[info] Using makefile-style concurrent boot in runlevel 2. [ 25.036988] audit: type=1800 audit(1540911140.742:21): pid=5277 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.44' (ECDSA) to the list of known hosts. syzkaller login: [ 35.858246] IPVS: ftp: loaded support on port[0] = 21 [ 36.011802] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.018392] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.025573] device bridge_slave_0 entered promiscuous mode [ 36.043084] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.049701] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.056631] device bridge_slave_1 entered promiscuous mode [ 36.074848] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 36.091593] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 36.139142] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 36.158053] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 36.228957] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 36.236306] team0: Port device team_slave_0 added [ 36.253315] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 36.260449] team0: Port device team_slave_1 added [ 36.276463] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 36.297350] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 36.315167] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 36.334037] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 36.469200] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.475641] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.482590] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.488995] bridge0: port 1(bridge_slave_0) entered forwarding state RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument [ 36.983895] 8021q: adding VLAN 0 to HW filter on device bond0 [ 37.032427] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 37.083278] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 37.090165] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 37.097386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 37.148770] 8021q: adding VLAN 0 to HW filter on device team0 executing program [ 37.420968] ================================================================== [ 37.428437] BUG: KASAN: slab-out-of-bounds in _decode_session6+0x134a/0x1500 [ 37.435610] Read of size 1 at addr ffff8801ca971707 by task syz-executor081/5431 [ 37.443120] [ 37.444737] CPU: 0 PID: 5431 Comm: syz-executor081 Not tainted 4.19.0+ #72 [ 37.451730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.461065] Call Trace: [ 37.463644] dump_stack+0x244/0x39d [ 37.467258] ? dump_stack_print_info.cold.1+0x20/0x20 [ 37.472432] ? printk+0xa7/0xcf [ 37.475696] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 37.480443] print_address_description.cold.7+0x9/0x1ff [ 37.485790] kasan_report.cold.8+0x242/0x309 [ 37.490198] ? _decode_session6+0x134a/0x1500 [ 37.494677] __asan_report_load1_noabort+0x14/0x20 [ 37.499591] _decode_session6+0x134a/0x1500 [ 37.503906] __xfrm_decode_session+0x71/0x140 [ 37.508385] vti6_tnl_xmit+0x3fc/0x1c10 [ 37.512345] ? __lock_acquire+0x62f/0x4c20 [ 37.516573] ? vti6_tnl_create2+0x430/0x430 [ 37.520883] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.526407] ? check_preemption_disabled+0x48/0x280 [ 37.531422] dev_hard_start_xmit+0x295/0xc90 [ 37.535821] ? dev_direct_xmit+0x6b0/0x6b0 [ 37.540042] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.545605] ? netif_skb_features+0x690/0xb70 [ 37.550083] ? unwind_dump+0x190/0x190 [ 37.553963] ? lock_acquire+0x1ed/0x520 [ 37.557921] ? __dev_queue_xmit+0x3063/0x3ad0 [ 37.562414] ? kasan_check_read+0x11/0x20 [ 