Warning: Permanently added '10.128.0.25' (ECDSA) to the list of known hosts.
syzkaller login: [ 73.071716][ T7043] IPVS: ftp: loaded support on port[0] = 21
[ 73.164984][ T7043] chnl_net:caif_netlink_parms(): no params data found
[ 73.216932][ T7043] bridge0: port 1(bridge_slave_0) entered blocking state
[ 73.224801][ T7043] bridge0: port 1(bridge_slave_0) entered disabled state
[ 73.233880][ T7043] device bridge_slave_0 entered promiscuous mode
[ 73.244497][ T7043] bridge0: port 2(bridge_slave_1) entered blocking state
[ 73.253313][ T7043] bridge0: port 2(bridge_slave_1) entered disabled state
[ 73.262045][ T7043] device bridge_slave_1 entered promiscuous mode
[ 73.283316][ T7043] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 73.294642][ T7043] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 73.317485][ T7043] team0: Port device team_slave_0 added
[ 73.324863][ T7043] team0: Port device team_slave_1 added
[ 73.343590][ T7043] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 73.350732][ T7043] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 73.377222][ T7043] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 73.390930][ T7043] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 73.397892][ T7043] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 73.423988][ T7043] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 73.484612][ T7043] device hsr_slave_0 entered promiscuous mode
[ 73.540552][ T7043] device hsr_slave_1 entered promiscuous mode
[ 73.677590][ T7043] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 73.742997][ T7043] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 73.782680][ T7043] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 73.833151][ T7043] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 73.905740][ T7043] bridge0: port 2(bridge_slave_1) entered blocking state
[ 73.912907][ T7043] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 73.920809][ T7043] bridge0: port 1(bridge_slave_0) entered blocking state
[ 73.927978][ T7043] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 73.974926][ T7043] 8021q: adding VLAN 0 to HW filter on device bond0
[ 73.987814][ T2695] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 73.998316][ T2695] bridge0: port 1(bridge_slave_0) entered disabled state
[ 74.007521][ T2695] bridge0: port 2(bridge_slave_1) entered disabled state
[ 74.016341][ T2695] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 74.029703][ T7043] 8021q: adding VLAN 0 to HW filter on device team0
[ 74.041232][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 74.049810][ T17] bridge0: port 1(bridge_slave_0) entered blocking state
[ 74.056997][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 74.068503][ T2695] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 74.078181][ T2695] bridge0: port 2(bridge_slave_1) entered blocking state
[ 74.086216][ T2695] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 74.113405][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 74.122716][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 74.132540][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 74.142290][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 74.155172][ T2695] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 74.164831][ T2695] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 74.176711][ T7043] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 74.195617][ T2695] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 74.204141][ T2695] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 74.218991][ T7043] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 74.239183][ T2695] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 74.248431][ T2695] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 74.277967][ T7043] device veth0_vlan entered promiscuous mode
