bisecting fixing commit since dda0e2920330128e0dbdeb11c8f25031aa40b11c building syzkaller on 5ed396e666c7826bed46f06c4db1409376691fed testing commit dda0e2920330128e0dbdeb11c8f25031aa40b11c compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: e2fb5fa6b53ade67f065b41f83f6622531abc0fa48f8de6dc9050669401a6984 run #0: crashed: WARNING in ip_rt_bug run #1: crashed: WARNING in ip_rt_bug run #2: crashed: WARNING in ip_rt_bug run #3: crashed: WARNING in ip_rt_bug run #4: crashed: WARNING in ip_rt_bug run #5: crashed: WARNING in ip_rt_bug run #6: crashed: WARNING in ip_rt_bug run #7: crashed: WARNING in ip_rt_bug run #8: crashed: WARNING in ip_rt_bug run #9: crashed: WARNING in ip_rt_bug run #10: crashed: WARNING in ip_rt_bug run #11: crashed: WARNING in ip_rt_bug run #12: crashed: WARNING in ip_rt_bug run #13: crashed: WARNING in corrupted run #14: crashed: WARNING in ip_rt_bug run #15: crashed: WARNING in ip_rt_bug run #16: crashed: WARNING in ip_rt_bug run #17: crashed: WARNING in ip_rt_bug run #18: crashed: WARNING in ip_rt_bug run #19: crashed: WARNING in ip_rt_bug testing current HEAD c2276d585654e8d573366c29c565043ec36adf63 testing commit c2276d585654e8d573366c29c565043ec36adf63 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: d5ca66f55f73153a2d65f2aee094a0e1d828afa3cd6dfd14edf1e92e6c7db0de all runs: crashed: WARNING in ip_rt_bug revisions tested: 2, total time: 31m11.990031686s (build: 23m6.145582667s, test: 6m20.126871241s) the crash still happens on HEAD commit msg: Linux 4.19.208 crash: WARNING in ip_rt_bug batman_adv: batadv0: Interface activated: batadv_slave_1 IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready syz-executor.1 uses obsolete (PF_INET,SOCK_PACKET) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 7164 at net/ipv4/route.c:1261 ip_rt_bug+0x18/0x20 net/ipv4/route.c:1261 Modules linked in: CPU: 1 PID: 7164 Comm: syz-executor.1 Not tainted 4.19.208-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:ip_rt_bug+0x18/0x20 net/ipv4/route.c:1261 Code: 48 8b 45 d8 e9 ed fe ff ff 66 0f 1f 84 00 00 00 00 00 55 48 89 d7 48 89 e5 e8 b4 d6 a2 ff 48 c7 c7 80 4f c7 87 e8 c3 5b 17 01 <0f> 0b 31 c0 5d c3 66 90 48 b8 00 00 00 00 00 fc ff df 48 89 fa 55 RSP: 0018:ffff8881dd97f100 EFLAGS: 00010286 RAX: 0000000000000024 RBX: ffff8881ddf48a40 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8767b5c0 RDI: ffffffff8a1899a0 RBP: ffff8881dd97f100 R08: ffffed103ed25089 R09: ffffed103ed25088 R10: ffffed103ed25088 R11: ffff8881f6928447 R12: ffff8881ee7f00c0 R13: ffff8881eea586c0 R14: ffff8881ddf48a98 R15: ffff8881dd97f3c4 FS: 00007f643bf0f700(0000) GS:ffff8881f6900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007efe0d8f8028 CR3: 00000001ddf3c003 CR4: 00000000003606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: dst_output include/net/dst.h:455 [inline] ip_local_out+0x74/0x130 net/ipv4/ip_output.c:125 ip_send_skb+0x36/0xa0 net/ipv4/ip_output.c:1452 ip_push_pending_frames+0x4d/0x70 net/ipv4/ip_output.c:1472 icmp_push_reply+0x383/0x610 net/ipv4/icmp.c:398 __icmp_send+0xbe1/0x18f0 net/ipv4/icmp.c:773 ------------[ cut here ]------------ WARNING: CPU: 0 PID: 7204 at net/ipv4/route.c:1261 ip_rt_bug+0x18/0x20 net/ipv4/route.c:1261 Modules linked in: CPU: 0 PID: 7204 Comm: syz-executor.2 Not tainted 4.19.208-syzkaller #0 icmp_send include/net/icmp.h:47 [inline] ip_options_compile+0xad/0xc0 net/ipv4/ip_options.c:485 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:ip_rt_bug+0x18/0x20 net/ipv4/route.c:1261 Code: 48 8b 45 d8 e9 ed fe ff ff 66 0f 1f 84 00 00 00 00 00 55 48 89 d7 48 89 e5 e8 b4 d6 a2 ff 48 c7 c7 80 4f c7 87 e8 c3 5b 17 01 <0f> 0b 31 c0 5d c3 66 90 48 b8 00 00 00 00 00 fc ff df 48 89 fa 55 ip_rcv_options net/ipv4/ip_input.c:282 [inline] ip_rcv_finish_core.isra.16+0x3b1/0x1830 net/ipv4/ip_input.c:356 RSP: 0018:ffff8881de6f7100 EFLAGS: 00010286 RAX: 0000000000000024 RBX: ffff8881dd3366c0 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8767b5c0 RDI: ffffffff8a1899a0 ip_rcv_finish+0x104/0x270 net/ipv4/ip_input.c:412 RBP: ffff8881de6f7100 R08: ffffed103ed05089 R09: ffffed103ed05088 R10: ffffed103ed05088 R11: ffff8881f6828447 R12: ffff8881ee2f0080 NF_HOOK include/linux/netfilter.h:289 [inline] NF_HOOK include/linux/netfilter.h:283 [inline] ip_rcv+0xcb/0x2e0 net/ipv4/ip_input.c:524 R13: ffff8881eee3f200 R14: ffff8881dd336718 R15: ffff8881de6f73c4 FS: 00007fca61528700(0000) GS:ffff8881f6800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005646fe148140 CR3: 00000001dd83c002 CR4: 00000000003606f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 __netif_receive_skb_one_core+0x112/0x1a0 net/core/dev.c:4954 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: dst_output include/net/dst.h:455 [inline] ip_local_out+0x74/0x130 net/ipv4/ip_output.c:125 __netif_receive_skb+0x1f/0x1b0 net/core/dev.c:5066 ip_send_skb+0x36/0xa0 net/ipv4/ip_output.c:1452 netif_receive_skb_internal+0xca/0x300 net/core/dev.c:5156 ip_push_pending_frames+0x4d/0x70 net/ipv4/ip_output.c:1472 icmp_push_reply+0x383/0x610 net/ipv4/icmp.c:398 __icmp_send+0xbe1/0x18f0 net/ipv4/icmp.c:773 netif_receive_skb+0x3b/0x1e0 net/core/dev.c:5213 tun_rx_batched.isra.53+0x4d6/0xab0 drivers/net/tun.c:1543 icmp_send include/net/icmp.h:47 [inline] ip_options_compile+0xad/0xc0 net/ipv4/ip_options.c:485 tun_get_user+0x2a05/0x4ef0 drivers/net/tun.c:1974 ip_rcv_options net/ipv4/ip_input.c:282 [inline] ip_rcv_finish_core.isra.16+0x3b1/0x1830 net/ipv4/ip_input.c:356 ip_rcv_finish+0x104/0x270 net/ipv4/ip_input.c:412 NF_HOOK include/linux/netfilter.h:289 [inline] NF_HOOK include/linux/netfilter.h:283 [inline] ip_rcv+0xcb/0x2e0 net/ipv4/ip_input.c:524 tun_chr_write_iter+0xb7/0x1a0 drivers/net/tun.c:2007 __netif_receive_skb_one_core+0x112/0x1a0 net/core/dev.c:4954 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x443/0x890 fs/read_write.c:487 __netif_receive_skb+0x1f/0x1b0 net/core/dev.c:5066 netif_receive_skb_internal+0xca/0x300 net/core/dev.c:5156 vfs_write+0x150/0x4d0 fs/read_write.c:549 ksys_write+0x103/0x260 fs/read_write.c:599 netif_receive_skb+0x3b/0x1e0 net/core/dev.c:5213 tun_rx_batched.isra.53+0x4d6/0xab0 drivers/net/tun.c:1543 __do_sys_write fs/read_write.c:611 [inline] __se_sys_write fs/read_write.c:608 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:608 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe tun_get_user+0x2a05/0x4ef0 drivers/net/tun.c:1974 RIP: 0033:0x4641a9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f643bf0f198 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000d0d RCX: 00000000004641a9 RDX: 000000000000100c RSI: 0000000020000240 RDI: 0000000000000005 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000053bf00 R13: 00007f643bf0f6bc R14: 00000000ffffffff R15: 0000000000000003 irq event stamp: 1719 hardirqs last enabled at (1718): [] console_unlock+0x660/0xde0 kernel/printk/printk.c:2489 hardirqs last disabled at (1719): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (1540): [] rcu_read_unlock include/linux/rcupdate.h:677 [inline] softirqs last enabled at (1540): [] tun_get_user+0x293d/0x4ef0 drivers/net/tun.c:1921 