Warning: Permanently added '10.128.0.202' (ECDSA) to the list of known hosts.
[[0m[0;31m*     [0m] A start job is running for dev-ttyS0.device (8s / 1min 30s)[K[[0;1;31m*[0m[0;31m*    [0m] A start job is running for dev-ttyS0.device (9s / 1min 30s)[K[[0;31m*[0;1;31m*[0m[0;31m*   [0m] A start job is running for dev-ttyS0.device (9s / 1min 30s)[K[ [0;31m*[0;1;31m*[0m[0;31m*  [0m] A start job is running for dev-ttyS0.device (10s / 1min 30s)[K[  [0;31m*[0;1;31m*[0m[0;31m* [0m] A start job is running for dev-ttyS0.device (10s / 1min 30s)[K[   [0;31m*[0;1;31m*[0m[0;31m*[0m] A start job is running for dev-ttyS0.device (11s / 1min 30s)[K[    [0;31m*[0;1;31m*[0m] A start job is running for dev-ttyS0.device (12s / 1min 30s)[   19.699644][   T22] audit: type=1400 audit(1618068654.174:8): avc:  denied  { execmem } for  pid=336 comm="syz-executor361" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   19.742591][  T338] bridge0: port 1(bridge_slave_0) entered blocking state
[   19.750110][  T338] bridge0: port 1(bridge_slave_0) entered disabled state
[   19.757528][  T338] device bridge_slave_0 entered promiscuous mode
[   19.764553][  T338] bridge0: port 2(bridge_slave_1) entered blocking state
[   19.771643][  T338] bridge0: port 2(bridge_slave_1) entered disabled state
[   19.778965][  T338] device bridge_slave_1 entered promiscuous mode
[   19.816715][  T338] bridge0: port 2(bridge_slave_1) entered blocking state
[   19.823771][  T338] bridge0: port 2(bridge_slave_1) entered forwarding state
[   19.831037][  T338] bridge0: port 1(bridge_slave_0) entered blocking state
[   19.838067][  T338] bridge0: port 1(bridge_slave_0) entered forwarding state
[   19.858436][   T67] bridge0: port 1(bridge_slave_0) entered disabled state
[   19.865710][   T67] bridge0: port 2(bridge_slave_1) entered disabled state
[   19.873388][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   19.881609][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   19.897202][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[K[   19.905397][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   19.912790][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   19.920143][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[     [0;31m*[0[   19.928481][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
m] A start job i[   19.936692][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
s running for de[   19.945865][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
v-ttyS0.device (12s / 1min 30s)[   19.966235][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   19.974568][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   19.982580][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   19.992800][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   20.004789][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
executing program
[   20.014756][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   20.081268][  T345] ==================================================================
[   20.089368][  T345] BUG: KASAN: use-after-free in eth_header_parse_protocol+0xad/0xd0
[   20.097315][  T345] Read of size 2 at addr ffff8881e8be800b by task syz-executor361/345
[   20.105428][  T345] 
[   20.107763][  T345] CPU: 0 PID: 345 Comm: syz-executor361 Not tainted 5.4.110-syzkaller-00108-g2c6775a89bc1 #0
[   20.117871][  T345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   20.128042][  T345] Call Trace:
[   20.131313][  T345]  dump_stack+0x1d8/0x24e
[   20.135638][  T345]  ? gfp_pfmemalloc_allowed+0x120/0x120
[   20.141171][  T345]  ? show_regs_print_info+0x12/0x12
[   20.146339][  T345]  ? printk+0xcf/0x114
[   20.150378][  T345]  print_address_description+0x9b/0x650
[   20.156012][  T345]  ? devkmsg_release+0x11c/0x11c
[   20.160918][  T345]  ? _copy_from_iter+0x84d/0xa80
[   20.165823][  T345]  ? memcpy+0x38/0x50
[   20.169775][  T345]  __kasan_report+0x182/0x260
[   20.174445][  T345]  ? eth_header_parse_protocol+0xad/0xd0
[   20.180045][  T345]  kasan_report+0x30/0x60
[   20.184353][  T345]  eth_header_parse_protocol+0xad/0xd0
[   20.189786][  T345]  ? eth_header_cache_update+0x30/0x30
[   20.195213][  T345]  virtio_net_hdr_to_skb+0x6de/0xd70
[   20.200465][  T345]  ? fanout_demux_bpf+0x230/0x230
[   20.205458][  T345]  ? skb_copy_datagram_from_iter+0x604/0x6b0
[   20.211408][  T345]  packet_sendmsg+0x483a/0x6780
[   20.216231][  T345]  ? memset+0x1f/0x40
