bisecting fixing commit since dda0e2920330128e0dbdeb11c8f25031aa40b11c building syzkaller on 5ed396e666c7826bed46f06c4db1409376691fed testing commit dda0e2920330128e0dbdeb11c8f25031aa40b11c with gcc (GCC) 8.4.1 20210217 kernel signature: dc6302b148f853e574ef14c9634a6f959550be9d681e0a1a8aa6c789300dc79b run #0: crashed: WARNING in ip_rt_bug run #1: crashed: WARNING in ip_rt_bug run #2: crashed: WARNING in ip_rt_bug run #3: crashed: WARNING in ip_rt_bug run #4: crashed: WARNING in ip_rt_bug run #5: crashed: WARNING in ip_rt_bug run #6: crashed: WARNING in ip_rt_bug run #7: crashed: WARNING in ip_rt_bug run #8: crashed: WARNING in ip_rt_bug run #9: crashed: WARNING in ip_rt_bug run #10: crashed: WARNING in ip_rt_bug run #11: crashed: WARNING in ip_rt_bug run #12: crashed: WARNING in ip_rt_bug run #13: crashed: WARNING in corrupted run #14: crashed: WARNING in ip_rt_bug run #15: crashed: WARNING in ip_rt_bug run #16: crashed: WARNING in ip_rt_bug run #17: crashed: WARNING in ip_rt_bug run #18: crashed: WARNING in ip_rt_bug run #19: crashed: WARNING in ip_rt_bug testing current HEAD 97a8651cadce7c2b7c4d8f108b392eff31fe2c08 testing commit 97a8651cadce7c2b7c4d8f108b392eff31fe2c08 with gcc (GCC) 8.4.1 20210217 kernel signature: a82bf7619899b33eea0606cb0f810aa204d1907c55a81896732a0c0840a1fa8d run #0: crashed: WARNING in ip_rt_bug run #1: crashed: WARNING in ip_rt_bug run #2: crashed: WARNING in corrupted run #3: crashed: WARNING in ip_rt_bug run #4: crashed: WARNING in ip_rt_bug run #5: crashed: WARNING in ip_rt_bug run #6: crashed: WARNING in corrupted run #7: crashed: WARNING in ip_rt_bug run #8: crashed: WARNING in ip_rt_bug run #9: crashed: WARNING in ip_rt_bug revisions tested: 2, total time: 27m6.910271048s (build: 19m37.927949157s, test: 6m27.375222755s) the crash still happens on HEAD commit msg: Linux 4.19.189 crash: WARNING in ip_rt_bug IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready batman_adv: batadv0: Interface activated: batadv_slave_1 IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready ------------[ cut here ]------------ WARNING: CPU: 1 PID: 7193 at net/ipv4/route.c:1240 ip_rt_bug+0x18/0x20 net/ipv4/route.c:1240 Modules linked in: CPU: 1 PID: 7193 Comm: syz-executor.0 Not tainted 4.19.189-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:ip_rt_bug+0x18/0x20 net/ipv4/route.c:1240 Code: 48 8b 45 d8 e9 ed fe ff ff 66 0f 1f 84 00 00 00 00 00 55 48 89 d7 48 89 e5 e8 74 ec a2 ff 48 c7 c7 c0 09 c7 87 e8 9a f1 16 01 <0f> 0b 31 c0 5d c3 66 90 48 b8 00 00 00 00 00 fc ff df 48 89 fa 55 ------------[ cut here ]------------ RSP: 0018:ffff8881da1ef110 EFLAGS: 00010282 RAX: 0000000000000024 RBX: ffff8881d9110040 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8767ae60 RDI: ffffffff8a1889a0 RBP: ffff8881da1ef110 R08: ffffed103ed25079 R09: ffffed103ed25078 R10: ffffed103ed25078 R11: ffff8881f69283c7 R12: ffff8881e8444080 R13: ffff8881ea4b2080 R14: ffff8881d9110098 R15: ffff8881da1ef3d4 FS: 00007efcfa194700(0000) GS:ffff8881f6900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f45567afbd0 CR3: 00000001d99c1004 CR4: 00000000001606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 WARNING: CPU: 0 PID: 7207 at net/ipv4/route.c:1240 ip_rt_bug+0x18/0x20 net/ipv4/route.c:1240 Call Trace: Modules linked in: dst_output include/net/dst.h:455 [inline] ip_local_out+0x74/0x130 net/ipv4/ip_output.c:125 CPU: 0 PID: 7207 Comm: syz-executor.4 Not tainted 4.19.189-syzkaller #0 ip_send_skb+0x36/0xa0 net/ipv4/ip_output.c:1447 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ip_push_pending_frames+0x4d/0x70 net/ipv4/ip_output.c:1467 RIP: 0010:ip_rt_bug+0x18/0x20 net/ipv4/route.c:1240 icmp_push_reply+0x383/0x610 net/ipv4/icmp.c:398 Code: 48 8b 45 d8 e9 ed fe ff ff 66 0f 1f 84 00 00 00 00 00 55 48 89 d7 48 89 e5 e8 74 ec a2 ff 48 c7 c7 c0 09 c7 87 e8 9a f1 16 01 <0f> 0b 31 c0 5d c3 66 90 48 b8 00 00 00 00 00 fc ff df 48 89 fa 55 __icmp_send+0xbcd/0x18e0 net/ipv4/icmp.c:747 RSP: 0018:ffff8881cf337110 EFLAGS: 00010282 RAX: 0000000000000024 RBX: ffff8881d9f6c0c0 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8767ae60 RDI: ffffffff8a1889a0 RBP: ffff8881cf337110 R08: ffffed103ed05079 R09: ffffed103ed05078 R10: ffffed103ed05078 R11: ffff8881f68283c7 R12: ffff8881e8c34180 R13: ffff8881d0c538c0 R14: ffff8881d9f6c118 R15: ffff8881cf3373d4 FS: 00007f344fbf5700(0000) GS:ffff8881f6800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000002014f000 CR3: 00000001d890f001 CR4: 00000000001606f0 icmp_send include/net/icmp.h:47 [inline] ip_options_compile+0xad/0xc0 net/ipv4/ip_options.c:485 