Warning: Permanently added '10.128.0.158' (ECDSA) to the list of known hosts. [ 55.842918] audit: type=1400 audit(1578325899.840:36): avc: denied { map } for pid=8093 comm="syz-executor445" path="/root/syz-executor445574593" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 55.869565] IPVS: ftp: loaded support on port[0] = 21 [ 55.897753] audit: type=1400 audit(1578325899.900:37): avc: denied { create } for pid=8094 comm="syz-executor445" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 55.921922] audit: type=1400 audit(1578325899.900:38): avc: denied { write } for pid=8094 comm="syz-executor445" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 55.921952] audit: type=1400 audit(1578325899.900:39): avc: denied { read } for pid=8094 comm="syz-executor445" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 55.995233] chnl_net:caif_netlink_parms(): no params data found [ 56.029267] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.035946] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.043004] device bridge_slave_0 entered promiscuous mode [ 56.050364] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.056828] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.063722] device bridge_slave_1 entered promiscuous mode [ 56.080328] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 56.089440] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 56.105428] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 56.113086] team0: Port device team_slave_0 added [ 56.118778] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 56.126204] team0: Port device team_slave_1 added [ 56.131671] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 56.139200] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 56.186678] device hsr_slave_0 entered promiscuous mode [ 56.235019] device hsr_slave_1 entered promiscuous mode [ 56.285568] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 56.292638] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 56.337210] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.343627] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.350550] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.356927] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.389622] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 56.396135] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.404119] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.413199] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.432075] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.439350] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.447732] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 56.457949] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 56.464019] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.485776] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.493333] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.499723] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.507144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.515103] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.521437] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.528810] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.536843] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.544384] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.552648] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 56.561643] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.570764] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 56.576920] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 56.589832] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 56.599210] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 56.607087] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 56.618450] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.630553] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 56.640686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 56.682696] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 56.690339] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 56.698734] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 56.708272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 56.716178] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 56.723014] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready executing program [ 56.731815] device veth0_vlan entered promiscuous mode [ 56.740914] device veth1_vlan entered promiscuous mode [ 56.746865] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 56.755494] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 56.794882] protocol 88fb is buggy, dev hsr_slave_0 [ 56.800055] protocol 88fb is buggy, dev hsr_slave_1 [ 56.834974] ================================================================== [ 56.842493] BUG: KASAN: slab-out-of-bounds in macvlan_broadcast+0x57c/0x660 [ 56.849592] Read of size 4 at addr ffff88809b7530c1 by task syz-executor445/8105 [ 56.857107] [ 56.858726] CPU: 0 PID: 8105 Comm: syz-executor445 Not tainted 4.19.93-syzkaller #0 [ 56.866501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.875935] Call Trace: [ 56.878527] dump_stack+0x197/0x210 [ 56.882143] ? macvlan_broadcast+0x57c/0x660 [ 56.886541] print_address_description.cold+0x7c/0x20d [ 56.891805] ? macvlan_broadcast+0x57c/0x660 [ 56.896205] kasan_report.cold+0x8c/0x2ba [ 56.900343] __asan_report_load_n_noabort+0xf/0x20 [ 56.905279] macvlan_broadcast+0x57c/0x660 [ 56.909509] macvlan_start_xmit+0x408/0x785 [ 56.913835] dev_direct_xmit+0x34d/0x650 [ 56.917882] ? validate_xmit_skb_list+0x130/0x130 [ 56.922712] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 56.928235] ? skb_copy_datagram_from_iter+0x441/0x660 [ 56.933511] packet_direct_xmit+0xf9/0x170 [ 56.937770] packet_sendmsg+0x3bb2/0x6440 [ 56.941948] ? packet_notifier+0x840/0x840 [ 56.946174] ? release_sock+0x156/0x1c0 [ 56.950251] ? selinux_socket_sendmsg+0x36/0x40 [ 56.954914] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 56.960443] ? security_socket_sendmsg+0x8d/0xc0 [ 56.965277] ? packet_notifier+0x840/0x840 [ 56.969507] sock_sendmsg+0xd7/0x130 [ 56.973215] __sys_sendto+0x262/0x380 [ 56.977004] ? __ia32_sys_getpeername+0xb0/0xb0 [ 