Starting Load/Save RF Kill Switch Status... Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.1' (ECDSA) to the list of known hosts. syzkaller login: [ 58.756572][ T6845] IPVS: ftp: loaded support on port[0] = 21 [ 58.849763][ T6845] chnl_net:caif_netlink_parms(): no params data found [ 58.903385][ T6845] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.910861][ T6845] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.919550][ T6845] device bridge_slave_0 entered promiscuous mode [ 58.928484][ T6845] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.935877][ T6845] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.945247][ T6845] device bridge_slave_1 entered promiscuous mode [ 58.966751][ T6845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.977714][ T6845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.000438][ T6845] team0: Port device team_slave_0 added [ 59.008067][ T6845] team0: Port device team_slave_1 added [ 59.027692][ T6845] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 59.034767][ T6845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.061530][ T6845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 59.074732][ T6845] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 59.081669][ T6845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.132026][ T6845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 59.215788][ T6845] device hsr_slave_0 entered promiscuous mode [ 59.283685][ T6845] device hsr_slave_1 entered promiscuous mode [ 59.443804][ T6845] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 59.505652][ T6845] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 59.554622][ T6845] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 59.594199][ T6845] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 59.659929][ T6845] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.667157][ T6845] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.675226][ T6845] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.682385][ T6845] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.733460][ T6845] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.748400][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.758927][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.767766][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.777788][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 59.792186][ T6845] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.804482][ T2614] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 59.813413][ T2614] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.820446][ T2614] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.844040][ T2614] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 59.852949][ T2614] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.860090][ T2614] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.868957][ T2614] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 59.888249][ T6845] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 59.898733][ T6845] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 59.918093][ T2670] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 59.926732][ T2670] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 59.935748][ T2670] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 59.944861][ T2670] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 59.953725][ T2670] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 59.963764][ T2670] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 59.972585][ T2670] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 59.981156][ T2670] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 60.002472][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 