Warning: Permanently added '10.128.0.182' (ECDSA) to the list of known hosts. syzkaller login: [ 74.022894][ T8464] IPVS: ftp: loaded support on port[0] = 21 [ 74.124165][ T8464] chnl_net:caif_netlink_parms(): no params data found [ 74.182109][ T8464] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.189965][ T8464] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.198784][ T8464] device bridge_slave_0 entered promiscuous mode [ 74.210062][ T8464] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.217463][ T8464] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.226441][ T8464] device bridge_slave_1 entered promiscuous mode [ 74.249909][ T8464] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.261139][ T8464] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.285374][ T8464] team0: Port device team_slave_0 added [ 74.293162][ T8464] team0: Port device team_slave_1 added [ 74.312176][ T8464] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 74.319217][ T8464] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.345240][ T8464] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 74.358137][ T8464] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 74.365203][ T8464] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.391381][ T8464] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 74.422378][ T8464] device hsr_slave_0 entered promiscuous mode [ 74.429231][ T8464] device hsr_slave_1 entered promiscuous mode [ 74.542164][ T8464] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 74.553002][ T8464] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 74.568394][ T8464] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 74.580091][ T8464] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 74.608399][ T8464] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.615814][ T8464] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.623662][ T8464] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.630844][ T8464] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.683748][ T8464] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.699998][ T3177] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 74.711371][ T3177] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.721018][ T3177] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.729568][ T3177] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 74.744077][ T8464] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.756105][ T3834] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 74.765839][ T3834] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.772939][ T3834] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.797517][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 74.807576][ T4227] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.814727][ T4227] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.823364][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 74.840330][ T3834] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 74.848838][ T3834] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 74.865796][ T3177] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 74.875474][ T3177] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 74.887343][ T8464] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 74.906734][ T3834] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 74.915401][ T3834] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 74.930514][ T8464] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 74.951710][ T3177] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 74.974959][ T3834] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 74.983428][ T3834] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 74.991557][ T3834] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 75.002727][ T8464] device veth0_vlan entered promiscuous mode [ 75.016738][ T8464] device veth1_vlan entered promiscuous mode [ 75.041461][ T3177] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 75.050128][ T3177] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 75.059878][ T3177] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 75.071750][ T8464] device veth0_macvtap entered promiscuous mode [ 75.083305][ T8464] device veth1_macvtap entered promiscuous mode [ 75.103030][ T8464] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.111697][ T3834] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 75.122549][ T3834] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 75.135964][ T8464] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 75.145838][ T3834] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 75.157008][ T3834] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 75.168450][ T8464] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.181310][ T8464] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.193385][ T8464] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.206325][ T8464] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 executing program [ 75.257566][ T37] audit: type=1107 audit(1611549503.763:2): pid=8464 uid=0 auid=0 ses=5 subj==unconfined msg='йwqX*FOlj\2|2E޿`E}x@Mj@p4NŸ&"xnd_"cs?"J8垝XT3xzs(JΝ6YM%u)^~&+Gmf-([6gYV䠃<,mJ˻IJsʭI נx`-DkGGn萨S| --倲 W,{֎$nFH}:CZvU/[v@4z3!