Warning: Permanently added '10.128.1.52' (ECDSA) to the list of known hosts.
syzkaller login: [   72.970987][ T8402] IPVS: ftp: loaded support on port[0] = 21
[   73.061793][ T8402] chnl_net:caif_netlink_parms(): no params data found
[   73.111636][ T8402] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.120039][ T8402] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.129970][ T8402] device bridge_slave_0 entered promiscuous mode
[   73.139484][ T8402] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.146581][ T8402] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.155164][ T8402] device bridge_slave_1 entered promiscuous mode
[   73.175599][ T8402] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   73.188339][ T8402] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   73.210739][ T8402] team0: Port device team_slave_0 added
[   73.218509][ T8402] team0: Port device team_slave_1 added
[   73.235313][ T8402] batman_adv: batadv0: Adding interface: batadv_slave_0
[   73.242361][ T8402] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   73.271224][ T8402] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   73.284207][ T8402] batman_adv: batadv0: Adding interface: batadv_slave_1
[   73.292619][ T8402] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   73.318778][ T8402] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   73.345586][ T8402] device hsr_slave_0 entered promiscuous mode
[   73.352381][ T8402] device hsr_slave_1 entered promiscuous mode
[   73.454465][ T8402] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   73.466311][ T8402] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   73.476332][ T8402] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   73.489728][ T8402] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   73.516112][ T8402] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.523344][ T8402] bridge0: port 2(bridge_slave_1) entered forwarding state
[   73.531185][ T8402] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.538332][ T8402] bridge0: port 1(bridge_slave_0) entered forwarding state
[   73.584777][ T8402] 8021q: adding VLAN 0 to HW filter on device bond0
[   73.599113][ T3141] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   73.610936][ T3141] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.620612][ T3141] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.628877][ T3141] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   73.643662][ T8402] 8021q: adding VLAN 0 to HW filter on device team0
[   73.655059][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   73.665347][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.672464][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[   73.698818][ T3141] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   73.708105][ T3141] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.715285][ T3141] bridge0: port 2(bridge_slave_1) entered forwarding state
[   73.725223][ T3141] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   73.734282][ T3141] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   73.744036][ T3141] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   73.760454][ T8402] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   73.771479][ T8402] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   73.784792][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   73.793931][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   73.803013][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   73.822336][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   73.830948][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   73.843924][ T8402] 8021q: adding VLAN 0 to HW filter on device batadv0
[   73.865646][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   73.885445][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   73.894921][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   73.902844][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   73.913726][ T8402] device veth0_vlan entered promiscuous mode
[   73.926998][ T8402] device veth1_vlan entered promiscuous mode
