Warning: Permanently added '10.128.0.18' (ECDSA) to the list of known hosts. syzkaller login: [ 44.214470][ T6997] IPVS: ftp: loaded support on port[0] = 21 [ 44.307583][ T6997] chnl_net:caif_netlink_parms(): no params data found [ 44.354707][ T6997] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.362417][ T6997] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.371965][ T6997] device bridge_slave_0 entered promiscuous mode [ 44.381375][ T6997] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.388586][ T6997] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.396666][ T6997] device bridge_slave_1 entered promiscuous mode [ 44.414421][ T6997] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 44.425550][ T6997] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 44.446347][ T6997] team0: Port device team_slave_0 added [ 44.453567][ T6997] team0: Port device team_slave_1 added [ 44.469519][ T6997] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 44.476795][ T6997] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 44.502758][ T6997] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 44.514936][ T6997] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 44.522103][ T6997] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 44.548171][ T6997] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 44.609283][ T6997] device hsr_slave_0 entered promiscuous mode [ 44.646598][ T6997] device hsr_slave_1 entered promiscuous mode [ 44.782237][ T6997] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 44.839548][ T6997] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 44.898958][ T6997] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 44.938326][ T6997] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 44.999678][ T6997] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.007654][ T6997] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.016566][ T6997] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.024172][ T6997] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.064280][ T6997] 8021q: adding VLAN 0 to HW filter on device bond0 [ 45.078864][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 45.090532][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.098899][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.108158][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 45.121053][ T6997] 8021q: adding VLAN 0 to HW filter on device team0 [ 45.131619][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 45.140991][ T23] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.148134][ T23] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.167412][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 45.175742][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.182854][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.191034][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 45.209980][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 45.218667][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 45.227509][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 45.236819][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 45.246950][ T6997] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 45.264763][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 45.272981][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 45.284767][ T6997] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 45.306486][ T2709] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 45.315155][ T2709] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 45.334576][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 45.343373][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 45.353423][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 45.362137][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 45.371960][ T6997] device veth0_vlan entered promiscuous mode [ 45.382836][ T6997] device veth1_vlan entered promiscuous mode [ 45.405116][ T2709] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 45.413997][ T2709] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 45.422705][ T2709] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 45.432123][ T2709] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 45.442693][ T6997] device veth0_macvtap entered promiscuous mode [ 45.453590][ T6997] device veth1_macvtap entered promiscuous mode [ 45.470269][ T6997] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 45.479292][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 45.489534][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 45.498248][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 45.507626][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 45.519874][ T6997] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 45.527477][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 45.537613][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 45.729176][ T27] audit: type=1800 audit(1589582168.725:2): pid=7209 uid=0 auid=0 ses=5 subj=_ op=collect_data cause=failed(directio) comm="syz-executor790" name="file0" dev="sda1" ino=15715 res=0 [ 45.776761][ T7209] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 45.824346][ T7209] Process accounting resumed [ 45.838922][ T7209] Process accounting resumed [ 45.863901][ T6997] ================================================================== [ 45.875273][ T6997] BUG: KASAN: use-after-free in get_block+0xbaa/0x1600 [ 45.885669][ T6997] Write of size 2 at addr ffff88808aace7b8 by task syz-executor790/6997 [ 45.899113][ T6997] [ 45.901455][ T6997] CPU: 1 PID: 6997 Comm: syz-executor790 Not tainted 5.7.0-rc5-syzkaller #0 [ 45.920286][ T6997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.935950][ T6997] Call Trace: [ 45.940767][ T6997] dump_stack+0x1e9/0x30e [ 45.946457][ T6997] print_address_description+0x74/0x5c0 [ 45.954516][ T6997] ? printk+0x62/0x83 [ 45.958795][ T6997] ? vprintk_emit+0x339/0x3c0 [ 45.964098][ T6997] __kasan_report+0x103/0x1a0 [ 45.971436][ T6997] ? get_block+0xbaa/0x1600 [ 45.978240][ T6997] ? get_block+0xbaa/0x1600 [ 45.985269][ T6997] kasan_report+0x4d/0x80 [ 45.991597][ T6997] ? get_block+0xbaa/0x1600 [ 45.999271][ T6997] ? minix_get_block+0x90/0xf0 [ 46.006496][ T6997] ? __block_write_begin_int+0x708/0x1a00 [ 46.015358][ T6997] ? minix_prepare_chunk+0x30/0x30 [ 46.022567][ T6997] ? wait_for_stable_page+0x10f/0x150 [ 46.030545][ T6997] ? minix_prepare_chunk+0x30/0x30 [ 46.039483][ T6997] ? block_write_begin+0x59/0x280 [ 46.046756][ T6997] ? minix_write_begin+0x38/0x1f0 [ 46.055596][ T6997] ? generic_perform_write+0x23b/0x4e0 [ 46.065784][ T6997] ? __generic_file_write_iter+0x22b/0x4e0 [ 46.074780][ T6997] ? down_write+0xcd/0x130 [ 46.085092][ T6997] ? generic_file_write_iter+0x4a6/0x650 [ 46.094444][ T6997] ? __vfs_write+0x54c/0x710 [ 46.100001][ T6997] ? __kernel_write+0x120/0x350 [ 46.106373][ T6997] ? do_acct_process+0xec6/0x12b0 [ 46.114248][ T6997] ? rcu_lock_release+0x5/0x20 [ 46.126281][ T6997] ? acct_process+0x468/0x570 [ 46.132622][ T6997] ? do_exit+0x57c/0x1f80 [ 46.139185][ T6997] ? do_group_exit+0x15e/0x2c0 [ 46.146532][ T6997] ? trace_irq_disable_rcuidle+0x1f/0x1d0 [ 46.153634][ T6997] ? __do_sys_exit_group+0x13/0x20 [ 46.161215][ T6997] ? __se_sys_exit_group+0x10/0x10 [ 46.169365][ T6997] ? __x64_sys_exit_group+0x37/0x40 [ 46.177878][ T6997] ? do_syscall_64+0xf3/0x1b0 [ 46.183201][ T6997] ? entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 46.194211][ T6997] [ 46.197658][ T6997] The buggy address belongs to the page: [ 46.204999][ T6997] page:ffffea00022ab380 refcount:0 mapcount:0 mapping:0000000062ebaeff index:0x1 [ 46.220388][ T6997] flags: 0xfffe0000000000() [ 46.228352][ T6997] raw: 00fffe0000000000 ffffea0002343488 ffffea00022ab3c8 0000000000000000 [ 46.245129][ T6997] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 46.257138][ T6997] page dumped because: kasan: bad access detected [ 46.272823][ T6997] [ 46.278816][ T6997] Memory state around the buggy address: [ 46.289545][ T6997] ffff88808aace680: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 46.312678][ T6997] ffff88808aace700: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 46.327098][ T6997] >ffff88808aace780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 46.337357][ T6997] ^ [ 46.348866][ T6997] ffff88808aace800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 46.364736][ T6997] ffff88808aace880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 46.378016][ T6997] ================================================================== [ 46.395292][ T6997] Disabling lock debugging due to kernel taint [ 46.408273][ T6997] Kernel panic - not syncing: panic_on_warn set ... [ 46.419201][ T6997] CPU: 1 PID: 6997 Comm: syz-executor790 Tainted: G B 5.7.0-rc5-syzkaller #0 [ 46.437226][ T6997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.451740][ T6997] Call Trace: [ 46.459083][ T6997] dump_stack+0x1e9/0x30e [ 46.469074][ T6997] panic+0x264/0x7a0 [ 46.481778][ T6997] ? trace_hardirqs_on+0x30/0x70 [ 46.489819][ T6997] __kasan_report+0x191/0x1a0 [ 46.500159][ T6997] ? get_block+0xbaa/0x1600 [ 46.506851][ T6997] ? get_block+0xbaa/0x1600 [ 46.516042][ T6997] kasan_report+0x4d/0x80 [ 46.523806][ T6997] ? get_block+0xbaa/0x1600 [ 46.531237][ T6997] ? minix_get_block+0x90/0xf0 [ 46.537871][ T6997] ? __block_write_begin_int+0x708/0x1a00 [ 46.546089][ T6997] ? minix_prepare_chunk+0x30/0x30 [ 46.552778][ T6997] ? wait_for_stable_page+0x10f/0x150 [ 46.560495][ T6997] ? minix_prepare_chunk+0x30/0x30 [ 46.566310][ T6997] ? block_write_begin+0x59/0x280 [ 46.576370][ T6997] ? minix_write_begin+0x38/0x1f0 [ 46.585295][ T6997] ? generic_perform_write+0x23b/0x4e0 [ 46.593298][ T6997] ? __generic_file_write_iter+0x22b/0x4e0 [ 46.607211][ T6997] ? down_write+0xcd/0x130 [ 46.617636][ T6997] ? generic_file_write_iter+0x4a6/0x650 [ 46.629369][ T6997] ? __vfs_write+0x54c/0x710 [ 46.637718][ T6997] ? __kernel_write+0x120/0x350 [ 46.645815][ T6997] ? do_acct_process+0xec6/0x12b0 [ 46.654758][ T6997] ? rcu_lock_release+0x5/0x20 [ 46.661342][ T6997] ? acct_process+0x468/0x570 [ 46.668047][ T6997] ? do_exit+0x57c/0x1f80 [ 46.672511][ T6997] ? do_group_exit+0x15e/0x2c0 [ 46.680395][ T6997] ? trace_irq_disable_rcuidle+0x1f/0x1d0 [ 46.694766][ T6997] ? __do_sys_exit_group+0x13/0x20 [ 46.705414][ T6997] ? __se_sys_exit_group+0x10/0x10 [ 46.711904][ T6997] ? __x64_sys_exit_group+0x37/0x40 [ 46.718429][ T6997] ? do_syscall_64+0xf3/0x1b0 [ 46.723578][ T6997] ? entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 46.735338][ T6997] Kernel Offset: disabled [ 46.745529][ T6997] Rebooting in 86400 seconds..