φ6~7h%'4KN(r.ҁ5g(uUuk28˕Bхyi$0Uw)Sp|߭8DGjmېT9m OحɴT pڼv1j9\O[@'|y~MS^4GΚ @Mӡv1ٷ)_>!*_] [ 75.257566][ T37] [ 75.559955][ T9] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.732882][ T8350] ================================================================== [ 76.732895][ T8350] BUG: KASAN: slab-out-of-bounds in record_print_text+0x33f/0x380 [ 76.732902][ T8350] Write of size 1 at addr ffff88801bc41f40 by task in:imklog/8350 [ 76.732906][ T8350] [ 76.732910][ T8350] CPU: 1 PID: 8350 Comm: in:imklog Not tainted 5.11.0-rc4-next-20210121-syzkaller #0 [ 76.732920][ T8350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.732926][ T8350] Call Trace: [ 76.732929][ T8350] dump_stack+0x107/0x163 [ 76.732932][ T8350] ? record_print_text+0x33f/0x380 [ 76.732938][ T8350] ? record_print_text+0x33f/0x380 [ 76.732943][ T8350] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 76.732947][ T8350] ? record_print_text+0x33f/0x380 [ 76.732951][ T8350] ? record_print_text+0x33f/0x380 [ 76.732955][ T8350] kasan_report.cold+0x79/0xd5 [ 76.732959][ T8350] ? record_print_text+0x33f/0x380 [ 76.732963][ T8350] record_print_text+0x33f/0x380 [ 76.732967][ T8350] ? get_record_print_text_size+0x110/0x110 [ 76.732971][ T8350] ? prb_read_valid+0x75/0xa0 [ 76.732975][ T8350] ? prb_final_commit+0x20/0x20 [ 76.732978][ T8350] ? syslog_print+0x34b/0x430 [ 76.732982][ T8350] syslog_print+0x2bb/0x430 [ 76.732985][ T8350] ? kmsg_dump_rewind+0x180/0x180 [ 76.732989][ T8350] ? find_held_lock+0x2d/0x110 [ 76.732993][ T8350] ? _raw_spin_unlock_irqrestore+0x42/0x50 [ 76.732997][ T8350] do_syslog.part.0+0x2a8/0x7c0 [ 76.733001][ T8350] ? syslog_print_all+0x4a0/0x4a0 [ 76.733004][ T8350] ? aa_file_perm+0x5e2/0x1100 [ 76.733008][ T8350] ? finish_wait+0x260/0x260 [ 76.733012][ T8350] ? aa_path_link+0x2f0/0x2f0 [ 76.733016][ T8350] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 76.733020][ T8350] ? __fsnotify_parent+0x488/0x9d0 [ 76.733024][ T8350] ? fsnotify+0x1070/0x1070 [ 76.733027][ T8350] ? __fdget_pos+0xe9/0x100 [ 76.733031][ T8350] ? lock_downgrade+0x6d0/0x6d0 [ 76.733035][ T8350] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 76.733041][ T8350] ? security_syslog+0x73/0x90 [ 76.733045][ T8350] do_syslog+0x49/0x60 [ 76.733048][ T8350] kmsg_read+0x90/0xb0 [ 76.733051][ T8350] ? kmsg_release+0x20/0x20 [ 76.733057][ T8350] proc_reg_read+0x119/0x300 [ 76.733060][ T8350] ? rw_verify_area+0x11d/0x350 [ 76.733064][ T8350] ? proc_reg_write+0x300/0x300 [ 76.733067][ T8350] vfs_read+0x1b5/0x570 [ 76.733070][ T8350] ksys_read+0x12d/0x250 [ 76.733074][ T8350] ? vfs_write+0xa30/0xa30 [ 76.733077][ T8350] ? syscall_enter_from_user_mode+0x1d/0x50 [ 76.733081][ T8350] do_syscall_64+0x2d/0x70 [ 76.733085][ T8350] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 76.733089][ T8350] RIP: 0033:0x7efd25ee822d [ 76.733096][ T8350] Code: c1 20 00 00 75 10 b8 00 00 00 00 0f 05 48 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 4e fc ff ff 48 89 04 24 b8 00 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 97 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 76.733106][ T8350] RSP: 002b:00007efd23884580 EFLAGS: 00000293 ORIG_RAX: 0000000000000000 [ 76.733117][ T8350] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007efd25ee822d [ 76.733123][ T8350] RDX: 0000000000001fa0 RSI: 00007efd23884da0 RDI: 0000000000000004 [ 76.733129][ T8350] RBP: 0000563825e819d0 R08: 0000000000000000 R09: 0000000004000001 [ 76.733134][ T8350] R10: 0000000000000001 R11: 0000000000000293 R12: 00007efd23884da0 [ 76.733140][ T8350] R13: 0000000000001fa0 R14: 0000000000001f9f R15: 00007efd23884e04 [ 76.733145][ T8350] [ 76.733147][ T8350] Allocated by task 8350: [ 76.733151][ T8350] kasan_save_stack+0x1b/0x40 [ 76.733155][ T8350] ____kasan_kmalloc.constprop.0+0xa0/0xd0 [ 76.733161][ T8350] syslog_print+0xb2/0x430 [ 76.733164][ T8350] do_syslog.part.0+0x2a8/0x7c0 [ 76.733168][ T8350] do_syslog+0x49/0x60 [ 76.733173][ T8350] kmsg_read+0x90/0xb0 [ 76.733177][ T8350] proc_reg_read+0x119/0x300 [ 76.733180][ T8350] vfs_read+0x1b5/0x570 [ 76.733183][ T8350] ksys_read+0x12d/0x250 [ 76.733187][ T8350] do_syscall_64+0x2d/0x70 [ 76.733190][ T8350] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 76.733194][ T8350] [ 76.733197][ T8350] The buggy address belongs to the object at ffff88801bc41800 [ 76.733203][ T8350] which belongs to