ T8410] flags: 0xfff00000010200(slab|head) [ 78.081104][ T8410] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888010442140 [ 78.089701][ T8410] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 78.098305][ T8410] page dumped because: kasan: bad access detected [ 78.104853][ T8410] [ 78.107178][ T8410] Memory state around the buggy address: [ 78.112832][ T8410] ffff88801bc5b680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 78.121015][ T8410] ffff88801bc5b700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 78.129106][ T8410] >ffff88801bc5b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 78.137196][ T8410] ^ [ 78.145191][ T8410] ffff88801bc5b800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 78.153280][ T8410] ffff88801bc5b880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 78.161341][ T8410] ================================================================== [ 78.169408][ T8410] Disabling lock debugging due to kernel taint [ 78.175744][ T8410] Kernel panic - not syncing: panic_on_warn set ... [ 78.182342][ T8410] CPU: 0 PID: 8410 Comm: syz-executor326 Tainted: G B 5.12.0-rc4-syzkaller #0 [ 78.192541][ T8410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 78.202619][ T8410] Call Trace: [ 78.206611][ T8410] dump_stack+0x141/0x1d7 [ 78.211076][ T8410] panic+0x306/0x73d [ 78.215010][ T8410] ? __warn_printk+0xf3/0xf3 [ 78.219720][ T8410] ? asm_common_interrupt+0x1e/0x40 [ 78.224935][ T8410] ? trace_hardirqs_on+0x38/0x1c0 [ 78.229978][ T8410] ? trace_hardirqs_on+0x51/0x1c0 [ 78.235015][ T8410] ? ipvlan_queue_xmit+0x158f/0x18a0 [ 78.240329][ T8410] ? ipvlan_queue_xmit+0x158f/0x18a0 [ 78.245617][ T8410] end_report.cold+0x5a/0x5a [ 78.250213][ T8410] kasan_report.cold+0x6a/0xd8 [ 78.254966][ T8410] ? ipvlan_queue_xmit+0x158f/0x18a0 [ 78.260265][ T8410] ipvlan_queue_xmit+0x158f/0x18a0 [ 78.265373][ T8410] ? ipvlan_handle_mode_l3+0x140/0x140 [ 78.270844][ T8410] ? __sanitizer_cov_trace_switch+0x63/0xf0 [ 78.276745][ T8410] ? skb_crc32c_csum_help+0x70/0x70 [ 78.281956][ T8410] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 78.293232][ T8410] ? __might_fault+0xd3/0x180 [ 78.297914][ T8410] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 78.304174][ T8410] ? validate_xmit_xfrm+0x498/0x1050 [ 78.309483][ T8410] ? netif_skb_features+0x38d/0xb90 [ 78.314696][ T8410] ipvlan_start_xmit+0x45/0x190 [ 78.319551][ T8410] __dev_direct_xmit+0x527/0x730 [ 78.324671][ T8410] ? validate_xmit_skb_list+0x120/0x120 [ 78.330224][ T8410] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 78.336474][ T8410] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 78.342751][ T8410] ? netdev_pick_tx+0x150/0xb70 [ 78.347605][ T8410] ? packet_poll+0x600/0x600 [ 78.352193][ T8410] packet_direct_xmit+0x1a5/0x280 [ 78.357235][ T8410] packet_sendmsg+0x2405/0x52b0 [ 78.362110][ T8410] ? aa_sk_perm+0x31b/0xab0 [ 78.367151][ T8410] ? packet_cached_dev_get+0x250/0x250 [ 78.372613][ T8410] ? aa_af_perm+0x230/0x230 [ 78.377133][ T8410] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 78.383390][ T8410] ? packet_cached_dev_get+0x250/0x250 [ 78.388916][ T8410] sock_sendmsg+0xcf/0x120 [ 78.393328][ T8410] __sys_sendto+0x21c/0x320 [ 78.397865][ T8410] ? __ia32_sys_getpeername+0xb0/0xb0 [ 78.403245][ T8410] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 78.409242][ T8410] ? lock_downgrade+0x6e0/0x6e0 [ 78.414121][ T8410] __x64_sys_sendto+0xdd/0x1b0 [ 78.418914][ T8410] ? lockdep_hardirqs_on+0x79/0x100 [ 78.424402][ T8410] ? syscall_enter_from_user_mode+0x27/0x70 [ 78.430330][ T8410] do_syscall_64+0x2d/0x70 [ 78.434762][ T8410] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 78.440664][ T8410] RIP: 0033:0x44be69 [ 78.444587][ T8410] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c4 ff ff ff f7 d8 64 89 01 48 [ 78.466465][ T8410] RSP: 002b:00007ffc5c50a498 EFLAGS: 00000212 ORIG_RAX: 000000000000002c [ 78.474905][ T8410] RAX: ffffffffffffffda RBX: 0000000000000031 RCX: 000000000044be69 [ 78.482887][ T8410] RDX: 000000000000000e RSI: 0000000020000080 RDI: 0000000000000005 [ 78.490970][ T8410] RBP: 00007ffc5c50a530 R08: 0000000020000040 R09: 0000000000000014 [ 78.498950][ T8410] R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000047 [ 78.507906][ T8410] R13: 00007ffc5c50a4fa R14: 00007ffc5c50a510 R15: 00000000004bd4a0 [ 78.516554][ T8410] Kernel Offset: disabled [ 78.520917][ T8410] Rebooting in 86400 seconds..