Warning: Permanently added '10.128.0.115' (ECDSA) to the list of known hosts. syzkaller login: [ 77.545172][ T9662] IPVS: ftp: loaded support on port[0] = 21 [ 77.613349][ T9662] chnl_net:caif_netlink_parms(): no params data found [ 77.645953][ T9662] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.654158][ T9662] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.662828][ T9662] device bridge_slave_0 entered promiscuous mode [ 77.671322][ T9662] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.679288][ T9662] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.686873][ T9662] device bridge_slave_1 entered promiscuous mode [ 77.708032][ T9662] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.720161][ T9662] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.738962][ T9662] team0: Port device team_slave_0 added [ 77.746090][ T9662] team0: Port device team_slave_1 added [ 77.840989][ T9662] device hsr_slave_0 entered promiscuous mode [ 77.908407][ T9662] device hsr_slave_1 entered promiscuous mode [ 78.011816][ T9662] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 78.071275][ T9662] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 78.140791][ T9662] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 78.190724][ T9662] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 78.249803][ T9662] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.256967][ T9662] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.264810][ T9662] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.271935][ T9662] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.313607][ T9662] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.326050][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 78.346428][ T2671] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.365713][ T2671] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.373717][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 78.386716][ T9662] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.396879][ T3038] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 78.405805][ T3038] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.412898][ T3038] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.431017][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 78.440244][ T2671] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.447330][ T2671] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.467694][ T9662] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 78.479145][ T9662] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 78.491603][ T3038] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 78.501070][ T3038] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 78.509636][ T3038] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 78.518286][ T3038] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 78.527155][ T3038] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 78.534995][ T3038] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 78.557278][ T9662] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.564541][ T3038] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 78.574903][ T3038] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 78.593617][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready executing program [ 78.611855][ T3038] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 78.620583][ T3038] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 78.631246][ T3038] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 78.640392][ T3038] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 78.649808][ T9662] device veth0_vlan entered promiscuous mode [ 78.661903][ T9662] device veth1_vlan entered promiscuous mode [ 78.738800][ T9662] ================================================================== [ 78.747066][ T9662] BUG: KASAN: use-after-free in macvlan_broadcast+0x547/0x620 [ 78.754504][ T9662] Read of size 4 at addr ffff8880a528e801 by task syz-executor066/9662 [ 78.762714][ T9662] [ 78.765026][ T9662] CPU: 1 PID: 9662 Comm: syz-executor066 Not tainted 5.5.0-rc5-syzkaller #0 [ 78.773674][ T9662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 78.783711][ T9662] Call Trace: [ 78.786983][ T9662] dump_stack+0x197/0x210 [ 78.791297][ T9662] ? macvlan_broadcast+0x547/0x620 [ 78.796387][ T9662] print_address_description.constprop.0.cold+0xd4/0x30b [ 78.803431][ T9662] ? macvlan_broadcast+0x547/0x620 [ 78.808534][ T9662] ? macvlan_broadcast+0x547/0x620 [ 78.813641][ T9662] __kasan_report.cold+0x1b/0x41 [ 78.818571][ T9662] ? validate_xmit_xfrm+0x3d0/0xf10 [ 78.823758][ T9662] ? macvlan_broadcast+0x547/0x620 [ 78.828852][ T9662] kasan_report+0x12/0x20 [ 78.833159][ T9662] __asan_report_load_n_noabort+0xf/0x20 [ 78.838778][ T9662] macvlan_broadcast+0x547/0x620 [ 78.843706][ T9662] ? validate_xmit_skb+0x81f/0xe50 [ 78.848809][ T9662] macvlan_start_xmit+0x402/0x77f [ 78.853829][ T9662] dev_direct_xmit+0x419/0x630 [ 78.858585][ T9662] ? __check_heap_object+0x51/0xb3 [ 78.863698][ T9662] ? validate_xmit_skb_list+0x150/0x150 [ 78.869226][ T9662] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 78.875453][ T9662] ? netdev_pick_tx+0x14e/0xb00 [ 78.880289][ T9662] packet_direct_xmit+0x1a9/0x250 [ 78.885292][ T9662] packet_sendmsg+0x260d/0x6220 [ 78.890123][ T9662] ? ___might_sleep+0x163/0x2c0 [ 78.894951][ T9662] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 78.901168][ T9662] ? aa_label_sk_perm+0x91/0xf0 [ 78.906004][ T9662] ? packet_notifier+0x880/0x880 [ 78.910922][ T9662] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 78.916443][ T9662] ? apparmor_socket_sendmsg+0x2a/0x30 [ 78.921885][ T9662] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 78.928112][ T9662] ? security_socket_sendmsg+0x8d/0xc0 [ 78.933566][ T9662] ? packet_notifier+0x880/0x880 [ 78.938533][ T9662] sock_sendmsg+0xd7/0x130 [ 78.942968][ T9662] __sys_sendto+0x262/0x380 [ 78.947461][ T9662] ? __ia32_sys_getpeername+0xb0/0xb0 [ 78.952829][ T9662] ? __ia32_sys_socketpair+0xf0/0xf0 [ 78.958103][ T9662] ? fput+0x1b/0x20 [ 78.961919][ T9662] ? __kasan_check_write+0x14/0x20 [ 78.967011][ T9662] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 78.972454][ T9662] ? do_fast_syscall_32+0xd1/0xe16 [ 78.977546][ T9662] ? entry_SYSENTER_compat+0x70/0x7f [ 78.982817][ T9662] __ia32_sys_sendto+0xdf/0x1a0 [ 78.987653][ T9662] do_fast_syscall_32+0x27b/0xe16 [ 78.992667][ T9662] entry_SYSENTER_compat+0x70/0x7f [ 78.998809][ T9662] RIP: 0023:0xf7fb2a39 [ 79.002898][ T9662] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 79.022495][ T9662] RSP: 002b:00000000ffc9a4dc EFLAGS: 00000282 ORIG_RAX: 0000000000000171 [ 79.030936][ T9662] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000080 [ 79.038893][ T9662] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000000 [ 79.046854][ T9662] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 79.054845][ T9662] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 79.062795][ T9662] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 79.070751][ T9662] [ 79.073060][ T9662] Allocated by task 9659: [ 79.077368][ T9662] save_stack+0x23/0x90 [ 79.081505][ T9662] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 79.087111][ T9662] kasan_slab_alloc+0xf/0x20 [ 79.091685][ T9662] kmem_cache_alloc+0x121/0x710 [ 79.096546][ T9662] getname_kernel+0x53/0x370 [ 79.101117][ T9662] kern_path+0x20/0x40 [ 79.105161][ T9662] unix_find_other+0xfb/0x770 [ 79.109813][ T9662] unix_stream_connect+0x2c9/0x146b [ 79.114988][ T9662] __sys_connect_file+0x161/0x1c0 [ 79.119990][ T9662] __sys_connect+0x174/0x1b0 [ 79.124554][ T9662] __x64_sys_connect+0x73/0xb0 [ 79.129294][ T9662] do_syscall_64+0xfa/0x790 [ 79.133774][ T9662] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 79.139641][ T9662] [ 79.141948][ T9662] Freed by task 9659: [ 79.145910][ T9662] save_stack+0x23/0x90 [ 79.150046][ T9662] __kasan_slab_free+0x102/0x150 [ 79.154959][ T9662] kasan_slab_free+0xe/0x10 [ 79.159450][ T9662] kmem_cache_free+0x86/0x320 [ 79.164105][ T9662] putname+0xef/0x130 [ 79.168063][ T9662] filename_lookup+0x28f/0x3f0 [ 79.172805][ T9662] kern_path+0x36/0x40 [ 79.176851][ T9662] unix_find_other+0xfb/0x770 [ 79.181513][ T9662] unix_stream_connect+0x2c9/0x146b [ 79.186691][ T9662] __sys_connect_file+0x161/0x1c0 [ 79.191697][ T9662] __sys_connect+0x174/0x1b0 [ 79.196263][ T9662] __x64_sys_connect+0x73/0xb0 [ 79.201006][ T9662] do_syscall_64+0xfa/0x790 [ 79.205484][ T9662] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 79.211349][ T9662] [ 79.213658][ T9662] The buggy address belongs to the object at ffff8880a528e640 [ 79.213658][ T9662] which belongs to the cache names_cache of size 4096 [ 79.229229][ T9662] The buggy address is located 449 bytes inside of [ 79.229229][ T9662] 4096-byte region [ffff8880a528e640, ffff8880a528f640) [ 79.242564][ T9662] The buggy address belongs to the page: [ 