softirqs last disabled at (1542): [] tun_rx_batched.isra.53+0x437/0xab0 drivers/net/tun.c:1570 ---[ end trace a5da6d0afcc012b1 ]--- tun_chr_write_iter+0xb7/0x1a0 drivers/net/tun.c:2007 ------------[ cut here ]------------ call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x443/0x890 fs/read_write.c:487 WARNING: CPU: 1 PID: 7209 at net/ipv4/route.c:1261 ip_rt_bug+0x18/0x20 net/ipv4/route.c:1261 vfs_write+0x150/0x4d0 fs/read_write.c:549 Modules linked in: ksys_write+0x103/0x260 fs/read_write.c:599 CPU: 1 PID: 7209 Comm: syz-executor.0 Tainted: G W 4.19.208-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:ip_rt_bug+0x18/0x20 net/ipv4/route.c:1261 Code: 48 8b 45 d8 e9 ed fe ff ff 66 0f 1f 84 00 00 00 00 00 55 48 89 d7 48 89 e5 e8 b4 d6 a2 ff 48 c7 c7 80 4f c7 87 e8 c3 5b 17 01 <0f> 0b 31 c0 5d c3 66 90 48 b8 00 00 00 00 00 fc ff df 48 89 fa 55 __do_sys_write fs/read_write.c:611 [inline] __se_sys_write fs/read_write.c:608 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:608 RSP: 0018:ffff8881dd41f100 EFLAGS: 00010286 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 RAX: 0000000000000024 RBX: ffff8881e284a8c0 RCX: 0000000000000000 entry_SYSCALL_64_after_hwframe+0x49/0xbe RDX: 0000000000000000 RSI: ffffffff8767b5c0 RDI: ffffffff8a1899a0 RBP: ffff8881dd41f100 R08: ffffed103ed25089 R09: ffffed103ed25088 RIP: 0033:0x4641a9 R10: ffffed103ed25088 R11: ffff8881f6928447 R12: ffff8881ee014100 R13: ffff8881ee5cf280 R14: ffff8881e284a918 R15: ffff8881dd41f3c4 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 FS: 00007fa0ee5a0700(0000) GS:ffff8881f6900000(0000) knlGS:0000000000000000 RSP: 002b:00007fca61528198 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 RAX: ffffffffffffffda RBX: 0000000000000d0d RCX: 00000000004641a9 CR2: 00007fff471aff40 CR3: 00000001ddb69004 CR4: 00000000003606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 RDX: 000000000000100c RSI: 0000000020000240 RDI: 0000000000000005 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000053bf00 R13: 00007fca615286bc R14: 00000000ffffffff R15: 0000000000000003 Call Trace: irq event stamp: 1465 dst_output include/net/dst.h:455 [inline] ip_local_out+0x74/0x130 net/ipv4/ip_output.c:125 hardirqs last enabled at (1464): [] trace_hardirqs_on_thunk+0x1a/0x1c hardirqs last disabled at (1465): [] trace_hardirqs_off_thunk+0x1a/0x1c ip_send_skb+0x36/0xa0 net/ipv4/ip_output.c:1452 softirqs last enabled at (1348): [] rcu_read_unlock include/linux/rcupdate.h:677 [inline] softirqs last enabled at (1348): [] tun_get_user+0x293d/0x4ef0 drivers/net/tun.c:1921 ip_push_pending_frames+0x4d/0x70 net/ipv4/ip_output.c:1472 softirqs last disabled at (1350): [] tun_rx_batched.isra.53+0x437/0xab0 drivers/net/tun.c:1570 icmp_push_reply+0x383/0x610 net/ipv4/icmp.c:398 ---[ end trace a5da6d0afcc012b2 ]--- __icmp_send+0xbe1/0x18f0 net/ipv4/icmp.c:773 icmp_send include/net/icmp.h:47 [inline] ip_options_compile+0xad/0xc0 net/ipv4/ip_options.c:485 ip_rcv_options net/ipv4/ip_input.c:282 [inline] ip_rcv_finish_core.isra.16+0x3b1/0x1830 net/ipv4/ip_input.c:356 ip_rcv_finish+0x104/0x270 net/ipv4/ip_input.c:412 NF_HOOK include/linux/netfilter.h:289 [inline] NF_HOOK include/linux/netfilter.h:283 [inline] ip_rcv+0xcb/0x2e0 net/ipv4/ip_input.c:524 ------------[ cut here ]------------ __netif_receive_skb_one_core+0x112/0x1a0 net/core/dev.c:4954 __netif_receive_skb+0x1f/0x1b0 net/core/dev.c:5066 netif_receive_skb_internal+0xca/0x300 net/core/dev.c:5156 netif_receive_skb+0x3b/0x1e0 net/core/dev.c:5213 tun_rx_batched.isra.53+0x4d6/0xab0 drivers/net/tun.c:1543 WARNING: CPU: 0 PID: 7221 at net/ipv4/route.c:1261 ip_rt_bug+0x18/0x20 net/ipv4/route.c:1261 Modules linked in: CPU: 0 PID: 7221 Comm: syz-executor.5 Tainted: G W 4.19.208-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:ip_rt_bug+0x18/0x20 net/ipv4/route.c:1261 Code: 48 8b 45 d8 e9 ed fe ff ff 66 0f 1f 84 00 00 00 00 00 55 48 89 d7 48 89 e5 e8 b4 d6 a2 ff 48 c7 c7 80 4f c7 87 e8 c3 5b 17 01 <0f> 0b 31 c0 5d c3 66 90 48 b8 00 00 00 00 00 fc ff df 48 89 fa 55 tun_get_user+0x2a05/0x4ef0 drivers/net/tun.c:1974 RSP: 0018:ffff8881cf677100 EFLAGS: 00010286 RAX: 0000000000000024 RBX: ffff8881dcdf6d00 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8767b5c0 RDI: ffffffff8a1899a0 RBP: ffff8881cf677100 R08: ffffed103ed05089 R09: ffffed103ed05088 R10: ffffed103ed05088 R11: ffff8881f6828447 R12: ffff8881d854c1c0 R13: ffff8881edff0740 R14: ffff8881dcdf6d58 R15: ffff8881cf6773c4 FS: 00007f4485572700(0000) GS:ffff8881f6800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005646fe148140 CR3: 00000001dc976001 CR4: 00000000003606f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 tun_chr_write_iter+0xb7/0x1a0 drivers/net/tun.c:2007 Call Trace: call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x443/0x890 fs/read_write.c:487 dst_output include/net/dst.h:455 [inline] ip_local_out+0x74/0x130 net/ipv4/ip_output.c:125 ip_send_skb+0x36/0xa0 net/ipv4/ip_output.c:1452 ip_push_pending_frames+0x4d/0x70 net/ipv4/ip_output.c:1472 icmp_push_reply+0x383/0x610 net/ipv4/icmp.c:398 __icmp_send+0xbe1/0x18f0 net/ipv4/icmp.c:773 vfs_write+0x150/0x4d0 fs/read_write.c:549 ksys_write+0x103/0x260 fs/read_write.c:599 __do_sys_write fs/read_write.c:611 [inline] __se_sys_write fs/read_write.c:608 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:608 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 icmp_send include/net/icmp.h:47 [inline] ip_options_compile+0xad/0xc0 net/ipv4/ip_options.c:485 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4641a9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 ip_rcv_options net/ipv4/ip_input.c:282 [inline] ip_rcv_finish_core.isra.16+0x3b1/0x1830 net/ipv4/ip_input.c:356 RSP: 002b:00007fa0ee5a0198 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000d0d RCX: 00000000004641a9 RDX: 000000000000100c RSI: 0000000020000240 RDI: 0000000000000005 ip_rcv_finish+0x104/0x270 net/ipv4/ip_input.c:412 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000053bf00 NF_HOOK include/linux/netfilter.h:289 [inline] NF_HOOK include/linux/netfilter.h:283 [inline] ip_rcv+0xcb/0x2e0 net/ipv4/ip_input.c:524 R13: 00007fa0ee5a06bc R14: 00000000ffffffff R15: 0000000000000003 irq event stamp: 1351 hardirqs last enabled at (1350): [] console_unlock+0xb9f/0xde0 kernel/printk/printk.c:2464 hardirqs last disabled at (1351): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (1236): [] rcu_read_unlock include/linux/rcupdate.h:677 [inline] softirqs last enabled at (1236): [] tun_get_user+0x293d/0x4ef0 drivers/net/tun.c:1921 __netif_receive_skb_one_core+0x112/0x1a0 net/core/dev.c:4954 softirqs last disabled at (1238): [] tun_rx_batched.isra.53+0x437/0xab0 drivers/net/tun.c:1570 ---[ end trace a5da6d0afcc012b3 ]--- __netif_receive_skb+0x1f/0x1b0 net/core/dev.c:5066 netif_receive_skb_internal+0xca/0x300 net/core/dev.c:5156 netif_receive_skb+0x3b/0x1e0 net/core/dev.c:5213 tun_rx_batched.isra.53+0x4d6/0xab0 drivers/net/tun.c:1543 ------------[ cut here ]------------ WARNING: CPU: 1 PID: 7235 at net/ipv4/route.c:1261 ip_rt_bug+0x18/0x20 net/ipv4/route.c:1261 Modules