37.566546] ? do_raw_spin_lock+0x14f/0x350 [ 37.570852] ? rwlock_bug.part.2+0x90/0x90 [ 37.575073] ? netif_skb_features+0xb70/0xb70 [ 37.579555] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.585080] ? check_preemption_disabled+0x48/0x280 [ 37.590097] __dev_queue_xmit+0x2f71/0x3ad0 [ 37.594419] ? save_stack+0x43/0xd0 [ 37.598035] ? kasan_kmalloc+0xc7/0xe0 [ 37.601909] ? __kmalloc_node_track_caller+0x47/0x70 [ 37.607000] ? __kmalloc_reserve.isra.40+0x41/0xe0 [ 37.611925] ? netdev_pick_tx+0x310/0x310 [ 37.616085] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.621611] ? check_preemption_disabled+0x48/0x280 [ 37.626618] ? __lock_is_held+0xb5/0x140 [ 37.630698] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 37.635700] ? skb_release_data+0x1c4/0x880 [ 37.640010] ? kmem_cache_alloc_node_trace+0x34b/0x740 [ 37.645275] ? kasan_unpoison_shadow+0x35/0x50 [ 37.650164] ? skb_tx_error+0x2f0/0x2f0 [ 37.654126] ? __kmalloc_node_track_caller+0x47/0x70 [ 37.659217] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 37.664738] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 37.670262] ? kasan_check_write+0x14/0x20 [ 37.674485] ? pskb_expand_head+0x6b3/0x10f0 [ 37.678887] ? skb_release_data+0x880/0x880 [ 37.683193] ? __alloc_skb+0x770/0x770 [ 37.687071] ? kasan_check_write+0x14/0x20 [ 37.691291] ? __skb_clone+0x6c7/0xa00 [ 37.695164] ? __copy_skb_header+0x6b0/0x6b0 [ 37.699558] ? kmem_cache_alloc+0x33a/0x730 [ 37.703869] ? skb_ensure_writable+0x15e/0x640 [ 37.708439] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.713977] dev_queue_xmit+0x17/0x20 [ 37.717760] ? dev_queue_xmit+0x17/0x20 [ 37.721721] __bpf_redirect+0x5cf/0xb20 [ 37.725700] bpf_clone_redirect+0x2f6/0x490 [ 37.730016] bpf_prog_c39d1ba309a769f7+0x800/0x1000 [ 37.735037] ? bpf_test_run+0x175/0x780 [ 37.739010] ? lock_downgrade+0x900/0x900 [ 37.743147] ? ktime_get+0x332/0x400 [ 37.746852] ? find_held_lock+0x36/0x1c0 [ 37.750902] ? lock_acquire+0x1ed/0x520 [ 37.754861] ? bpf_test_run+0x3cb/0x780 [ 37.758840] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.764365] ? check_preemption_disabled+0x48/0x280 [ 37.769373] ? kasan_check_read+0x11/0x20 [ 37.773509] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 37.778773] ? rcu_softirq_qs+0x20/0x20 [ 37.782734] ? bpf_cgroup_storage_release+0x220/0x220 [ 37.787911] ? skb_try_coalesce+0x1b70/0x1b70 [ 37.792411] ? bpf_test_run+0x25d/0x780 [ 37.796375] ? netlink_diag_dump+0x2a0/0x2a0 [ 37.800774] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 37.806315] ? bpf_test_init.isra.10+0x70/0x100 [ 37.810976] ? bpf_prog_test_run_skb+0x73c/0xcb0 [ 37.815721] ? bpf_test_finish.isra.9+0x1f0/0x1f0 [ 37.820549] ? bpf_prog_add+0x69/0xd0 [ 37.824338] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.829871] ? __bpf_prog_get+0x9b/0x290 [ 37.833921] ? bpf_test_finish.isra.9+0x1f0/0x1f0 [ 37.838753] ? bpf_prog_test_run+0x130/0x1a0 [ 37.843148] ? __x64_sys_bpf+0x3d8/0x520 [ 37.847194] ? bpf_prog_get+0x20/0x20 [ 37.850996] ? do_syscall_64+0x1b9/0x820 [ 37.855044] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 37.860394] ? syscall_return_slowpath+0x5e0/0x5e0 [ 37.865304] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.870149] ? trace_hardirqs_on_caller+0x310/0x310 [ 37.875153] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 37.880153] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.885678] ? prepare_exit_to_usermode+0x291/0x3b0 [ 37.890686] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.895524] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.900878] [ 37.902505] Allocated by task 5431: [ 37.906124] save_stack+0x43/0xd0 [ 37.909560] kasan_kmalloc+0xc7/0xe0 [ 37.913258] __kmalloc_node_track_caller+0x47/0x70 [ 37.918174] __kmalloc_reserve.isra.40+0x41/0xe0 [ 37.922918] pskb_expand_head+0x230/0x10f0 [ 37.927145] skb_ensure_writable+0x3dd/0x640 [ 37.931554] bpf_clone_redirect+0x14a/0x490 [ 37.935862] bpf_prog_c39d1ba309a769f7+0x800/0x1000 [ 37.940855] [ 37.942465] Freed by task 4022: [ 37.945738] save_stack+0x43/0xd0 [ 37.949176] __kasan_slab_free+0x102/0x150 [ 37.953397] kasan_slab_free+0xe/0x10 [ 37.957193] kfree+0xcf/0x230 [ 37.960288] load_elf_binary+0x25b4/0x5620 [ 37.964510] search_binary_handler+0x17d/0x570 [ 37.969079] __do_execve_file.isra.33+0x162f/0x2540 [ 37.974080] __x64_sys_execve+0x8f/0xc0 [ 37.978038] do_syscall_64+0x1b9/0x820 [ 37.981911] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.987079] [ 37.988691] The buggy address belongs to the object at ffff8801ca971500 [ 37.988691] which belongs to the cache kmalloc-512 of size 512 [ 38.001338] The buggy address is located 7 bytes to the right of [ 38.001338] 512-byte region [ffff8801ca971500, ffff8801ca971700) [ 38.013548] The buggy address belongs to the page: [ 38.018465] page:ffffea00072a5c40 count:1 mapcount:0 mapping:ffff8801da800940 index:0x0 [ 38.026600] flags: 0x2fffc0000000100(slab) [ 38.030824] raw: 02fffc0000000100 ffffea00072a6088 ffffea00072a7808 ffff8801da800940 [ 38.038709] raw: 0000000000000000 ffff8801ca971000 0000000100000006 0000000000000000 [ 38.046577] page dumped because: kasan: bad access detected [ 38.052273] [ 38.053881] Memory state around the buggy address: [ 38.058795] ffff8801ca971600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.066142] ffff8801ca971680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.073495] >ffff8801ca971700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.080843] ^ [ 38.084197] ffff8801ca971780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.091547] ffff8801ca971800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.098893] ================================================================== [ 38.106239] Disabling lock debugging due to kernel taint [ 38.111749] Kernel panic - not syncing: panic_on_warn set ... [ 38.111749] [ 38.119137] CPU: 0 PID: 5431 Comm: syz-executor081 Tainted: G B 4.19.0+ #72 [ 38.127547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.136906] Call Trace: [ 38.139492] dump_stack+0x244/0x39d [ 38.143105] ? dump_stack_print_info.cold.1+0x20/0x20 [ 38.148284] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 38.153032] panic+0x238/0x4e7 [ 38.156209] ? add_taint.cold.5+0x16/0x16 [ 38.160344] ? trace_hardirqs_on+0x9a/0x310 [ 38.164650] ? trace_hardirqs_on+0xb4/0x310 [ 38.168963] ? trace_hardirqs_on+0xb4/0x310 [ 38.173288] kasan_end_report+0x47/0x4f [ 38.177246] kasan_report.cold.8+0x76/0x309 [ 38.181556] ? _decode_session6+0x134a/0x1500 [ 38.186037] __asan_report_load1_noabort+0x14/0x20 [ 38.190958] _decode_session6+0x134a/0x1500 [ 38.195275] __xfrm_decode_session+0x71/0x140 [ 38.199758] vti6_tnl_xmit+0x3fc/0x1c10 [ 38.203720] ? __lock_acquire+0x62f/0x4c20 [ 38.207954] ? vti6_tnl_create2+0x430/0x430 [ 38.212265] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.217798] ? check_preemption_disabled+0x48/0x280 [ 38.222804] dev_hard_start_xmit+0x295/0xc90 [ 38.227197] ? dev_direct_xmit+0x6b0/0x6b0 [ 38.231418] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.236936] ? netif_skb_features+0x690/0xb70 [ 38.241421] ? unwind_dump+0x190/0x190 [ 38.245299] ? lock_acquire+0x1ed/0x520 [ 38.249254] ? __dev_queue_xmit+0x3063/0x3ad0 [ 38.253736] ? kasan_check_read+0x11/0x20 [ 