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: dst_output include/net/dst.h:455 [inline] ip_local_out+0x74/0x130 net/ipv4/ip_output.c:125 ip_rcv_options net/ipv4/ip_input.c:282 [inline] ip_rcv_finish_core.isra.16+0x3b1/0x1830 net/ipv4/ip_input.c:356 ip_send_skb+0x36/0xa0 net/ipv4/ip_output.c:1447 ip_push_pending_frames+0x4d/0x70 net/ipv4/ip_output.c:1467 ip_rcv_finish+0x104/0x270 net/ipv4/ip_input.c:412 icmp_push_reply+0x383/0x610 net/ipv4/icmp.c:398 NF_HOOK include/linux/netfilter.h:289 [inline] NF_HOOK include/linux/netfilter.h:283 [inline] ip_rcv+0xcb/0x2e0 net/ipv4/ip_input.c:524 __icmp_send+0xbcd/0x18e0 net/ipv4/icmp.c:747 __netif_receive_skb_one_core+0x112/0x1a0 net/core/dev.c:4954 icmp_send include/net/icmp.h:47 [inline] ip_options_compile+0xad/0xc0 net/ipv4/ip_options.c:485 __netif_receive_skb+0x1f/0x1b0 net/core/dev.c:5066 netif_receive_skb_internal+0xca/0x300 net/core/dev.c:5156 ip_rcv_options net/ipv4/ip_input.c:282 [inline] ip_rcv_finish_core.isra.16+0x3b1/0x1830 net/ipv4/ip_input.c:356 ip_rcv_finish+0x104/0x270 net/ipv4/ip_input.c:412 netif_receive_skb+0x3b/0x1e0 net/core/dev.c:5213 NF_HOOK include/linux/netfilter.h:289 [inline] NF_HOOK include/linux/netfilter.h:283 [inline] ip_rcv+0xcb/0x2e0 net/ipv4/ip_input.c:524 tun_rx_batched.isra.54+0x4d8/0x9c0 drivers/net/tun.c:1543 __netif_receive_skb_one_core+0x112/0x1a0 net/core/dev.c:4954 tun_get_user+0x2944/0x4ae0 drivers/net/tun.c:1974 __netif_receive_skb+0x1f/0x1b0 net/core/dev.c:5066 netif_receive_skb_internal+0xca/0x300 net/core/dev.c:5156 netif_receive_skb+0x3b/0x1e0 net/core/dev.c:5213 tun_rx_batched.isra.54+0x4d8/0x9c0 drivers/net/tun.c:1543 tun_chr_write_iter+0xb7/0x1a0 drivers/net/tun.c:2007 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x443/0x890 fs/read_write.c:487 tun_get_user+0x2944/0x4ae0 drivers/net/tun.c:1974 vfs_write+0x150/0x4d0 fs/read_write.c:549 ksys_write+0x103/0x260 fs/read_write.c:599 __do_sys_write fs/read_write.c:611 [inline] __se_sys_write fs/read_write.c:608 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:608 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 tun_chr_write_iter+0xb7/0x1a0 drivers/net/tun.c:2007 entry_SYSCALL_64_after_hwframe+0x49/0xbe call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x443/0x890 fs/read_write.c:487 RIP: 0033:0x4641a9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007efcfa194198 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000d0d RCX: 00000000004641a9 RDX: 000000000000100c RSI: 0000000020000240 RDI: 0000000000000005 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 vfs_write+0x150/0x4d0 fs/read_write.c:549 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000053bf00 ksys_write+0x103/0x260 fs/read_write.c:599 R13: 00007efcfa1946bc R14: 00000000ffffffff R15: 0000000000000003 irq event stamp: 1577 hardirqs last enabled at (1576): [] console_unlock+0x660/0xde0 kernel/printk/printk.c:2489 hardirqs last disabled at (1577): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (1460): [] rcu_read_unlock include/linux/rcupdate.h:677 [inline] softirqs last enabled at (1460): [] tun_get_user+0x287c/0x4ae0 drivers/net/tun.c:1921 softirqs last disabled at (1462): [] tun_rx_batched.isra.54+0x439/0x9c0 drivers/net/tun.c:1570 __do_sys_write fs/read_write.c:611 [inline] __se_sys_write fs/read_write.c:608 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:608 ---[ end trace 7cac7f30aff70b35 ]--- do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 ------------[ cut here ]------------ entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4641a9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f344fbf5198 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000d0d RCX: 00000000004641a9 RDX: 000000000000100c RSI: 0000000020000240 RDI: 0000000000000005 WARNING: CPU: 1 PID: 7222 at net/ipv4/route.c:1240 ip_rt_bug+0x18/0x20 net/ipv4/route.c:1240 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 Modules linked in: R10: 0000000000000000 R11: 0000000000000246 R12: 000000000053bf00 R13: 00007f344fbf56bc R14: 00000000ffffffff R15: 0000000000000003 CPU: 1 PID: 7222 Comm: syz-executor.5 Tainted: G W 4.19.189-syzkaller #0 irq event stamp: 1363 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 hardirqs last enabled at (1362): [] console_unlock+0xb9f/0xde0 kernel/printk/printk.c:2464 hardirqs last disabled at (1363): [] trace_hardirqs_off_thunk+0x1a/0x1c RIP: 0010:ip_rt_bug+0x18/0x20 net/ipv4/route.c:1240 softirqs last enabled at (1234): [] rcu_read_unlock include/linux/rcupdate.h:677 [inline] softirqs last enabled at (1234): [] tun_get_user+0x287c/0x4ae0 drivers/net/tun.c:1921 softirqs last disabled at (1236): [] tun_rx_batched.isra.54+0x439/0x9c0 drivers/net/tun.c:1570 Code: 48 8b 45 d8 e9 ed fe ff ff 66 0f 1f 84 00 00 00 00 00 55 48 89 d7 48 89 e5 e8 74 ec a2 ff 48 c7 c7 c0 09 c7 87 e8 9a f1 16 01 <0f> 0b 31 c0 5d c3 66 90 48 b8 00 00 00 00 00 fc ff df 48 89 fa 55 ---[ end trace 7cac7f30aff70b36 ]--- RSP: 0018:ffff8881cd827110 EFLAGS: 00010282 RAX: 0000000000000024 RBX: ffff8881d9d7cd00 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8767ae60 RDI: ffffffff8a1889a0 RBP: ffff8881cd827110 R08: ffffed103ed25079 R09: ffffed103ed25078 R10: ffffed103ed25078 R11: ffff8881f69283c7 R12: ffff8881e7a8c1c0 R13: ffff8881d0c15900 R14: ffff8881d9d7cd58 R15: ffff8881cd8273d4 FS: 00007f8e62014700(0000) GS:ffff8881f6900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000002014f000 CR3: 00000001d82af001 CR4: 00000000001606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: dst_output include/net/dst.h:455 [inline] ip_local_out+0x74/0x130 net/ipv4/ip_output.c:125 ip_send_skb+0x36/0xa0 net/ipv4/ip_output.c:1447 ip_push_pending_frames+0x4d/0x70 net/ipv4/ip_output.c:1467 icmp_push_reply+0x383/0x610 net/ipv4/icmp.c:398 __icmp_send+0xbcd/0x18e0 net/ipv4/icmp.c:747 icmp_send include/net/icmp.h:47 [inline] ip_options_compile+0xad/0xc0 net/ipv4/ip_options.c:485 ------------[ cut here ]------------ ip_rcv_options net/ipv4/ip_input.c:282 [inline] ip_rcv_finish_core.isra.16+0x3b1/0x1830 net/ipv4/ip_input.c:356 WARNING: CPU: 0 PID: 7243 at net/ipv4/route.c:1240 ip_rt_bug+0x18/0x20 net/ipv4/route.c:1240 Modules linked in: ip_rcv_finish+0x104/0x270 net/ipv4/ip_input.c:412 CPU: 0 PID: 7243 Comm: syz-executor.3 Tainted: G W 4.19.189-syzkaller #0 NF_HOOK include/linux/netfilter.h:289 [inline] NF_HOOK include/linux/netfilter.h:283 [inline] ip_rcv+0xcb/0x2e0 net/ipv4/ip_input.c:524 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:ip_rt_bug+0x18/0x20 net/ipv4/route.c:1240 Code: 48 8b 45 d8 e9 ed fe ff ff 66 0f 1f 84 00 00 00 00 00 55 48 89 d7 48 89 e5 e8 74 ec a2 ff 48 c7 c7 c0 09 c7 87 e8 9a f1 16 01 <0f> 0b 31 c0 5d c3 66 90 48 b8 00 00 00 00 00 fc ff df 48 89 fa 55 RSP: 0018:ffff8881cdb07110 EFLAGS: 00010282 RAX: 0000000000000024 RBX: ffff8881d73c9d40 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8767ae60 RDI: ffffffff8a1889a0 __netif_receive_skb_one_core+0x112/0x1a0 net/core/dev.c:4954 RBP: ffff8881cdb07110 R08: ffffed103ed05079 R09: ffffed103ed05078 R10: ffffed103ed05078 R11: ffff8881f68283c7 R12: ffff8881d160c0c0 R13: ffff8881e7f8f240 R14: ffff8881d73c9d98 R15: ffff8881cdb073d4 FS: 00007f18b830a700(0000) GS:ffff8881f6800000(0000) knlGS:0000000000000000 __netif_receive_skb+0x1f/0x1b0 net/core/dev.c:5066 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000002014f000 CR3: 00000001d7f51005 CR4: 00000000001606f0 netif_receive_skb_internal+0xca/0x300 net/core/dev.c:5156 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: dst_output include/net/dst.h:455 [inline] ip_local_out+0x74/0x130 net/ipv4/ip_output.c:125 netif_receive_skb+0x3b/0x1e0 net/core/dev.c:5213 ip_send_skb+0x36/0xa0 net/ipv4/ip_output.c:1447 tun_rx_batched.isra.54+0x4d8/0x9c0 drivers/net/tun.c:1543 ip_push_pending_frames+0x4d/0x70 net/ipv4/ip_output.c:1467 icmp_push_reply+0x383/0x610 net/ipv4/icmp.c:398 __icmp_send+0xbcd/0x18e0 net/ipv4/icmp.c:747 tun_get_user+0x2944/0x4ae0 drivers/net/tun.c:1974 icmp_send include/net/icmp.h:47 [inline] ip_options_compile+0xad/0xc0 net/ipv4/ip_options.c:485 ip_rcv_options net/ipv4/ip_input.c:282 [inline] ip_rcv_finish_core.isra.16+0x3b1/0x1830 net/ipv4/ip_input.c:356 ip_rcv_finish+0x104/0x270 net/ipv4/ip_input.c:412 NF_HOOK include/linux/netfilter.h:289 [inline] NF_HOOK include/linux/netfilter.h:283 [inline] ip_rcv+0xcb/0x2e0 net/ipv4/ip_input.c:524 tun_chr_write_iter+0xb7/0x1a0 drivers/net/tun.c:2007 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x443/0x890 fs/read_write.c:487 __netif_receive_skb_one_core+0x112/0x1a0 net/core/dev.c:4954 vfs_write+0x150/0x4d0 fs/read_write.c:549 __netif_receive_skb+0x1f/0x1b0 net/core/dev.c:5066 ksys_write+0x103/0x260 fs/read_write.c:599 netif_receive_skb_internal+0xca/0x300 net/core/dev.c:5156 netif_receive_skb+0x3b/0x1e0 net/core/dev.c:5213 __do_sys_write fs/read_write.c:611 [inline] __se_sys_write fs/read_write.c:608 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:608 tun_rx_batched.isra.54+0x4d8/0x9c0 drivers/net/tun.c:1543 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4641a9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f8e62014198 