linked in: tun_get_user+0x2a05/0x4ef0 drivers/net/tun.c:1974 CPU: 1 PID: 7235 Comm: syz-executor.4 Tainted: G W 4.19.208-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:ip_rt_bug+0x18/0x20 net/ipv4/route.c:1261 Code: 48 8b 45 d8 e9 ed fe ff ff 66 0f 1f 84 00 00 00 00 00 55 48 89 d7 48 89 e5 e8 b4 d6 a2 ff 48 c7 c7 80 4f c7 87 e8 c3 5b 17 01 <0f> 0b 31 c0 5d c3 66 90 48 b8 00 00 00 00 00 fc ff df 48 89 fa 55 RSP: 0018:ffff8881cefaf100 EFLAGS: 00010286 RAX: 0000000000000024 RBX: ffff8881dbd216c0 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8767b5c0 RDI: ffffffff8a1899a0 RBP: ffff8881cefaf100 R08: ffffed103ed25089 R09: ffffed103ed25088 R10: ffffed103ed25088 R11: ffff8881f6928447 R12: ffff8881edf14180 R13: ffff8881ee170d40 R14: ffff8881dbd21718 R15: ffff8881cefaf3c4 FS: 00007f8fb4e76700(0000) GS:ffff8881f6900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 tun_chr_write_iter+0xb7/0x1a0 drivers/net/tun.c:2007 CR2: 00007fc0c2b2cf80 CR3: 00000001dc0f9001 CR4: 00000000003606e0 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x443/0x890 fs/read_write.c:487 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: dst_output include/net/dst.h:455 [inline] ip_local_out+0x74/0x130 net/ipv4/ip_output.c:125 ip_send_skb+0x36/0xa0 net/ipv4/ip_output.c:1452 vfs_write+0x150/0x4d0 fs/read_write.c:549 ip_push_pending_frames+0x4d/0x70 net/ipv4/ip_output.c:1472 ksys_write+0x103/0x260 fs/read_write.c:599 icmp_push_reply+0x383/0x610 net/ipv4/icmp.c:398 __icmp_send+0xbe1/0x18f0 net/ipv4/icmp.c:773 __do_sys_write fs/read_write.c:611 [inline] __se_sys_write fs/read_write.c:608 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:608 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4641a9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 icmp_send include/net/icmp.h:47 [inline] ip_options_compile+0xad/0xc0 net/ipv4/ip_options.c:485 RSP: 002b:00007f4485572198 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000d0d RCX: 00000000004641a9 RDX: 000000000000100c RSI: 0000000020000240 RDI: 0000000000000005 ip_rcv_options net/ipv4/ip_input.c:282 [inline] ip_rcv_finish_core.isra.16+0x3b1/0x1830 net/ipv4/ip_input.c:356 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000053bf00 ip_rcv_finish+0x104/0x270 net/ipv4/ip_input.c:412 R13: 00007f44855726bc R14: 00000000ffffffff R15: 0000000000000003 irq event stamp: 1317 NF_HOOK include/linux/netfilter.h:289 [inline] NF_HOOK include/linux/netfilter.h:283 [inline] ip_rcv+0xcb/0x2e0 net/ipv4/ip_input.c:524 hardirqs last enabled at (1316): [] console_unlock+0xb9f/0xde0 kernel/printk/printk.c:2464 hardirqs last disabled at (1317): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (1202): [] rcu_read_unlock include/linux/rcupdate.h:677 [inline] softirqs last enabled at (1202): [] tun_get_user+0x293d/0x4ef0 drivers/net/tun.c:1921 softirqs last disabled at (1204): [] tun_rx_batched.isra.53+0x437/0xab0 drivers/net/tun.c:1570 ---[ end trace a5da6d0afcc012b4 ]--- __netif_receive_skb_one_core+0x112/0x1a0 net/core/dev.c:4954 __netif_receive_skb+0x1f/0x1b0 net/core/dev.c:5066 netif_receive_skb_internal+0xca/0x300 net/core/dev.c:5156 netif_receive_skb+0x3b/0x1e0 net/core/dev.c:5213 tun_rx_batched.isra.53+0x4d6/0xab0 drivers/net/tun.c:1543 tun_get_user+0x2a05/0x4ef0 drivers/net/tun.c:1974 tun_chr_write_iter+0xb7/0x1a0 drivers/net/tun.c:2007 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x443/0x890 fs/read_write.c:487 vfs_write+0x150/0x4d0 fs/read_write.c:549 ksys_write+0x103/0x260 fs/read_write.c:599 __do_sys_write fs/read_write.c:611 [inline] __se_sys_write fs/read_write.c:608 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:608 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4641a9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f8fb4e76198 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000d0d RCX: 00000000004641a9 RDX: 000000000000100c RSI: 0000000020000240 RDI: 0000000000000005 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000053bf00 R13: 00007f8fb4e766bc R14: 00000000ffffffff R15: 0000000000000003 irq event stamp: 1373 hardirqs last enabled at (1372): [] console_unlock+0xb9f/0xde0 kernel/printk/printk.c:2464 hardirqs last disabled at (1373): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (1258): [] rcu_read_unlock include/linux/rcupdate.h:677 [inline] softirqs last enabled at (1258): [] tun_get_user+0x293d/0x4ef0 drivers/net/tun.c:1921 softirqs last disabled at (1260): [] tun_rx_batched.isra.53+0x437/0xab0 drivers/net/tun.c:1570 ---[ end trace a5da6d0afcc012b5 ]--- ------------[ cut here ]------------ ------------[ cut here ]------------ WARNING: CPU: 1 PID: 7252 at net/ipv4/route.c:1261 ip_rt_bug+0x18/0x20 net/ipv4/route.c:1261 WARNING: CPU: 0 PID: 7253 at net/ipv4/route.c:1261 ip_rt_bug+0x18/0x20 net/ipv4/route.c:1261 Modules linked in: Modules linked in: CPU: 1 PID: 7252 Comm: syz-executor.4 Tainted: G W 4.19.208-syzkaller #0 CPU: 0 PID: 7253 Comm: syz-executor.5 Tainted: G W 4.19.208-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:ip_rt_bug+0x18/0x20 net/ipv4/route.c:1261 RIP: 0010:ip_rt_bug+0x18/0x20 net/ipv4/route.c:1261 Code: 48 8b 45 d8 e9 ed fe ff ff 66 0f 1f 84 00 00 00 00 00 55 48 89 d7 48 89 e5 e8 b4 d6 a2 ff 48 c7 c7 80 4f c7 87 e8 c3 5b 17 01 <0f> 0b 31 c0 5d c3 66 90 48 b8 00 00 00 00 00 fc ff df 48 89 fa 55 Code: 48 8b 45 d8 e9 ed fe ff ff 66 0f 1f 84 00 00 00 00 00 55 48 89 d7 48 89 e5 e8 b4 d6 a2 ff 48 c7 c7 80 4f c7 87 e8 c3 5b 17 01 <0f> 0b 31 c0 5d c3 66 90 48 b8 00 00 00 00 00 fc ff df 48 89 fa 55 RSP: 0018:ffff8881dd41f100 EFLAGS: 00010286 RSP: 0018:ffff8881dfa7f100 EFLAGS: 00010286 RAX: 0000000000000024 RBX: ffff8881e8cb97c0 RCX: 0000000000000000 RAX: 0000000000000024 RBX: ffff8881dae41140 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8767b5c0 RDI: ffffffff8a1899a0 RBP: ffff8881dd41f100 R08: ffffed103ed05089 R09: ffffed103ed05088 RDX: 0000000000000000 RSI: ffffffff8767b5c0 RDI: ffffffff8a1899a0 RBP: ffff8881dfa7f100 R08: ffffed103ed25089 R09: ffffed103ed25088 R10: ffffed103ed05088 R11: ffff8881f6828447 R12: ffff8881d854c1c0 R13: ffff8881edff0740 R14: ffff8881e8cb9818 R15: ffff8881dd41f3c4 R10: ffffed103ed25088 R11: ffff8881f6928447 R12: ffff8881edf14180 R13: ffff8881ee170d40 R14: ffff8881dae41198 R15: ffff8881dfa7f3c4 FS: 00007f4485551700(0000) GS:ffff8881f6800000(0000) knlGS:0000000000000000 FS: 00007f8fb4e55700(0000) GS:ffff8881f6900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffe48192dd7 CR3: 00000001dc976006 CR4: 00000000003606f0 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000540000 CR3: 00000001dc0f9003 CR4: 00000000003606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: dst_output include/net/dst.h:455 [inline] ip_local_out+0x74/0x130 net/ipv4/ip_output.c:125 dst_output include/net/dst.h:455 [inline] ip_local_out+0x74/0x130 net/ipv4/ip_output.c:125 ip_send_skb+0x36/0xa0 net/ipv4/ip_output.c:1452 ip_send_skb+0x36/0xa0 net/ipv4/ip_output.c:1452 ip_push_pending_frames+0x4d/0x70 net/ipv4/ip_output.c:1472 ip_push_pending_frames+0x4d/0x70 net/ipv4/ip_output.c:1472 icmp_push_reply+0x383/0x610 net/ipv4/icmp.c:398 icmp_push_reply+0x383/0x610 