[   20.220184][  T345]  ? selinux_socket_sendmsg+0x11f/0x340
[   20.225912][  T345]  ? selinux_socket_accept+0x5b0/0x5b0
[   20.231349][  T345]  ? compat_packet_setsockopt+0x160/0x160
[   20.237048][  T345]  ? security_socket_sendmsg+0x9d/0xb0
[   20.242517][  T345]  ? compat_packet_setsockopt+0x160/0x160
[   20.248214][  T345]  kernel_sendmsg+0xf5/0x130
[   20.252818][  T345]  sock_no_sendpage+0x143/0x1b0
[   20.257640][  T345]  ? __receive_sock+0xe0/0xe0
[   20.262289][  T345]  ? avc_has_perm_noaudit+0x37d/0x400
[   20.267632][  T345]  ? avc_has_perm_noaudit+0x30c/0x400
[   20.272973][  T345]  ? __receive_sock+0xe0/0xe0
[   20.277620][  T345]  sock_sendpage+0xd0/0x120
[   20.282093][  T345]  pipe_to_sendpage+0x23b/0x300
[   20.286914][  T345]  ? sock_fasync+0xf0/0xf0
[   20.291300][  T345]  ? generic_splice_sendpage+0x210/0x210
[   20.296914][  T345]  ? avc_has_perm+0xd2/0x270
[   20.301488][  T345]  ? avc_has_perm+0x173/0x270
[   20.306133][  T345]  __splice_from_pipe+0x2d3/0x870
[   20.311126][  T345]  ? generic_splice_sendpage+0x210/0x210
[   20.316723][  T345]  generic_splice_sendpage+0x181/0x210
[   20.322150][  T345]  ? iter_file_splice_write+0xf20/0xf20
[   20.327663][  T345]  ? security_file_permission+0x128/0x300
[   20.333349][  T345]  ? iter_file_splice_write+0xf20/0xf20
[   20.338860][  T345]  __se_sys_splice+0x7a8/0x1b00
[   20.343681][  T345]  ? check_preemption_disabled+0x154/0x330
[   20.349461][  T345]  ? debug_smp_processor_id+0x20/0x20
[   20.354800][  T345]  ? __fpregs_load_activate+0x1d7/0x3c0
[   20.360311][  T345]  ? __x64_sys_splice+0xf0/0xf0
[   20.365128][  T345]  ? finish_task_switch+0x1b9/0x550
[   20.370293][  T345]  ? __x64_sys_splice+0x1d/0xf0
[   20.375110][  T345]  do_syscall_64+0xcb/0x1e0
[   20.379580][  T345]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   20.385441][  T345] RIP: 0033:0x449239
[   20.389319][  T345] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[   20.408891][  T345] RSP: 002b:00007f67eebe71f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[   20.417269][  T345] RAX: ffffffffffffffda RBX: 00000000004cf518 RCX: 0000000000449239
[   20.425223][  T345] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003
[   20.433163][  T345] RBP: 00000000004cf510 R08: 000000000004ffe0 R09: 0000000000000000
[   20.441102][  T345] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004cf51c
[   20.449043][  T345] R13: 00007fff3b3a358f R14: 00007f67eebe7300 R15: 0000000000022000
[   20.456984][  T345] 
[   20.459284][  T345] Allocated by task 154:
[   20.463497][  T345]  __kasan_kmalloc+0x137/0x1e0
[   20.468229][  T345]  kmem_cache_alloc+0x115/0x290
[   20.473046][  T345]  getname_flags+0xba/0x640
[   20.477515][  T345]  do_sys_open+0x33e/0x7c0
[   20.481900][  T345]  do_syscall_64+0xcb/0x1e0
[   20.486369][  T345]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   20.492224][  T345] 
[   20.494521][  T345] Freed by task 154:
[   20.498384][  T345]  __kasan_slab_free+0x18a/0x240
[   20.503290][  T345]  slab_free_freelist_hook+0x7b/0x150
[   20.508649][  T345]  kmem_cache_free+0xb8/0x5f0
[   20.513293][  T345]  do_sys_open+0x62e/0x7c0
[   20.517685][  T345]  do_syscall_64+0xcb/0x1e0
[   20.522155][  T345]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   20.528011][  T345] 
[   20.530325][  T345] The buggy address belongs to the object at ffff8881e8be8000
[   20.530325][  T345]  which belongs to the cache names_cache of size 4096
[   20.544430][  T345] The buggy address is located 11 bytes inside of
[   20.544430][  T345]  4096-byte region [ffff8881e8be8000, ffff8881e8be9000)
[   20.557666][  T345] The buggy address belongs to the page:
[   20.563270][  T345] page:ffffea0007a2fa00 refcount:1 mapcount:0 mapping:ffff8881f5cfa280 index:0x0 compound_mapcount: 0
[   20.574176][  T345] flags: 0x8000000000010200(slab|head)
[   20.574186][  T345] raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881f5cfa280
[   20.574193][  T345] raw: 0000000000000000 0000000000070007 00000001ffffffff 0000000000000000
[   20.574196][  T345] page dumped because: kasan: bad access detected
[   20.574198][  T345] 
[   20.574200][  T345] Memory state around the buggy address:
[   20.574205][  T345]  ffff8881e8be7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.574210][  T345]  ffff8881e8be7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.574220][  T345] >ffff8881e8be8000: fb fb fb fb fb fb fb fb fb fb fb