60.009919][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 60.024564][ T6845] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.043979][ T2670] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 60.053159][ T2670] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 60.074098][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 60.083308][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 60.093232][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 60.101293][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 60.111133][ T6845] device veth0_vlan entered promiscuous mode [ 60.124656][ T6845] device veth1_vlan entered promiscuous mode [ 60.148430][ T2670] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 60.157733][ T2670] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 60.166152][ T2670] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 60.174771][ T2670] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 60.186140][ T6845] device veth0_macvtap entered promiscuous mode [ 60.197469][ T6845] device veth1_macvtap entered promiscuous mode [ 60.215497][ T6845] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 60.224259][ T2670] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 60.232798][ T2670] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 60.240751][ T2670] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 60.249686][ T2670] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 60.263678][ T6845] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 60.271511][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 60.281914][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 63.582467][ C0] ================================================================== [ 63.590645][ C0] BUG: KASAN: slab-out-of-bounds in ip_icmp_error+0x52a/0x5a0 [ 63.598081][ C0] Read of size 1 at addr ffff88809f0217ff by task ksoftirqd/0/9 [ 63.605681][ C0] [ 63.608002][ C0] CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 5.7.0-rc7-next-20200526-syzkaller #0 [ 63.617252][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.627285][ C0] Call Trace: [ 63.630902][ C0] dump_stack+0x18f/0x20d [ 63.635216][ C0] ? ip_icmp_error+0x52a/0x5a0 [ 63.639953][ C0] ? ip_icmp_error+0x52a/0x5a0 [ 63.644695][ C0] print_address_description.constprop.0.cold+0xd3/0x413 [ 63.652312][ C0] ? memcpy+0x39/0x60 [ 63.656301][ C0] ? vprintk_func+0x97/0x1a6 [ 63.660868][ C0] ? ip_icmp_error+0x52a/0x5a0 [ 63.665627][ C0] kasan_report.cold+0x1f/0x37 [ 63.670391][ C0] ? skb_clone+0x190/0x3c0 [ 63.674792][ C0] ? ip_icmp_error+0x52a/0x5a0 [ 63.679532][ C0] ip_icmp_error+0x52a/0x5a0 [ 63.684109][ C0] tcp_v4_err+0x99e/0x1ce0 [ 63.688524][ C0] ? tcp_v4_do_rcv+0x8b0/0x8b0 [ 63.693271][ C0] icmp_socket_deliver+0x1e1/0x360 [ 63.698402][ C0] icmp_unreach+0x33b/0xab0 [ 63.702883][ C0] icmp_rcv+0xee6/0x15f0 [ 63.707154][ C0] ip_protocol_deliver_rcu+0x57/0x880 [ 63.712552][ C0] ? check_preemption_disabled+0x38/0x220 [ 63.718309][ C0] ip_local_deliver_finish+0x220/0x360 [ 63.723861][ C0] ip_local_deliver+0x1c8/0x4e0 [ 63.728766][ C0] ? ip_local_deliver_finish+0x360/0x360 [ 63.734393][ C0] ? ip_rcv+0x244/0x3c0 [ 63.738540][ C0] ? ip_protocol_deliver_rcu+0x880/0x880 [ 63.744331][ C0] ? lock_downgrade+0x840/0x840 [ 63.749170][ C0] ? ip_rcv_finish_core.isra.0+0x606/0x1ea0 [ 63.755057][ C0] ip_rcv_finish+0x1da/0x2f0 [ 63.759638][ C0] ip_rcv+0xd0/0x3c0 [ 63.763509][ C0] ? ip_local_deliver+0x4e0/0x4e0 [ 63.768510][ C0] ? ip_rcv_finish_core.isra.0+0x1ea0/0x1ea0 [ 63.774471][ C0] ? ip_local_deliver+0x4e0/0x4e0 [ 63.779473][ C0] __netif_receive_skb_one_core+0x114/0x180 [ 63.785341][ C0] ? __netif_receive_skb_core+0x33f0/0x33f0 [ 63.791235][ C0] ? do_raw_spin_lock+0x120/0x2d0 [ 63.796248][ C0] ? rwlock_bug.part.0+0x90/0x90 [ 63.801168][ C0] __netif_receive_skb+0x27/0x1c0 [ 63.806167][ C0] process_backlog+0x21e/0x7a0 [ 63.810919][ C0] ? lockdep_hardirqs_on_prepare+0x1bc/0x590 [ 63.816887][ C0] net_rx_action+0x4e1/0x10d0 [ 63.821561][ C0] ? napi_busy_loop+0x9e0/0x9e0 [ 63.826408][ C0] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.832378][ C0] ? lockdep_hardirqs_on_prepare+0x1bc/0x590 [ 63.838339][ C0] __do_softirq+0x268/0x9ee [ 63.842823][ C0] ? takeover_tasklets+0x810/0x810 [ 63.847908][ C0] run_ksoftirqd+0x89/0x100 [ 63.852390][ C0] smpboot_thread_fn+0x653/0x9e0 [ 63.857319][ C0] ? smpboot_register_percpu_thread+0x370/0x370 [ 63.863551][ C0] ? __kthread_parkme+0x13f/0x1e0 [ 63.868550][ C0] ? smpboot_register_percpu_thread+0x370/0x370 [ 63.874784][ C0] kthread+0x3b5/0x4a0 [ 63.878827][ C0] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 63.884523][ C0] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 63.890219][ C0] ret_from_fork+0x1f/0x30 [ 63.894617][ C0] [ 63.896919][ C0] Allocated by task 1: [ 63.900981][ C0] save_stack+0x1b/0x40 [ 63.905121][ C0] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 63.910731][ C0] kmem_cache_alloc_trace+0x153/0x7d0 [ 63.916078][ C0] usb_hub_create_port_device+0x71/0xd70 [ 63.921695][ C0] hub_probe.cold+0x1eb0/0x2274 [ 63.926520][ C0] usb_probe_interface+0x305/0x7a0 [ 63.931619][ C0] really_probe+0x281/0x6d0 [ 63.936120][ C0] driver_probe_device+0xfe/0x1d0 [ 63.941136][ C0] __device_attach_driver+0x1c2/0x220 [ 63.946479][ C0] bus_for_each_drv+0x162/0x1e0 [ 63.951333][ C0] __device_attach+0x21a/0x360 [ 63.956082][ C0] bus_probe_device+0x1e4/0x290 [ 63.960917][ C0] device_add+0xaf1/0x1900 [ 63.965309][ C0] usb_set_configuration+0xec5/0x1740 [ 63.970654][ C0] usb_generic_driver_probe+0x9d/0xe0 [ 63.976006][ C0] usb_probe_device+0xc6/0x1f0 [ 63.980756][ C0] really_probe+0x281/0x6d0 [ 63.985234][ C0] driver_probe_device+0xfe/0x1d0 [ 63.990228][ C0] __device_attach_driver+0x1c2/0x220 [ 63.995579][ C0] bus_for_each_drv+0x162/0x1e0 [ 64.000444][ C0] __device_attach+0x21a/0x360 [ 64.005181][ C0] bus_probe_device+0x1e4/0x290 [ 64.010003][ C0] device_add+0xaf1/0x1900 [ 64.014422][ C0] usb_new_device.cold+0x753/0x103d [ 64.019591][ C0] usb_add_hcd.cold+0x1103/0x14aa [ 64.024601][ C0] vhci_hcd_probe+0x16f/0x230 [ 64.029263][ C0] platform_drv_probe+0x87/0x140 [ 64.034175][ C0] really_probe+0x281/0x6d0 [ 64.038649][ C0] driver_probe_device+0xfe/0x1d0 [ 64.044172][ C0] __device_attach_driver+0x1c2/0x220 [ 64.049582][ C0] bus_for_each_drv+0x162/0x1e0 [ 64.055114][ C0] __device_attach+0x21a/0x360 [ 64.059877][ C0] bus_probe_device+0x1e4/0x290 [ 64.064712][ C0] device_add+0xaf1/0x1900 [ 64.069242][ C0] platform_device_add+0x348/0x6c0 [ 64.074339][ C0] vhci_hcd_init+0x344/0x488 [ 64.078927][ C0] do_one_initcall+0x10a/0x7b0 [ 64.083669][ C0] kernel_init_freeable+0x506/0x5b5 [ 64.088862][ C0] kernel_init+0xd/0x1bb [ 64.093084][ C0] ret_from_fork+0x1f/0x30 [ 64.097467][ C0] [ 64.099770][ C0] Freed by task 0: [ 64.103466][ C0] (stack is not available) [ 64.107868][ C0] [ 64.110169][ C0] The buggy address belongs to the object at ffff88809f021000 [ 64.110169][ C0] which belongs to the cache kmalloc-2k of size 2048 [ 64.124200][ C0] The buggy address is located 2047 bytes inside of [ 64.124200][ C0] 2048-byte region [ffff88809f021000, ffff88809f021800) [ 64.137617][ C0] The buggy address belongs to the page: [ 64.143227][ C0] page:ffffea00027c0840 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 64.152309][ C0] flags: 0xfffe0000000200(slab) [ 64.157136][ C0] raw: 00fffe0000000200 ffffea00027c2788 ffffea00027c0888 ffff8880aa000e00 [ 64.165706][ C0] raw: 0000000000000000 ffff88809f021000 0000000100000001 0000000000000000 [ 64.174276][ C0] page dumped because: kasan: bad access detected [ 64.180756][ C0] [ 64.183057][ C0] Memory state around the buggy address: [ 64.188674][ C0] ffff88809f021680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.196725][ C0] ffff88809f021700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.204761][ C0] >ffff88809f021780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.212794][ C0] ^ [ 64.221728][ C0] ffff88809f021800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.229783][ C0] ffff88809f021880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.237816][ C0] ================================================================== [ 64.245861][ C0] Disabling lock debugging due to kernel taint [ 64.252036][ C0] Kernel panic - not syncing: panic_on_warn set ... [ 64.258617][ C0] CPU: 0 PID: 9 Comm: ksoftirqd/0 Tainted: G B 5.7.0-rc7-next-20200526-syzkaller #0 [ 64.269276][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.279361][ C0] Call Trace: [ 64.282653][ C0] dump_stack+0x18f/0x20d [ 64.287082][ C0] ? ip_icmp_error+0x4f0/0x5a0 [ 64.291849][ C0] panic+0x2e3/0x75c [ 64.295733][ C0] ? __warn_printk+0xf3/0xf3 [ 64.300296][ C0] ? ip_icmp_error+0x52a/0x5a0 [ 64.305043][ C0] ? trace_hardirqs_on+0x55/0x220 [ 64.310735][ C0] ? ip_icmp_error+0x52a/0x5a0 [ 64.315475][ C0] ? ip_icmp_error+0x52a/0x5a0 [ 64.320222][ C0] end_report+0x4d/0x53 [ 64.324371][ C0] kasan_report.cold+0xd/0x37 [ 64.329028][ C0] ? skb_clone+0x190/0x3c0 [ 64.333415][ C0] ? ip_icmp_error+0x52a/0x5a0 [ 64.338163][ C0] ip_icmp_error+0x52a/0x5a0 [ 64.342987][ C0] tcp_v4_err+0x99e/0x1ce0 [ 64.347375][ C0] ? tcp_v4_do_rcv+0x8b0/0x8b0 [ 64.352111][ C0] icmp_socket_deliver+0x1e1/0x360 [ 64.357205][ C0] icmp_unreach+0x33b/0xab0 [ 64.361690][ C0] icmp_rcv+0xee6/0x15f0 [ 64.365907][ C0] ip_protocol_deliver_rcu+0x57/0x880 [ 64.371261][ C0] ? check_preemption_disabled+0x38/0x220 [ 64.376968][ C0] ip_local_deliver_finish+0x220/0x360 [ 64.382412][ C0] ip_local_deliver+0x1c8/0x4e0 [ 64.387235][ C0] ? ip_local_deliver_finish+0x360/0x360 [ 64.392835][ C0] ? ip_rcv+0x244/0x3c0 [ 64.396995][ C0] ? ip_protocol_deliver_rcu+0x880/0x880 [ 64.402611][ C0] ? lock_downgrade+0x840/0x840 [ 64.407432][ C0] ? ip_rcv_finish_core.isra.0+0x606/0x1ea0 [ 64.413298][ C0] ip_rcv_finish+0x1da/0x2f0 [ 64.417872][ C0] ip_rcv+0xd0/0x3c0 [ 64.421739][ C0] ? ip_local_deliver+0x4e0/0x4e0 [ 64.426745][ C0] ? ip_rcv_finish_core.isra.0+0x1ea0/0x1ea0 [ 64.432700][ C0] ? ip_local_deliver+0x4e0/0x4e0 [ 64.437695][ C0] __netif_receive_skb_one_core+0x114/0x180 [ 64.443561][ C0] ? __netif_receive_skb_core+0x33f0/0x33f0 [ 64.449426][ C0] ? do_raw_spin_lock+0x120/0x2d0 [ 64.454421][ C0] ? rwlock_bug.part.0+0x90/0x90 [ 64.459331][ C0] __netif_receive_skb+0x27/0x1c0 [ 64.464328][ C0] process_backlog+0x21e/0x7a0 [ 64.469067][ C0] ? lockdep_hardirqs_on_prepare+0x1bc/0x590 [ 64.475030][ C0] net_rx_action+0x4e1/0x10d0 [ 64.479747][ C0] ? napi_busy_loop+0x9e0/0x9e0 [ 64.484577][ C0] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.490551][ C0] ? lockdep_hardirqs_on_prepare+0x1bc/0x590 [ 64.496621][ C0] __do_softirq+0x268/0x9ee [ 64.501105][ C0] ? takeover_tasklets+0x810/0x810 [ 64.506202][ C0] run_ksoftirqd+0x89/0x100 [ 64.510675][ C0] smpboot_thread_fn+0x653/0x9e0 [ 64.515588][ C0] ? smpboot_register_percpu_thread+0x370/0x370 [ 64.521801][ C0] ? __kthread_parkme+0x13f/0x1e0 [ 64.526796][ C0] ? smpboot_register_percpu_thread+0x370/0x370 [ 64.533021][ C0] kthread+0x3b5/0x4a0 [ 64.537060][ C0] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 64.542771][ C0] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 64.548465][ C0] ret_from_fork+0x1f/0x30 [ 64.553553][ C0] Kernel Offset: disabled [ 64.557875][ C0] Rebooting in 86400 seconds..