net/ipv4/icmp.c:398 __icmp_send+0xbe1/0x18f0 net/ipv4/icmp.c:773 __icmp_send+0xbe1/0x18f0 net/ipv4/icmp.c:773 icmp_send include/net/icmp.h:47 [inline] ip_options_compile+0xad/0xc0 net/ipv4/ip_options.c:485 icmp_send include/net/icmp.h:47 [inline] ip_options_compile+0xad/0xc0 net/ipv4/ip_options.c:485 ip_rcv_options net/ipv4/ip_input.c:282 [inline] ip_rcv_finish_core.isra.16+0x3b1/0x1830 net/ipv4/ip_input.c:356 ip_rcv_options net/ipv4/ip_input.c:282 [inline] ip_rcv_finish_core.isra.16+0x3b1/0x1830 net/ipv4/ip_input.c:356 ip_rcv_finish+0x104/0x270 net/ipv4/ip_input.c:412 ip_rcv_finish+0x104/0x270 net/ipv4/ip_input.c:412 NF_HOOK include/linux/netfilter.h:289 [inline] NF_HOOK include/linux/netfilter.h:283 [inline] ip_rcv+0xcb/0x2e0 net/ipv4/ip_input.c:524 NF_HOOK include/linux/netfilter.h:289 [inline] NF_HOOK include/linux/netfilter.h:283 [inline] ip_rcv+0xcb/0x2e0 net/ipv4/ip_input.c:524 __netif_receive_skb_one_core+0x112/0x1a0 net/core/dev.c:4954 __netif_receive_skb_one_core+0x112/0x1a0 net/core/dev.c:4954 __netif_receive_skb+0x1f/0x1b0 net/core/dev.c:5066 __netif_receive_skb+0x1f/0x1b0 net/core/dev.c:5066 netif_receive_skb_internal+0xca/0x300 net/core/dev.c:5156 netif_receive_skb_internal+0xca/0x300 net/core/dev.c:5156 netif_receive_skb+0x3b/0x1e0 net/core/dev.c:5213 netif_receive_skb+0x3b/0x1e0 net/core/dev.c:5213 tun_rx_batched.isra.53+0x4d6/0xab0 drivers/net/tun.c:1543 tun_rx_batched.isra.53+0x4d6/0xab0 drivers/net/tun.c:1543 tun_get_user+0x2a05/0x4ef0 drivers/net/tun.c:1974 tun_get_user+0x2a05/0x4ef0 drivers/net/tun.c:1974 tun_chr_write_iter+0xb7/0x1a0 drivers/net/tun.c:2007 tun_chr_write_iter+0xb7/0x1a0 drivers/net/tun.c:2007 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x443/0x890 fs/read_write.c:487 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x443/0x890 fs/read_write.c:487 vfs_write+0x150/0x4d0 fs/read_write.c:549 vfs_write+0x150/0x4d0 fs/read_write.c:549 ksys_write+0x103/0x260 fs/read_write.c:599 ksys_write+0x103/0x260 fs/read_write.c:599 __do_sys_write fs/read_write.c:611 [inline] __se_sys_write fs/read_write.c:608 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:608 __do_sys_write fs/read_write.c:611 [inline] __se_sys_write fs/read_write.c:608 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:608 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4641a9 RIP: 0033:0x4641a9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f4485551198 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RSP: 002b:00007f8fb4e55198 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000d0d RCX: 00000000004641a9 RDX: 000000000000100c RSI: 0000000020000240 RDI: 0000000000000005 RAX: ffffffffffffffda RBX: 0000000000000d0d RCX: 00000000004641a9 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000053bfa0 RDX: 000000000000100c RSI: 0000000020000240 RDI: 0000000000000005 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 R13: 00007f44855516bc R14: 00000000ffffffff R15: 0000000000000003 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000053bfa0 R13: 00007f8fb4e556bc R14: 00000000ffffffff R15: 0000000000000003 irq event stamp: 269 irq event stamp: 277 hardirqs last enabled at (268): [] trace_hardirqs_on_thunk+0x1a/0x1c hardirqs last disabled at (269): [] trace_hardirqs_off_thunk+0x1a/0x1c hardirqs last enabled at (276): [] trace_hardirqs_on_thunk+0x1a/0x1c hardirqs last disabled at (277): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (120): [] rcu_read_unlock include/linux/rcupdate.h:677 [inline] softirqs last enabled at (120): [] tun_get_user+0x293d/0x4ef0 drivers/net/tun.c:1921 softirqs last enabled at (124): [] rcu_read_unlock include/linux/rcupdate.h:677 [inline] softirqs last enabled at (124): [] tun_get_user+0x293d/0x4ef0 drivers/net/tun.c:1921 softirqs last disabled at (122): [] tun_rx_batched.isra.53+0x437/0xab0 drivers/net/tun.c:1570 softirqs last disabled at (126): [] tun_rx_batched.isra.53+0x437/0xab0 drivers/net/tun.c:1570 ---[ end trace a5da6d0afcc012b6 ]--- ---[ end trace a5da6d0afcc012b7 ]--- ------------[ cut here ]------------ ------------[ cut here ]------------ WARNING: CPU: 1 PID: 7261 at net/ipv4/route.c:1261 ip_rt_bug+0x18/0x20 net/ipv4/route.c:1261 WARNING: CPU: 0 PID: 7267 at net/ipv4/route.c:1261 ip_rt_bug+0x18/0x20 net/ipv4/route.c:1261 Modules linked in: Modules linked in: CPU: 1 PID: 7261 Comm: syz-executor.2 Tainted: G W 4.19.208-syzkaller #0 CPU: 0 PID: 7267 Comm: syz-executor.1 Tainted: G W 4.19.208-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:ip_rt_bug+0x18/0x20 net/ipv4/route.c:1261 RIP: 0010:ip_rt_bug+0x18/0x20 net/ipv4/route.c:1261 Code: 48 8b 45 d8 e9 ed fe ff ff 66 0f 1f 84 00 00 00 00 00 55 48 89 d7 48 89 e5 e8 b4 d6 a2 ff 48 c7 c7 80 4f c7 87 e8 c3 5b 17 01 <0f> 0b 31 c0 5d c3 66 90 48 b8 00 00 00 00 00 fc ff df 48 89 fa 55 Code: 48 8b 45 d8 e9 ed fe ff ff 66 0f 1f 84 00 00 00 00 00 55 48 89 d7 48 89 e5 e8 b4 d6 a2 ff 48 c7 c7 80 4f c7 87 e8 c3 5b 17 01 <0f> 0b 31 c0 5d c3 66 90 48 b8 00 00 00 00 00 fc ff df 48 89 fa 55 RSP: 0018:ffff8881daf2f100 EFLAGS: 00010286 RSP: 0018:ffff8881da66f100 EFLAGS: 00010286 RAX: 0000000000000024 RBX: ffff8881dd371e80 RCX: 0000000000000000 RAX: 0000000000000024 RBX: ffff8881da4b8b80 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8767b5c0 RDI: ffffffff8a1899a0 RDX: 0000000000000000 RSI: ffffffff8767b5c0 RDI: ffffffff8a1899a0 RBP: ffff8881daf2f100 R08: ffffed103ed25089 R09: ffffed103ed25088 RBP: ffff8881da66f100 R08: ffffed103ed05089 R09: ffffed103ed05088 R10: ffffed103ed25088 R11: ffff8881f6928447 R12: ffff8881ee2f0080 R10: ffffed103ed05088 R11: ffff8881f6828447 R12: ffff8881ee7f00c0 R13: ffff8881eee3ec40 R14: ffff8881dd371ed8 R15: ffff8881daf2f3c4 R13: ffff8881eea58c80 R14: ffff8881da4b8bd8 R15: ffff8881da66f3c4 FS: 00007fca61528700(0000) GS:ffff8881f6900000(0000) knlGS:0000000000000000 FS: 00007f643bf0f700(0000) GS:ffff8881f6800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f48c58fe000 CR3: 00000001dd92d001 CR4: 00000000003606e0 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffe481bdc60 CR3: 00000001dd0a8004 CR4: 00000000003606f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: Call Trace: dst_output include/net/dst.h:455 [inline] ip_local_out+0x74/0x130 net/ipv4/ip_output.c:125 dst_output include/net/dst.h:455 [inline] ip_local_out+0x74/0x130 net/ipv4/ip_output.c:125 ip_send_skb+0x36/0xa0 net/ipv4/ip_output.c:1452 ip_send_skb+0x36/0xa0 net/ipv4/ip_output.c:1452 ip_push_pending_frames+0x4d/0x70 net/ipv4/ip_output.c:1472 ip_push_pending_frames+0x4d/0x70 net/ipv4/ip_output.c:1472 icmp_push_reply+0x383/0x610 net/ipv4/icmp.c:398 icmp_push_reply+0x383/0x610 net/ipv4/icmp.c:398 __icmp_send+0xbe1/0x18f0 net/ipv4/icmp.c:773 __icmp_send+0xbe1/0x18f0 net/ipv4/icmp.c:773 icmp_send include/net/icmp.h:47 [inline] ip_options_compile+0xad/0xc0 net/ipv4/ip_options.c:485 icmp_send include/net/icmp.h:47 [inline] ip_options_compile+0xad/0xc0 net/ipv4/ip_options.c:485 ip_rcv_options net/ipv4/ip_input.c:282 [inline] ip_rcv_finish_core.isra.16+0x3b1/0x1830 net/ipv4/ip_input.c:356 ip_rcv_options net/ipv4/ip_input.c:282 [inline] ip_rcv_finish_core.isra.16+0x3b1/0x1830 net/ipv4/ip_input.c:356 ip_rcv_finish+0x104/0x270 net/ipv4/ip_input.c:412 ip_rcv_finish+0x104/0x270 net/ipv4/ip_input.c:412 NF_HOOK include/linux/netfilter.h:289 [inline] NF_HOOK include/linux/netfilter.h:283 [inline] ip_rcv+0xcb/0x2e0 net/ipv4/ip_input.c:524 NF_HOOK include/linux/netfilter.h:289 [inline] NF_HOOK include/linux/netfilter.h:283 [inline] ip_rcv+0xcb/0x2e0 net/ipv4/ip_input.c:524 __netif_receive_skb_one_core+0x112/0x1a0 net/core/dev.c:4954 __netif_receive_skb_one_core+0x112/0x1a0 net/core/dev.c:4954 __netif_receive_skb+0x1f/0x1b0 net/core/dev.c:5066 __netif_receive_skb+0x1f/0x1b0 net/core/dev.c:5066 netif_receive_skb_internal+0xca/0x300 net/core/dev.c:5156 netif_receive_skb_internal+0xca/0x300 net/core/dev.c:5156 netif_receive_skb+0x3b/0x1e0 net/core/dev.c:5213 netif_receive_skb+0x3b/0x1e0 net/core/dev.c:5213 tun_rx_batched.isra.53+0x4d6/0xab0 drivers/net/tun.c:1543 tun_rx_batched.isra.53+0x4d6/0xab0 drivers/net/tun.c:1543 tun_get_user+0x2a05/0x4ef0 drivers/net/tun.c:1974 tun_get_user+0x2a05/0x4ef0 drivers/net/tun.c:1974 tun_chr_write_iter+0xb7/0x1a0 drivers/net/tun.c:2007 tun_chr_write_iter+0xb7/0x1a0 drivers/net/tun.c:2007 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x443/0x890 fs/read_write.c:487 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x443/0x890 fs/read_write.c:487 vfs_write+0x150/0x4d0 fs/read_write.c:549 vfs_write+0x150/0x4d0 fs/read_write.c:549 ksys_write+0x103/0x260 fs/read_write.c:599 ksys_write+0x103/0x260 fs/read_write.c:599 __do_sys_write fs/read_write.c:611 [inline] __se_sys_write fs/read_write.c:608 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:608 __do_sys_write fs/read_write.c:611 [inline] __se_sys_write fs/read_write.c:608 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:608 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4641a9 RIP: 0033:0x4641a9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fca61528198 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RSP: 002b:00007f643bf0f198 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000d0d RCX: 00000000004641a9 RAX: ffffffffffffffda RBX: 0000000000000d0d RCX: 00000000004641a9 RDX: 000000000000100c RSI: 0000000020000240 RDI: 0000000000000005 RDX: 000000000000100c RSI: 0000000020000240 RDI: 0000000000000005 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000053bf00 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000053bf00 R13: 00007f643bf0f6bc R14: 00000000ffffffff R15: 0000000000000003 R13: 00007fca615286bc R14: 00000000ffffffff R15: 0000000000000003 irq event stamp: 1317 irq event stamp: 1417 hardirqs last enabled at (1316): [] console_unlock+0xb9f/0xde0 kernel/printk/printk.c:2464 hardirqs last enabled at (1416): [] trace_hardirqs_on_thunk+0x1a/0x1c hardirqs last disabled at (1417): [] trace_hardirqs_off_thunk+0x1a/0x1c hardirqs last disabled at (1317): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (1186): [] rcu_read_unlock include/linux/rcupdate.h:677 [inline] softirqs last enabled at (1186): [] tun_get_user+0x293d/0x4ef0 drivers/net/tun.c:1921 softirqs last enabled at (1266): [] rcu_read_unlock include/linux/rcupdate.h:677 [inline] softirqs last enabled at (1266): [] tun_get_user+0x293d/0x4ef0 drivers/net/tun.c:1921 softirqs last disabled at (1188): [] tun_rx_batched.isra.53+0x437/0xab0 drivers/net/tun.c:1570 softirqs last disabled at (1268): [] tun_rx_batched.isra.53+0x437/0xab0 drivers/net/tun.c:1570 ---[ end trace a5da6d0afcc012b8 ]--- ---[ end trace a5da6d0afcc012b9 ]--- ------------[ cut here ]------------ WARNING: CPU: 0 PID: 7263 at net/ipv4/route.c:1261 ip_rt_bug+0x18/0x20 net/ipv4/route.c:1261 Modules linked in: CPU: 0 PID: 7263 Comm: syz-executor.3 Tainted: G W 4.19.208-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:ip_rt_bug+0x18/0x20 net/ipv4/route.c:1261 Code: 48 8b 45 d8 e9 ed fe ff ff 66 0f 1f 84 00 00 00 00 00 55 48 89 d7 48 89 e5 e8 b4 d6 a2 ff 48 c7 c7 80 4f c7 87 e8 c3 5b 17 01 <0f> 0b 31 c0 5d c3 66 90 48 b8 00 00 00 00 00 fc ff df 48 89 fa 55 RSP: 0018:ffff8881dab37100 EFLAGS: 00010286 RAX: 0000000000000024 RBX: ffff8881da65c540 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8767b5c0 RDI: ffffffff8a1899a0 RBP: ffff8881dab37100 R08: ffffed103ed05089 R09: ffffed103ed05088 ------------[ cut here ]------------ R10: ffffed103ed05088 R11: ffff8881f6828447 R12: ffff8881d6f80140 R13: ffff8881ee5ce140 R14: ffff8881da65c598 R15: ffff8881dab373c4 FS: 00007feaa342b700(0000) GS:ffff8881f6800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000230a3bc CR3: 00000001db768002 CR4: 00000000003606f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: dst_output include/net/dst.h:455 [inline] ip_local_out+0x74/0x130 net/ipv4/ip_output.c:125 ip_send_skb+0x36/0xa0 net/ipv4/ip_output.c:1452 ip_push_pending_frames+0x4d/0x70 net/ipv4/ip_output.c:1472 icmp_push_reply+0x383/0x610 net/ipv4/icmp.c:398 __icmp_send+0xbe1/0x18f0 net/ipv4/icmp.c:773 WARNING: CPU: 1 PID: 7276 at net/ipv4/route.c:1261 ip_rt_bug+0x18/0x20 net/ipv4/route.c:1261 Modules linked in: CPU: 1 PID: 7276 Comm: syz-executor.0 Tainted: G W 4.19.208-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:ip_rt_bug+0x18/0x20 net/ipv4/route.c:1261 Code: 48 8b 45 d8 e9 ed fe ff ff 66 0f 1f 84 00 00 00 00 00 55 48 89 d7 48 89 e5 e8 b4 d6 a2 ff 48 c7 c7 80 4f c7 87 e8 c3 5b 17 01 <0f> 0b 31 c0 5d c3 66 90 48 b8 00 00 00 00 00 fc ff df 48 89 fa 55 icmp_send include/net/icmp.h:47 [inline] ip_options_compile+0xad/0xc0 net/ipv4/ip_options.c:485 RSP: 0018:ffff8881d932f100 EFLAGS: 00010286 RAX: 0000000000000024 RBX: ffff8881daa2e280 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8767b5c0 RDI: ffffffff8a1899a0 RBP: ffff8881d932f100 R08: ffffed103ed25089 R09: ffffed103ed25088 ip_rcv_options net/ipv4/ip_input.c:282 [inline] ip_rcv_finish_core.isra.16+0x3b1/0x1830 net/ipv4/ip_input.c:356 R10: ffffed103ed25088 R11: ffff8881f6928447 R12: ffff8881ee014100 R13: ffff8881ee5cf280 R14: ffff8881daa2e2d8 R15: ffff8881d932f3c4 FS: 00007fa0ee5a0700(0000) GS:ffff8881f6900000(0000) knlGS:0000000000000000 ip_rcv_finish+0x104/0x270 net/ipv4/ip_input.c:412 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000002014f000 CR3: 00000001ddb69005 CR4: 00000000003606e0 NF_HOOK include/linux/netfilter.h:289 [inline] NF_HOOK include/linux/netfilter.h:283 [inline] ip_rcv+0xcb/0x2e0 net/ipv4/ip_input.c:524 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: dst_output include/net/dst.h:455 [inline] ip_local_out+0x74/0x130 net/ipv4/ip_output.c:125 __netif_receive_skb_one_core+0x112/0x1a0 net/core/dev.c:4954 ip_send_skb+0x36/0xa0 net/ipv4/ip_output.c:1452 ip_push_pending_frames+0x4d/0x70 net/ipv4/ip_output.c:1472 icmp_push_reply+0x383/0x610 net/ipv4/icmp.c:398 __netif_receive_skb+0x1f/0x1b0 net/core/dev.c:5066 __icmp_send+0xbe1/0x18f0 net/ipv4/icmp.c:773 netif_receive_skb_internal+0xca/0x300 net/core/dev.c:5156 netif_receive_skb+0x3b/0x1e0 net/core/dev.c:5213 tun_rx_batched.isra.53+0x4d6/0xab0 drivers/net/tun.c:1543 icmp_send include/net/icmp.h:47 [inline] ip_options_compile+0xad/0xc0 net/ipv4/ip_options.c:485 tun_get_user+0x2a05/0x4ef0 