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 tun_get_user+0x2944/0x4ae0 drivers/net/tun.c:1974 RAX: ffffffffffffffda RBX: 0000000000000d0d RCX: 00000000004641a9 RDX: 000000000000100c RSI: 0000000020000240 RDI: 0000000000000005 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000053bf00 R13: 00007f8e620146bc R14: 00000000ffffffff R15: 0000000000000003 irq event stamp: 1323 hardirqs last enabled at (1322): [] console_unlock+0xb9f/0xde0 kernel/printk/printk.c:2464 hardirqs last disabled at (1323): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (1208): [] rcu_read_unlock include/linux/rcupdate.h:677 [inline] softirqs last enabled at (1208): [] tun_get_user+0x287c/0x4ae0 drivers/net/tun.c:1921 softirqs last disabled at (1210): [] tun_rx_batched.isra.54+0x439/0x9c0 drivers/net/tun.c:1570 ---[ end trace 7cac7f30aff70b37 ]--- tun_chr_write_iter+0xb7/0x1a0 drivers/net/tun.c:2007 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x443/0x890 fs/read_write.c:487 vfs_write+0x150/0x4d0 fs/read_write.c:549 ksys_write+0x103/0x260 fs/read_write.c:599 __do_sys_write fs/read_write.c:611 [inline] __se_sys_write fs/read_write.c:608 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:608 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4641a9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f18b830a198 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000d0d RCX: 00000000004641a9 RDX: 000000000000100c RSI: 0000000020000240 RDI: 0000000000000005 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000053bf00 R13: 00007f18b830a6bc R14: 00000000ffffffff R15: 0000000000000003 irq event stamp: 1895 hardirqs last enabled at (1894): [] trace_hardirqs_on_thunk+0x1a/0x1c hardirqs last disabled at (1895): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (1792): [] rcu_read_unlock include/linux/rcupdate.h:677 [inline] softirqs last enabled at (1792): [] tun_get_user+0x287c/0x4ae0 drivers/net/tun.c:1921 softirqs last disabled at (1794): [] tun_rx_batched.isra.54+0x439/0x9c0 drivers/net/tun.c:1570 ---[ end trace 7cac7f30aff70b38 ]--- ------------[ cut here ]------------ WARNING: CPU: 1 PID: 7332 at net/ipv4/route.c:1240 ip_rt_bug+0x18/0x20 net/ipv4/route.c:1240 Modules linked in: CPU: 1 PID: 7332 Comm: syz-executor.3 Tainted: G W 4.19.189-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:ip_rt_bug+0x18/0x20 net/ipv4/route.c:1240 Code: 48 8b 45 d8 e9 ed fe ff ff 66 0f 1f 84 00 00 00 00 00 55 48 89 d7 48 89 e5 e8 74 ec a2 ff 48 c7 c7 c0 09 c7 87 e8 9a f1 16 01 <0f> 0b 31 c0 5d c3 66 90 48 b8 00 00 00 00 00 fc ff df 48 89 fa 55 ------------[ cut here ]------------ RSP: 0018:ffff8881d5737110 EFLAGS: 00010282 RAX: 0000000000000024 RBX: ffff8881d9cb4980 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8767ae60 RDI: ffffffff8a1889a0 RBP: ffff8881d5737110 R08: ffffed103ed25079 R09: ffffed103ed25078 R10: ffffed103ed25078 R11: ffff8881f69283c7 R12: ffff8881d160c0c0 R13: ffff8881e7f8ec80 R14: ffff8881d9cb49d8 R15: ffff8881d57373d4 FS: 00007f18b82e9700(0000) GS:ffff8881f6900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000a72672 CR3: 00000001d6d36004 CR4: 00000000001606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: dst_output include/net/dst.h:455 [inline] ip_local_out+0x74/0x130 net/ipv4/ip_output.c:125 ip_send_skb+0x36/0xa0 net/ipv4/ip_output.c:1447 WARNING: CPU: 0 PID: 7333 at net/ipv4/route.c:1240 ip_rt_bug+0x18/0x20 net/ipv4/route.c:1240 ip_push_pending_frames+0x4d/0x70 net/ipv4/ip_output.c:1467 Modules linked in: icmp_push_reply+0x383/0x610 net/ipv4/icmp.c:398 CPU: 0 PID: 7333 Comm: syz-executor.0 Tainted: G W 4.19.189-syzkaller #0 __icmp_send+0xbcd/0x18e0 net/ipv4/icmp.c:747 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:ip_rt_bug+0x18/0x20 net/ipv4/route.c:1240 Code: 48 8b 45 d8 e9 ed fe ff ff 66 0f 1f 84 00 00 00 00 00 55 48 89 d7 48 89 e5 e8 74 ec a2 ff 48 c7 c7 c0 09 c7 87 e8 9a f1 16 01 <0f> 0b 31 c0 5d c3 66 90 48 b8 00 00 00 00 00 fc ff df 48 89 fa 55 RSP: 0018:ffff8881cf427110 EFLAGS: 00010282 RAX: 0000000000000024 RBX: ffff8881cf603c80 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8767ae60 RDI: ffffffff8a1889a0 RBP: ffff8881cf427110 R08: ffffed103ed05079 R09: ffffed103ed05078 icmp_send include/net/icmp.h:47 [inline] ip_options_compile+0xad/0xc0 net/ipv4/ip_options.c:485 R10: ffffed103ed05078 R11: ffff8881f68283c7 R12: ffff8881e8444080 R13: ffff8881d1cecc40 R14: ffff8881cf603cd8 R15: ffff8881cf4273d4 FS: 00007efcfa173700(0000) GS:ffff8881f6800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000056438d839140 CR3: 00000001db56f004 CR4: 00000000001606f0 