[ 74.286475][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 74.298384][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 74.311407][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 74.319834][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 74.332521][ T7043] device veth1_vlan entered promiscuous mode
[ 74.355403][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 74.367603][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 74.378549][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 74.391794][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 74.408544][ T7043] device veth0_macvtap entered promiscuous mode
[ 74.427339][ T7043] device veth1_macvtap entered promiscuous mode
[ 74.451339][ T7043] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 74.465528][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 74.477226][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 74.487307][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 74.498295][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 74.512208][ T7043] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 74.521490][ T2695] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 74.531646][ T2695] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
executing program
[ 77.851168][ C0] ==================================================================
[ 77.859383][ C0] BUG: KASAN: slab-out-of-bounds in ip_icmp_error+0x52a/0x5a0
[ 77.867003][ C0] Read of size 1 at addr ffff88808930dfff by task swapper/0/0
[ 77.874738][ C0]
[ 77.877094][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.7.0-rc6-syzkaller #0
[ 77.885056][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 77.895825][ C0] Call Trace:
[ 77.899132][ C0]
[ 77.902006][ C0] dump_stack+0x188/0x20d
[ 77.906374][ C0] print_address_description.constprop.0.cold+0xd3/0x413
[ 77.913383][ C0] ? skb_splice_bits+0x1a0/0x1a0
[ 77.918312][ C0] ? __kasan_kmalloc.constprop.0+0xbf/0xd0
[ 77.924258][ C0] ? vprintk_func+0x81/0x17e
[ 77.929552][ C0] ? ip_icmp_error+0x52a/0x5a0
[ 77.935036][ C0] __kasan_report.cold+0x20/0x38
[ 77.941015][ C0] ? ip_icmp_error+0x52a/0x5a0
[ 77.947104][ C0] ? ip_icmp_error+0x52a/0x5a0
[ 77.951955][ C0] kasan_report+0x33/0x50
[ 77.956522][ C0] ip_icmp_error+0x52a/0x5a0
[ 77.961235][ C0] tcp_v4_err+0x9b2/0x1d00
[ 77.965730][ C0] ? tcp_v4_do_rcv+0x8b0/0x8b0
[ 77.970753][ C0] icmp_socket_deliver+0x1e4/0x360
[ 77.976043][ C0] icmp_unreach+0x33b/0xab0
[ 77.980675][ C0] icmp_rcv+0xee6/0x15f0
[ 77.985209][ C0] ip_protocol_deliver_rcu+0x57/0x880
[ 77.990884][ C0] ip_local_deliver_finish+0x220/0x360
[ 77.996620][ C0] ip_local_deliver+0x1c8/0x4e0
[ 78.001628][ C0] ? ip_local_deliver_finish+0x360/0x360
[ 78.007297][ C0] ? ip_rcv+0x24e/0x3c0
[ 78.011589][ C0] ? ip_protocol_deliver_rcu+0x880/0x880
[ 78.017702][ C0] ? lock_downgrade+0x840/0x840
[ 78.022845][ C0] ? ip_rcv_finish_core.isra.0+0x606/0x1ec0
[ 78.028826][ C0] ip_rcv_finish+0x1da/0x2f0
[ 78.033443][ C0] ip_rcv+0xd0/0x3c0
[ 78.037818][ C0] ? ip_local_deliver+0x4e0/0x4e0
[ 78.043137][ C0] ? ip_rcv_finish_core.isra.0+0x1ec0/0x1ec0
[ 78.049379][ C0] ? ip_local_deliver+0x4e0/0x4e0
[ 78.054887][ C0] __netif_receive_skb_one_core+0x114/0x180
[ 78.061080][ C0] ? __netif_receive_skb_core+0x31c0/0x31c0
[ 78.067181][ C0] ? do_raw_spin_lock+0x129/0x2e0
[ 78.072210][ C0] ? rwlock_bug.part.0+0x90/0x90
[ 78.077258][ C0] ? rebalance_domains+0x375/0xe40
[ 78.082403][ C0] __netif_receive_skb+0x27/0x1c0
[ 78.088723][ C0] process_backlog+0x21e/0x7a0
[ 78.093869][ C0] ? net_rx_action+0x25f/0x1070
[ 78.098826][ C0] net_rx_action+0x4c2/0x1070
[ 78.103853][ C0] ? napi_busy_loop+0x9e0/0x9e0
[ 78.108899][ C0] ? rcu_read_lock_any_held.part.0+0x50/0x50
[ 78.115210][ C0] ? run_rebalance_domains+0x202/0x2c0
[ 78.120708][ C0] __do_softirq+0x26c/0x9f7
[ 78.125318][ C0] irq_exit+0x192/0x1d0
[ 78.129833][ C0] smp_apic_timer_interrupt+0x19e/0x600
[ 78.135400][ C0] apic_timer_interrupt+0xf/0x20
[ 78.140438][ C0]
[ 78.143374][ C0] RIP: 0010:native_safe_halt+0xe/0x10
