Warning: Permanently added '10.128.0.91' (ECDSA) to the list of known hosts. [ 54.091208][ T8381] IPVS: ftp: loaded support on port[0] = 21 [ 54.170010][ T8381] chnl_net:caif_netlink_parms(): no params data found [ 54.211038][ T8381] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.218697][ T8381] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.228490][ T8381] device bridge_slave_0 entered promiscuous mode [ 54.237958][ T8381] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.245333][ T8381] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.253922][ T8381] device bridge_slave_1 entered promiscuous mode [ 54.270007][ T8381] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.280464][ T8381] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.299906][ T8381] team0: Port device team_slave_0 added [ 54.307178][ T8381] team0: Port device team_slave_1 added [ 54.321114][ T8381] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.328224][ T8381] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.355243][ T8381] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.369036][ T8381] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.377150][ T8381] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.403279][ T8381] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.425545][ T8381] device hsr_slave_0 entered promiscuous mode [ 54.432335][ T8381] device hsr_slave_1 entered promiscuous mode [ 54.510609][ T8381] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 54.520374][ T8381] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 54.529923][ T8381] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 54.539564][ T8381] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 54.559364][ T8381] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.566811][ T8381] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.574485][ T8381] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.581714][ T8381] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.616921][ T8381] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.631347][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.643649][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.651673][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.659871][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 54.672293][ T8381] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.684221][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.692583][ T20] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.699630][ T20] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.710256][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.719583][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.727670][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.744585][ T2933] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 54.753423][ T2933] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 54.769387][ T8381] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 54.780278][ T8381] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 54.794921][ T2933] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 54.803986][ T2933] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 54.812635][ T2933] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 54.821266][ T2933] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 54.839688][ T8381] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.846915][ T2933] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 54.854932][ T2933] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 54.872553][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 54.888524][ T8589] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 54.897490][ T8589] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 54.905804][ T8589] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 54.916195][ T8381] device veth0_vlan entered promiscuous mode [ 54.927094][ T8381] device veth1_vlan entered promiscuous mode [ 54.944739][ T8589] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 54.953761][ T8589] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 54.961768][ T8589] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 54.973651][ T8381] device veth0_macvtap entered promiscuous mode [ 54.983312][ T8381] device veth1_macvtap entered promiscuous mode [ 54.999155][ T8381] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.007756][ T8589] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 