ip_rcv_options net/ipv4/ip_input.c:282 [inline] ip_rcv_finish_core.isra.16+0x3b1/0x1830 net/ipv4/ip_input.c:356 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ip_rcv_finish+0x104/0x270 net/ipv4/ip_input.c:412 Call Trace: NF_HOOK include/linux/netfilter.h:289 [inline] NF_HOOK include/linux/netfilter.h:283 [inline] ip_rcv+0xcb/0x2e0 net/ipv4/ip_input.c:524 dst_output include/net/dst.h:455 [inline] ip_local_out+0x74/0x130 net/ipv4/ip_output.c:125 ip_send_skb+0x36/0xa0 net/ipv4/ip_output.c:1447 ip_push_pending_frames+0x4d/0x70 net/ipv4/ip_output.c:1467 icmp_push_reply+0x383/0x610 net/ipv4/icmp.c:398 __icmp_send+0xbcd/0x18e0 net/ipv4/icmp.c:747 __netif_receive_skb_one_core+0x112/0x1a0 net/core/dev.c:4954 __netif_receive_skb+0x1f/0x1b0 net/core/dev.c:5066 netif_receive_skb_internal+0xca/0x300 net/core/dev.c:5156 icmp_send include/net/icmp.h:47 [inline] ip_options_compile+0xad/0xc0 net/ipv4/ip_options.c:485 netif_receive_skb+0x3b/0x1e0 net/core/dev.c:5213 tun_rx_batched.isra.54+0x4d8/0x9c0 drivers/net/tun.c:1543 ip_rcv_options net/ipv4/ip_input.c:282 [inline] ip_rcv_finish_core.isra.16+0x3b1/0x1830 net/ipv4/ip_input.c:356 ip_rcv_finish+0x104/0x270 net/ipv4/ip_input.c:412 NF_HOOK include/linux/netfilter.h:289 [inline] NF_HOOK include/linux/netfilter.h:283 [inline] ip_rcv+0xcb/0x2e0 net/ipv4/ip_input.c:524 tun_get_user+0x2944/0x4ae0 drivers/net/tun.c:1974 __netif_receive_skb_one_core+0x112/0x1a0 net/core/dev.c:4954 __netif_receive_skb+0x1f/0x1b0 net/core/dev.c:5066 netif_receive_skb_internal+0xca/0x300 net/core/dev.c:5156 tun_chr_write_iter+0xb7/0x1a0 drivers/net/tun.c:2007 netif_receive_skb+0x3b/0x1e0 net/core/dev.c:5213 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x443/0x890 fs/read_write.c:487 tun_rx_batched.isra.54+0x4d8/0x9c0 drivers/net/tun.c:1543 vfs_write+0x150/0x4d0 fs/read_write.c:549 tun_get_user+0x2944/0x4ae0 drivers/net/tun.c:1974 ksys_write+0x103/0x260 fs/read_write.c:599 __do_sys_write fs/read_write.c:611 [inline] __se_sys_write fs/read_write.c:608 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:608 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4641a9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f18b82e9198 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 tun_chr_write_iter+0xb7/0x1a0 drivers/net/tun.c:2007 RAX: ffffffffffffffda RBX: 0000000000000d0d RCX: 00000000004641a9 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x443/0x890 fs/read_write.c:487 RDX: 000000000000100c RSI: 0000000020000240 RDI: 0000000000000005 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000053bfa0 R13: 00007f18b82e96bc R14: 00000000ffffffff R15: 0000000000000003 irq event stamp: 1287 hardirqs last enabled at (1286): [] console_unlock+0x660/0xde0 kernel/printk/printk.c:2489 hardirqs last disabled at (1287): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (1168): [] rcu_read_unlock include/linux/rcupdate.h:677 [inline] softirqs last enabled at (1168): [] tun_get_user+0x287c/0x4ae0 drivers/net/tun.c:1921 softirqs last disabled at (1170): [] tun_rx_batched.isra.54+0x439/0x9c0 drivers/net/tun.c:1570 vfs_write+0x150/0x4d0 fs/read_write.c:549 ---[ end trace 7cac7f30aff70b39 ]--- ksys_write+0x103/0x260 fs/read_write.c:599 __do_sys_write fs/read_write.c:611 [inline] __se_sys_write fs/read_write.c:608 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:608 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4641a9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007efcfa173198 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000d0d RCX: 00000000004641a9 RDX: 000000000000100c RSI: 0000000020000240 RDI: 0000000000000005 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000053bfa0 R13: 00007efcfa1736bc R14: 00000000ffffffff R15: 0000000000000003 irq event stamp: 803 hardirqs last enabled at (802): [] trace_hardirqs_on_thunk+0x1a/0x1c hardirqs last disabled at (803): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (666): [] rcu_read_unlock include/linux/rcupdate.h:677 [inline] softirqs last enabled at (666): [] tun_get_user+0x287c/0x4ae0 drivers/net/tun.c:1921 softirqs last disabled at (668): [] tun_rx_batched.isra.54+0x439/0x9c0 drivers/net/tun.c:1570 ---[ end trace 7cac7f30aff70b3a ]--- ------------[ cut here ]------------ WARNING: CPU: 0 PID: 7515 at net/ipv4/route.c:1240 ip_rt_bug+0x18/0x20 net/ipv4/route.c:1240 Modules linked in: CPU: 0 PID: 7515 Comm: syz-executor.3 Tainted: G W 4.19.189-syzkaller #0 ------------[ cut here ]------------ Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 WARNING: CPU: 1 PID: 7522 at net/ipv4/route.c:1240 