Warning: Permanently added '10.128.1.97' (ECDSA) to the list of known hosts. [ 73.220720][ T8395] IPVS: ftp: loaded support on port[0] = 21 [ 73.354537][ T8395] chnl_net:caif_netlink_parms(): no params data found [ 73.429893][ T8395] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.437694][ T8395] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.447404][ T8395] device bridge_slave_0 entered promiscuous mode [ 73.456555][ T8395] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.463652][ T8395] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.472746][ T8395] device bridge_slave_1 entered promiscuous mode [ 73.492253][ T8395] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.502981][ T8395] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.524317][ T8395] team0: Port device team_slave_0 added [ 73.532151][ T8395] team0: Port device team_slave_1 added [ 73.550043][ T8395] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 73.557027][ T8395] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.583874][ T8395] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 73.597264][ T8395] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 73.604206][ T8395] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.630221][ T8395] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 73.656059][ T8395] device hsr_slave_0 entered promiscuous mode [ 73.662664][ T8395] device hsr_slave_1 entered promiscuous mode [ 73.757074][ T8395] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 73.770584][ T8395] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 73.780143][ T8395] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 73.790791][ T8395] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 73.816557][ T8395] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.823882][ T8395] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.831752][ T8395] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.838906][ T8395] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.882394][ T8395] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.894769][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 73.908311][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.917462][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.925345][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 73.938616][ T8395] 8021q: adding VLAN 0 to HW filter on device team0 [ 73.950096][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 73.958670][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.965767][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.987487][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 73.997876][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.004905][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.014382][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 74.027134][ T4835] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 74.034933][ T4835] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 74.051651][ T8395] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 74.063516][ T8395] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 74.076580][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 74.086679][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 74.094883][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 74.116472][ T3747] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 74.123900][ T3747] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 74.135682][ T8395] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 74.153953][ T3747] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 74.174980][ T8395] device veth0_vlan entered promiscuous mode [ 74.182480][ T4835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 74.191866][ T4835] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 74.199950][ T4835] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 74.213392][ T8395] device veth1_vlan entered promiscuous mode [ 74.233673][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 74.242135][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 74.251051][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 74.261238][ T8395] device veth0_macvtap entered promiscuous mode [ 74.271864][ T8395] device veth1_macvtap entered promiscuous mode [ 74.291177][ T8395] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 74.299648][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 74.309903][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 74.321635][ T8395] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.330713][ T3550] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 74.343029][ T8395] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.352570][ T8395] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.361982][ T8395] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.371665][ T8395] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.413483][ T8395] ================================================================== [ 74.421753][ T8395] BUG: KASAN: use-after-free in eth_header_parse_protocol+0xdc/0xe0 [ 74.429776][ T8395] Read of size 2 at addr ffff88802732400b by task syz-executor512/8395 [ 74.437996][ T8395] [ 74.440303][ T8395] CPU: 0 PID: 8395 Comm: syz-executor512 Not tainted 5.12.0-rc4-syzkaller #0 [ 74.449044][ T8395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 74.459096][ T8395] Call Trace: [ 74.462362][ T8395] dump_stack+0x141/0x1d7 [ 74.466733][ T8395] ? eth_header_parse_protocol+0xdc/0xe0 [ 74.472351][ T8395] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 74.479398][ T8395] ? llc_sysctl_exit+0x60/0x60 [ 74.484149][ T8395] ? eth_header_parse_protocol+0xdc/0xe0 [ 74.489814][ T8395] ? eth_header_parse_protocol+0xdc/0xe0 [ 74.495429][ T8395] kasan_report.cold+0x7c/0xd8 [ 74.500183][ T8395] ? eth_header_parse_protocol+0xdc/0xe0 [ 74.509893][ T8395] ? llc_sysctl_exit+0x60/0x60 [ 74.514642][ T8395] eth_header_parse_protocol+0xdc/0xe0 [ 74.520096][ T8395] virtio_net_hdr_to_skb.constprop.0+0x99d/0xcd0 [ 74.526499][ T8395] ? tpacket_destruct_skb+0x860/0x860 [ 74.531857][ T8395] packet_sendmsg+0x2325/0x52b0 [ 74.536705][ T8395] ? aa_sk_perm+0x31b/0xab0 [ 74.541203][ T8395] ? packet_cached_dev_get+0x250/0x250 [ 74.546646][ T8395] ? aa_af_perm+0x230/0x230 [ 74.551135][ T8395] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 74.557380][ T8395] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 74.563614][ T8395] ? packet_cached_dev_get+0x250/0x250 [ 74.569057][ T8395] sock_sendmsg+0xcf/0x120 [ 74.573486][ T8395] ____sys_sendmsg+0x6e8/0x810 [ 74.578235][ T8395] ? kernel_sendmsg+0x50/0x50 [ 74.582895][ T8395] ? do_recvmmsg+0x6d0/0x6d0 [ 74.587471][ T8395] ? lock_chain_count+0x20/0x20 [ 74.592306][ T8395] ? lockdep_hardirqs_on+0x79/0x100 [ 74.597487][ T8395] ? packet_setsockopt+0xc2b/0x3b30 [ 74.602669][ T8395] ___sys_sendmsg+0xf3/0x170 [ 74.607332][ T8395] ? sendmsg_copy_msghdr+0x160/0x160 [ 74.612619][ T8395] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 74.618854][ T8395] ? __fget_light+0x215/0x280 [ 74.623516][ T8395] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 74.629743][ T8395] __sys_sendmsg+0xe5/0x1b0 [ 74.634231][ T8395] ? __sys_sendmsg_sock+0x30/0x30 [ 74.639248][ T8395] ? syscall_enter_from_user_mode+0x27/0x70 [ 74.645154][ T8395] do_syscall_64+0x2d/0x70 [ 74.649556][ T8395] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 74.655449][ T8395] RIP: 0033:0x44a969 [ 74.659336][ T8395] Code: 28 c3 e8 3a 18 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 74.678925][ T8395] RSP: 002b:00007ffec5a44238 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 74.687320][ T8395] RAX: ffffffffffffffda RBX: 00007ffec5a44268 RCX: 000000000044a969 [ 74.695275][ T8395] RDX: 0000000000034000 RSI: 0000000020000440 RDI: 0000000000000003 [ 74.703241][ T8395] RBP: 0000000000000003 R08: 0000000000000001 R09: 0000000000000001 [ 74.711195][ T8395] R10: 0000000000000004 R11: 0000000000000246 R12: 00007ffec5a44290 [ 74.719150][ T8395] R13: 0000000000000003 R14: 00007ffec5a44270 R15: 0000000000000001 [ 74.727126][ T8395] [ 74.729446][ T8395] Allocated by task 1: [ 74.733543][ T8395] kasan_save_stack+0x1b/0x40 [ 74.738258][ T8395] __kasan_kmalloc+0x99/0xc0 [ 74.742871][ T8395] tomoyo_realpath_from_path+0xc3/0x620 [ 74.748437][ T8395] tomoyo_path_perm+0x21b/0x400 [ 74.753286][ T8395] security_inode_getattr+0xcf/0x140 [ 74.758565][ T8395] vfs_statx+0x164/0x390 [ 74.762794][ T8395] __do_sys_newlstat+0x91/0x110 [ 74.767624][ T8395] do_syscall_64+0x2d/0x70 [ 74.772022][ T8395] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 74.777904][ T8395] [ 74.780222][ T8395] Freed by task 1: [ 74.783926][ T8395] kasan_save_stack+0x1b/0x40 [ 74.788609][ T8395] kasan_set_track+0x1c/0x30 [ 74.793227][ T8395] kasan_set_free_info+0x20/0x30 [ 74.798154][ T8395] __kasan_slab_free+0xf5/0x130 [ 74.802989][ T8395] slab_free_freelist_hook+0x92/0x210 [ 74.808349][ T8395] kfree+0xe5/0x7f0 [ 74.812141][ T8395] tomoyo_realpath_from_path+0x191/0x620 [ 74.817754][ T8395] tomoyo_path_perm+0x21b/0x400 [ 74.822626][ T8395] security_inode_getattr+0xcf/0x140 [ 74.827893][ T8395] vfs_statx+0x164/0x390 [ 74.832117][ T8395] __do_sys_newlstat+0x91/0x110 [ 74.836961][ T8395] do_syscall_64+0x2d/0x70 [ 74.841368][ T8395] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 74.847247][ T8395] [ 74.849552][ T8395] The buggy address belongs to the object at ffff888027324000 [ 74.849552][ T8395] which belongs to the cache kmalloc-4k of size 