Warning: Permanently added '10.128.0.42' (ECDSA) to the list of known hosts. [ 45.833814] random: sshd: uninitialized urandom read (32 bytes read) [ 45.939824] IPVS: ftp: loaded support on port[0] = 21 [ 46.073767] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.080348] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.088189] device bridge_slave_0 entered promiscuous mode [ 46.105095] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.111598] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.118933] device bridge_slave_1 entered promiscuous mode [ 46.134549] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 46.150682] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 46.192961] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 46.210928] bond0: Enslaving bond_slave_1 as an active interface with an up link RTNETLINK answers: Operation not supported [ 46.273851] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 46.281191] team0: Port device team_slave_0 added [ 46.296020] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 46.303862] team0: Port device team_slave_1 added [ 46.318688] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 46.335125] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 46.351805] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 46.369336] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 46.493357] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.499948] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.506777] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.513133] bridge0: port 1(bridge_slave_0) entered forwarding state RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument [ 46.954866] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 46.960975] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.007316] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 47.053027] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.061105] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 47.100161] 8021q: adding VLAN 0 to HW filter on device team0 executing program [ 47.344250] ================================================================== [ 47.351826] BUG: KASAN: slab-out-of-bounds in _decode_session6+0x1331/0x14e0 [ 47.358995] Read of size 1 at addr ffff8801d4bd3c87 by task syz-executor325/4673 [ 47.366500] [ 47.368112] CPU: 0 PID: 4673 Comm: syz-executor325 Not tainted 4.19.0-rc2+ #47 [ 47.375451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.384784] Call Trace: [ 47.387357] dump_stack+0x1c9/0x2b4 [ 47.390967] ? dump_stack_print_info.cold.2+0x52/0x52 [ 47.396141] ? printk+0xa7/0xcf [ 47.399401] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 47.404141] ? _decode_session6+0x1331/0x14e0 [ 47.408677] print_address_description+0x6c/0x20b [ 47.413510] ? _decode_session6+0x1331/0x14e0 [ 47.417990] kasan_report.cold.7+0x242/0x30d [ 47.422382] __asan_report_load1_noabort+0x14/0x20 [ 47.427356] _decode_session6+0x1331/0x14e0 [ 47.431672] __xfrm_decode_session+0x71/0x140 [ 47.436161] vti6_tnl_xmit+0x3fc/0x1bb1 [ 47.440128] ? vti6_rcv+0x8f0/0x8f0 [ 47.443739] ? graph_lock+0x170/0x170 [ 47.447521] ? find_held_lock+0x36/0x1c0 [ 47.451574] dev_hard_start_xmit+0x272/0xc10 [ 47.455969] ? dev_direct_xmit+0x6b0/0x6b0 [ 47.460362] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 47.465917] ? netif_skb_features+0x690/0xb70 [ 47.470415] ? lock_acquire+0x1e4/0x4f0 [ 47.474399] ? __dev_queue_xmit+0x22cd/0x3870 [ 47.478946] ? lock_release+0x9f0/0x9f0 [ 47.482920] ? validate_xmit_skb+0x80c/0xf30 [ 47.487321] ? kasan_check_write+0x14/0x20 [ 47.491546] ? do_raw_spin_lock+0xc1/0x200 [ 47.495787] __dev_queue_xmit+0x2ab2/0x3870 [ 47.500111] ? save_stack+0x43/0xd0 [ 47.503722] ? kasan_kmalloc+0xc4/0xe0 [ 47.507597] ? pskb_expand_head+0x230/0x10e0 [ 47.511994] ? netdev_pick_tx+0x2d0/0x2d0 [ 47.516130] ? is_bpf_text_address+0xd7/0x170 [ 47.520613] ? kmem_cache_alloc_node_trace+0x219/0x720 [ 47.525887] ? __lock_is_held+0xb5/0x140 [ 47.530024] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 47.535123] ? skb_release_data+0x1c4/0x880 [ 47.539441] ? kmem_cache_alloc_node_trace+0x320/0x720 [ 47.544707] ? kasan_unpoison_shadow+0x35/0x50 [ 47.549278] ? skb_tx_error+0x2f0/0x2f0 [ 47.553240] ? kasan_kmalloc+0xc4/0xe0 [ 47.557117] ? __kmalloc_node_track_caller+0x47/0x70 [ 47.562219] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 47.567751] ? kasan_check_write+0x14/0x20 [ 47.571978] ? pskb_expand_head+0x6b3/0x10e0 [ 47.576384] ? find_held_lock+0x36/0x1c0 [ 47.580459] ? __pskb_copy_fclone+0xeb0/0xeb0 [ 47.584946] ? sock_spd_release+0x2e0/0x2e0 [ 47.589257] ? __lock_is_held+0xb5/0x140 [ 47.593310] ? kasan_check_write+0x14/0x20 [ 47.597532] ? __skb_clone+0x6c7/0xa00 [ 47.601425] ? __copy_skb_header+0x6b0/0x6b0 [ 47.605823] ? depot_save_stack+0x291/0x470 [ 47.610137] ? skb_ensure_writable+0x15e/0x640 [ 47.614715] dev_queue_xmit+0x17/0x20 [ 47.618505] ? dev_queue_xmit+0x17/0x20 [ 47.622529] __bpf_redirect+0x5b7/0xae0 [ 47.626500] bpf_clone_redirect+0x2f6/0x490 [ 47.630891] bpf_prog_c39d1ba309a769f7+0x483/0x1000 [ 47.635906] ? lock_downgrade+0x8f0/0x8f0 [ 47.640044] ? ktime_get+0x352/0x440 [ 47.643754] ? ktime_get+0x352/0x440 [ 47.647491] ? find_held_lock+0x36/0x1c0 [ 47.651559] ? lock_acquire+0x1e4/0x4f0 [ 47.655524] ? bpf_test_run+0x319/0x5b0 [ 47.659496] ? lock_downgrade+0x8f0/0x8f0 [ 47.663634] ? kasan_check_read+0x11/0x20 [ 47.667770] ? rcu_is_watching+0x8c/0x150 [ 47.671904] ? kasan_check_write+0x14/0x20 [ 47.676133] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 47.680794] ? skb_try_coalesce+0x1c80/0x1c80 [ 47.685334] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 47.690443] ? __check_object_size+0xa3/0x5d7 [ 47.694936] ? bpf_test_run+0x1ab/0x5b0 [ 47.698902] ? genl_pernet_init.cold.16+0x18/0x18 [ 47.703808] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 47.709337] ? bpf_test_init.isra.9+0x70/0x100 [ 47.713922] ? bpf_prog_test_run_skb+0x62f/0xb40 [ 47.718750] ? bpf_test_finish.isra.8+0x1f0/0x1f0 [ 47.723589] ? bpf_prog_add+0x69/0xd0 [ 47.727399] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.732927] ? __bpf_prog_get+0x9b/0x290 [ 47.737110] ? bpf_test_finish.isra.8+0x1f0/0x1f0 [ 47.741951] ? bpf_prog_test_run+0x130/0x1a0 [ 47.746463] ? __x64_sys_bpf+0x3d8/0x510 [ 47.750513] ? bpf_prog_get+0x20/0x20 [ 47.754313] ? do_page_fault+0xf6/0x7a4 [ 47.758279] ? do_syscall_64+0x1b9/0x820 [ 47.762330] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 47.767700] ? syscall_return_slowpath+0x5e0/0x5e0 [ 47.772698] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 47.777540] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 47.782552] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 47.787562] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.793094] ? prepare_exit_to_usermode+0x291/0x3b0 [ 47.798107] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 47.802946] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.808301] [ 47.809915] Allocated by task 4673: [ 47.813531] save_stack+0x43/0xd0 [ 47.816976] kasan_kmalloc+0xc4/0xe0 [ 47.820732] __kmalloc_node_track_caller+0x47/0x70 [ 47.825663] __kmalloc_reserve.isra.41+0x3a/0xe0 [ 47.830409] pskb_expand_head+0x230/0x10e0 [ 47.834631] skb_ensure_writable+0x3dd/0x640 [ 47.839023] bpf_clone_redirect+0x14a/0x490 [ 47.843331] bpf_prog_c39d1ba309a769f7+0x483/0x1000 [ 47.848332] [ 47.849948] Freed by task 3294: [ 47.853211] save_stack+0x43/0xd0 [ 47.856650] __kasan_slab_free+0x11a/0x170 [ 47.860868] kasan_slab_free+0xe/0x10 [ 47.864650] kfree+0xd9/0x210 [ 47.867739] load_elf_binary+0x2569/0x5610 [ 47.871978] search_binary_handler+0x17d/0x570 [ 47.876554] __do_execve_file.isra.35+0x15ff/0x2460 [ 47.881559] __x64_sys_execve+0x8f/0xc0 [ 47.885519] do_syscall_64+0x1b9/0x820 [ 47.889401] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.894574] [ 47.896208] The buggy address belongs to the object at ffff8801d4bd3a80 [ 47.896208] which belongs to the cache kmalloc-512 of size 512 [ 47.908850] The buggy address is located 7 bytes to the right of [ 47.908850] 512-byte region [ffff8801d4bd3a80, ffff8801d4bd3c80) [ 47.921052] The buggy address belongs to the page: [ 47.925978] page:ffffea000752f4c0 count:1 mapcount:0 mapping:ffff8801dac00940 index:0x0 [ 47.934104] flags: 0x2fffc0000000100(slab) [ 47.938326] raw: 02fffc0000000100 ffffea000752f488 ffffea000752f508 ffff8801dac00940 [ 47.946213] raw: 0000000000000000 ffff8801d4bd3080 0000000100000006 0000000000000000 [ 47.954081] page dumped because: kasan: bad access detected [ 47.959767] [ 47.961379] Memory state around the buggy address: [ 47.966298] ffff8801d4bd3b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.973639] ffff8801d4bd3c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.980979] >ffff8801d4bd3c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.989983] ^ [ 47.993333] ffff8801d4bd3d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.000685] ffff8801d4bd3d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.008029] ================================================================== [ 48.015394] Disabling lock debugging due to kernel taint [ 48.020860] Kernel panic - not syncing: panic_on_warn set ... [ 48.020860] [ 48.028235] CPU: 0 PID: 4673 Comm: syz-executor325 Tainted: G B 4.19.0-rc2+ #47 [ 48.036977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.046308] Call Trace: [ 48.048879] dump_stack+0x1c9/0x2b4 [ 48.052493] ? dump_stack_print_info.cold.2+0x52/0x52 [ 48.057670] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 48.062408] panic+0x238/0x4e7 [ 48.065583] ? add_taint.cold.5+0x16/0x16 [ 48.069713] ? trace_hardirqs_on+0x9a/0x2c0 [ 48.074014] ? trace_hardirqs_on+0xb4/0x2c0 [ 48.078314] ? trace_hardirqs_on+0xb4/0x2c0 [ 48.082614] ? trace_hardirqs_on+0x9a/0x2c0 [ 48.086921] ? _decode_session6+0x1331/0x14e0 [ 48.091399] kasan_end_report+0x47/0x4f [ 48.095367] kasan_report.cold.7+0x76/0x30d [ 48.099688] __asan_report_load1_noabort+0x14/0x20 [ 48.104603] _decode_session6+0x1331/0x14e0 [ 48.108912] __xfrm_decode_session+0x71/0x140 [ 48.113397] vti6_tnl_xmit+0x3fc/0x1bb1 [ 48.117368] ? vti6_rcv+0x8f0/0x8f0 [ 48.120985] ? graph_lock+0x170/0x170 [ 48.124767] ? find_held_lock+0x36/0x1c0 [ 48.128819] dev_hard_start_xmit+0x272/0xc10 [ 48.133210] ? dev_direct_xmit+0x6b0/0x6b0 [ 48.137428] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 48.142947] ? netif_skb_features+0x690/0xb70 [ 48.147426] ? lock_acquire+0x1e4/0x4f0 [ 48.151387] ? __dev_queue_xmit+0x22cd/0x3870 [ 48.155866] ? lock_release+0x9f0/0x9f0 [ 48.159832] ? validate_xmit_skb+0x80c/0xf30 [ 48.164240] ? kasan_check_write+0x14/0x20 [ 48.168461] ? do_raw_spin_lock+0xc1/0x200 [ 48.172680] __dev_queue_xmit+0x2ab2/0x3870 [ 48.176986] ? save_stack+0x43/0xd0 [ 48.180597] ? kasan_kmalloc+0xc4/0xe0 [ 48.184467] ? pskb_expand_head+0x230/0x10e0 [ 48.188861] ? netdev_pick_tx+0x2d0/0x2d0 [ 48.192992] ? is_bpf_text_address+0xd7/0x170 [ 48.197469] ? kmem_cache_alloc_node_trace+0x219/0x720 [ 48.202728] ? __lock_is_held+0xb5/0x140 [ 48.206774] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 48.211772] ? skb_release_data+0x1c4/0x880 [ 48.216088] ? kmem_cache_alloc_node_trace+0x320/0x720 [ 48.221353] ? kasan_unpoison_shadow+0x35/0x50 [ 48.225931] ? skb_tx_error+0x2f0/0x2f0 [ 48.229885] ? kasan_kmalloc+0xc4/0xe0 [ 48.233755] ? __kmalloc_node_track_caller+0x47/0x70 [ 48.238841] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 48.244371] ? kasan_check_write+0x14/0x20 [ 48.248601] ? pskb_expand_head+0x6b3/0x10e0 [ 48.252992] ? find_held_lock+0x36/0x1c0 [ 48.257036] ? __pskb_copy_fclone+0xeb0/0xeb0 [ 48.261538] ? sock_spd_release+0x2e0/0x2e0 [ 48.265842] ? __lock_is_held+0xb5/0x140 [ 48.269888] ? kasan_check_write+0x14/0x20 [ 48.274106] ? __skb_clone+0x6c7/0xa00 [ 48.277977] ? __copy_skb_header+0x6b0/0x6b0 [ 48.282382] ? depot_save_stack+0x291/0x470 [ 48.286711] ? skb_ensure_writable+0x15e/0x640 [ 48.291280] dev_queue_xmit+0x17/0x20 [ 48.295093] ? dev_queue_xmit+0x17/0x20 [ 48.299049] __bpf_redirect+0x5b7/0xae0 [ 48.303018] bpf_clone_redirect+0x2f6/0x490 [ 48.307325] bpf_prog_c39d1ba309a769f7+0x483/0x1000 [ 48.312328] ? lock_downgrade+0x8f0/0x8f0 [ 48.316467] ? ktime_get+0x352/0x440 [ 48.320163] ? ktime_get+0x352/0x440 [ 48.323858] ? find_held_lock+0x36/0x1c0 [ 48.327900] ? lock_acquire+0x1e4/0x4f0 [ 48.331856] ? bpf_test_run+0x319/0x5b0 [ 48.335811] ? lock_downgrade+0x8f0/0x8f0 [ 48.339944] ? kasan_check_read+0x11/0x20 [ 48.344085] ? rcu_is_watching+0x8c/0x150 [ 48.348215] ? kasan_check_write+0x14/0x20 [ 48.352433] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 48.357090] ? skb_try_coalesce+0x1c80/0x1c80 [ 48.361568] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 48.366587] ? __check_object_size+0xa3/0x5d7 [ 48.371081] ? bpf_test_run+0x1ab/0x5b0 [ 48.375044] ? genl_pernet_init.cold.16+0x18/0x18 [ 48.379911] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 48.385434] ? bpf_test_init.isra.9+0x70/0x100 [ 48.390000] ? bpf_prog_test_run_skb+0x62f/0xb40 [ 48.394741] ? bpf_test_finish.isra.8+0x1f0/0x1f0 [ 48.399567] ? bpf_prog_add+0x69/0xd0 [ 48.403363] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.408890] ? __bpf_prog_get+0x9b/0x290 [ 48.412933] ? bpf_test_finish.isra.8+0x1f0/0x1f0 [ 48.417760] ? bpf_prog_test_run+0x130/0x1a0 [ 48.422151] ? __x64_sys_bpf+0x3d8/0x510 [ 48.426197] ? bpf_prog_get+0x20/0x20 [ 48.429982] ? do_page_fault+0xf6/0x7a4 [ 48.433941] ? do_syscall_64+0x1b9/0x820 [ 48.437984] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 48.443329] ? syscall_return_slowpath+0x5e0/0x5e0 [ 48.448245] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 48.453102] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 48.458102] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 48.463100] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.468619] ? prepare_exit_to_usermode+0x291/0x3b0 [ 48.473618] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 48.478446] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.484187] Dumping ftrace buffer: [ 48.487712] (ftrace buffer empty) [ 48.491414] Kernel Offset: disabled [ 48.495021] Rebooting in 86400 seconds..