79.248190][ T9662] page:ffffea000294a380 refcount:1 mapcount:0 mapping:ffff8880aa5fda80 index:0x0 compound_mapcount: 0 [ 79.259126][ T9662] raw: 00fffe0000010200 ffffea00027c1188 ffffea00024d0108 ffff8880aa5fda80 [ 79.267701][ T9662] raw: 0000000000000000 ffff8880a528e640 0000000100000001 0000000000000000 [ 79.276265][ T9662] page dumped because: kasan: bad access detected [ 79.282653][ T9662] [ 79.284960][ T9662] Memory state around the buggy address: [ 79.290567][ T9662] ffff8880a528e700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 79.298613][ T9662] ffff8880a528e780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 79.306661][ T9662] >ffff8880a528e800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 79.314697][ T9662] ^ [ 79.318761][ T9662] ffff8880a528e880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 79.326828][ T9662] ffff8880a528e900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 79.334896][ T9662] ================================================================== [ 79.342947][ T9662] Disabling lock debugging due to kernel taint [ 79.349112][ T9662] Kernel panic - not syncing: panic_on_warn set ... [ 79.355717][ T9662] CPU: 1 PID: 9662 Comm: syz-executor066 Tainted: G B 5.5.0-rc5-syzkaller #0 [ 79.365795][ T9662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 79.375830][ T9662] Call Trace: [ 79.379106][ T9662] dump_stack+0x197/0x210 [ 79.383425][ T9662] panic+0x2e3/0x75c [ 79.387297][ T9662] ? add_taint.cold+0x16/0x16 [ 79.391968][ T9662] ? trace_hardirqs_on+0x5e/0x240 [ 79.396967][ T9662] ? trace_hardirqs_on+0x5e/0x240 [ 79.401970][ T9662] ? macvlan_broadcast+0x547/0x620 [ 79.407058][ T9662] end_report+0x47/0x4f [ 79.411191][ T9662] ? macvlan_broadcast+0x547/0x620 [ 79.416280][ T9662] __kasan_report.cold+0xe/0x41 [ 79.421110][ T9662] ? validate_xmit_xfrm+0x3d0/0xf10 [ 79.426818][ T9662] ? macvlan_broadcast+0x547/0x620 [ 79.431926][ T9662] kasan_report+0x12/0x20 [ 79.436239][ T9662] __asan_report_load_n_noabort+0xf/0x20 [ 79.442549][ T9662] macvlan_broadcast+0x547/0x620 [ 79.447464][ T9662] ? validate_xmit_skb+0x81f/0xe50 [ 79.452553][ T9662] macvlan_start_xmit+0x402/0x77f [ 79.457564][ T9662] dev_direct_xmit+0x419/0x630 [ 79.462303][ T9662] ? __check_heap_object+0x51/0xb3 [ 79.467387][ T9662] ? validate_xmit_skb_list+0x150/0x150 [ 79.472911][ T9662] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 79.479137][ T9662] ? netdev_pick_tx+0x14e/0xb00 [ 79.483981][ T9662] packet_direct_xmit+0x1a9/0x250 [ 79.488989][ T9662] packet_sendmsg+0x260d/0x6220 [ 79.493821][ T9662] ? ___might_sleep+0x163/0x2c0 [ 79.498663][ T9662] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 79.504881][ T9662] ? aa_label_sk_perm+0x91/0xf0 [ 79.509719][ T9662] ? packet_notifier+0x880/0x880 [ 79.514638][ T9662] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 79.520164][ T9662] ? apparmor_socket_sendmsg+0x2a/0x30 [ 79.525612][ T9662] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 79.531831][ T9662] ? security_socket_sendmsg+0x8d/0xc0 [ 79.537276][ T9662] ? packet_notifier+0x880/0x880 [ 79.542205][ T9662] sock_sendmsg+0xd7/0x130 [ 79.546603][ T9662] __sys_sendto+0x262/0x380 [ 79.551093][ T9662] ? __ia32_sys_getpeername+0xb0/0xb0 [ 79.556460][ T9662] ? __ia32_sys_socketpair+0xf0/0xf0 [ 79.561733][ T9662] ? fput+0x1b/0x20 [ 79.565519][ T9662] ? __kasan_check_write+0x14/0x20 [ 79.570618][ T9662] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 79.576067][ T9662] ? do_fast_syscall_32+0xd1/0xe16 [ 79.581161][ T9662] ? entry_SYSENTER_compat+0x70/0x7f [ 79.586440][ T9662] __ia32_sys_sendto+0xdf/0x1a0 [ 79.591275][ T9662] do_fast_syscall_32+0x27b/0xe16 [ 79.596279][ T9662] entry_SYSENTER_compat+0x70/0x7f [ 79.601375][ T9662] RIP: 0023:0xf7fb2a39 [ 79.605423][ T9662] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 79.625023][ T9662] RSP: 002b:00000000ffc9a4dc EFLAGS: 00000282 ORIG_RAX: 0000000000000171 [ 79.633466][ T9662] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000080 [ 79.641460][ T9662] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000000 [ 79.649413][ T9662] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 79.657368][ T9662] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 79.665333][ T9662] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 79.668334][ T3038] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 79.682312][ T9662] Kernel Offset: disabled [ 79.686683][ T9662] Rebooting in 86400 seconds..