4096 [ 74.863624][ T8395] The buggy address is located 11 bytes inside of [ 74.863624][ T8395] 4096-byte region [ffff888027324000, ffff888027325000) [ 74.876881][ T8395] The buggy address belongs to the page: [ 74.882490][ T8395] page:ffffea00009cc800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x27320 [ 74.892623][ T8395] head:ffffea00009cc800 order:3 compound_mapcount:0 compound_pincount:0 [ 74.900928][ T8395] flags: 0xfff00000010200(slab|head) [ 74.906202][ T8395] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888010842140 [ 74.914801][ T8395] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 74.923371][ T8395] page dumped because: kasan: bad access detected [ 74.929758][ T8395] [ 74.932065][ T8395] Memory state around the buggy address: [ 74.937672][ T8395] ffff888027323f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.945715][ T8395] ffff888027323f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.953753][ T8395] >ffff888027324000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 74.961790][ T8395] ^ [ 74.966097][ T8395] ffff888027324080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 74.974250][ T8395] ffff888027324100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 74.982288][ T8395] ================================================================== [ 74.990496][ T8395] Disabling lock debugging due to kernel taint [ 75.003796][ T8395] Kernel panic - not syncing: panic_on_warn set ... [ 75.010391][ T8395] CPU: 0 PID: 8395 Comm: syz-executor512 Tainted: G B 5.12.0-rc4-syzkaller #0 [ 75.020550][ T8395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 75.030599][ T8395] Call Trace: [ 75.033859][ T8395] dump_stack+0x141/0x1d7 [ 75.038174][ T8395] panic+0x306/0x73d [ 75.042051][ T8395] ? __warn_printk+0xf3/0xf3 [ 75.046620][ T8395] ? preempt_schedule_common+0x59/0xc0 [ 75.052056][ T8395] ? llc_sysctl_exit+0x60/0x60 [ 75.056803][ T8395] ? eth_header_parse_protocol+0xdc/0xe0 [ 75.062414][ T8395] ? preempt_schedule_thunk+0x16/0x18 [ 75.067766][ T8395] ? trace_hardirqs_on+0x38/0x1c0 [ 75.072770][ T8395] ? trace_hardirqs_on+0x51/0x1c0 [ 75.077774][ T8395] ? llc_sysctl_exit+0x60/0x60 [ 75.082527][ T8395] ? eth_header_parse_protocol+0xdc/0xe0 [ 75.088139][ T8395] ? eth_header_parse_protocol+0xdc/0xe0 [ 75.093792][ T8395] end_report.cold+0x5a/0x5a [ 75.098409][ T8395] kasan_report.cold+0x6a/0xd8 [ 75.103157][ T8395] ? eth_header_parse_protocol+0xdc/0xe0 [ 75.108767][ T8395] ? llc_sysctl_exit+0x60/0x60 [ 75.113508][ T8395] eth_header_parse_protocol+0xdc/0xe0 [ 75.118944][ T8395] virtio_net_hdr_to_skb.constprop.0+0x99d/0xcd0 [ 75.125257][ T8395] ? tpacket_destruct_skb+0x860/0x860 [ 75.130612][ T8395] packet_sendmsg+0x2325/0x52b0 [ 75.135441][ T8395] ? aa_sk_perm+0x31b/0xab0 [ 75.139926][ T8395] ? packet_cached_dev_get+0x250/0x250 [ 75.145366][ T8395] ? aa_af_perm+0x230/0x230 [ 75.149884][ T8395] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 75.156113][ T8395] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 75.162348][ T8395] ? packet_cached_dev_get+0x250/0x250 [ 75.167784][ T8395] sock_sendmsg+0xcf/0x120 [ 75.172192][ T8395] ____sys_sendmsg+0x6e8/0x810 [ 75.176945][ T8395] ? kernel_sendmsg+0x50/0x50 [ 75.181602][ T8395] ? do_recvmmsg+0x6d0/0x6d0 [ 75.186178][ T8395] ? lock_chain_count+0x20/0x20 [ 75.191006][ T8395] ? lockdep_hardirqs_on+0x79/0x100 [ 75.196182][ T8395] ? packet_setsockopt+0xc2b/0x3b30 [ 75.201359][ T8395] ___sys_sendmsg+0xf3/0x170 [ 75.206191][ T8395] ? sendmsg_copy_msghdr+0x160/0x160 [ 75.211494][ T8395] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 75.217716][ T8395] ? __fget_light+0x215/0x280 [ 75.222373][ T8395] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 75.228604][ T8395] __sys_sendmsg+0xe5/0x1b0 [ 75.233100][ T8395] ? __sys_sendmsg_sock+0x30/0x30 [ 75.238115][ T8395] ? syscall_enter_from_user_mode+0x27/0x70 [ 75.243997][ T8395] do_syscall_64+0x2d/0x70 [ 75.248399][ T8395] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 75.254274][ T8395] RIP: 0033:0x44a969 [ 75.258147][ T8395] Code: 28 c3 e8 3a 18 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 75.277905][ T8395] RSP: 002b:00007ffec5a44238 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 75.286305][ T8395] RAX: ffffffffffffffda RBX: 00007ffec5a44268 RCX: 000000000044a969 [ 75.294273][ T8395] RDX: 0000000000034000 RSI: 0000000020000440 RDI: 0000000000000003 [ 75.302233][ T8395] RBP: 0000000000000003 R08: 0000000000000001 R09: 0000000000000001 [ 75.310197][ T8395] R10: 0000000000000004 R11: 0000000000000246 R12: 00007ffec5a44290 [ 75.318149][ T8395] R13: 0000000000000003 R14: 00007ffec5a44270 R15: 0000000000000001 [ 75.326762][ T8395] Kernel Offset: disabled [ 75.331075][ T8395] Rebooting in 86400 seconds..