[   73.949894][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   73.959006][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   73.970077][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   73.982091][ T8402] device veth0_macvtap entered promiscuous mode
[   73.992214][ T8402] device veth1_macvtap entered promiscuous mode
[   74.011966][ T8402] batman_adv: batadv0: Interface activated: batadv_slave_0
[   74.019638][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   74.030086][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   74.042117][ T8402] batman_adv: batadv0: Interface activated: batadv_slave_1
[   74.050119][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   74.059164][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   74.071882][ T8402] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   74.083178][ T8402] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   74.094050][ T8402] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   74.106575][ T8402] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   74.228160][  T179] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   74.262709][  T179] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   74.282536][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   74.305857][  T239] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   74.324954][  T239] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
executing program
[   74.358698][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   74.424054][ T8631] ==================================================================
[   74.432401][ T8631] BUG: KASAN: use-after-free in eth_header_parse_protocol+0xdc/0xe0
[   74.440418][ T8631] Read of size 2 at addr ffff88802508800b by task syz-executor906/8631
[   74.448646][ T8631] 
[   74.451049][ T8631] CPU: 1 PID: 8631 Comm: syz-executor906 Not tainted 5.12.0-rc4-syzkaller #0
[   74.459804][ T8631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   74.469858][ T8631] Call Trace:
[   74.473153][ T8631]  dump_stack+0x141/0x1d7
[   74.477514][ T8631]  ? eth_header_parse_protocol+0xdc/0xe0
[   74.483174][ T8631]  print_address_description.constprop.0.cold+0x5b/0x2f8
[   74.490212][ T8631]  ? llc_sysctl_exit+0x60/0x60
[   74.494991][ T8631]  ? eth_header_parse_protocol+0xdc/0xe0
[   74.500646][ T8631]  ? eth_header_parse_protocol+0xdc/0xe0
[   74.508901][ T8631]  kasan_report.cold+0x7c/0xd8
[   74.513689][ T8631]  ? eth_header_parse_protocol+0xdc/0xe0
[   74.519338][ T8631]  ? llc_sysctl_exit+0x60/0x60
[   74.524115][ T8631]  eth_header_parse_protocol+0xdc/0xe0
[   74.529606][ T8631]  virtio_net_hdr_to_skb.constprop.0+0x99d/0xcd0
[   74.535960][ T8631]  ? tpacket_destruct_skb+0x860/0x860
[   74.541361][ T8631]  packet_sendmsg+0x2325/0x52b0
[   74.546255][ T8631]  ? aa_sk_perm+0x31b/0xab0
[   74.550798][ T8631]  ? packet_cached_dev_get+0x250/0x250
[   74.556270][ T8631]  ? aa_af_perm+0x230/0x230
[   74.560798][ T8631]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   74.567056][ T8631]  ? packet_cached_dev_get+0x250/0x250
[   74.572531][ T8631]  sock_sendmsg+0xcf/0x120
[   74.576965][ T8631]  sock_no_sendpage+0xf3/0x130
[   74.581770][ T8631]  ? sk_page_frag_refill+0x1d0/0x1d0
[   74.587092][ T8631]  ? lock_release+0x720/0x720
[   74.591790][ T8631]  ? find_held_lock+0x2d/0x110
[   74.596575][ T8631]  kernel_sendpage.part.0+0x1ab/0x350
[   74.601982][ T8631]  sock_sendpage+0xe5/0x140
[   74.606508][ T8631]  ? __sock_recv_ts_and_drops+0x430/0x430
[   74.612246][ T8631]  pipe_to_sendpage+0x2ad/0x380
[   74.617116][ T8631]  ? propagate_umount+0x19f0/0x19f0
[   74.622331][ T8631]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   74.628588][ T8631]  ? splice_from_pipe_next.part.0+0x167/0x520
[   74.634695][ T8631]  __splice_from_pipe+0x43e/0x8a0
[   74.639742][ T8631]  ? propagate_umount+0x19f0/0x19f0
[   74.644980][ T8631]  generic_splice_sendpage+0xd4/0x140
[   74.650370][ T8631]  ? __do_sys_vmsplice+0x9d0/0x9d0
[   74.655500][ T8631]  ? security_file_permission+0x248/0x560
[   74.661243][ T8631]  ? __do_sys_vmsplice+0x9d0/0x9d0
[   74.666383][ T8631]  do_splice+0xb7e/0x1940