55.018499][ T8589] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 55.030038][ T8381] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.038093][ T8589] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 55.049147][ T8381] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.058709][ T8381] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.067677][ T8381] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 executing program [ 55.076512][ T8381] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.107607][ T8381] ================================================================== [ 55.116984][ T8381] BUG: KASAN: use-after-free in ipvlan_queue_xmit+0x158f/0x18a0 [ 55.124688][ T8381] Read of size 4 at addr ffff88814738a7ff by task syz-executor793/8381 [ 55.132911][ T8381] [ 55.135224][ T8381] CPU: 1 PID: 8381 Comm: syz-executor793 Not tainted 5.12.0-rc6-syzkaller #0 [ 55.143967][ T8381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.154184][ T8381] Call Trace: [ 55.157450][ T8381] dump_stack+0x141/0x1d7 [ 55.161777][ T8381] ? ipvlan_queue_xmit+0x158f/0x18a0 [ 55.167067][ T8381] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 55.174079][ T8381] ? ipvlan_queue_xmit+0x158f/0x18a0 [ 55.179352][ T8381] ? ipvlan_queue_xmit+0x158f/0x18a0 [ 55.184620][ T8381] kasan_report.cold+0x7c/0xd8 [ 55.189391][ T8381] ? ipvlan_queue_xmit+0x158f/0x18a0 [ 55.194664][ T8381] ipvlan_queue_xmit+0x158f/0x18a0 [ 55.199761][ T8381] ? ipvlan_handle_mode_l3+0x140/0x140 [ 55.205317][ T8381] ? __sanitizer_cov_trace_switch+0x63/0xf0 [ 55.211202][ T8381] ? skb_crc32c_csum_help+0x70/0x70 [ 55.216408][ T8381] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 55.222466][ T8381] ? __might_fault+0xd3/0x180 [ 55.227130][ T8381] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 55.233359][ T8381] ? validate_xmit_xfrm+0x498/0x1080 [ 55.238633][ T8381] ? netif_skb_features+0x38d/0xb90 [ 55.243828][ T8381] ipvlan_start_xmit+0x45/0x190 [ 55.248666][ T8381] __dev_direct_xmit+0x527/0x730 [ 55.253592][ T8381] ? validate_xmit_skb_list+0x120/0x120 [ 55.259150][ T8381] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 55.265379][ T8381] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 55.271609][ T8381] ? netdev_pick_tx+0x150/0xb70 [ 55.276444][ T8381] ? packet_poll+0x600/0x600 [ 55.281046][ T8381] packet_direct_xmit+0x1a5/0x280 [ 55.286059][ T8381] packet_sendmsg+0x2405/0x52b0 [ 55.290928][ T8381] ? aa_sk_perm+0x31b/0xab0 [ 55.295422][ T8381] ? packet_cached_dev_get+0x250/0x250 [ 55.300886][ T8381] ? aa_af_perm+0x230/0x230 [ 55.305400][ T8381] ? find_held_lock+0x2d/0x110 [ 55.310155][ T8381] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 55.316387][ T8381] ? packet_cached_dev_get+0x250/0x250 [ 55.321859][ T8381] sock_sendmsg+0xcf/0x120 [ 55.326265][ T8381] __sys_sendto+0x21c/0x320 [ 55.330760][ T8381] ? __ia32_sys_getpeername+0xb0/0xb0 [ 55.336123][ T8381] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 55.342093][ T8381] ? packet_do_bind+0x454/0xc00 [ 55.346965][ T8381] ? __context_tracking_exit+0xb8/0xe0 [ 55.352415][ T8381] ? lock_downgrade+0x6e0/0x6e0 [ 55.357263][ T8381] __x64_sys_sendto+0xdd/0x1b0 [ 55.362017][ T8381] ? lockdep_hardirqs_on+0x79/0x100 [ 55.367204][ T8381] ? syscall_enter_from_user_mode+0x27/0x70 [ 55.373087][ T8381] do_syscall_64+0x2d/0x70 [ 55.377498][ T8381] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 55.383380][ T8381] RIP: 0033:0x443a19 [ 55.387259][ T8381] Code: 28 c3 e8 4a 15 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 55.406854][ T8381] RSP: 002b:00007fffdd83cc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 55.415252][ T8381] RAX: ffffffffffffffda RBX: 00007fffdd83cc98 RCX: 0000000000443a19 [ 55.423230][ T8381] RDX: 000000000000000e RSI: 0000000020000000 RDI: 0000000000000004 [ 55.431185][ T8381] RBP: 0000000000000003 R08: 0000000000000000 R09: ffffffffffffff09 [ 55.439142][ T8381] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffdd83cca0 [ 55.447098][ T8381] R13: 00007fffdd83cc94 R14: 0000000000000003 R15: 0000000000000000 [ 55.455091][ T8381] [ 55.457403][ T8381] The buggy address belongs to the page: [ 55.463011][ T8381] page:ffffea00051ce280 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14738a [ 55.473231][ T8381] flags: 0x57ff00000000000() [ 55.477807][ T8381] raw: 057ff00000000000 0000000000000000 ffffea0000000000 0000000000000000 [ 55.486401][ T8381] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 55.494963][ T8381] page dumped because: kasan: bad access detected [ 55.501354][ T8381] [ 55.503660][ T8381] Memory state around the buggy address: [ 55.509269][ T8381] ffff88814738a680: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 55.517322][ T8381] ffff88814738a700: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 55.525367][ T8381] >ffff88814738a780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 55.533409][ T8381] ^ [ 55.541364][ T8381] ffff88814738a800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 55.549428][ T8381] ffff88814738a880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 55.557470][ T8381] ================================================================== [ 55.565511][ T8381] Disabling lock debugging due to kernel taint [ 55.571694][ T8381] Kernel panic - not syncing: panic_on_warn set ... [ 55.578271][ T8381] CPU: 1 PID: 8381 Comm: syz-executor793 Tainted: G B 5.12.0-rc6-syzkaller #0 [ 55.588427][ T8381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.598472][ T8381] Call Trace: [ 55.601738][ T8381] dump_stack+0x141/0x1d7 [ 55.606063][ T8381] panic+0x306/0x73d [ 55.609946][ T8381] ? __warn_printk+0xf3/0xf3 [ 55.614524][ T8381] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 55.620847][ T8381] ? trace_hardirqs_on+0x38/0x1c0 [ 55.625863][ T8381] ? trace_hardirqs_on+0x51/0x1c0 [ 55.630878][ T8381] ? ipvlan_queue_xmit+0x158f/0x18a0 [ 55.636152][ T8381] ? ipvlan_queue_xmit+0x158f/0x18a0 [ 55.641449][ T8381] end_report.cold+0x5a/0x5a [ 55.646034][ T8381] kasan_report.cold+0x6a/0xd8 [ 55.650785][ T8381] ? ipvlan_queue_xmit+0x158f/0x18a0 [ 55.656056][ T8381] ipvlan_queue_xmit+0x158f/0x18a0 [ 55.661160][ T8381] ? ipvlan_handle_mode_l3+0x140/0x140 [ 55.666608][ T8381] ? __sanitizer_cov_trace_switch+0x63/0xf0 [ 55.672518][ T8381] ? skb_crc32c_csum_help+0x70/0x70 [ 55.677708][ T8381] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 55.683679][ T8381] ? __might_fault+0xd3/0x180 [ 55.688349][ T8381] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 55.694579][ T8381] ? validate_xmit_xfrm+0x498/0x1080 [ 55.699856][ T8381] ? netif_skb_features+0x38d/0xb90 [ 55.705048][ T8381] ipvlan_start_xmit+0x45/0x190 [ 55.709887][ T8381] __dev_direct_xmit+0x527/0x730 [ 55.714816][ T8381] ? validate_xmit_skb_list+0x120/0x120 [ 55.720352][ T8381] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 55.726585][ T8381] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 55.732818][ T8381] ? netdev_pick_tx+0x150/0xb70 [ 55.737656][ T8381] ? packet_poll+0x600/0x600 [ 55.742261][ T8381] packet_direct_xmit+0x1a5/0x280 [ 55.747281][ T8381] packet_sendmsg+0x2405/0x52b0 [ 55.752132][ T8381] ? aa_sk_perm+0x31b/0xab0 [ 55.756627][ T8381] ? packet_cached_dev_get+0x250/0x250 [ 55.762080][ T8381] ? aa_af_perm+0x230/0x230 [ 55.766587][ T8381] ? find_held_lock+0x2d/0x110 [ 55.771411][ T8381] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 55.777658][ T8381] ? packet_cached_dev_get+0x250/0x250 [ 55.783136][ T8381] sock_sendmsg+0xcf/0x120 [ 55.787920][ T8381] __sys_sendto+0x21c/0x320 [ 55.792497][ T8381] ? __ia32_sys_getpeername+0xb0/0xb0 [ 55.797873][ T8381] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 55.803917][ T8381] ? packet_do_bind+0x454/0xc00 [ 55.808764][ T8381] ? __context_tracking_exit+0xb8/0xe0 [ 55.814211][ T8381] ? lock_downgrade+0x6e0/0x6e0 [ 55.819055][ T8381] __x64_sys_sendto+0xdd/0x1b0 [ 55.823810][ T8381] ? lockdep_hardirqs_on+0x79/0x100 [ 55.828996][ T8381] ? syscall_enter_from_user_mode+0x27/0x70 [ 55.834880][ T8381] do_syscall_64+0x2d/0x70 [ 55.839295][ T8381] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 55.845179][ T8381] RIP: 0033:0x443a19 [ 55.849057][ T8381] Code: 28 c3 e8 4a 15 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 55.868651][ T8381] RSP: 002b:00007fffdd83cc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 55.877052][ T8381] RAX: ffffffffffffffda RBX: 00007fffdd83cc98 RCX: 0000000000443a19 [ 55.885014][ T8381] RDX: 000000000000000e RSI: 0000000020000000 RDI: 0000000000000004 [ 55.892972][ T8381] RBP: 0000000000000003 R08: 0000000000000000 R09: ffffffffffffff09 [ 55.900930][ T8381] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffdd83cca0 [ 55.908888][ T8381] R13: 00007fffdd83cc94 R14: 0000000000000003 R15: 0000000000000000 [ 55.920574][ T8381] Kernel Offset: disabled [ 55.924890][ T8381] Rebooting in 86400 seconds..