ip_rt_bug+0x18/0x20 net/ipv4/route.c:1240 RIP: 0010:ip_rt_bug+0x18/0x20 net/ipv4/route.c:1240 Modules linked in: Code: 48 8b 45 d8 e9 ed fe ff ff 66 0f 1f 84 00 00 00 00 00 55 48 89 d7 48 89 e5 e8 74 ec a2 ff 48 c7 c7 c0 09 c7 87 e8 9a f1 16 01 <0f> 0b 31 c0 5d c3 66 90 48 b8 00 00 00 00 00 fc ff df 48 89 fa 55 CPU: 1 PID: 7522 Comm: syz-executor.0 Tainted: G W 4.19.189-syzkaller #0 RSP: 0018:ffff8881d67bf110 EFLAGS: 00010282 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RAX: 0000000000000024 RBX: ffff8881f3671000 RCX: 0000000000000000 RIP: 0010:ip_rt_bug+0x18/0x20 net/ipv4/route.c:1240 RDX: 0000000000000000 RSI: ffffffff8767ae60 RDI: ffffffff8a1889a0 RBP: ffff8881d67bf110 R08: ffffed103ed05079 R09: ffffed103ed05078 Code: 48 8b 45 d8 e9 ed fe ff ff 66 0f 1f 84 00 00 00 00 00 55 48 89 d7 48 89 e5 e8 74 ec a2 ff 48 c7 c7 c0 09 c7 87 e8 9a f1 16 01 <0f> 0b 31 c0 5d c3 66 90 48 b8 00 00 00 00 00 fc ff df 48 89 fa 55 R10: ffffed103ed05078 R11: ffff8881f68283c7 R12: ffff8881d160c0c0 R13: ffff8881e7f8f240 R14: ffff8881f3671058 R15: ffff8881d67bf3d4 RSP: 0018:ffff8881deea7110 EFLAGS: 00010282 FS: 00007f18b830a700(0000) GS:ffff8881f6800000(0000) knlGS:0000000000000000 RAX: 0000000000000024 RBX: ffff8881ea43a500 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8767ae60 RDI: ffffffff8a1889a0 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 RBP: ffff8881deea7110 R08: ffffed103ed25079 R09: ffffed103ed25078 CR2: 000000002014f000 CR3: 00000001d8959006 CR4: 00000000001606f0 R10: ffffed103ed25078 R11: ffff8881f69283c7 R12: ffff8881e8444080 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 R13: ffff8881ea4b2080 R14: ffff8881ea43a558 R15: ffff8881deea73d4 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: FS: 00007efcfa194700(0000) GS:ffff8881f6900000(0000) knlGS:0000000000000000 dst_output include/net/dst.h:455 [inline] ip_local_out+0x74/0x130 net/ipv4/ip_output.c:125 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffc8787cb78 CR3: 00000001f5383004 CR4: 00000000001606e0 ip_send_skb+0x36/0xa0 net/ipv4/ip_output.c:1447 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 ip_push_pending_frames+0x4d/0x70 net/ipv4/ip_output.c:1467 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: icmp_push_reply+0x383/0x610 net/ipv4/icmp.c:398 dst_output include/net/dst.h:455 [inline] ip_local_out+0x74/0x130 net/ipv4/ip_output.c:125 __icmp_send+0xbcd/0x18e0 net/ipv4/icmp.c:747 ip_send_skb+0x36/0xa0 net/ipv4/ip_output.c:1447 ip_push_pending_frames+0x4d/0x70 net/ipv4/ip_output.c:1467 icmp_push_reply+0x383/0x610 net/ipv4/icmp.c:398 __icmp_send+0xbcd/0x18e0 net/ipv4/icmp.c:747 icmp_send include/net/icmp.h:47 [inline] ip_options_compile+0xad/0xc0 net/ipv4/ip_options.c:485 ip_rcv_options net/ipv4/ip_input.c:282 [inline] ip_rcv_finish_core.isra.16+0x3b1/0x1830 net/ipv4/ip_input.c:356 icmp_send include/net/icmp.h:47 [inline] ip_options_compile+0xad/0xc0 net/ipv4/ip_options.c:485 ip_rcv_finish+0x104/0x270 net/ipv4/ip_input.c:412 NF_HOOK include/linux/netfilter.h:289 [inline] NF_HOOK include/linux/netfilter.h:283 [inline] ip_rcv+0xcb/0x2e0 net/ipv4/ip_input.c:524 ip_rcv_options net/ipv4/ip_input.c:282 [inline] ip_rcv_finish_core.isra.16+0x3b1/0x1830 net/ipv4/ip_input.c:356 ip_rcv_finish+0x104/0x270 net/ipv4/ip_input.c:412 NF_HOOK include/linux/netfilter.h:289 [inline] NF_HOOK include/linux/netfilter.h:283 [inline] ip_rcv+0xcb/0x2e0 net/ipv4/ip_input.c:524 __netif_receive_skb_one_core+0x112/0x1a0 net/core/dev.c:4954 __netif_receive_skb+0x1f/0x1b0 net/core/dev.c:5066 __netif_receive_skb_one_core+0x112/0x1a0 net/core/dev.c:4954 netif_receive_skb_internal+0xca/0x300 net/core/dev.c:5156 __netif_receive_skb+0x1f/0x1b0 net/core/dev.c:5066 netif_receive_skb+0x3b/0x1e0 net/core/dev.c:5213 netif_receive_skb_internal+0xca/0x300 net/core/dev.c:5156 tun_rx_batched.isra.54+0x4d8/0x9c0 drivers/net/tun.c:1543 netif_receive_skb+0x3b/0x1e0 net/core/dev.c:5213 tun_rx_batched.isra.54+0x4d8/0x9c0 drivers/net/tun.c:1543 tun_get_user+0x2944/0x4ae0 drivers/net/tun.c:1974 tun_get_user+0x2944/0x4ae0 drivers/net/tun.c:1974 tun_chr_write_iter+0xb7/0x1a0 drivers/net/tun.c:2007 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x443/0x890 fs/read_write.c:487 tun_chr_write_iter+0xb7/0x1a0 drivers/net/tun.c:2007 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x443/0x890 fs/read_write.c:487 vfs_write+0x150/0x4d0 fs/read_write.c:549 ksys_write+0x103/0x260 fs/read_write.c:599 vfs_write+0x150/0x4d0 fs/read_write.c:549 ksys_write+0x103/0x260 fs/read_write.c:599 __do_sys_write fs/read_write.c:611 [inline] __se_sys_write