[ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.63' (ECDSA) to the list of known hosts. syzkaller login: [ 70.304662][ T8463] IPVS: ftp: loaded support on port[0] = 21 [ 70.402403][ T8463] chnl_net:caif_netlink_parms(): no params data found [ 70.458976][ T8463] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.469299][ T8463] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.478245][ T8463] device bridge_slave_0 entered promiscuous mode [ 70.488135][ T8463] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.496108][ T8463] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.504715][ T8463] device bridge_slave_1 entered promiscuous mode [ 70.525787][ T8463] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.536814][ T8463] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.560682][ T8463] team0: Port device team_slave_0 added [ 70.568870][ T8463] team0: Port device team_slave_1 added [ 70.586961][ T8463] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.594418][ T8463] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.620884][ T8463] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.633925][ T8463] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.641067][ T8463] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.667014][ T8463] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.694579][ T8463] device hsr_slave_0 entered promiscuous mode [ 70.701322][ T8463] device hsr_slave_1 entered promiscuous mode [ 70.810194][ T8463] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 70.821344][ T8463] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 70.833759][ T8463] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 70.845493][ T8463] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 70.872465][ T8463] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.879850][ T8463] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.887819][ T8463] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.895010][ T8463] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.947767][ T8463] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.962084][ T4228] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 70.975081][ T4228] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.985879][ T4228] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.995797][ T4228] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 71.009307][ T8463] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.021657][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 71.030962][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.038154][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.055196][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 71.076047][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.084999][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.138451][ T3719] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 71.148680][ T3719] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 71.164758][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 71.183374][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 71.191874][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 71.204864][ T8463] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 71.224708][ T4228] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 71.232312][ T4228] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 71.249643][ T8463] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.275568][ T8671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 71.292022][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 71.301973][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 71.310264][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 