drivers/net/tun.c:1974 ip_rcv_options net/ipv4/ip_input.c:282 [inline] ip_rcv_finish_core.isra.16+0x3b1/0x1830 net/ipv4/ip_input.c:356 ip_rcv_finish+0x104/0x270 net/ipv4/ip_input.c:412 NF_HOOK include/linux/netfilter.h:289 [inline] NF_HOOK include/linux/netfilter.h:283 [inline] ip_rcv+0xcb/0x2e0 net/ipv4/ip_input.c:524 __netif_receive_skb_one_core+0x112/0x1a0 net/core/dev.c:4954 tun_chr_write_iter+0xb7/0x1a0 drivers/net/tun.c:2007 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x443/0x890 fs/read_write.c:487 __netif_receive_skb+0x1f/0x1b0 net/core/dev.c:5066 netif_receive_skb_internal+0xca/0x300 net/core/dev.c:5156 netif_receive_skb+0x3b/0x1e0 net/core/dev.c:5213 vfs_write+0x150/0x4d0 fs/read_write.c:549 tun_rx_batched.isra.53+0x4d6/0xab0 drivers/net/tun.c:1543 ksys_write+0x103/0x260 fs/read_write.c:599 __do_sys_write fs/read_write.c:611 [inline] __se_sys_write fs/read_write.c:608 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:608 tun_get_user+0x2a05/0x4ef0 drivers/net/tun.c:1974 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4641a9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007feaa342b198 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000d0d RCX: 00000000004641a9 RDX: 000000000000100c RSI: 0000000020000240 RDI: 0000000000000005 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000053bf00 R13: 00007feaa342b6bc R14: 00000000ffffffff R15: 0000000000000003 irq event stamp: 2107 tun_chr_write_iter+0xb7/0x1a0 drivers/net/tun.c:2007 hardirqs last enabled at (2106): [] console_unlock+0x660/0xde0 kernel/printk/printk.c:2489 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x443/0x890 fs/read_write.c:487 hardirqs last disabled at (2107): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (1966): [] rcu_read_unlock include/linux/rcupdate.h:677 [inline] softirqs last enabled at (1966): [] tun_get_user+0x293d/0x4ef0 drivers/net/tun.c:1921 softirqs last disabled at (1968): [] tun_rx_batched.isra.53+0x437/0xab0 drivers/net/tun.c:1570 ---[ end trace a5da6d0afcc012ba ]--- vfs_write+0x150/0x4d0 fs/read_write.c:549 ksys_write+0x103/0x260 fs/read_write.c:599 __do_sys_write fs/read_write.c:611 [inline] __se_sys_write fs/read_write.c:608 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:608 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4641a9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fa0ee5a0198 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000d0d RCX: 00000000004641a9 RDX: 000000000000100c RSI: 0000000020000240 RDI: 0000000000000005 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000053bf00 R13: 00007fa0ee5a06bc R14: 00000000ffffffff R15: 0000000000000003 irq event stamp: 1297 hardirqs last enabled at (1296): [] trace_hardirqs_on_thunk+0x1a/0x1c hardirqs last disabled at (1297): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (1168): [] rcu_read_unlock include/linux/rcupdate.h:677 [inline] softirqs last enabled at (1168): [] tun_get_user+0x293d/0x4ef0 drivers/net/tun.c:1921 softirqs last disabled at (1170): [] tun_rx_batched.isra.53+0x437/0xab0 drivers/net/tun.c:1570 ---[ end trace a5da6d0afcc012bb ]--- ------------[ cut here ]------------ WARNING: CPU: 1 PID: 7293 at net/ipv4/route.c:1261 ip_rt_bug+0x18/0x20 net/ipv4/route.c:1261 Modules linked in: ------------[ cut here ]------------ CPU: 1 PID: 7293 Comm: syz-executor.0 Tainted: G W 4.19.208-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:ip_rt_bug+0x18/0x20 net/ipv4/route.c:1261 Code: 48 8b 45 d8 e9 ed fe ff ff 66 0f 1f 84 00 00 00 00 00 55 48 89 d7 48 89 e5 e8 b4 d6 a2 ff 48 c7 c7 80 4f c7 87 e8 c3 5b 17 01 <0f> 0b 31 c0 5d c3 66 90 48 b8 00 00 00 00 00 fc ff df 48 89 fa 55 RSP: 0018:ffff8881cd547100 EFLAGS: 00010286 RAX: 0000000000000024 RBX: ffff8881dd326400 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8767b5c0 RDI: ffffffff8a1899a0 RBP: ffff8881cd547100 R08: ffffed103ed25089 R09: ffffed103ed25088 R10: ffffed103ed25088 R11: ffff8881f6928447 R12: ffff8881ee014100 R13: ffff8881ee5cf280 R14: ffff8881dd326458 R15: ffff8881cd5473c4 FS: 00007fa0ee57f700(0000) GS:ffff8881f6900000(0000) knlGS:0000000000000000 WARNING: CPU: 0 PID: 7302 at net/ipv4/route.c:1261 ip_rt_bug+0x18/0x20 net/ipv4/route.c:1261 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 Modules linked in: CR2: 00005646fe1526b8 CR3: 00000001ddb69005 CR4: 00000000003606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 CPU: 0 PID: 7302 Comm: syz-executor.2 Tainted: G W 4.19.208-syzkaller #0 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 dst_output include/net/dst.h:455 [inline] ip_local_out+0x74/0x130 net/ipv4/ip_output.c:125 RIP: 0010:ip_rt_bug+0x18/0x20 net/ipv4/route.c:1261 ip_send_skb+0x36/0xa0 net/ipv4/ip_output.c:1452 Code: 48 8b 45 d8 e9 ed fe ff ff 66 0f 1f 84 00 00 00 00 00 55 48 89 d7 48 89 e5 e8 b4 d6 a2 ff 48 c7 c7 80 4f c7 87 e8 c3 5b 17 01 <0f> 0b 31 c0 5d c3 66 90 48 b8 00 00 00 00 00 fc ff df 48 89 fa 55 ip_push_pending_frames+0x4d/0x70 net/ipv4/ip_output.c:1472 icmp_push_reply+0x383/0x610 net/ipv4/icmp.c:398 RSP: 0018:ffff8881d7b67100 EFLAGS: 00010286 __icmp_send+0xbe1/0x18f0 net/ipv4/icmp.c:773 RAX: 0000000000000024 RBX: ffff8881d7e0c440 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8767b5c0 RDI: ffffffff8a1899a0 RBP: ffff8881d7b67100 R08: ffffed103ed05089 R09: ffffed103ed05088 R10: ffffed103ed05088 R11: ffff8881f6828447 R12: ffff8881ee2f0080 R13: ffff8881eee3f200 R14: ffff8881d7e0c498 R15: ffff8881d7b673c4 FS: 00007fca61528700(0000) GS:ffff8881f6800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005646fe1ab040 CR3: 00000001dd20e003 CR4: 00000000003606f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 icmp_send include/net/icmp.h:47 [inline] ip_options_compile+0xad/0xc0 net/ipv4/ip_options.c:485 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: dst_output include/net/dst.h:455 [inline] ip_local_out+0x74/0x130 net/ipv4/ip_output.c:125 ip_rcv_options net/ipv4/ip_input.c:282 [inline] ip_rcv_finish_core.isra.16+0x3b1/0x1830 net/ipv4/ip_input.c:356 ip_send_skb+0x36/0xa0 net/ipv4/ip_output.c:1452 ip_push_pending_frames+0x4d/0x70 net/ipv4/ip_output.c:1472 ip_rcv_finish+0x104/0x270 net/ipv4/ip_input.c:412 icmp_push_reply+0x383/0x610 net/ipv4/icmp.c:398 NF_HOOK include/linux/netfilter.h:289 [inline] NF_HOOK include/linux/netfilter.h:283 [inline] ip_rcv+0xcb/0x2e0 net/ipv4/ip_input.c:524 __icmp_send+0xbe1/0x18f0 net/ipv4/icmp.c:773 __netif_receive_skb_one_core+0x112/0x1a0 net/core/dev.c:4954 __netif_receive_skb+0x1f/0x1b0 net/core/dev.c:5066 icmp_send include/net/icmp.h:47 [inline] ip_options_compile+0xad/0xc0 net/ipv4/ip_options.c:485 netif_receive_skb_internal+0xca/0x300 net/core/dev.c:5156 ip_rcv_options net/ipv4/ip_input.c:282 [inline] ip_rcv_finish_core.isra.16+0x3b1/0x1830 net/ipv4/ip_input.c:356 netif_receive_skb+0x3b/0x1e0 net/core/dev.c:5213 tun_rx_batched.isra.53+0x4d6/0xab0 drivers/net/tun.c:1543 ip_rcv_finish+0x104/0x270 net/ipv4/ip_input.c:412 NF_HOOK include/linux/netfilter.h:289 [inline] NF_HOOK include/linux/netfilter.h:283 [inline] ip_rcv+0xcb/0x2e0 net/ipv4/ip_input.c:524 tun_get_user+0x2a05/0x4ef0 drivers/net/tun.c:1974 __netif_receive_skb_one_core+0x112/0x1a0 net/core/dev.c:4954 __netif_receive_skb+0x1f/0x1b0 net/core/dev.c:5066 netif_receive_skb_internal+0xca/0x300 net/core/dev.c:5156 netif_receive_skb+0x3b/0x1e0 net/core/dev.c:5213 tun_rx_batched.isra.53+0x4d6/0xab0 drivers/net/tun.c:1543 tun_chr_write_iter+0xb7/0x1a0 drivers/net/tun.c:2007 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x443/0x890 fs/read_write.c:487 tun_get_user+0x2a05/0x4ef0 drivers/net/tun.c:1974 vfs_write+0x150/0x4d0 fs/read_write.c:549 ksys_write+0x103/0x260 fs/read_write.c:599 __do_sys_write fs/read_write.c:611 [inline] __se_sys_write fs/read_write.c:608 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:608 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe tun_chr_write_iter+0xb7/0x1a0 drivers/net/tun.c:2007 RIP: 0033:0x4641a9 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x443/0x890 fs/read_write.c:487 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fa0ee57f198 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000d0d RCX: 00000000004641a9 RDX: 000000000000100c RSI: 0000000020000240 RDI: 0000000000000005 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 vfs_write+0x150/0x4d0 fs/read_write.c:549 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000053bfa0 R13: 00007fa0ee57f6bc R14: 00000000ffffffff R15: 0000000000000003 ksys_write+0x103/0x260 fs/read_write.c:599 irq event stamp: 243 hardirqs last enabled at (242): [] console_unlock+0x660/0xde0 kernel/printk/printk.c:2489 hardirqs last disabled at (243): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (116): [] rcu_read_unlock include/linux/rcupdate.h:677 [inline] softirqs last enabled at (116): [] tun_get_user+0x293d/0x4ef0 drivers/net/tun.c:1921 __do_sys_write fs/read_write.c:611 [inline] __se_sys_write fs/read_write.c:608 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:608 softirqs last disabled at (118): [] tun_rx_batched.isra.53+0x437/0xab0 drivers/net/tun.c:1570 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 ---[ end trace a5da6d0afcc012bc ]--- entry_SYSCALL_64_after_hwframe+0x49/0xbe ------------[ cut here ]------------ RIP: 0033:0x4641a9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fca61528198 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000d0d RCX: 00000000004641a9 RDX: 000000000000100c RSI: 0000000020000240 RDI: 0000000000000005 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000053bf00 R13: 00007fca615286bc R14: 00000000ffffffff R15: 0000000000000003 irq event stamp: 1287 hardirqs last enabled at (1286): [] trace_hardirqs_on_thunk+0x1a/0x1c hardirqs last disabled at (1287): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (1158): [] rcu_read_unlock include/linux/rcupdate.h:677 [inline] softirqs last enabled at (1158): [] tun_get_user+0x293d/0x4ef0 drivers/net/tun.c:1921 softirqs last disabled at (1160): [] tun_rx_batched.isra.53+0x437/0xab0 drivers/net/tun.c:1570 WARNING: CPU: 1 PID: 7301 at net/ipv4/route.c:1261 ip_rt_bug+0x18/0x20 net/ipv4/route.c:1261 ---[ end trace a5da6d0afcc012bd ]--- Modules linked in: ------------[ cut here ]------------ CPU: 1 PID: 7301 Comm: syz-executor.1 Tainted: G W 4.19.208-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:ip_rt_bug+0x18/0x20 net/ipv4/route.c:1261 Code: 48 8b 45 d8 e9 ed fe ff ff 66 0f 1f 84 00 00 00 00 00 55 48 89 d7 48 89 e5 e8 b4 d6 a2 ff 48 c7 c7 80 4f c7 87 e8 c3 5b 17 01 <0f> 0b 31 c0 5d c3 66 90 48 b8 00 00 00 00 00 fc ff df 48 89 fa 55 RSP: 0018:ffff8881cd57f100 EFLAGS: 00010286 RAX: 0000000000000024 RBX: ffff8881daa49cc0 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8767b5c0 RDI: ffffffff8a1899a0 RBP: ffff8881cd57f100 R08: ffffed103ed25089 R09: ffffed103ed25088 R10: ffffed103ed25088 R11: ffff8881f6928447 R12: ffff8881ee7f00c0 R13: ffff8881eea586c0 R14: ffff8881daa49d18 R15: ffff8881cd57f3c4 FS: 00007f643bf0f700(0000) GS:ffff8881f6900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f9c15597000 CR3: 00000001dd369001 CR4: 00000000003606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 WARNING: CPU: 0 PID: 7306 at net/ipv4/route.c:1261 ip_rt_bug+0x18/0x20 net/ipv4/route.c:1261 Call Trace: Modules linked in: dst_output include/net/dst.h:455 [inline] ip_local_out+0x74/0x130 net/ipv4/ip_output.c:125 CPU: 0 PID: 7306 Comm: syz-executor.5 Tainted: G W 4.19.208-syzkaller #0 ip_send_skb+0x36/0xa0 net/ipv4/ip_output.c:1452 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ip_push_pending_frames+0x4d/0x70 net/ipv4/ip_output.c:1472 RIP: 0010:ip_rt_bug+0x18/0x20 net/ipv4/route.c:1261 icmp_push_reply+0x383/0x610 net/ipv4/icmp.c:398 Code: 48 8b 45 d8 e9 ed fe ff ff 66 0f 1f 84 00 00 00 00 00 55 48 89 d7 48 89 e5 e8 b4 d6 a2 ff 48 c7 c7 80 4f c7 87 e8 c3 5b 17 01 <0f> 0b 31 c0 5d c3 66 90 48 b8 00 00 00 00 00 fc ff df 48 89 fa 55 __icmp_send+0xbe1/0x18f0 net/ipv4/icmp.c:773 RSP: 0018:ffff8881d88bf100 EFLAGS: 00010286 RAX: 0000000000000024 RBX: ffff8881d7e68200 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8767b5c0 RDI: ffffffff8a1899a0 RBP: ffff8881d88bf100 R08: ffffed103ed05089 R09: ffffed103ed05088 R10: ffffed103ed05088 R11: ffff8881f6828447 R12: ffff8881d854c1c0 R13: ffff8881edff0740 R14: ffff8881d7e68258 R15: ffff8881d88bf3c4 FS: 00007f4485572700(0000) GS:ffff8881f6800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 icmp_send include/net/icmp.h:47 [inline] ip_options_compile+0xad/0xc0 net/ipv4/ip_options.c:485 CR2: 00007f9c0803d078 CR3: 00000001e1309001 CR4: 00000000003606f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ip_rcv_options net/ipv4/ip_input.c:282 [inline] ip_rcv_finish_core.isra.16+0x3b1/0x1830 net/ipv4/ip_input.c:356 Call Trace: dst_output include/net/dst.h:455 [inline] ip_local_out+0x74/0x130 net/ipv4/ip_output.c:125 ip_rcv_finish+0x104/0x270 net/ipv4/ip_input.c:412 ip_send_skb+0x36/0xa0 net/ipv4/ip_output.c:1452 NF_HOOK include/linux/netfilter.h:289 [inline] NF_HOOK include/linux/netfilter.h:283 [inline] ip_rcv+0xcb/0x2e0 net/ipv4/ip_input.c:524 ip_push_pending_frames+0x4d/0x70 net/ipv4/ip_output.c:1472 icmp_push_reply+0x383/0x610 net/ipv4/icmp.c:398 __icmp_send+0xbe1/0x18f0 net/ipv4/icmp.c:773 __netif_receive_skb_one_core+0x112/0x1a0 net/core/dev.c:4954 __netif_receive_skb+0x1f/0x1b0 net/core/dev.c:5066 netif_receive_skb_internal+0xca/0x300 net/core/dev.c:5156 icmp_send include/net/icmp.h:47 [inline] ip_options_compile+0xad/0xc0 net/ipv4/ip_options.c:485 netif_receive_skb+0x3b/0x1e0 net/core/dev.c:5213 tun_rx_batched.isra.53+0x4d6/0xab0 drivers/net/tun.c:1543 ip_rcv_options net/ipv4/ip_input.c:282 [inline] ip_rcv_finish_core.isra.16+0x3b1/0x1830 net/ipv4/ip_input.c:356 ip_rcv_finish+0x104/0x270 net/ipv4/ip_input.c:412 NF_HOOK include/linux/netfilter.h:289 [inline] NF_HOOK include/linux/netfilter.h:283 [inline] ip_rcv+0xcb/0x2e0 net/ipv4/ip_input.c:524 tun_get_user+0x2a05/0x4ef0 drivers/net/tun.c:1974 __netif_receive_skb_one_core+0x112/0x1a0 net/core/dev.c:4954 __netif_receive_skb+0x1f/0x1b0 net/core/dev.c:5066 netif_receive_skb_internal+0xca/0x300 net/core/dev.c:5156 netif_receive_skb+0x3b/0x1e0 net/core/dev.c:5213 tun_rx_batched.isra.53+0x4d6/0xab0 drivers/net/tun.c:1543 