[   74.670733][ T8631]  ? find_held_lock+0x2d/0x110
[   74.675515][ T8631]  ? splice_file_to_pipe+0x120/0x120
[   74.680817][ T8631]  ? find_held_lock+0x2d/0x110
[   74.685606][ T8631]  __do_splice+0x134/0x250
[   74.690040][ T8631]  ? do_splice+0x1940/0x1940
[   74.694656][ T8631]  __x64_sys_splice+0x198/0x250
[   74.699616][ T8631]  do_syscall_64+0x2d/0x70
[   74.704049][ T8631]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   74.709962][ T8631] RIP: 0033:0x4509b9
[   74.713869][ T8631] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   74.733514][ T8631] RSP: 002b:00007f9275ad62f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[   74.741977][ T8631] RAX: ffffffffffffffda RBX: 00000000004cf4f8 RCX: 00000000004509b9
[   74.750037][ T8631] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003
[   74.758023][ T8631] RBP: 00000000004cf4f0 R08: 000000000004ffe0 R09: 0000000000000000
[   74.766030][ T8631] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004cf4fc
[   74.774016][ T8631] R13: 000000000049e004 R14: 6d32cc5e8ead0600 R15: 0000000000022000
[   74.782046][ T8631] 
[   74.784391][ T8631] Allocated by task 1:
[   74.788475][ T8631]  kasan_save_stack+0x1b/0x40
[   74.793168][ T8631]  __kasan_kmalloc+0x99/0xc0
[   74.797775][ T8631]  tomoyo_realpath_from_path+0xc3/0x620
[   74.803332][ T8631]  tomoyo_path_perm+0x21b/0x400
[   74.808227][ T8631]  security_inode_getattr+0xcf/0x140
[   74.813532][ T8631]  vfs_statx+0x164/0x390
[   74.817789][ T8631]  __do_sys_newlstat+0x91/0x110
[   74.822647][ T8631]  do_syscall_64+0x2d/0x70
[   74.827075][ T8631]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   74.832996][ T8631] 
[   74.835320][ T8631] Freed by task 1:
[   74.839057][ T8631]  kasan_save_stack+0x1b/0x40
[   74.843747][ T8631]  kasan_set_track+0x1c/0x30
[   74.848366][ T8631]  kasan_set_free_info+0x20/0x30
[   74.853321][ T8631]  __kasan_slab_free+0xf5/0x130
[   74.858185][ T8631]  slab_free_freelist_hook+0x92/0x210
[   74.863576][ T8631]  kfree+0xe5/0x7f0
[   74.867392][ T8631]  tomoyo_realpath_from_path+0x191/0x620
[   74.873036][ T8631]  tomoyo_path_perm+0x21b/0x400
[   74.877898][ T8631]  security_inode_getattr+0xcf/0x140
[   74.883197][ T8631]  vfs_statx+0x164/0x390
[   74.887467][ T8631]  __do_sys_newlstat+0x91/0x110
[   74.892346][ T8631]  do_syscall_64+0x2d/0x70
[   74.896773][ T8631]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   74.902678][ T8631] 
[   74.905005][ T8631] The buggy address belongs to the object at ffff888025088000
[   74.905005][ T8631]  which belongs to the cache kmalloc-4k of size 4096
[   74.919081][ T8631] The buggy address is located 11 bytes inside of
[   74.919081][ T8631]  4096-byte region [ffff888025088000, ffff888025089000)
[   74.932382][ T8631] The buggy address belongs to the page:
[   74.938018][ T8631] page:ffffea0000942200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x25088
[   74.948180][ T8631] head:ffffea0000942200 order:3 compound_mapcount:0 compound_pincount:0
[   74.956526][ T8631] flags: 0xfff00000010200(slab|head)
[   74.961837][ T8631] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888010442140
[   74.970433][ T8631] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
[   74.979023][ T8631] page dumped because: kasan: bad access detected
[   74.985438][ T8631] 
[   74.987765][ T8631] Memory state around the buggy address:
[   74.993392][ T8631]  ffff888025087f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   75.001458][ T8631]  ffff888025087f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   75.009527][ T8631] >ffff888025088000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   75.017594][ T8631]                       ^
[   75.021932][ T8631]  ffff888025088080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   75.030004][ T8631]  ffff888025088100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   75.038070][ T8631] ==================================================================
[   75.046143][ T8631] Disabling lock debugging due to kernel taint
[   75.061812][ T8631] Kernel panic - not syncing: panic_on_warn set ...