[ 78.148838][ C0] Code: cc cc cc cc cc cc cc cc cc cc cc cc e9 07 00 00 00 0f 00 2d d4 c3 52 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d c4 c3 52 00 fb f4 cc 41 56 41 55 41 54 55 53 e8 93 4c 8b f9 e8 ce 81 c4 fb 0f 1f
[ 78.168610][ C0] RSP: 0018:ffffffff89807d98 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
[ 78.177672][ C0] RAX: 1ffffffff132980f RBX: ffffffff89886540 RCX: 0000000000000000
[ 78.185884][ C0] RDX: dffffc0000000000 RSI: 0000000000000006 RDI: ffffffff89886e04
[ 78.193879][ C0] RBP: dffffc0000000000 R08: ffffffff89886540 R09: 0000000000000000
[ 78.201847][ C0] R10: 0000000000000000 R11: 0000000000000000 R12: fffffbfff1310ca8
[ 78.210037][ C0] R13: 0000000000000000 R14: ffffffff8a8a4bc0 R15: 0000000000000000
[ 78.218062][ C0] default_idle+0x49/0x350
[ 78.222480][ C0] do_idle+0x393/0x690
[ 78.226594][ C0] ? rcu_read_lock_held+0x9c/0xb0
[ 78.231822][ C0] ? arch_cpu_idle_exit+0x70/0x70
[ 78.236889][ C0] ? schedule+0xe7/0x2a0
[ 78.241266][ C0] ? trace_init_perf_perm_irq_work_exit+0xe/0xe
[ 78.247693][ C0] cpu_startup_entry+0x14/0x20
[ 78.252872][ C0] start_kernel+0x97d/0x9ba
[ 78.257416][ C0] ? mem_encrypt_init+0x5/0x5
[ 78.262344][ C0] ? x86_family+0x3d/0x50
[ 78.266718][ C0] ? load_ucode_bsp+0x23d/0x27d
[ 78.271567][ C0] secondary_startup_64+0xa4/0xb0
[ 78.276852][ C0]
[ 78.279258][ C0] Allocated by task 7043:
[ 78.283749][ C0] save_stack+0x1b/0x40
[ 78.288181][ C0] __kasan_kmalloc.constprop.0+0xbf/0xd0
[ 78.293805][ C0] kmem_cache_alloc_node+0x13c/0x760
[ 78.299480][ C0] __alloc_skb+0xba/0x5a0
[ 78.303953][ C0] netlink_sendmsg+0x97b/0xe10
[ 78.308733][ C0] sock_sendmsg+0xcf/0x120
[ 78.313226][ C0] __sys_sendto+0x219/0x330
[ 78.317717][ C0] __x64_sys_sendto+0xdd/0x1b0
[ 78.322615][ C0] do_syscall_64+0xf6/0x7d0
[ 78.327204][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xb3
[ 78.333092][ C0]
[ 78.335636][ C0] Freed by task 7043:
[ 78.339702][ C0] save_stack+0x1b/0x40
[ 78.343965][ C0] __kasan_slab_free+0xf7/0x140
[ 78.349211][ C0] kmem_cache_free+0x7f/0x320
[ 78.353978][ C0] kfree_skbmem+0xef/0x1b0
[ 78.358596][ C0] consume_skb+0xfb/0x400
[ 78.362923][ C0] netlink_unicast+0x53f/0x740
[ 78.367840][ C0] netlink_sendmsg+0x882/0xe10
[ 78.372788][ C0] sock_sendmsg+0xcf/0x120
[ 78.377396][ C0] __sys_sendto+0x219/0x330
[ 78.381931][ C0] __x64_sys_sendto+0xdd/0x1b0
[ 78.387570][ C0] do_syscall_64+0xf6/0x7d0
[ 78.392161][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xb3
[ 78.400606][ C0]
[ 78.402919][ C0] The buggy address belongs to the object at ffff88808930ddc0
[ 78.402919][ C0] which belongs to the cache skbuff_head_cache of size 224
[ 78.417983][ C0] The buggy address is located 351 bytes to the right of
[ 78.417983][ C0] 224-byte region [ffff88808930ddc0, ffff88808930dea0)
[ 78.432570][ C0] The buggy address belongs to the page:
[ 78.438410][ C0] page:ffffea000224c340 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0
[ 78.447759][ C0] flags: 0xfffe0000000200(slab)
[ 78.452614][ C0] raw: 00fffe0000000200 ffffea00024e2f88 ffffea00029c6508 ffff88821b777700
[ 78.461298][ C0] raw: 0000000000000000 ffff88808930d000 000000010000000c 0000000000000000
[ 78.469989][ C0] page dumped because: kasan: bad access detected
[ 78.476649][ C0]
[ 78.479053][ C0] Memory state around the buggy address:
[ 78.485065][ C0] ffff88808930de80: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[ 78.493710][ C0] ffff88808930df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 78.501856][ C0] >ffff88808930df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 78.509935][ C0] ^
[ 78.518364][ C0] ffff88808930e000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 78.526422][ C0] ffff88808930e080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 78.534752][ C0] ==================================================================
[ 78.542808][ C0] Disabling lock debugging due to kernel taint
[ 78.549454][ C0] Kernel panic - not syncing: panic_on_warn set ...