38.257865] ? do_raw_spin_lock+0x14f/0x350 [ 38.262170] ? rwlock_bug.part.2+0x90/0x90 [ 38.266386] ? netif_skb_features+0xb70/0xb70 [ 38.270866] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.276391] ? check_preemption_disabled+0x48/0x280 [ 38.281413] __dev_queue_xmit+0x2f71/0x3ad0 [ 38.285723] ? save_stack+0x43/0xd0 [ 38.289332] ? kasan_kmalloc+0xc7/0xe0 [ 38.293202] ? __kmalloc_node_track_caller+0x47/0x70 [ 38.298290] ? __kmalloc_reserve.isra.40+0x41/0xe0 [ 38.303208] ? netdev_pick_tx+0x310/0x310 [ 38.307343] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.312865] ? check_preemption_disabled+0x48/0x280 [ 38.317869] ? __lock_is_held+0xb5/0x140 [ 38.321922] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 38.326945] ? skb_release_data+0x1c4/0x880 [ 38.331255] ? kmem_cache_alloc_node_trace+0x34b/0x740 [ 38.336521] ? kasan_unpoison_shadow+0x35/0x50 [ 38.341101] ? skb_tx_error+0x2f0/0x2f0 [ 38.345067] ? __kmalloc_node_track_caller+0x47/0x70 [ 38.350177] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 38.355707] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 38.361236] ? kasan_check_write+0x14/0x20 [ 38.365461] ? pskb_expand_head+0x6b3/0x10f0 [ 38.369859] ? skb_release_data+0x880/0x880 [ 38.374168] ? __alloc_skb+0x770/0x770 [ 38.378046] ? kasan_check_write+0x14/0x20 [ 38.382267] ? __skb_clone+0x6c7/0xa00 [ 38.386137] ? __copy_skb_header+0x6b0/0x6b0 [ 38.390619] ? kmem_cache_alloc+0x33a/0x730 [ 38.394927] ? skb_ensure_writable+0x15e/0x640 [ 38.399501] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.405026] dev_queue_xmit+0x17/0x20 [ 38.409157] ? dev_queue_xmit+0x17/0x20 [ 38.413117] __bpf_redirect+0x5cf/0xb20 [ 38.417077] bpf_clone_redirect+0x2f6/0x490 [ 38.421386] bpf_prog_c39d1ba309a769f7+0x800/0x1000 [ 38.426412] ? bpf_test_run+0x175/0x780 [ 38.430374] ? lock_downgrade+0x900/0x900 [ 38.434505] ? ktime_get+0x332/0x400 [ 38.438211] ? find_held_lock+0x36/0x1c0 [ 38.442264] ? lock_acquire+0x1ed/0x520 [ 38.446230] ? bpf_test_run+0x3cb/0x780 [ 38.450194] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.455725] ? check_preemption_disabled+0x48/0x280 [ 38.460732] ? kasan_check_read+0x11/0x20 [ 38.464870] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 38.470133] ? rcu_softirq_qs+0x20/0x20 [ 38.474095] ? bpf_cgroup_storage_release+0x220/0x220 [ 38.479273] ? skb_try_coalesce+0x1b70/0x1b70 [ 38.483754] ? bpf_test_run+0x25d/0x780 [ 38.487714] ? netlink_diag_dump+0x2a0/0x2a0 [ 38.492120] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 38.497649] ? bpf_test_init.isra.10+0x70/0x100 [ 38.502317] ? bpf_prog_test_run_skb+0x73c/0xcb0 [ 38.507076] ? bpf_test_finish.isra.9+0x1f0/0x1f0 [ 38.511913] ? bpf_prog_add+0x69/0xd0 [ 38.515707] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.521256] ? __bpf_prog_get+0x9b/0x290 [ 38.525311] ? bpf_test_finish.isra.9+0x1f0/0x1f0 [ 38.530137] ? bpf_prog_test_run+0x130/0x1a0 [ 38.534544] ? __x64_sys_bpf+0x3d8/0x520 [ 38.538607] ? bpf_prog_get+0x20/0x20 [ 38.542423] ? do_syscall_64+0x1b9/0x820 [ 38.546479] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 38.551833] ? syscall_return_slowpath+0x5e0/0x5e0 [ 38.556745] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.561575] ? trace_hardirqs_on_caller+0x310/0x310 [ 38.566577] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 38.571586] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.577123] ? prepare_exit_to_usermode+0x291/0x3b0 [ 38.582239] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.587088] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.593432] Kernel Offset: disabled [ 38.597076] Rebooting in 86400 seconds..