[   75.068418][ T8631] CPU: 0 PID: 8631 Comm: syz-executor906 Tainted: G    B             5.12.0-rc4-syzkaller #0
[   75.078588][ T8631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   75.088685][ T8631] Call Trace:
[   75.091975][ T8631]  dump_stack+0x141/0x1d7
[   75.096333][ T8631]  panic+0x306/0x73d
[   75.100250][ T8631]  ? __warn_printk+0xf3/0xf3
[   75.104875][ T8631]  ? preempt_schedule_common+0x59/0xc0
[   75.110341][ T8631]  ? llc_sysctl_exit+0x60/0x60
[   75.115094][ T8631]  ? eth_header_parse_protocol+0xdc/0xe0
[   75.120733][ T8631]  ? preempt_schedule_thunk+0x16/0x18
[   75.126175][ T8631]  ? trace_hardirqs_on+0x38/0x1c0
[   75.131198][ T8631]  ? trace_hardirqs_on+0x51/0x1c0
[   75.136218][ T8631]  ? llc_sysctl_exit+0x60/0x60
[   75.141002][ T8631]  ? eth_header_parse_protocol+0xdc/0xe0
[   75.146623][ T8631]  ? eth_header_parse_protocol+0xdc/0xe0
[   75.152262][ T8631]  end_report.cold+0x5a/0x5a
[   75.156918][ T8631]  kasan_report.cold+0x6a/0xd8
[   75.161681][ T8631]  ? eth_header_parse_protocol+0xdc/0xe0
[   75.167357][ T8631]  ? llc_sysctl_exit+0x60/0x60
[   75.172109][ T8631]  eth_header_parse_protocol+0xdc/0xe0
[   75.178256][ T8631]  virtio_net_hdr_to_skb.constprop.0+0x99d/0xcd0
[   75.184605][ T8631]  ? tpacket_destruct_skb+0x860/0x860
[   75.189992][ T8631]  packet_sendmsg+0x2325/0x52b0
[   75.194887][ T8631]  ? aa_sk_perm+0x31b/0xab0
[   75.199403][ T8631]  ? packet_cached_dev_get+0x250/0x250
[   75.204876][ T8631]  ? aa_af_perm+0x230/0x230
[   75.209389][ T8631]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   75.215641][ T8631]  ? packet_cached_dev_get+0x250/0x250
[   75.221111][ T8631]  sock_sendmsg+0xcf/0x120
[   75.225543][ T8631]  sock_no_sendpage+0xf3/0x130
[   75.230721][ T8631]  ? sk_page_frag_refill+0x1d0/0x1d0
[   75.236017][ T8631]  ? lock_release+0x720/0x720
[   75.240709][ T8631]  ? find_held_lock+0x2d/0x110
[   75.245656][ T8631]  kernel_sendpage.part.0+0x1ab/0x350
[   75.251056][ T8631]  sock_sendpage+0xe5/0x140
[   75.255571][ T8631]  ? __sock_recv_ts_and_drops+0x430/0x430
[   75.261300][ T8631]  pipe_to_sendpage+0x2ad/0x380
[   75.266168][ T8631]  ? propagate_umount+0x19f0/0x19f0
[   75.271385][ T8631]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   75.277642][ T8631]  ? splice_from_pipe_next.part.0+0x167/0x520
[   75.283720][ T8631]  __splice_from_pipe+0x43e/0x8a0
[   75.288774][ T8631]  ? propagate_umount+0x19f0/0x19f0
[   75.293992][ T8631]  generic_splice_sendpage+0xd4/0x140
[   75.299383][ T8631]  ? __do_sys_vmsplice+0x9d0/0x9d0
[   75.304502][ T8631]  ? security_file_permission+0x248/0x560
[   75.310229][ T8631]  ? __do_sys_vmsplice+0x9d0/0x9d0
[   75.315346][ T8631]  do_splice+0xb7e/0x1940
[   75.319690][ T8631]  ? find_held_lock+0x2d/0x110
[   75.324460][ T8631]  ? splice_file_to_pipe+0x120/0x120
[   75.329747][ T8631]  ? find_held_lock+0x2d/0x110
[   75.334516][ T8631]  __do_splice+0x134/0x250
[   75.338938][ T8631]  ? do_splice+0x1940/0x1940
[   75.343535][ T8631]  __x64_sys_splice+0x198/0x250
[   75.348413][ T8631]  do_syscall_64+0x2d/0x70
[   75.352869][ T8631]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   75.358769][ T8631] RIP: 0033:0x4509b9
[   75.362668][ T8631] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   75.382544][ T8631] RSP: 002b:00007f9275ad62f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[   75.391077][ T8631] RAX: ffffffffffffffda RBX: 00000000004cf4f8 RCX: 00000000004509b9
[   75.399058][ T8631] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003
[   75.407032][ T8631] RBP: 00000000004cf4f0 R08: 000000000004ffe0 R09: 0000000000000000
[   75.415016][ T8631] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004cf4fc
[   75.423002][ T8631] R13: 000000000049e004 R14: 6d32cc5e8ead0600 R15: 0000000000022000
[   75.431556][ T8631] Kernel Offset: disabled
[   75.435909][ T8631] Rebooting in 86400 seconds..