Warning: Permanently added '10.128.1.16' (ECDSA) to the list of known hosts. 2020/04/14 02:02:47 parsed 1 programs 2020/04/14 02:02:48 executed programs: 0 [ 48.196085][ T7064] IPVS: ftp: loaded support on port[0] = 21 [ 48.202559][ T7063] IPVS: ftp: loaded support on port[0] = 21 [ 48.252328][ T7067] IPVS: ftp: loaded support on port[0] = 21 [ 48.254674][ T7077] IPVS: ftp: loaded support on port[0] = 21 [ 48.268564][ T7069] IPVS: ftp: loaded support on port[0] = 21 [ 48.315340][ T7074] IPVS: ftp: loaded support on port[0] = 21 [ 48.426047][ T7077] chnl_net:caif_netlink_parms(): no params data found [ 48.530889][ T7063] chnl_net:caif_netlink_parms(): no params data found [ 48.551889][ T7077] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.561363][ T7077] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.569727][ T7077] device bridge_slave_0 entered promiscuous mode [ 48.627435][ T7077] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.635613][ T7077] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.644119][ T7077] device bridge_slave_1 entered promiscuous mode [ 48.723382][ T7077] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 48.770653][ T7077] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 48.785396][ T7064] chnl_net:caif_netlink_parms(): no params data found [ 48.798732][ T7063] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.806075][ T7063] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.814225][ T7063] device bridge_slave_0 entered promiscuous mode [ 48.836122][ T7069] chnl_net:caif_netlink_parms(): no params data found [ 48.849098][ T7074] chnl_net:caif_netlink_parms(): no params data found [ 48.859336][ T7063] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.867053][ T7063] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.876129][ T7063] device bridge_slave_1 entered promiscuous mode [ 48.911783][ T7067] chnl_net:caif_netlink_parms(): no params data found [ 48.928555][ T7077] team0: Port device team_slave_0 added [ 48.936767][ T7063] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 48.967336][ T7077] team0: Port device team_slave_1 added [ 48.978740][ T7063] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 49.041541][ T7063] team0: Port device team_slave_0 added [ 49.051373][ T7074] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.061680][ T7074] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.072083][ T7074] device bridge_slave_0 entered promiscuous mode [ 49.080407][ T7069] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.089948][ T7069] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.098399][ T7069] device bridge_slave_0 entered promiscuous mode [ 49.105851][ T7064] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.114084][ T7064] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.121708][ T7064] device bridge_slave_0 entered promiscuous mode [ 49.138710][ T7063] team0: Port device team_slave_1 added [ 49.145099][ T7074] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.152146][ T7074] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.160340][ T7074] device bridge_slave_1 entered promiscuous mode [ 49.167549][ T7069] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.177193][ T7069] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.187073][ T7069] device bridge_slave_1 entered promiscuous mode [ 49.200054][ T7064] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.208135][ T7064] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.216146][ T7064] device bridge_slave_1 entered promiscuous mode [ 49.223524][ T7067] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.230556][ T7067] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.239059][ T7067] device bridge_slave_0 entered promiscuous mode [ 49.275455][ T7069] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 49.290899][ T7069] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 49.300888][ T7067] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.308667][ T7067] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.318356][ T7067] device bridge_slave_1 entered promiscuous mode [ 49.374342][ T7077] device hsr_slave_0 entered promiscuous mode [ 49.412733][ T7077] device hsr_slave_1 entered promiscuous mode [ 49.462800][ T7064] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 49.474541][ T7074] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 49.509920][ T7067] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 49.555265][ T7063] device hsr_slave_0 entered promiscuous mode [ 49.592933][ T7063] device hsr_slave_1 entered promiscuous mode [ 49.632489][ T7063] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 49.640230][ T7063] Cannot create hsr debugfs directory [ 49.653850][ T7064] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 49.680981][ T7074] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 49.693233][ T7067] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 49.709272][ T7064] team0: Port device team_slave_0 added [ 49.717264][ T7069] team0: Port device team_slave_0 added [ 49.728034][ T7069] team0: Port device team_slave_1 added [ 49.746531][ T7064] team0: Port device team_slave_1 added [ 49.777802][ T7067] team0: Port device team_slave_0 added [ 49.785740][ T7067] team0: Port device team_slave_1 added [ 49.815219][ T7064] device hsr_slave_0 entered promiscuous mode [ 49.883674][ T7064] device hsr_slave_1 entered promiscuous mode [ 49.912526][ T7064] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 49.920104][ T7064] Cannot create hsr debugfs directory [ 49.931657][ T7074] team0: Port device team_slave_0 added [ 49.939968][ T7074] team0: Port device team_slave_1 added [ 49.994313][ T7069] device hsr_slave_0 entered promiscuous mode [ 50.012381][ T7069] device hsr_slave_1 entered promiscuous mode [ 50.052391][ T7069] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 50.059974][ T7069] Cannot create hsr debugfs directory [ 50.124825][ T7074] device hsr_slave_0 entered promiscuous mode [ 50.152371][ T7074] device hsr_slave_1 entered promiscuous mode [ 50.202021][ T7074] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 50.209614][ T7074] Cannot create hsr debugfs directory [ 50.215597][ T7077] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 50.304721][ T7067] device hsr_slave_0 entered promiscuous mode [ 50.342463][ T7067] device hsr_slave_1 entered promiscuous mode [ 50.382132][ T7067] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 50.389726][ T7067] Cannot create hsr debugfs directory [ 50.408027][ T7077] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 50.457856][ T7077] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 50.503907][ T7077] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 50.543717][ T7063] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 50.593440][ T7063] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 50.636304][ T7063] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 50.689230][ T7063] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 50.797035][ T7064] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 50.854596][ T7064] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 50.950069][ T7069] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 51.004305][ T7069] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 51.060356][ T7069] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 51.117527][ T7069] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 51.173355][ T7064] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 51.219641][ T7064] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 51.330930][ T7067] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 51.388783][ T7067] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 51.463586][ T7067] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 51.533735][ T7067] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 51.620085][ T7074] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 51.657790][ T7074] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 51.703629][ T7074] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 51.751834][ T7077] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.773245][ T7063] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.780208][ T7074] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 51.838224][ T7077] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.853898][ T2728] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.863441][ T2728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.876377][ T7069] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.897867][ T7063] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.912857][ T7069] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.922349][ T2754] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.930235][ T2754] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.938832][ T2754] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 51.948059][ T2754] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.957065][ T2754] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.964308][ T2754] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.973479][ T2754] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.981543][ T2754] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.023129][ T2729] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.035506][ T2729] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.046540][ T2729] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.056394][ T2729] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.063532][ T2729] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.071656][ T2729] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.080131][ T2729] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.088911][ T2729] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.096060][ T2729] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.103972][ T2729] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.112943][ T2729] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.121350][ T2729] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.128387][ T2729] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.135936][ T2729] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.144553][ T2729] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.152986][ T2729] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.160048][ T2729] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.167631][ T2729] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 52.176178][ T2729] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.184951][ T2729] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.193411][ T2729] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.200468][ T2729] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.208224][ T2729] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.216949][ T2729] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.256824][ T2754] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 52.265810][ T2754] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 52.275465][ T2754] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 52.284080][ T2754] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 52.301240][ T2754] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 52.310049][ T2754] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.319376][ T2754] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.328104][ T2754] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.337615][ T2754] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.346591][ T2754] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.355291][ T2754] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.364322][ T2754] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.379480][ T7064] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.400122][ T7067] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.414086][ T7074] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.425202][ T2753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.434026][ T2753] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.445969][ T2753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.454815][ T2753] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.467031][ T2753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.475790][ T2753] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.484615][ T2753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.493029][ T2753] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.501514][ T2753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.509665][ T2753] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.518462][ T2753] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.527070][ T2753] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.537242][ T7069] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 52.568887][ T7077] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 52.586611][ T7077] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 52.605034][ T7063] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 52.617885][ T7063] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 52.626910][ T2753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.636921][ T2753] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.645842][ T2753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.654840][ T2753] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.663682][ T2753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.672549][ T2753] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.682266][ T2753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.691084][ T2753] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.704864][ T7074] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.721049][ T2753] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 52.729484][ T2753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.737986][ T2753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.769250][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.781472][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.789186][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 52.801640][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 52.809636][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.821546][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.829657][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 52.840618][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 52.854921][ T7064] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.865682][ T7069] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 52.889177][ T7067] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.896981][ T2728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.907357][ T2728] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.916587][ T2728] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.924268][ T2728] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.934408][ T2728] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.943679][ T2728] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.952570][ T2728] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.960382][ T2728] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.968997][ T2728] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 52.978550][ T2728] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 52.987333][ T2728] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 53.002282][ T7063] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 53.019089][ T7077] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 53.038806][ T2720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 53.100766][ T2720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 53.109305][ T2720] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 53.117798][ T7999] ================================================================== [ 53.117826][ T7999] BUG: KASAN: use-after-free in eth_type_trans+0x601/0x740 [ 53.117832][ T7999] Read of size 8 at addr ffff888078ff0040 by task syz-executor.1/7999 [ 53.117835][ T7999] [ 53.117843][ T7999] CPU: 0 PID: 7999 Comm: syz-executor.1 Not tainted 5.7.0-rc1-syzkaller #0 [ 53.117847][ T7999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.117850][ T7999] Call Trace: [ 53.117859][ T7999] dump_stack+0x12d/0x187 [ 53.117868][ T7999] ? eth_type_trans+0x601/0x740 [ 53.117874][ T7999] ? eth_type_trans+0x601/0x740 [ 53.117882][ T7999] print_address_description.constprop.8.cold.10+0x9/0x31d [ 53.117889][ T7999] ? eth_type_trans+0x601/0x740 [ 53.117894][ T7999] ? eth_type_trans+0x601/0x740 [ 53.117901][ T7999] __kasan_report.cold.11+0x37/0x4e [ 53.117920][ T7999] ? eth_type_trans+0x601/0x740 [ 53.117930][ T7999] kasan_report+0x38/0x50 [ 53.117940][ T7999] __asan_report_load8_noabort+0x14/0x20 [ 53.117946][ T7999] eth_type_trans+0x601/0x740 [ 53.117955][ T7999] ? eth_gro_receive+0x940/0x940 [ 53.117963][ T7999] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 53.117973][ T7999] ? llc_station_exit+0xe/0x10 [ 53.236678][ T7999] napi_gro_frags+0x6da/0xb00 [ 53.241339][ T7999] tun_get_user+0x2412/0x37b0 [ 53.245995][ T7999] ? __kasan_check_read+0x11/0x20 [ 53.251002][ T7999] ? tun_build_skb.isra.52+0x1120/0x1120 [ 53.256612][ T7999] ? mark_held_locks+0x130/0x130 [ 53.261526][ T7999] ? find_held_lock+0x36/0x1d0 [ 53.266273][ T7999] ? tun_get+0xf3/0x1d0 [ 53.270404][ T7999] ? lock_downgrade+0x960/0x960 [ 53.275233][ T7999] ? rcu_read_lock_held+0x9c/0xb0 [ 53.280234][ T7999] ? __kasan_check_read+0x11/0x20 [ 53.285253][ T7999] tun_chr_write_iter+0xb5/0x156 [ 53.290166][ T7999] do_iter_readv_writev+0x532/0xa70 [ 53.295339][ T7999] ? no_seek_end_llseek_size+0x20/0x20 [ 53.300785][ T7999] ? rw_verify_area+0xc5/0x2c0 [ 53.305525][ T7999] do_iter_write+0x130/0x510 [ 53.310885][ T7999] ? dup_iter+0x220/0x220 [ 53.315196][ T7999] vfs_writev+0x16d/0x2d0 [ 53.319503][ T7999] ? vfs_iter_write+0xb0/0xb0 [ 53.324152][ T7999] ? __kasan_check_read+0x11/0x20 [ 53.329159][ T7999] ? ksys_dup3+0x2e0/0x2e0 [ 53.333564][ T7999] ? __fget_light+0x1b1/0x230 [ 53.338222][ T7999] do_writev+0x118/0x2e0 [ 53.342453][ T7999] ? lock_downgrade+0x960/0x960 [ 53.347309][ T7999] ? vfs_writev+0x2d0/0x2d0 [ 53.351791][ T7999] ? do_syscall_64+0x21/0x630 [ 53.356442][ T7999] ? entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 53.362520][ T7999] __x64_sys_writev+0x70/0xb0 [ 53.367211][ T7999] do_syscall_64+0xca/0x630 [ 53.371709][ T7999] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 53.377595][ T7999] RIP: 0033:0x45a7d1 [ 53.381468][ T7999] Code: 75 14 b8 14 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 e4 b7 fb ff c3 48 83 ec 08 e8 fa 2c 00 00 48 89 04 24 b8 14 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 43 2d 00 00 48 89 d0 48 83 c4 08 48 3d 01 [ 53.401655][ T7999] RSP: 002b:00007fd75f192ba0 EFLAGS: 00000293 ORIG_RAX: 0000000000000014 [ 53.410057][ T7999] RAX: ffffffffffffffda RBX: 0000000000207843 RCX: 000000000045a7d1 [ 53.418108][ T7999] RDX: 0000000000000001 RSI: 00007fd75f192c00 RDI: 00000000000000f0 [ 53.426087][ T7999] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 53.434041][ T7999] R10: 00007fd75f1939d0 R11: 0000000000000293 R12: 00007fd75f1936d4 [ 53.442000][ T7999] R13: 00000000004cab1f R14: 00000000004e4040 R15: 00000000ffffffff [ 53.449976][ T7999] [ 53.452289][ T7999] The buggy address belongs to the page: [ 53.457897][ T7999] page:ffffea0001e3fc00 refcount:0 mapcount:0 mapping:00000000a4db98fb index:0x0 [ 53.466972][ T7999] flags: 0xfffe0000000000() [ 53.471457][ T7999] raw: 00fffe0000000000 ffffea0001e3fc08 ffffea0001e3fc08 0000000000000000 [ 53.480052][ T7999] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 53.489591][ T7999] page dumped because: kasan: bad access detected [ 53.495987][ T7999] [ 53.498394][ T7999] Memory state around the buggy address: [ 53.504014][ T7999] ffff888078feff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 53.512072][ T7999] ffff888078feff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 53.520902][ T7999] >ffff888078ff0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 53.528942][ T7999] ^ [ 53.535066][ T7999] ffff888078ff0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 53.543105][ T7999] ffff888078ff0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 53.551335][ T7999] ================================================================== [ 53.559380][ T7999] Disabling lock debugging due to kernel taint [ 53.565567][ T7999] Kernel panic - not syncing: panic_on_warn set ... [ 53.572147][ T7999] CPU: 0 PID: 7999 Comm: syz-executor.1 Tainted: G B 5.7.0-rc1-syzkaller #0 [ 53.582106][ T7999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.591598][ T2720] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.592176][ T7999] Call Trace: [ 53.599232][ T2720] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.602463][ T7999] dump_stack+0x12d/0x187 [ 53.602471][ T7999] ? eth_type_trans+0x5c0/0x740 [ 53.602475][ T7999] ? eth_type_trans+0x601/0x740 [ 53.602480][ T7999] panic+0x22a/0x4e3 [ 53.602486][ T7999] ? add_taint.cold.7+0x11/0x11 [ 53.622248][ T2720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 53.623720][ T7999] ? do_raw_spin_unlock+0x54/0x260 [ 53.623729][ T7999] ? eth_type_trans+0x601/0x740 [ 53.623736][ T7999] ? eth_type_trans+0x601/0x740 [ 53.628021][ T2720] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 53.632446][ T7999] end_report+0x51/0x59 [ 53.632451][ T7999] __kasan_report.cold.11+0xe/0x4e [ 53.632458][ T7999] ? eth_type_trans+0x601/0x740 [ 53.632462][ T7999] kasan_report+0x38/0x50 [ 53.632468][ T7999] __asan_report_load8_noabort+0x14/0x20 [ 53.632472][ T7999] eth_type_trans+0x601/0x740 [ 53.632479][ T7999] ? eth_gro_receive+0x940/0x940 [ 53.640931][ T2720] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.645705][ T7999] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 53.645712][ T7999] ? llc_station_exit+0xe/0x10 [ 53.645719][ T7999] napi_gro_frags+0x6da/0xb00 [ 53.650577][ T2720] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.655366][ T7999] tun_get_user+0x2412/0x37b0 [ 53.663790][ T2720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 53.667585][ T7999] ? __kasan_check_read+0x11/0x20 [ 53.667596][ T7999] ? tun_build_skb.isra.52+0x1120/0x1120 [ 53.667605][ T7999] ? mark_held_locks+0x130/0x130 [ 53.754910][ T7999] ? find_held_lock+0x36/0x1d0 [ 53.759647][ T7999] ? tun_get+0xf3/0x1d0 [ 53.763776][ T7999] ? lock_downgrade+0x960/0x960 [ 53.768600][ T7999] ? rcu_read_lock_held+0x9c/0xb0 [ 53.773628][ T7999] ? __kasan_check_read+0x11/0x20 [ 53.778633][ T7999] tun_chr_write_iter+0xb5/0x156 [ 53.783543][ T7999] do_iter_readv_writev+0x532/0xa70 [ 53.789144][ T7999] ? no_seek_end_llseek_size+0x20/0x20 [ 53.794572][ T7999] ? rw_verify_area+0xc5/0x2c0 [ 53.799327][ T7999] do_iter_write+0x130/0x510 [ 53.803994][ T7999] ? dup_iter+0x220/0x220 [ 53.808302][ T7999] vfs_writev+0x16d/0x2d0 [ 53.812615][ T7999] ? vfs_iter_write+0xb0/0xb0 [ 53.817276][ T7999] ? __kasan_check_read+0x11/0x20 [ 53.822460][ T7999] ? ksys_dup3+0x2e0/0x2e0 [ 53.826860][ T7999] ? __fget_light+0x1b1/0x230 [ 53.831521][ T7999] do_writev+0x118/0x2e0 [ 53.835734][ T7999] ? lock_downgrade+0x960/0x960 [ 53.840556][ T7999] ? vfs_writev+0x2d0/0x2d0 [ 53.845039][ T7999] ? do_syscall_64+0x21/0x630 [ 53.849685][ T7999] ? entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 53.855817][ T7999] __x64_sys_writev+0x70/0xb0 [ 53.860561][ T7999] do_syscall_64+0xca/0x630 [ 53.865033][ T7999] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 53.870893][ T7999] RIP: 0033:0x45a7d1 [ 53.874759][ T7999] Code: 75 14 b8 14 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 e4 b7 fb ff c3 48 83 ec 08 e8 fa 2c 00 00 48 89 04 24 b8 14 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 43 2d 00 00 48 89 d0 48 83 c4 08 48 3d 01 [ 53.896331][ T7999] RSP: 002b:00007fd75f192ba0 EFLAGS: 00000293 ORIG_RAX: 0000000000000014 [ 53.904722][ T7999] RAX: ffffffffffffffda RBX: 0000000000207843 RCX: 000000000045a7d1 [ 53.912670][ T7999] RDX: 0000000000000001 RSI: 00007fd75f192c00 RDI: 00000000000000f0 [ 53.920629][ T7999] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 53.928834][ T7999] R10: 00007fd75f1939d0 R11: 0000000000000293 R12: 00007fd75f1936d4 [ 53.936865][ T7999] R13: 00000000004cab1f R14: 00000000004e4040 R15: 00000000ffffffff [ 53.946264][ T7999] Kernel Offset: disabled [ 53.950668][ T7999] Rebooting in 86400 seconds..