71.321341][ T8463] device veth0_vlan entered promiscuous mode [ 71.333969][ T8463] device veth1_vlan entered promiscuous mode [ 71.357685][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 71.368355][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 71.377237][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 71.389088][ T8463] device veth0_macvtap entered promiscuous mode [ 71.398590][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 71.410660][ T8463] device veth1_macvtap entered promiscuous mode [ 71.428996][ T8463] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 71.439029][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 71.449114][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 71.461221][ T8463] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 71.470480][ T3719] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 71.479601][ T3719] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 71.491864][ T8463] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.501161][ T8463] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 executing program [ 71.510180][ T8463] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.520322][ T8463] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.567955][ T36] audit: type=1107 audit(1611264201.283:2): pid=8463 uid=0 auid=0 ses=5 subj==unconfined msg='„šÍBuŸQJšN­.ÒÞc<ç®͸X¦D‚Í#ZÂ5b&¼%ЯeðÞ œ+VÕÚ%ìR´APsµ†™o~Ï«¯¸‘‚9Z®[ÊÒ|œµ_Œm`ƒ²1ƒT} ¯uoŽ6]G­vîdu캭öÿ3ð¾²µz Ƴëdº cA ” -Îór:.µoÏï̓´Ž]ÑL:-P¶‘TdÔZóÔ·[¡Óú[“jfÌŸ}Ž6SaÍ„x?r˜x]ø.LP xÞ¿¿¨e§ò«^Dï‰ð<èè€æš¯ôJ•}Í M&Ü@H“€ [ 71.567955][ T36] …¤X/‰TA [ 71.567955][ T36] óÛÝéUdÛIÉVGЀÌÁbÙM]:eËeãù.‘vÐö‰žôðêÈuV<9ÏLOŒ€ÃŸ–hȪKÁ`AãöïˆS—(Ì.fœÊ¹æÖŽ:£YiC ¢ ê¯WTÿ¸÷t¯{£T¤„ì—öxTxŸ\ï$§î9Îú÷ (¶ãž^×C™i 7ŒÿWÛSî(ŽÑõ}m.…Aw –æ% ›jXRéœyr?ž*ÄùÓƒd&E?2ÍݸoP³|Ån87WJë“P8a¡ü§Õ_;ã —Æ`Ê?‘©ón£‹tªÿ¶$FÒrÐóK|[ÚvÿãßzWîVàÚ‹¨ocÍàS}’:—ÜK6„uƒH·NcÀ…Jm¹ñEƒÖz–´¬²(Ðgè¾cá së¯[t¡{§j£¿×Ý;ù¸}Zþ [ 71.866564][ T9] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.868277][ T9] ================================================================== [ 71.868287][ T9] BUG: KASAN: global-out-of-bounds in record_print_text+0x33f/0x380 [ 71.868293][ T9] Write of size 1 at addr ffffffff8f09f144 by task kworker/u4:0/9 [ 71.868298][ T9] [ 71.868302][ T9] CPU: 1 PID: 9 Comm: kworker/u4:0 Not tainted 5.11.0-rc4-next-20210121-syzkaller #0 [ 71.868309][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 71.868315][ T9] Workqueue: netns cleanup_net [ 71.868322][ T9] Call Trace: [ 71.868325][ T9] dump_stack+0x107/0x163 [ 71.868329][ T9] ? record_print_text+0x33f/0x380 [ 71.868333][ T9] ? record_print_text+0x33f/0x380 [ 71.868337][ T9] print_address_description.constprop.0.cold+0x5/0x2f8 [ 71.868341][ T9] ? record_print_text+0x33f/0x380 [ 71.868345][ T9] ? record_print_text+0x33f/0x380 [ 71.868349][ T9] kasan_report.cold+0x79/0xd5 [ 71.868352][ T9] ? record_print_text+0x33f/0x380 [ 71.868356][ T9] record_print_text+0x33f/0x380 [ 71.868360][ T9] ? get_record_print_text_size+0x110/0x110 [ 71.868364][ T9] ? prb_read_valid+0x75/0xa0 [ 71.868368][ T9] ? prb_final_commit+0x20/0x20 [ 71.868372][ T9] ? console_unlock+0x850/0xbb0 [ 71.868375][ T9] console_unlock+0x318/0xbb0 [ 71.868379][ T9] ? devkmsg_read+0x740/0x740 [ 71.868382][ T9] ? lock_release+0x710/0x710 [ 71.868386][ T9] ? dev_vprintk_emit+0x36e/0x3b2 [ 71.868390][ T9] vprintk_emit+0x189/0x490 [ 71.868393][ T9] dev_vprintk_emit+0x36e/0x3b2 [ 71.868397][ T9] ? dev_attr_show.cold+0x3a/0x3a [ 71.868401][ T9] ? mark_lock+0xef/0x17b0 [ 71.868404][ T9] dev_printk_emit+0xba/0xf1 [ 71.868408][ T9] ? dev_vprintk_emit+0x3b2/0x3b2 [ 71.868411][ T9] ? mark_lock+0xef/0x17b0 [ 71.868415][ T9] ? print_shortest_lock_dependencies+0x80/0x80 [ 71.868419][ T9] ? lock_chain_count+0x20/0x20 [ 71.868423][ T9] __netdev_printk+0x1c6/0x27a [ 71.868426][ T9] netdev_info+0xd7/0x109 [ 71.868430][ T9] ? netdev_notice+0x109/0x109 [ 71.868434][ T9] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 71.868438][ T9] nsim_udp_tunnel_unset_port.cold+0x95/0xb8 [ 71.868442][ T9] __udp_tunnel_nic_device_sync.part.0+0xa4c/0xcb0 [ 71.868447][ T9] ? __udp_tunnel_nic_dump_write+0x620/0x620 [ 71.868451][ T9] ? __sanitizer_cov_trace_cmp1+0x22/0x80 [ 71.868456][ T9] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 71.868460][ T9] ? udp_tunnel_nic_entry_adj+0x239/0x300 [ 71.868464][ T9] udp_tunnel_nic_flush+0x2b4/0x5e0 [ 71.868468][ T9] udp_tunnel_nic_netdevice_event+0x65c/0x19a0 [ 71.868473][ T9] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 71.868477][ T9] ? netconsole_netdev_event+0x20b/0x340 [ 71.868481][ T9] notifier_call_chain+0xb5/0x200 [ 71.868485][ T9] call_netdevice_notifiers_info+0xb5/0x130 [ 71.868489][ T9] rollback_registered_many+0x92e/0x14c0 [ 71.868493][ T9] ? __mutex_lock+0x61b/0x1110 [ 71.868497][ T9] ? dev_queue_xmit_nit+0xa90/0xa90 [ 71.868501][ T9] ? mutex_lock_io_nested+0xf60/0xf60 [ 71.868505][ T9] unregister_netdevice_queue+0x2dd/0x570 [ 71.868509][ T9] ? queue_delayed_work_on+0x85/0xe0 [ 71.868513][ T9] ? unregister_netdevice_many+0x50/0x50 [ 71.868517][ T9] nsim_destroy+0x35/0x70 [ 71.868520][ T9] __nsim_dev_port_del+0x144/0x1e0 [ 71.868524][ T9] nsim_dev_reload_destroy+0xff/0x1e0 [ 71.868528][ T9] nsim_dev_reload_down+0x6e/0xd0 [ 71.868532][ T9] devlink_reload+0x15a/0x5e0 [ 71.868536][ T9] ? devlink_remote_reload_actions_performed+0xa0/0xa0 [ 71.868540][ T9] ? find_held_lock+0x2d/0x110 [ 71.868544][ T9] devlink_pernet_pre_exit+0x154/0x220 [ 71.868548][ T9] ? devlink_nl_cmd_reload+0x1190/0x1190 [ 71.868552][ T9] ? tipc_node_pre_cleanup_net+0x3ef/0x5f0 [ 71.868557][ T9] ? devlink_nl_cmd_reload+0x1190/0x1190 [ 71.868561][ T9] cleanup_net+0x451/0xb10 [ 71.868564][ T9] ? ops_free_list.part.0+0x3d0/0x3d0 [ 71.868568][ T9] process_one_work+0x98d/0x15f0 [ 71.868572][ T9] ? pwq_dec_nr_in_flight+0x320/0x320 [ 71.868576][ T9] ? rwlock_bug.part.0+0x90/0x90 [ 71.868580][ T9] ? _raw_spin_lock_irq+0x41/0x50 [ 71.868584][ T9] worker_thread+0x64c/0x1120 [ 71.868587][ T9] ? process_one_work+0x15f0/0x15f0 [ 71.868591][ T9] kthread+0x3b1/0x4a0 [ 71.868594][ T9] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 71.868598][ T9] ret_from_fork+0x1f/0x30 [ 71.868601][ T9] [ 71.868604][ T9] The buggy address belongs to the variable: [ 71.868609][ T9] dmesg_restrict+0x24/0x40 [ 71.868612][ T9] [ 71.868615][ T9] Memory state around the buggy address: [ 71.868620][ T9] ffffffff8f09f000: f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 [ 71.868626][ T9] ffffffff8f09f080: f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 [ 71.868632][ T9] >ffffffff8f09f100: f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 [ 71.868638][ T9] ^ [ 71.868643][ T9] ffffffff8f09f180: 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 00 00 00 00 [ 71.868649][ T9] ffffffff8f09f200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 71.868656][ T9] ================================================================== [ 71.868661][ T9] Disabling lock debugging due to kernel taint [ 71.868666][ T9] Kernel panic - not syncing: panic_on_warn set ... [ 71.868672][ T9] CPU: 1 PID: 9 Comm: kworker/u4:0 Tainted: G B 5.11.0-rc4-next-20210121-syzkaller #0 [ 71.868680][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 71.868686][ T9] Workqueue: netns cleanup_net [ 71.868691][ T9] Call Trace: [ 71.868694][ T9] dump_stack+0x107/0x163 [ 71.868697][ T9] ? record_print_text+0x320/0x380 [ 71.868701][ T9] panic+0x306/0x73d [ 71.868704][ T9] ? __warn_printk+0xf3/0xf3 [ 71.868708][ T9] ? record_print_text+0x33f/0x380 [ 71.868711][ T9] ? record_print_text+0x33f/0x380 [ 71.868715][ T9] ? record_print_text+0x33f/0x380 [ 71.868719][ T9] end_report+0x58/0x5e [ 71.868722][ T9] kasan_report.cold+0x67/0xd5 [ 71.868726][ T9] ? record_print_text+0x33f/0x380 [ 71.868729][ T9] record_print_text+0x33f/0x380 [ 71.868733][ T9] ? get_record_print_text_size+0x110/0x110 [ 71.868737][ T9] ? prb_read_valid+0x75/0xa0 [ 71.868741][ T9] ? prb_final_commit+0x20/0x20 [ 71.868744][ T9] ? console_unlock+0x850/0xbb0 [ 71.868748][ T9] console_unlock+0x318/0xbb0 [ 71.868752][ T9] ? devkmsg_read+0x740/0x740 [ 71.868755][ T9] ? lock_release+0x710/0x710 [ 71.868759][ T9] ? dev_vprintk_emit+0x36e/0x3b2 [ 71.868762][ T9] vprintk_emit+0x189/0x490 [ 71.868766][ T9] dev_vprintk_emit+0x36e/0x3b2 [ 71.868770][ T9] ? dev_attr_show.cold+0x3a/0x3a [ 71.868773][ T9] ? mark_lock+0xef/0x17b0 [ 71.868777][ T9] dev_printk_emit+0xba/0xf1 [ 71.868780][ T9] ? dev_vprintk_emit+0x3b2/0x3b2 [ 71.868784][ T9] ? mark_lock+0xef/0x17b0 [ 71.868788][ T9] ? print_shortest_lock_dependencies+0x80/0x80 [ 71.868792][ T9] ? lock_chain_count+0x20/0x20 [ 71.868796][ T9] __netdev_printk+0x1c6/0x27a [ 71.868799][ T9] netdev_info+0xd7/0x109 [ 71.868802][ T9] ? netdev_notice+0x109/0x109 [ 71.868806][ T9] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 71.868811][ T9] nsim_udp_tunnel_unset_port.cold+0x95/0xb8 [ 71.868815][ T9] __udp_tunnel_nic_device_sync.part.0+0xa4c/0xcb0 [ 71.868820][ T9] ? __udp_tunnel_nic_dump_write+0x620/0x620 [ 71.868824][ T9] ? __sanitizer_cov_trace_cmp1+0x22/0x80 [ 71.868828][ T9] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 71.868833][ T9] ? udp_tunnel_nic_entry_adj+0x239/0x300 [ 71.868837][ T9] udp_tunnel_nic_flush+0x2b4/0x5e0 [ 71.868841][ T9] udp_tunnel_nic_netdevice_event+0x65c/0x19a0 [ 71.868845][ T9] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 71.868850][ T9] ? netconsole_netdev_event+0x20b/0x340 [ 71.868854][ T9] notifier_call_chain+0xb5/0x200 [ 71.868858][ T9] call_netdevice_notifiers_info+0xb5/0x130 [ 71.868862][ T9] rollback_registered_many+0x92e/0x14c0 [ 71.868866][ T9] ? __mutex_lock+0x61b/0x1110 [ 71.868870][ T9] ? dev_queue_xmit_nit+0xa90/0xa90 [ 71.868873][ T9] ? mutex_lock_io_nested+0xf60/0xf60 [ 71.868877][ T9] unregister_netdevice_queue+0x2dd/0x570 [ 71.868882][ T9] ? queue_delayed_work_on+0x85/0xe0 [ 71.868886][ T9] ? unregister_netdevice_many+0x50/0x50 [ 71.868889][ T9] nsim_destroy+0x35/0x70 [ 71.868893][ T9] __nsim_dev_port_del+0x144/0x1e0 [ 71.868897][ T9] nsim_dev_reload_destroy+0xff/0x1e0 [ 71.868901][ T9] nsim_dev_reload_down+0x6e/0xd0 [ 71.868904][ T9] devlink_reload+0x15a/0x5e0 [ 71.868908][ T9] ? devlink_remote_reload_actions_performed+0xa0/0xa0 [ 71.868913][ T9] ? find_held_lock+0x2d/0x110 [ 71.868916][ T9] devlink_pernet_pre_exit+0x154/0x220 [ 71.868920][ T9] ? devlink_nl_cmd_reload+0x1190/0x1190 [ 71.868925][ T9] ? tipc_node_pre_cleanup_net+0x3ef/0x5f0 [ 71.868929][ T9] ? devlink_nl_cmd_reload+0x1190/0x1190 [ 71.868933][ T9] cleanup_net+0x451/0xb10 [ 71.868936][ T9] ? ops_free_list.part.0+0x3d0/0x3d0 [ 71.868940][ T9] process_one_work+0x98d/0x15f0 [ 71.868944][ T9] ? pwq_dec_nr_in_flight+0x320/0x320 [ 71.868948][ T9] ? rwlock_bug.part.0+0x90/0x90 [ 71.868952][ T9] ? _raw_spin_lock_irq+0x41/0x50 [ 71.868955][ T9] worker_thread+0x64c/0x1120 [ 71.868959][ T9] ? process_one_work+0x15f0/0x15f0 [ 71.868963][ T9] kthread+0x3b1/0x4a0 [ 71.868966][ T9] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 71.868970][ T9] ret_from_fork+0x1f/0x30 [ 71.868974][ T9] Kernel Offset: disabled