fs/read_write.c:608 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:608 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe __do_sys_write fs/read_write.c:611 [inline] __se_sys_write fs/read_write.c:608 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:608 RIP: 0033:0x4641a9 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 entry_SYSCALL_64_after_hwframe+0x49/0xbe RSP: 002b:00007f18b830a198 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RIP: 0033:0x4641a9 RAX: ffffffffffffffda RBX: 0000000000000d0d RCX: 00000000004641a9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RDX: 000000000000100c RSI: 0000000020000240 RDI: 0000000000000005 RSP: 002b:00007efcfa194198 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 RAX: ffffffffffffffda RBX: 0000000000000d0d RCX: 00000000004641a9 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000053bf00 RDX: 000000000000100c RSI: 0000000020000240 RDI: 0000000000000005 R13: 00007f18b830a6bc R14: 00000000ffffffff R15: 0000000000000003 irq event stamp: 1273 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 hardirqs last enabled at (1272): [] console_unlock+0x660/0xde0 kernel/printk/printk.c:2489 hardirqs last disabled at (1273): [] trace_hardirqs_off_thunk+0x1a/0x1c R10: 0000000000000000 R11: 0000000000000246 R12: 000000000053bf00 softirqs last enabled at (1146): [] rcu_read_unlock include/linux/rcupdate.h:677 [inline] softirqs last enabled at (1146): [] tun_get_user+0x287c/0x4ae0 drivers/net/tun.c:1921 softirqs last disabled at (1148): [] tun_rx_batched.isra.54+0x439/0x9c0 drivers/net/tun.c:1570 R13: 00007efcfa1946bc R14: 00000000ffffffff R15: 0000000000000003 irq event stamp: 2017 ---[ end trace 7cac7f30aff70b3b ]--- hardirqs last enabled at (2016): [] trace_hardirqs_on_thunk+0x1a/0x1c hardirqs last disabled at (2017): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (1888): [] rcu_read_unlock include/linux/rcupdate.h:677 [inline] softirqs last enabled at (1888): [] tun_get_user+0x287c/0x4ae0 drivers/net/tun.c:1921 softirqs last disabled at (1890): [] tun_rx_batched.isra.54+0x439/0x9c0 drivers/net/tun.c:1570 ---[ end trace 7cac7f30aff70b3c ]--- ------------[ cut here ]------------ WARNING: CPU: 1 PID: 7580 at net/ipv4/route.c:1240 ip_rt_bug+0x18/0x20 net/ipv4/route.c:1240 ------------[ cut here ]------------ Modules linked in: WARNING: CPU: 0 PID: 7584 at net/ipv4/route.c:1240 ip_rt_bug+0x18/0x20 net/ipv4/route.c:1240 CPU: 1 PID: 7580 Comm: syz-executor.1 Tainted: G W 4.19.189-syzkaller #0 Modules linked in: Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 CPU: 0 PID: 7584 Comm: syz-executor.5 Tainted: G W 4.19.189-syzkaller #0 RIP: 0010:ip_rt_bug+0x18/0x20 net/ipv4/route.c:1240 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Code: 48 8b 45 d8 e9 ed fe ff ff 66 0f 1f 84 00 00 00 00 00 55 48 89 d7 48 89 e5 e8 74 ec a2 ff 48 c7 c7 c0 09 c7 87 e8 9a f1 16 01 <0f> 0b 31 c0 5d c3 66 90 48 b8 00 00 00 00 00 fc ff df 48 89 fa 55 RIP: 0010:ip_rt_bug+0x18/0x20 net/ipv4/route.c:1240 RSP: 0018:ffff8881ef3ff110 EFLAGS: 00010282 Code: 48 8b 45 d8 e9 ed fe ff ff 66 0f 1f 84 00 00 00 00 00 55 48 89 d7 48 89 e5 e8 74 ec a2 ff 48 c7 c7 c0 09 c7 87 e8 9a f1 16 01 <0f> 0b 31 c0 5d c3 66 90 48 b8 00 00 00 00 00 fc ff df 48 89 fa 55 RAX: 0000000000000024 RBX: ffff8881f0f5dd00 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8767ae60 RDI: ffffffff8a1889a0 RSP: 0018:ffff8881f3dbf110 EFLAGS: 00010282 RBP: ffff8881ef3ff110 R08: ffffed103ed25079 R09: ffffed103ed25078 R10: ffffed103ed25078 R11: ffff8881f69283c7 R12: ffff8881ed7d8140 RAX: 0000000000000024 RBX: ffff8881d707e6c0 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8767ae60 RDI: ffffffff8a1889a0 R13: ffff8881d107f2c0 R14: ffff8881f0f5dd58 R15: ffff8881ef3ff3d4 FS: 00007f43d4552700(0000) GS:ffff8881f6900000(0000) knlGS:0000000000000000 RBP: ffff8881f3dbf110 R08: ffffed103ed05079 R09: ffffed103ed05078 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 R10: ffffed103ed05078 R11: ffff8881f68283c7 R12: ffff8881e7a8c1c0 R13: ffff8881d107e180 R14: ffff8881d707e718 R15: ffff8881f3dbf3d4 CR2: 00007f2b973e638b CR3: 00000001d7599004 CR4: 00000000001606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 FS: 00007f8e62014700(0000) GS:ffff8881f6800000(0000) knlGS:0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000056438d837c80 CR3: 00000001f4df3002 CR4: 00000000001606f0 dst_output include/net/dst.h:455 [inline] ip_local_out+0x74/0x130 net/ipv4/ip_output.c:125 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 ip_send_skb+0x36/0xa0 net/ipv4/ip_output.c:1447 