Warning: Permanently added '10.128.1.57' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 61.315247][ T8453] IPVS: ftp: loaded support on port[0] = 21 [ 61.375327][ T8463] ================================================================== [ 61.383529][ T8463] BUG: KASAN: use-after-free in napi_gro_frags+0xc6f/0xd10 [ 61.390701][ T8463] Read of size 2 at addr ffff8880a975840c by task syz-executor165/8463 [ 61.399255][ T8463] [ 61.401574][ T8463] CPU: 1 PID: 8463 Comm: syz-executor165 Not tainted 5.2.0-rc1+ #32 [ 61.409699][ T8463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.419735][ T8463] Call Trace: [ 61.423117][ T8463] dump_stack+0x172/0x1f0 [ 61.427426][ T8463] ? napi_gro_frags+0xc6f/0xd10 [ 61.432257][ T8463] print_address_description.cold+0x7c/0x20d [ 61.438225][ T8463] ? napi_gro_frags+0xc6f/0xd10 [ 61.443069][ T8463] ? napi_gro_frags+0xc6f/0xd10 [ 61.447905][ T8463] __kasan_report.cold+0x1b/0x40 [ 61.452821][ T8463] ? __kasan_slab_free+0x140/0x150 [ 61.457912][ T8463] ? napi_gro_frags+0xc6f/0xd10 [ 61.462750][ T8463] kasan_report+0x12/0x20 [ 61.467071][ T8463] __asan_report_load_n_noabort+0xf/0x20 [ 61.472686][ T8463] napi_gro_frags+0xc6f/0xd10 [ 61.477348][ T8463] tun_get_user+0x2f3c/0x3ff0 [ 61.482008][ T8463] ? tun_device_event+0xee0/0xee0 [ 61.487105][ T8463] ? tun_get+0x171/0x290 [ 61.491336][ T8463] ? lock_downgrade+0x880/0x880 [ 61.496184][ T8463] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 61.502417][ T8463] ? kasan_check_read+0x11/0x20 [ 61.507249][ T8463] tun_chr_write_iter+0xbd/0x156 [ 61.512166][ T8463] do_iter_readv_writev+0x5f8/0x8f0 [ 61.517347][ T8463] ? no_seek_end_llseek_size+0x70/0x70 [ 61.522805][ T8463] ? apparmor_file_permission+0x25/0x30 [ 61.528330][ T8463] ? rw_verify_area+0x126/0x360 [ 61.533163][ T8463] do_iter_write+0x184/0x610 [ 61.537728][ T8463] ? dup_iter+0x260/0x260 [ 61.542062][ T8463] vfs_writev+0x1b3/0x2f0 [ 61.546376][ T8463] ? vfs_iter_write+0xb0/0xb0 [ 61.551032][ T8463] ? __handle_mm_fault+0x7cb/0x3eb0 [ 61.556207][ T8463] ? __do_page_fault+0x623/0xda0 [ 61.561123][ T8463] ? __do_page_fault+0x623/0xda0 [ 61.566038][ T8463] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 61.572262][ T8463] ? __fget_light+0x1a9/0x230 [ 61.576915][ T8463] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 61.583127][ T8463] do_writev+0x15b/0x330 [ 61.587345][ T8463] ? vfs_writev+0x2f0/0x2f0 [ 61.591828][ T8463] ? do_syscall_64+0x26/0x680 [ 61.596483][ T8463] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.602524][ T8463] ? do_syscall_64+0x26/0x680 [ 61.607180][ T8463] __x64_sys_writev+0x75/0xb0 [ 61.611835][ T8463] do_syscall_64+0xfd/0x680 [ 61.616367][ T8463] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.622250][ T8463] RIP: 0033:0x441cd0 [ 61.626125][ T8463] Code: 05 48 3d 01 f0 ff ff 0f 83 9d 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d 41 93 29 00 00 75 14 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 74 09 fc ff c3 48 83 ec 08 e8 ba 2b 00 00 [ 61.645705][ T8463] RSP: 002b:00007ffff84faff8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 61.654093][ T8463] RAX: ffffffffffffffda RBX: 00007ffff84fb020 RCX: 0000000000441cd0 [ 61.662039][ T8463] RDX: 0000000000000003 RSI: 00007ffff84fb040 RDI: 00000000000000f0 [ 61.669984][ T8463] RBP: 00007ffff84fb040 R08: 00007ffff84fb070 R09: 0000000000000003 [ 61.677931][ T8463] R10: 0000000000000d77 R11: 0000000000000246 R12: 000000000000efa6 [ 61.685876][ T8463] R13: 0000000000402b60 R14: 0000000000000000 R15: 0000000000000000 [ 61.693834][ T8463] [ 61.696138][ T8463] The buggy address belongs to the page: [ 61.701742][ T8463] page:ffffea0002a5d600 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x0 [ 61.711162][ T8463] flags: 0x1fffc0000000000() [ 61.715747][ T8463] raw: 01fffc0000000000 ffffea000297ea08 ffff88812fffc878 0000000000000000 [ 61.724324][ T8463] raw: 0000000000000000 0000000000000003 00000000ffffff7f 0000000000000000 [ 61.732884][ T8463] page dumped because: kasan: bad access detected [ 61.739265][ T8463] [ 61.741564][ T8463] Memory state around the buggy address: [ 61.747202][ T8463] ffff8880a9758300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 61.755237][ T8463] ffff8880a9758380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 61.763272][ T8463] >ffff8880a9758400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 61.771303][ T8463] ^ [ 61.775616][ T8463] ffff8880a9758480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 61.783652][ T8463] ffff8880a9758500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 61.791692][ T8463] ================================================================== [ 61.799722][ T8463] Disabling lock debugging due to kernel taint [ 61.805904][ T8463] Kernel panic - not syncing: panic_on_warn set ... [ 61.812482][ T8463] CPU: 1 PID: 8463 Comm: syz-executor165 Tainted: G B 5.2.0-rc1+ #32 [ 61.821904][ T8463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.831929][ T8463] Call Trace: [ 61.835199][ T8463] dump_stack+0x172/0x1f0 [ 61.839506][ T8463] panic+0x2cb/0x744 [ 61.843378][ T8463] ? __warn_printk+0xf3/0xf3 [ 61.847945][ T8463] ? trace_hardirqs_on+0x5e/0x220 [ 61.852946][ T8463] ? trace_hardirqs_on+0x5e/0x220 [ 61.861603][ T8463] ? napi_gro_frags+0xc6f/0xd10 [ 61.866429][ T8463] end_report+0x47/0x4f [ 61.870563][ T8463] ? napi_gro_frags+0xc6f/0xd10 [ 61.875392][ T8463] __kasan_report.cold+0xe/0x40 [ 61.880215][ T8463] ? __kasan_slab_free+0x140/0x150 [ 61.885299][ T8463] ? napi_gro_frags+0xc6f/0xd10 [ 61.890221][ T8463] kasan_report+0x12/0x20 [ 61.894524][ T8463] __asan_report_load_n_noabort+0xf/0x20 [ 61.900133][ T8463] napi_gro_frags+0xc6f/0xd10 [ 61.904786][ T8463] tun_get_user+0x2f3c/0x3ff0 [ 61.909437][ T8463] ? tun_device_event+0xee0/0xee0 [ 61.914428][ T8463] ? tun_get+0x171/0x290 [ 61.918658][ T8463] ? lock_downgrade+0x880/0x880 [ 61.923482][ T8463] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 61.929794][ T8463] ? kasan_check_read+0x11/0x20 [ 61.934617][ T8463] tun_chr_write_iter+0xbd/0x156 [ 61.939540][ T8463] do_iter_readv_writev+0x5f8/0x8f0 [ 61.944711][ T8463] ? no_seek_end_llseek_size+0x70/0x70 [ 61.950150][ T8463] ? apparmor_file_permission+0x25/0x30 [ 61.955694][ T8463] ? rw_verify_area+0x126/0x360 [ 61.960529][ T8463] do_iter_write+0x184/0x610 [ 61.965090][ T8463] ? dup_iter+0x260/0x260 [ 61.969588][ T8463] vfs_writev+0x1b3/0x2f0 [ 61.973887][ T8463] ? vfs_iter_write+0xb0/0xb0 [ 61.978557][ T8463] ? __handle_mm_fault+0x7cb/0x3eb0 [ 61.983749][ T8463] ? __do_page_fault+0x623/0xda0 [ 61.988657][ T8463] ? __do_page_fault+0x623/0xda0 [ 61.993576][ T8463] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 61.999901][ T8463] ? __fget_light+0x1a9/0x230 [ 62.004554][ T8463] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 62.010774][ T8463] do_writev+0x15b/0x330 [ 62.014992][ T8463] ? vfs_writev+0x2f0/0x2f0 [ 62.019487][ T8463] ? do_syscall_64+0x26/0x680 [ 62.024137][ T8463] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 62.030174][ T8463] ? do_syscall_64+0x26/0x680 [ 62.035597][ T8463] __x64_sys_writev+0x75/0xb0 [ 62.040271][ T8463] do_syscall_64+0xfd/0x680 [ 62.044759][ T8463] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 62.050665][ T8463] RIP: 0033:0x441cd0 [ 62.054545][ T8463] Code: 05 48 3d 01 f0 ff ff 0f 83 9d 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d 41 93 29 00 00 75 14 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 74 09 fc ff c3 48 83 ec 08 e8 ba 2b 00 00 [ 62.074131][ T8463] RSP: 002b:00007ffff84faff8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 62.082516][ T8463] RAX: ffffffffffffffda RBX: 00007ffff84fb020 RCX: 0000000000441cd0 [ 62.090461][ T8463] RDX: 0000000000000003 RSI: 00007ffff84fb040 RDI: 00000000000000f0 [ 62.098434][ T8463] RBP: 00007ffff84fb040 R08: 00007ffff84fb070 R09: 0000000000000003 [ 62.106394][ T8463] R10: 0000000000000d77 R11: 0000000000000246 R12: 000000000000efa6 [ 62.114341][ T8463] R13: 0000000000402b60 R14: 0000000000000000 R15: 0000000000000000 [ 62.123064][ T8463] Kernel Offset: disabled [ 62.127389][ T8463] Rebooting in 86400 seconds..