tun_chr_write_iter+0xb7/0x1a0 drivers/net/tun.c:2007 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x443/0x890 fs/read_write.c:487 tun_get_user+0x2a05/0x4ef0 drivers/net/tun.c:1974 vfs_write+0x150/0x4d0 fs/read_write.c:549 ksys_write+0x103/0x260 fs/read_write.c:599 __do_sys_write fs/read_write.c:611 [inline] __se_sys_write fs/read_write.c:608 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:608 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4641a9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 tun_chr_write_iter+0xb7/0x1a0 drivers/net/tun.c:2007 RSP: 002b:00007f643bf0f198 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x443/0x890 fs/read_write.c:487 RAX: ffffffffffffffda RBX: 0000000000000d0d RCX: 00000000004641a9 RDX: 000000000000100c RSI: 0000000020000240 RDI: 0000000000000005 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000053bf00 R13: 00007f643bf0f6bc R14: 00000000ffffffff R15: 0000000000000003 irq event stamp: 1251 hardirqs last enabled at (1250): [] console_unlock+0xb9f/0xde0 kernel/printk/printk.c:2464 hardirqs last disabled at (1251): [] trace_hardirqs_off_thunk+0x1a/0x1c vfs_write+0x150/0x4d0 fs/read_write.c:549 softirqs last enabled at (1124): [] rcu_read_unlock include/linux/rcupdate.h:677 [inline] softirqs last enabled at (1124): [] tun_get_user+0x293d/0x4ef0 drivers/net/tun.c:1921 softirqs last disabled at (1126): [] tun_rx_batched.isra.53+0x437/0xab0 drivers/net/tun.c:1570 ksys_write+0x103/0x260 fs/read_write.c:599 ---[ end trace a5da6d0afcc012be ]--- __do_sys_write fs/read_write.c:611 [inline] __se_sys_write fs/read_write.c:608 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:608 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4641a9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f4485572198 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000d0d RCX: 00000000004641a9 RDX: 000000000000100c RSI: 0000000020000240 RDI: 0000000000000005 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000053bf00 R13: 00007f44855726bc R14: 00000000ffffffff R15: 0000000000000003 irq event stamp: 1275 hardirqs last enabled at (1274): [] console_unlock+0xb9f/0xde0 kernel/printk/printk.c:2464 hardirqs last disabled at (1275): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (1148): [] rcu_read_unlock include/linux/rcupdate.h:677 [inline] softirqs last enabled at (1148): [] tun_get_user+0x293d/0x4ef0 drivers/net/tun.c:1921 softirqs last disabled at (1150): [] tun_rx_batched.isra.53+0x437/0xab0 drivers/net/tun.c:1570 ---[ end trace a5da6d0afcc012bf ]--- ------------[ cut here ]------------ WARNING: CPU: 0 PID: 7342 at net/ipv4/route.c:1261 ip_rt_bug+0x18/0x20 net/ipv4/route.c:1261 Modules linked in: CPU: 0 PID: 7342 Comm: syz-executor.5 Tainted: G W 4.19.208-syzkaller #0 ------------[ cut here ]------------ Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 WARNING: CPU: 1 PID: 7348 at net/ipv4/route.c:1261 ip_rt_bug+0x18/0x20 net/ipv4/route.c:1261 RIP: 0010:ip_rt_bug+0x18/0x20 net/ipv4/route.c:1261 Modules linked in: Code: 48 8b 45 d8 e9 ed fe ff ff 66 0f 1f 84 00 00 00 00 00 55 48 89 d7 48 89 e5 e8 b4 d6 a2 ff 48 c7 c7 80 4f c7 87 e8 c3 5b 17 01 <0f> 0b 31 c0 5d c3 66 90 48 b8 00 00 00 00 00 fc ff df 48 89 fa 55 CPU: 1 PID: 7348 Comm: syz-executor.0 Tainted: G W 4.19.208-syzkaller #0 RSP: 0018:ffff8881d66cf100 EFLAGS: 00010286 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:ip_rt_bug+0x18/0x20 net/ipv4/route.c:1261 RAX: 0000000000000024 RBX: ffff8881da628a80 RCX: 0000000000000000 Code: 48 8b 45 d8 e9 ed fe ff ff 66 0f 1f 84 00 00 00 00 00 55 48 89 d7 48 89 e5 e8 b4 d6 a2 ff 48 c7 c7 80 4f c7 87 e8 c3 5b 17 01 <0f> 0b 31 c0 5d c3 66 90 48 b8 00 00 00 00 00 fc ff df 48 89 fa 55 RDX: 0000000000000000 RSI: ffffffff8767b5c0 RDI: ffffffff8a1899a0 RSP: 0018:ffff8881d726f100 EFLAGS: 00010286 RBP: ffff8881d66cf100 R08: ffffed103ed05089 R09: ffffed103ed05088 RAX: 0000000000000024 RBX: ffff8881d692c8c0 RCX: 0000000000000000 R10: ffffed103ed05088 R11: ffff8881f6828447 R12: ffff8881d854c1c0 RDX: 0000000000000000 RSI: ffffffff8767b5c0 RDI: ffffffff8a1899a0 RBP: ffff8881d726f100 R08: ffffed103ed25089 R09: ffffed103ed25088 R13: ffff8881edff0740 R14: ffff8881da628ad8 R15: ffff8881d66cf3c4 R10: ffffed103ed25088 R11: ffff8881f6928447 R12: ffff8881ee014100 FS: 00007f4485551700(0000) GS:ffff8881f6800000(0000) knlGS:0000000000000000 R13: ffff8881ee5cf280 R14: ffff8881d692c918 R15: ffff8881d726f3c4 FS: 00007fa0ee5a0700(0000) GS:ffff8881f6900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000053c000 CR3: 00000001e1309006 CR4: 00000000003606f0 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 CR2: 000000002014f000 CR3: 00000001dd6fe004 CR4: 00000000003606e0 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 Call Trace: DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 dst_output include/net/dst.h:455 [inline] ip_local_out+0x74/0x130 net/ipv4/ip_output.c:125 Call Trace: ip_send_skb+0x36/0xa0 net/ipv4/ip_output.c:1452 dst_output include/net/dst.h:455 [inline] ip_local_out+0x74/0x130 net/ipv4/ip_output.c:125 ip_push_pending_frames+0x4d/0x70 net/ipv4/ip_output.c:1472 ip_send_skb+0x36/0xa0 net/ipv4/ip_output.c:1452 icmp_push_reply+0x383/0x610 net/ipv4/icmp.c:398 ip_push_pending_frames+0x4d/0x70 net/ipv4/ip_output.c:1472 __icmp_send+0xbe1/0x18f0 net/ipv4/icmp.c:773 icmp_push_reply+0x383/0x610 net/ipv4/icmp.c:398 __icmp_send+0xbe1/0x18f0 net/ipv4/icmp.c:773 icmp_send include/net/icmp.h:47 [inline] ip_options_compile+0xad/0xc0 net/ipv4/ip_options.c:485 icmp_send include/net/icmp.h:47 [inline] ip_options_compile+0xad/0xc0 net/ipv4/ip_options.c:485 ip_rcv_options net/ipv4/ip_input.c:282 [inline] ip_rcv_finish_core.isra.16+0x3b1/0x1830 net/ipv4/ip_input.c:356 ip_rcv_options net/ipv4/ip_input.c:282 [inline] ip_rcv_finish_core.isra.16+0x3b1/0x1830 net/ipv4/ip_input.c:356 ip_rcv_finish+0x104/0x270 net/ipv4/ip_input.c:412 NF_HOOK include/linux/netfilter.h:289 [inline] NF_HOOK include/linux/netfilter.h:283 [inline] ip_rcv+0xcb/0x2e0 net/ipv4/ip_input.c:524 ip_rcv_finish+0x104/0x270 net/ipv4/ip_input.c:412 __netif_receive_skb_one_core+0x112/0x1a0 net/core/dev.c:4954 NF_HOOK include/linux/netfilter.h:289 [inline] NF_HOOK include/linux/netfilter.h:283 [inline] ip_rcv+0xcb/0x2e0 net/ipv4/ip_input.c:524 __netif_receive_skb+0x1f/0x1b0 net/core/dev.c:5066 netif_receive_skb_internal+0xca/0x300 net/core/dev.c:5156 __netif_receive_skb_one_core+0x112/0x1a0 net/core/dev.c:4954 netif_receive_skb+0x3b/0x1e0 net/core/dev.c:5213 ---------------- Code disassembly (best guess), 1 bytes skipped: 0: ff c3 inc %ebx 2: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1) 9: 00 00 00 c: 0f 1f 40 00 nopl 0x0(%rax) 10: 48 89 f8 mov %rdi,%rax 13: 48 89 f7 mov %rsi,%rdi 16: 48 89 d6 mov %rdx,%rsi 19: 48 89 ca mov %rcx,%rdx 1c: 4d 89 c2 mov %r8,%r10 1f: 4d 89 c8 mov %r9,%r8 22: 4c 8b 4c 24 08 mov 0x8(%rsp),%r9 27: 0f 05 syscall * 29: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction 2f: 73 01 jae 0x32 31: c3 retq 32: 48 c7 c1 bc ff ff ff mov $0xffffffffffffffbc,%rcx 39: f7 d8 neg %eax 3b: 64 89 01 mov %eax,%fs:(%rcx) 3e: 48 rex.W