56.981667] ? __ia32_sys_socketpair+0xf0/0xf0 [ 56.986244] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 56.991766] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 56.996509] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 57.001309] ? do_syscall_64+0x26/0x620 [ 57.005284] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 57.011334] __x64_sys_sendto+0xe1/0x1a0 [ 57.015403] do_syscall_64+0xfd/0x620 [ 57.019207] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 57.024384] RIP: 0033:0x442da9 [ 57.027568] Code: e8 ac 07 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 1b 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 57.046454] RSP: 002b:00007fff5084b348 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 57.054160] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000442da9 [ 57.061418] RDX: 000000000000000e RSI: 0000000020000080 RDI: 0000000000000003 [ 57.068682] RBP: 0000000000000004 R08: 0000000000000000 R09: 0000000000000000 [ 57.075955] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 57.083209] R13: 0000000000403ce0 R14: 0000000000000000 R15: 0000000000000000 [ 57.090471] [ 57.092082] Allocated by task 1: [ 57.095442] save_stack+0x45/0xd0 [ 57.098892] kasan_kmalloc+0xce/0xf0 [ 57.102590] kasan_slab_alloc+0xf/0x20 [ 57.106466] kmem_cache_alloc+0x12e/0x700 [ 57.110608] __kernfs_new_node+0xef/0x6f0 [ 57.114765] kernfs_new_node+0x99/0x130 [ 57.118734] __kernfs_create_file+0x51/0x33b [ 57.123128] sysfs_add_file_mode_ns+0x222/0x560 [ 57.127783] internal_create_group+0x383/0xc30 [ 57.132350] sysfs_create_groups+0x9b/0x141 [ 57.137008] device_add+0x12de/0x1760 [ 57.140811] netdev_register_kobject+0x183/0x3b0 [ 57.145612] register_netdevice+0x875/0xff0 [ 57.149921] __ip_tunnel_create+0x36b/0x530 [ 57.154228] ip_tunnel_init_net+0x375/0x9e0 [ 57.158592] ipgre_init_net+0x25/0x30 [ 57.162382] ops_init+0xb3/0x410 [ 57.165787] register_pernet_operations+0x382/0x7f0 [ 57.170802] register_pernet_device+0x2a/0x80 [ 57.175286] ipgre_init+0x23/0x1a4 [ 57.178810] do_one_initcall+0x107/0x78c [ 57.182857] kernel_init_freeable+0x4d4/0x5c8 [ 57.187440] kernel_init+0x12/0x1c3 [ 57.191052] ret_from_fork+0x24/0x30 [ 57.194902] [ 57.196518] Freed by task 0: [ 57.199515] (stack is not available) [ 57.203205] [ 57.204818] The buggy address belongs to the object at ffff88809b753000 [ 57.204818] which belongs to the cache kernfs_node_cache of size 160 [ 57.217984] The buggy address is located 33 bytes to the right of [ 57.217984] 160-byte region [ffff88809b753000, ffff88809b7530a0) [ 57.230275] The buggy address belongs to the page: [ 57.235207] page:ffffea00026dd4c0 count:1 mapcount:0 mapping:ffff88821bc47e00 index:0xffff88809b753fee [ 57.244641] flags: 0xfffe0000000100(slab) [ 57.249057] raw: 00fffe0000000100 ffffea00026dd408 ffffea00026dd508 ffff88821bc47e00 [ 57.256925] raw: ffff88809b753fee ffff88809b753000 0000000100000012 0000000000000000 [ 57.264788] page dumped because: kasan: bad access detected [ 57.270476] [ 57.272085] Memory state around the buggy address: [ 57.277007] ffff88809b752f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.284363] ffff88809b753000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 57.291713] >ffff88809b753080: 00 00 00 00 fc fc fc fc fc fc fc fc 00 00 00 00 [ 57.299065] ^ [ 57.304502] ffff88809b753100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 57.311850] ffff88809b753180: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 57.319187] ================================================================== [ 57.326531] Disabling lock debugging due to kernel taint [ 57.331999] Kernel panic - not syncing: panic_on_warn set ... [ 57.331999] [ 57.339387] CPU: 0 PID: 8105 Comm: syz-executor445 Tainted: G B 4.19.93-syzkaller #0 [ 57.348552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.357890] Call Trace: [ 57.360466] dump_stack+0x197/0x210 [ 57.364078] ? macvlan_broadcast+0x57c/0x660 [ 57.368481] panic+0x26a/0x50e [ 57.371658] ? __warn_printk+0xf3/0xf3 [ 57.375529] ? retint_kernel+0x2d/0x2d [ 57.379415] ? trace_hardirqs_on+0x5e/0x220 [ 57.383732] ? macvlan_broadcast+0x57c/0x660 [ 57.388137] kasan_end_report+0x47/0x4f [ 57.392097] kasan_report.cold+0xa9/0x2ba [ 57.396230] __asan_report_load_n_noabort+0xf/0x20 [ 57.401143] macvlan_broadcast+0x57c/0x660 [ 57.405373] macvlan_start_xmit+0x408/0x785 [ 57.409680] dev_direct_xmit+0x34d/0x650 [ 57.413726] ? validate_xmit_skb_list+0x130/0x130 [ 57.418561] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 57.424086] ? skb_copy_datagram_from_iter+0x441/0x660 [ 57.429357] packet_direct_xmit+0xf9/0x170 [ 57.433579] packet_sendmsg+0x3bb2/0x6440 [ 57.437722] ? packet_notifier+0x840/0x840 [ 57.441943] ? release_sock+0x156/0x1c0 [ 57.445913] ? selinux_socket_sendmsg+0x36/0x40 [ 57.450609] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 57.456138] ? security_socket_sendmsg+0x8d/0xc0 [ 57.460880] ? packet_notifier+0x840/0x840 [ 57.465098] sock_sendmsg+0xd7/0x130 [ 57.468862] __sys_sendto+0x262/0x380 [ 57.472647] ? __ia32_sys_getpeername+0xb0/0xb0 [ 57.477306] ? __ia32_sys_socketpair+0xf0/0xf0 [ 57.481874] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 57.487394] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 57.492186] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 57.496927] ? do_syscall_64+0x26/0x620 [ 57.500884] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 57.506237] __x64_sys_sendto+0xe1/0x1a0 [ 57.510294] do_syscall_64+0xfd/0x620 [ 57.514082] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 57.519264] RIP: 0033:0x442da9 [ 57.522451] Code: e8 ac 07 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 1b 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 57.541987] RSP: 002b:00007fff5084b348 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 57.549677] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000442da9 [ 57.556928] RDX: 000000000000000e RSI: 0000000020000080 RDI: 0000000000000003 [ 57.564267] RBP: 0000000000000004 R08: 0000000000000000 R09: 0000000000000000 [ 57.571521] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 57.578937] R13: 0000000000403ce0 R14: 0000000000000000 R15: 0000000000000000 [ 57.587570] Kernel Offset: disabled [ 57.591198] Rebooting in 86400 seconds..