[ 78.556144][ C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 5.7.0-rc6-syzkaller #0
[ 78.565526][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 78.577797][ C0] Call Trace:
[ 78.582225][ C0]
[ 78.585763][ C0] dump_stack+0x188/0x20d
[ 78.590540][ C0] panic+0x2e3/0x75c
[ 78.594986][ C0] ? add_taint.cold+0x16/0x16
[ 78.600068][ C0] ? ip_icmp_error+0x52a/0x5a0
[ 78.609849][ C0] ? trace_hardirqs_on+0x55/0x220
[ 78.617418][ C0] ? ip_icmp_error+0x52a/0x5a0
[ 78.622514][ C0] end_report+0x4d/0x53
[ 78.627751][ C0] __kasan_report.cold+0xd/0x38
[ 78.634936][ C0] ? ip_icmp_error+0x52a/0x5a0
[ 78.640561][ C0] ? ip_icmp_error+0x52a/0x5a0
[ 78.647888][ C0] kasan_report+0x33/0x50
[ 78.652845][ C0] ip_icmp_error+0x52a/0x5a0
[ 78.658089][ C0] tcp_v4_err+0x9b2/0x1d00
[ 78.663166][ C0] ? tcp_v4_do_rcv+0x8b0/0x8b0
[ 78.668370][ C0] icmp_socket_deliver+0x1e4/0x360
[ 78.674026][ C0] icmp_unreach+0x33b/0xab0
[ 78.679753][ C0] icmp_rcv+0xee6/0x15f0
[ 78.684595][ C0] ip_protocol_deliver_rcu+0x57/0x880
[ 78.690806][ C0] ip_local_deliver_finish+0x220/0x360
[ 78.697589][ C0] ip_local_deliver+0x1c8/0x4e0
[ 78.703586][ C0] ? ip_local_deliver_finish+0x360/0x360
[ 78.709884][ C0] ? ip_rcv+0x24e/0x3c0
[ 78.714784][ C0] ? ip_protocol_deliver_rcu+0x880/0x880
[ 78.724214][ C0] ? lock_downgrade+0x840/0x840
[ 78.730719][ C0] ? ip_rcv_finish_core.isra.0+0x606/0x1ec0
[ 78.737901][ C0] ip_rcv_finish+0x1da/0x2f0
[ 78.742885][ C0] ip_rcv+0xd0/0x3c0
[ 78.747326][ C0] ? ip_local_deliver+0x4e0/0x4e0
[ 78.757175][ C0] ? ip_rcv_finish_core.isra.0+0x1ec0/0x1ec0
[ 78.764334][ C0] ? ip_local_deliver+0x4e0/0x4e0
[ 78.772220][ C0] __netif_receive_skb_one_core+0x114/0x180
[ 78.778363][ C0] ? __netif_receive_skb_core+0x31c0/0x31c0
[ 78.784551][ C0] ? do_raw_spin_lock+0x129/0x2e0
[ 78.789790][ C0] ? rwlock_bug.part.0+0x90/0x90
[ 78.794762][ C0] ? rebalance_domains+0x375/0xe40
[ 78.800481][ C0] __netif_receive_skb+0x27/0x1c0
[ 78.805739][ C0] process_backlog+0x21e/0x7a0
[ 78.810809][ C0] ? net_rx_action+0x25f/0x1070
[ 78.815649][ C0] net_rx_action+0x4c2/0x1070
[ 78.825821][ C0] ? napi_busy_loop+0x9e0/0x9e0
[ 78.831284][ C0] ? rcu_read_lock_any_held.part.0+0x50/0x50
[ 78.837289][ C0] ? run_rebalance_domains+0x202/0x2c0
[ 78.843643][ C0] __do_softirq+0x26c/0x9f7
[ 78.848826][ C0] irq_exit+0x192/0x1d0
[ 78.856231][ C0] smp_apic_timer_interrupt+0x19e/0x600
[ 78.862294][ C0] apic_timer_interrupt+0xf/0x20
[ 78.868158][ C0]
[ 78.871471][ C0] RIP: 0010:native_safe_halt+0xe/0x10
[ 78.877235][ C0] Code: cc cc cc cc cc cc cc cc cc cc cc cc e9 07 00 00 00 0f 00 2d d4 c3 52 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d c4 c3 52 00 fb f4 cc 41 56 41 55 41 54 55 53 e8 93 4c 8b f9 e8 ce 81 c4 fb 0f 1f
[ 78.897215][ C0] RSP: 0018:ffffffff89807d98 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
[ 78.905746][ C0] RAX: 1ffffffff132980f RBX: ffffffff89886540 RCX: 0000000000000000
[ 78.914037][ C0] RDX: dffffc0000000000 RSI: 0000000000000006 RDI: ffffffff89886e04
[ 78.922372][ C0] RBP: dffffc0000000000 R08: ffffffff89886540 R09: 0000000000000000
[ 78.930569][ C0] R10: 0000000000000000 R11: 0000000000000000 R12: fffffbfff1310ca8
[ 78.938658][ C0] R13: 0000000000000000 R14: ffffffff8a8a4bc0 R15: 0000000000000000
[ 78.946986][ C0] default_idle+0x49/0x350
[ 78.951667][ C0] do_idle+0x393/0x690
[ 78.955769][ C0] ? rcu_read_lock_held+0x9c/0xb0
[ 78.960780][ C0] ? arch_cpu_idle_exit+0x70/0x70
[ 78.965951][ C0] ? schedule+0xe7/0x2a0
[ 78.970917][ C0] ? trace_init_perf_perm_irq_work_exit+0xe/0xe
[ 78.977140][ C0] cpu_startup_entry+0x14/0x20
[ 78.981999][ C0] start_kernel+0x97d/0x9ba
[ 78.986487][ C0] ? mem_encrypt_init+0x5/0x5
[ 78.991534][ C0] ? x86_family+0x3d/0x50
[ 78.995847][ C0] ? load_ucode_bsp+0x23d/0x27d
[ 79.000694][ C0] secondary_startup_64+0xa4/0xb0
[ 79.007513][ C0] Kernel Offset: disabled
[ 79.012718][ C0] Rebooting in 86400 seconds..