the cache kmalloc-1k of size 1024 [ 76.733208][ T8350] The buggy address is located 832 bytes to the right of [ 76.733213][ T8350] 1024-byte region [ffff88801bc41800, ffff88801bc41c00) [ 76.733218][ T8350] The buggy address belongs to the page: [ 76.733224][ T8350] page:00000000fe200f2a refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1bc40 [ 76.733231][ T8350] head:00000000fe200f2a order:2 compound_mapcount:0 compound_pincount:0 [ 76.733237][ T8350] flags: 0xfff00000010200(slab|head) [ 76.733242][ T8350] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888010041dc0 [ 76.733248][ T8350] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 76.733254][ T8350] page dumped because: kasan: bad access detected [ 76.733258][ T8350] [ 76.733261][ T8350] Memory state around the buggy address: [ 76.733266][ T8350] ffff88801bc41e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.733272][ T8350] ffff88801bc41e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.733278][ T8350] >ffff88801bc41f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.733284][ T8350] ^ [ 76.733291][ T8350] ffff88801bc41f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.733298][ T8350] ffff88801bc42000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.733307][ T8350] ================================================================== [ 76.733313][ T8350] Disabling lock debugging due to kernel taint [ 76.733318][ T8350] Kernel panic - not syncing: panic_on_warn set ... [ 76.733324][ T8350] CPU: 1 PID: 8350 Comm: in:imklog Tainted: G B 5.11.0-rc4-next-20210121-syzkaller #0 [ 76.733331][ T8350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.733337][ T8350] Call Trace: [ 76.733340][ T8350] dump_stack+0x107/0x163 [ 76.733343][ T8350] ? record_print_text+0x320/0x380 [ 76.733347][ T8350] panic+0x306/0x73d [ 76.733350][ T8350] ? __warn_printk+0xf3/0xf3 [ 76.733354][ T8350] ? record_print_text+0x33f/0x380 [ 76.733357][ T8350] ? record_print_text+0x33f/0x380 [ 76.733361][ T8350] ? record_print_text+0x33f/0x380 [ 76.733365][ T8350] end_report+0x58/0x5e [ 76.733368][ T8350] kasan_report.cold+0x67/0xd5 [ 76.733372][ T8350] ? record_print_text+0x33f/0x380 [ 76.733376][ T8350] record_print_text+0x33f/0x380 [ 76.733379][ T8350] ? get_record_print_text_size+0x110/0x110 [ 76.733384][ T8350] ? prb_read_valid+0x75/0xa0 [ 76.733387][ T8350] ? prb_final_commit+0x20/0x20 [ 76.733391][ T8350] ? syslog_print+0x34b/0x430 [ 76.733394][ T8350] syslog_print+0x2bb/0x430 [ 76.733398][ T8350] ? kmsg_dump_rewind+0x180/0x180 [ 76.733402][ T8350] ? find_held_lock+0x2d/0x110 [ 76.733406][ T8350] ? _raw_spin_unlock_irqrestore+0x42/0x50 [ 76.733410][ T8350] do_syslog.part.0+0x2a8/0x7c0 [ 76.733414][ T8350] ? syslog_print_all+0x4a0/0x4a0 [ 76.733418][ T8350] ? aa_file_perm+0x5e2/0x1100 [ 76.733423][ T8350] ? finish_wait+0x260/0x260 [ 76.733427][ T8350] ? aa_path_link+0x2f0/0x2f0 [ 76.733431][ T8350] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 76.733437][ T8350] ? __fsnotify_parent+0x488/0x9d0 [ 76.733441][ T8350] ? fsnotify+0x1070/0x1070 [ 76.733444][ T8350] ? __fdget_pos+0xe9/0x100 [ 76.733447][ T8350] ? lock_downgrade+0x6d0/0x6d0 [ 76.733451][ T8350] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 76.733456][ T8350] ? security_syslog+0x73/0x90 [ 76.733459][ T8350] do_syslog+0x49/0x60 [ 76.733462][ T8350] kmsg_read+0x90/0xb0 [ 76.733465][ T8350] ? kmsg_release+0x20/0x20 [ 76.733469][ T8350] proc_reg_read+0x119/0x300 [ 76.733472][ T8350] ? rw_verify_area+0x11d/0x350 [ 76.733476][ T8350] ? proc_reg_write+0x300/0x300 [ 76.733479][ T8350] vfs_read+0x1b5/0x570 [ 76.733495][ T8350] ksys_read+0x12d/0x250 [ 76.733498][ T8350] ? vfs_write+0xa30/0xa30 [ 76.733502][ T8350] ? syscall_enter_from_user_mode+0x1d/0x50 [ 76.733506][ T8350] do_syscall_64+0x2d/0x70 [ 76.733509][ T8350] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 76.733513][ T8350] RIP: 0033:0x7efd25ee822d [ 76.733520][ T8350] Code: c1 20 00 00 75 10 b8 00 00 00 00 0f 05 48 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 4e fc ff ff 48 89 04 24 b8 00 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 97 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 76.733531][ T8350] RSP: 002b:00007efd23884580 EFLAGS: 00000293 ORIG_RAX: 0000000000000000 [ 76.733540][ T8350] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007efd25ee822d [ 76.733545][ T8350] RDX: 0000000000001fa0 RSI: 00007efd23884da0 RDI: 0000000000000004 [ 76.733553][ T8350] RBP: 0000563825e819d0 R08: 0000000000000000 R09: 0000000004000001 [ 76.733559][ T8350] R10: 0000000000000001 R11: 0000000000000293 R12: 00007efd23884da0 [ 76.733566][ T8350] R13: 0000000000001fa0 R14: 0000000000001f9f R15: 00007efd23884e04 [ 76.733571][ T8350] Shutting down cpus with NMI [ 76.733575][ T8350] Kernel Offset: disabled