[ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.7' (ECDSA) to the list of known hosts. syzkaller login: [ 64.253299][ T6798] IPVS: ftp: loaded support on port[0] = 21 [ 64.341568][ T6798] chnl_net:caif_netlink_parms(): no params data found [ 64.397682][ T6798] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.405542][ T6798] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.414620][ T6798] device bridge_slave_0 entered promiscuous mode [ 64.424000][ T6798] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.431522][ T6798] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.440327][ T6798] device bridge_slave_1 entered promiscuous mode [ 64.461690][ T6798] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 64.472740][ T6798] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.497389][ T6798] team0: Port device team_slave_0 added [ 64.504925][ T6798] team0: Port device team_slave_1 added [ 64.523866][ T6798] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.531002][ T6798] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.557002][ T6798] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.571552][ T6798] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.578495][ T6798] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.604597][ T6798] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.672532][ T6798] device hsr_slave_0 entered promiscuous mode [ 64.709367][ T6798] device hsr_slave_1 entered promiscuous mode [ 64.829899][ T6798] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 64.872076][ T6798] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 64.941506][ T6798] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 64.982084][ T6798] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 65.056179][ T6798] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.063579][ T6798] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.071890][ T6798] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.079069][ T6798] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.125213][ T6798] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.138604][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 65.150167][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.159230][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.167641][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 65.181321][ T6798] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.193171][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 65.202629][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.209946][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.221857][ T3018] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 65.230496][ T3018] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.237653][ T3018] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.257964][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 65.267009][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 65.282015][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 65.298301][ T6798] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 65.309492][ T6798] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 65.322588][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 65.332121][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 65.341758][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 65.360536][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 65.367923][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 65.383699][ T6798] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.403011][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 65.412439][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 65.437057][ T2567] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 65.447920][ T2567] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 65.459134][ T6798] device veth0_vlan entered promiscuous mode [ 65.470959][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 65.478785][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 65.490838][ T6798] device veth1_vlan entered promiscuous mode [ 65.512661][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 65.521240][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 65.530078][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 65.538459][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 65.551467][ T6798] device veth0_macvtap entered promiscuous mode [ 65.562910][ T6798] device veth1_macvtap entered promiscuous mode [ 65.580963][ T6798] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.588379][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 65.597758][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 65.606206][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 65.616598][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 65.629610][ T6798] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.638680][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 65.647244][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 68.929521][ C0] ================================================================== [ 68.937703][ C0] BUG: KASAN: slab-out-of-bounds in ip_icmp_error+0x52a/0x5a0 [ 68.945149][ C0] Read of size 1 at addr ffff8880940077ff by task ksoftirqd/0/9 [ 68.952748][ C0] [ 68.955059][ C0] CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 5.7.0-rc7-next-20200526-syzkaller #0 [ 68.964308][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.974337][ C0] Call Trace: [ 68.977607][ C0] dump_stack+0x18f/0x20d [ 68.981921][ C0] ? ip_icmp_error+0x52a/0x5a0 [ 68.986657][ C0] ? ip_icmp_error+0x52a/0x5a0 [ 68.991401][ C0] print_address_description.constprop.0.cold+0xd3/0x413 [ 68.998401][ C0] ? memcpy+0x39/0x60 [ 69.002364][ C0] ? vprintk_func+0x97/0x1a6 [ 69.006930][ C0] ? ip_icmp_error+0x52a/0x5a0 [ 69.011667][ C0] kasan_report.cold+0x1f/0x37 [ 69.016409][ C0] ? skb_clone+0x190/0x3c0 [ 69.020806][ C0] ? ip_icmp_error+0x52a/0x5a0 [ 69.025551][ C0] ip_icmp_error+0x52a/0x5a0 [ 69.030119][ C0] tcp_v4_err+0x99e/0x1ce0 [ 69.034510][ C0] ? tcp_v4_do_rcv+0x8b0/0x8b0 [ 69.039260][ C0] icmp_socket_deliver+0x1e1/0x360 [ 69.044349][ C0] icmp_unreach+0x33b/0xab0 [ 69.048830][ C0] icmp_rcv+0xee6/0x15f0 [ 69.053052][ C0] ip_protocol_deliver_rcu+0x57/0x880 [ 69.058413][ C0] ? check_preemption_disabled+0x38/0x220 [ 69.064109][ C0] ip_local_deliver_finish+0x220/0x360 [ 69.069544][ C0] ip_local_deliver+0x1c8/0x4e0 [ 69.074406][ C0] ? ip_local_deliver_finish+0x360/0x360 [ 69.080031][ C0] ? ip_rcv+0x244/0x3c0 [ 69.084183][ C0] ? ip_protocol_deliver_rcu+0x880/0x880 [ 69.089795][ C0] ? lock_downgrade+0x840/0x840 [ 69.095369][ C0] ? ip_rcv_finish_core.isra.0+0x606/0x1ea0 [ 69.101264][ C0] ip_rcv_finish+0x1da/0x2f0 [ 69.105842][ C0] ip_rcv+0xd0/0x3c0 [ 69.109721][ C0] ? ip_local_deliver+0x4e0/0x4e0 [ 69.114727][ C0] ? ip_rcv_finish_core.isra.0+0x1ea0/0x1ea0 [ 69.120707][ C0] ? ip_local_deliver+0x4e0/0x4e0 [ 69.125722][ C0] __netif_receive_skb_one_core+0x114/0x180 [ 69.131852][ C0] ? __netif_receive_skb_core+0x33f0/0x33f0 [ 69.137720][ C0] ? do_raw_spin_lock+0x120/0x2d0 [ 69.142724][ C0] ? rwlock_bug.part.0+0x90/0x90 [ 69.147647][ C0] __netif_receive_skb+0x27/0x1c0 [ 69.152647][ C0] process_backlog+0x21e/0x7a0 [ 69.157396][ C0] ? lockdep_hardirqs_on_prepare+0x1bc/0x590 [ 69.163352][ C0] net_rx_action+0x4e1/0x10d0 [ 69.168050][ C0] ? napi_busy_loop+0x9e0/0x9e0 [ 69.172885][ C0] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 69.178844][ C0] ? lockdep_hardirqs_on_prepare+0x1bc/0x590 [ 69.184798][ C0] __do_softirq+0x268/0x9ee [ 69.189279][ C0] ? takeover_tasklets+0x810/0x810 [ 69.194363][ C0] run_ksoftirqd+0x89/0x100 [ 69.198839][ C0] smpboot_thread_fn+0x653/0x9e0 [ 69.203753][ C0] ? smpboot_register_percpu_thread+0x370/0x370 [ 69.209967][ C0] ? __kthread_parkme+0x13f/0x1e0 [ 69.214973][ C0] ? smpboot_register_percpu_thread+0x370/0x370 [ 69.221188][ C0] kthread+0x3b5/0x4a0 [ 69.225232][ C0] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 69.230925][ C0] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 69.236638][ C0] ret_from_fork+0x1f/0x30 [ 69.241294][ C0] [ 69.243609][ C0] Allocated by task 6798: [ 69.247913][ C0] save_stack+0x1b/0x40 [ 69.252044][ C0] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 69.257677][ C0] __kmalloc_reserve.isra.0+0x39/0xe0 [ 69.263028][ C0] __alloc_skb+0xef/0x5a0 [ 69.267335][ C0] rtmsg_ifinfo_build_skb+0x72/0x1a0 [ 69.272596][ C0] rtmsg_ifinfo_event.part.0+0x49/0xe0 [ 69.278047][ C0] rtmsg_ifinfo+0x7f/0xa0 [ 69.282353][ C0] register_netdevice+0xe64/0x10b0 [ 69.287443][ C0] nsim_create+0x1fb/0x2a0 [ 69.291846][ C0] __nsim_dev_port_add+0x31d/0x600 [ 69.296948][ C0] nsim_dev_probe+0xbb9/0xea0 [ 69.301610][ C0] really_probe+0x281/0x6d0 [ 69.306085][ C0] driver_probe_device+0xfe/0x1d0 [ 69.311090][ C0] __device_attach_driver+0x1c2/0x220 [ 69.316716][ C0] bus_for_each_drv+0x162/0x1e0 [ 69.321549][ C0] __device_attach+0x21a/0x360 [ 69.326304][ C0] bus_probe_device+0x1e4/0x290 [ 69.331860][ C0] device_add+0xaf1/0x1900 [ 69.336258][ C0] new_device_store+0x373/0x5c0 [ 69.341099][ C0] bus_attr_store+0x72/0xa0 [ 69.345620][ C0] sysfs_kf_write+0x110/0x160 [ 69.350690][ C0] kernfs_fop_write+0x268/0x490 [ 69.355523][ C0] __vfs_write+0x76/0x100 [ 69.359828][ C0] vfs_write+0x268/0x5d0 [ 69.364046][ C0] ksys_write+0x12d/0x250 [ 69.368377][ C0] do_syscall_64+0x60/0xe0 [ 69.372912][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 69.378779][ C0] [ 69.381091][ C0] Freed by task 6798: [ 69.385080][ C0] save_stack+0x1b/0x40 [ 69.389243][ C0] __kasan_slab_free+0xf7/0x140 [ 69.394065][ C0] kfree+0x109/0x2b0 [ 69.397936][ C0] skb_free_head+0x8b/0xa0 [ 69.402326][ C0] pskb_expand_head+0x2cd/0x10b0 [ 69.407239][ C0] netlink_trim+0x1ea/0x240 [ 69.411719][ C0] netlink_broadcast_filtered+0x5f/0xd40 [ 69.417333][ C0] nlmsg_notify+0x90/0x250 [ 69.421726][ C0] rtmsg_ifinfo_event.part.0+0xb6/0xe0 [ 69.427154][ C0] rtmsg_ifinfo+0x7f/0xa0 [ 69.431455][ C0] register_netdevice+0xe64/0x10b0 [ 69.436537][ C0] nsim_create+0x1fb/0x2a0 [ 69.440935][ C0] __nsim_dev_port_add+0x31d/0x600 [ 69.446016][ C0] nsim_dev_probe+0xbb9/0xea0 [ 69.450666][ C0] really_probe+0x281/0x6d0 [ 69.455141][ C0] driver_probe_device+0xfe/0x1d0 [ 69.460152][ C0] __device_attach_driver+0x1c2/0x220 [ 69.465564][ C0] bus_for_each_drv+0x162/0x1e0 [ 69.470482][ C0] __device_attach+0x21a/0x360 [ 69.475274][ C0] bus_probe_device+0x1e4/0x290 [ 69.480102][ C0] device_add+0xaf1/0x1900 [ 69.484768][ C0] new_device_store+0x373/0x5c0 [ 69.489735][ C0] bus_attr_store+0x72/0xa0 [ 69.494243][ C0] sysfs_kf_write+0x110/0x160 [ 69.498912][ C0] kernfs_fop_write+0x268/0x490 [ 69.503741][ C0] __vfs_write+0x76/0x100 [ 69.508424][ C0] vfs_write+0x268/0x5d0 [ 69.512656][ C0] ksys_write+0x12d/0x250 [ 69.517053][ C0] do_syscall_64+0x60/0xe0 [ 69.521457][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 69.527409][ C0] [ 69.529725][ C0] The buggy address belongs to the object at ffff888094006000 [ 69.529725][ C0] which belongs to the cache kmalloc-4k of size 4096 [ 69.544285][ C0] The buggy address is located 2047 bytes to the right of [ 69.544285][ C0] 4096-byte region [ffff888094006000, ffff888094007000) [ 69.558238][ C0] The buggy address belongs to the page: [ 69.563885][ C0] page:ffffea0002500180 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 head:ffffea0002500180 order:1 compound_mapcount:0 [ 69.577508][ C0] flags: 0xfffe0000010200(slab|head) [ 69.582950][ C0] raw: 00fffe0000010200 ffffea0002501d08 ffffea00022e8f88 ffff8880aa002000 [ 69.591676][ C0] raw: 0000000000000000 ffff888094006000 0000000100000001 0000000000000000 [ 69.600263][ C0] page dumped because: kasan: bad access detected [ 69.606653][ C0] [ 69.608956][ C0] Memory state around the buggy address: [ 69.614576][ C0] ffff888094007680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 69.622614][ C0] ffff888094007700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 69.630750][ C0] >ffff888094007780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 69.638828][ C0] ^ [ 69.646875][ C0] ffff888094007800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 69.654914][ C0] ffff888094007880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 69.663037][ C0] ================================================================== [ 69.671074][ C0] Disabling lock debugging due to kernel taint [ 69.677549][ C0] Kernel panic - not syncing: panic_on_warn set ... [ 69.684162][ C0] CPU: 0 PID: 9 Comm: ksoftirqd/0 Tainted: G B 5.7.0-rc7-next-20200526-syzkaller #0 [ 69.694836][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.704897][ C0] Call Trace: [ 69.708199][ C0] dump_stack+0x18f/0x20d [ 69.712539][ C0] ? ip_icmp_error+0x4f0/0x5a0 [ 69.717313][ C0] panic+0x2e3/0x75c [ 69.721224][ C0] ? __warn_printk+0xf3/0xf3 [ 69.725824][ C0] ? ip_icmp_error+0x52a/0x5a0 [ 69.732060][ C0] ? trace_hardirqs_on+0x55/0x220 [ 69.737059][ C0] ? ip_icmp_error+0x52a/0x5a0 [ 69.741815][ C0] ? ip_icmp_error+0x52a/0x5a0 [ 69.746569][ C0] end_report+0x4d/0x53 [ 69.750713][ C0] kasan_report.cold+0xd/0x37 [ 69.755373][ C0] ? skb_clone+0x190/0x3c0 [ 69.759780][ C0] ? ip_icmp_error+0x52a/0x5a0 [ 69.764525][ C0] ip_icmp_error+0x52a/0x5a0 [ 69.769098][ C0] tcp_v4_err+0x99e/0x1ce0 [ 69.773500][ C0] ? tcp_v4_do_rcv+0x8b0/0x8b0 [ 69.778247][ C0] icmp_socket_deliver+0x1e1/0x360 [ 69.783343][ C0] icmp_unreach+0x33b/0xab0 [ 69.787818][ C0] icmp_rcv+0xee6/0x15f0 [ 69.792035][ C0] ip_protocol_deliver_rcu+0x57/0x880 [ 69.797396][ C0] ? check_preemption_disabled+0x38/0x220 [ 69.803229][ C0] ip_local_deliver_finish+0x220/0x360 [ 69.808688][ C0] ip_local_deliver+0x1c8/0x4e0 [ 69.813529][ C0] ? ip_local_deliver_finish+0x360/0x360 [ 69.819149][ C0] ? ip_rcv+0x244/0x3c0 [ 69.823278][ C0] ? ip_protocol_deliver_rcu+0x880/0x880 [ 69.828904][ C0] ? lock_downgrade+0x840/0x840 [ 69.833780][ C0] ? ip_rcv_finish_core.isra.0+0x606/0x1ea0 [ 69.839675][ C0] ip_rcv_finish+0x1da/0x2f0 [ 69.844251][ C0] ip_rcv+0xd0/0x3c0 [ 69.848224][ C0] ? ip_local_deliver+0x4e0/0x4e0 [ 69.853221][ C0] ? ip_rcv_finish_core.isra.0+0x1ea0/0x1ea0 [ 69.859187][ C0] ? ip_local_deliver+0x4e0/0x4e0 [ 69.864186][ C0] __netif_receive_skb_one_core+0x114/0x180 [ 69.870060][ C0] ? __netif_receive_skb_core+0x33f0/0x33f0 [ 69.875934][ C0] ? do_raw_spin_lock+0x120/0x2d0 [ 69.880931][ C0] ? rwlock_bug.part.0+0x90/0x90 [ 69.885840][ C0] __netif_receive_skb+0x27/0x1c0 [ 69.890835][ C0] process_backlog+0x21e/0x7a0 [ 69.895589][ C0] ? lockdep_hardirqs_on_prepare+0x1bc/0x590 [ 69.901543][ C0] net_rx_action+0x4e1/0x10d0 [ 69.906745][ C0] ? napi_busy_loop+0x9e0/0x9e0 [ 69.911944][ C0] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 69.917908][ C0] ? lockdep_hardirqs_on_prepare+0x1bc/0x590 [ 69.923864][ C0] __do_softirq+0x268/0x9ee [ 69.928360][ C0] ? takeover_tasklets+0x810/0x810 [ 69.933455][ C0] run_ksoftirqd+0x89/0x100 [ 69.937931][ C0] smpboot_thread_fn+0x653/0x9e0 [ 69.942857][ C0] ? smpboot_register_percpu_thread+0x370/0x370 [ 69.949086][ C0] ? __kthread_parkme+0x13f/0x1e0 [ 69.954121][ C0] ? smpboot_register_percpu_thread+0x370/0x370 [ 69.960366][ C0] kthread+0x3b5/0x4a0 [ 69.964436][ C0] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 69.970301][ C0] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 69.976351][ C0] ret_from_fork+0x1f/0x30 [ 69.982167][ C0] Kernel Offset: disabled [ 69.986511][ C0] Rebooting in 86400 seconds..