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ip_push_pending_frames+0x4d/0x70 net/ipv4/ip_output.c:1467 Call Trace: icmp_push_reply+0x383/0x610 net/ipv4/icmp.c:398 dst_output include/net/dst.h:455 [inline] ip_local_out+0x74/0x130 net/ipv4/ip_output.c:125 __icmp_send+0xbcd/0x18e0 net/ipv4/icmp.c:747 ip_send_skb+0x36/0xa0 net/ipv4/ip_output.c:1447 ip_push_pending_frames+0x4d/0x70 net/ipv4/ip_output.c:1467 icmp_push_reply+0x383/0x610 net/ipv4/icmp.c:398 __icmp_send+0xbcd/0x18e0 net/ipv4/icmp.c:747 icmp_send include/net/icmp.h:47 [inline] ip_options_compile+0xad/0xc0 net/ipv4/ip_options.c:485 ip_rcv_options net/ipv4/ip_input.c:282 [inline] ip_rcv_finish_core.isra.16+0x3b1/0x1830 net/ipv4/ip_input.c:356 icmp_send include/net/icmp.h:47 [inline] ip_options_compile+0xad/0xc0 net/ipv4/ip_options.c:485 ip_rcv_finish+0x104/0x270 net/ipv4/ip_input.c:412 NF_HOOK include/linux/netfilter.h:289 [inline] NF_HOOK include/linux/netfilter.h:283 [inline] ip_rcv+0xcb/0x2e0 net/ipv4/ip_input.c:524 ip_rcv_options net/ipv4/ip_input.c:282 [inline] ip_rcv_finish_core.isra.16+0x3b1/0x1830 net/ipv4/ip_input.c:356 ip_rcv_finish+0x104/0x270 net/ipv4/ip_input.c:412 NF_HOOK include/linux/netfilter.h:289 [inline] NF_HOOK include/linux/netfilter.h:283 [inline] ip_rcv+0xcb/0x2e0 net/ipv4/ip_input.c:524 __netif_receive_skb_one_core+0x112/0x1a0 net/core/dev.c:4954 __netif_receive_skb+0x1f/0x1b0 net/core/dev.c:5066 __netif_receive_skb_one_core+0x112/0x1a0 net/core/dev.c:4954 netif_receive_skb_internal+0xca/0x300 net/core/dev.c:5156 __netif_receive_skb+0x1f/0x1b0 net/core/dev.c:5066 netif_receive_skb+0x3b/0x1e0 net/core/dev.c:5213 netif_receive_skb_internal+0xca/0x300 net/core/dev.c:5156 tun_rx_batched.isra.54+0x4d8/0x9c0 drivers/net/tun.c:1543 netif_receive_skb+0x3b/0x1e0 net/core/dev.c:5213 tun_rx_batched.isra.54+0x4d8/0x9c0 drivers/net/tun.c:1543 tun_get_user+0x2944/0x4ae0 drivers/net/tun.c:1974 tun_get_user+0x2944/0x4ae0 drivers/net/tun.c:1974 tun_chr_write_iter+0xb7/0x1a0 drivers/net/tun.c:2007 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x443/0x890 fs/read_write.c:487 tun_chr_write_iter+0xb7/0x1a0 drivers/net/tun.c:2007 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x443/0x890 fs/read_write.c:487 vfs_write+0x150/0x4d0 fs/read_write.c:549 ksys_write+0x103/0x260 fs/read_write.c:599 vfs_write+0x150/0x4d0 fs/read_write.c:549 __do_sys_write fs/read_write.c:611 [inline] __se_sys_write fs/read_write.c:608 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:608 ksys_write+0x103/0x260 fs/read_write.c:599 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4641a9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 __do_sys_write fs/read_write.c:611 [inline] __se_sys_write fs/read_write.c:608 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:608 RSP: 002b:00007f43d4552198 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 RAX: ffffffffffffffda RBX: 0000000000000d0d RCX: 00000000004641a9 entry_SYSCALL_64_after_hwframe+0x49/0xbe RDX: 000000000000100c RSI: 0000000020000240 RDI: 0000000000000005 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 RIP: 0033:0x4641a9 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000053bf00 R13: 00007f43d45526bc R14: 00000000ffffffff R15: 0000000000000003 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 irq event stamp: 1227 RSP: 002b:00007f8e62014198 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 hardirqs last enabled at (1226): [] console_unlock+0x660/0xde0 kernel/printk/printk.c:2489 RAX: ffffffffffffffda RBX: 0000000000000d0d RCX: 00000000004641a9 hardirqs last disabled at (1227): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (1124): [] rcu_read_unlock include/linux/rcupdate.h:677 [inline] softirqs last enabled at (1124): [] tun_get_user+0x287c/0x4ae0 drivers/net/tun.c:1921 RDX: 000000000000100c RSI: 0000000020000240 RDI: 0000000000000005 softirqs last disabled at (1126): [] tun_rx_batched.isra.54+0x439/0x9c0 drivers/net/tun.c:1570 ---[ end trace 7cac7f30aff70b3d ]--- RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000053bf00 R13: 00007f8e620146bc R14: 00000000ffffffff R15: 0000000000000003 irq event stamp: 1237 hardirqs last enabled at (1236): [] trace_hardirqs_on_thunk+0x1a/0x1c hardirqs last disabled at (1237): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (1120): [] rcu_read_unlock include/linux/rcupdate.h:677 [inline] softirqs last enabled at (1120): [] tun_get_user+0x287c/0x4ae0 drivers/net/tun.c:1921 softirqs last disabled at (1122): [] tun_rx_batched.isra.54+0x439/0x9c0 drivers/net/tun.c:1570 ---[ end trace 7cac7f30aff70b3e ]---