Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 39.495655][ T6900] as (6900) used greatest stack depth: 23072 bytes left [ 39.916115][ T27] audit: type=1400 audit(1589567483.913:8): avc: denied { execmem } for pid=6909 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 39.928779][ T6910] IPVS: ftp: loaded support on port[0] = 21 [ 40.242896][ T40] tipc: TX() has been purged, node left! [ 40.537042][ T6899] can: request_module (can-proto-0) failed. [ 43.501216][ T6899] can: request_module (can-proto-0) failed. [ 43.512478][ T6899] can: request_module (can-proto-0) failed. [ 43.547398][ T27] audit: type=1400 audit(1589567487.535:9): avc: denied { create } for pid=6888 comm="syz-fuzzer" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dccp_socket permissive=1 Warning: Permanently added '10.128.10.57' (ECDSA) to the list of known hosts. 2020/05/15 18:31:34 parsed 1 programs 2020/05/15 18:31:35 executed programs: 0 [ 51.712710][ T27] audit: type=1400 audit(1589567495.709:10): avc: denied { execmem } for pid=7032 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 51.798758][ T7038] IPVS: ftp: loaded support on port[0] = 21 [ 51.799748][ T7035] IPVS: ftp: loaded support on port[0] = 21 [ 51.815026][ T7042] IPVS: ftp: loaded support on port[0] = 21 [ 51.822317][ T7043] IPVS: ftp: loaded support on port[0] = 21 [ 51.829027][ T7040] IPVS: ftp: loaded support on port[0] = 21 [ 51.829961][ T7036] IPVS: ftp: loaded support on port[0] = 21 [ 52.137847][ T7040] chnl_net:caif_netlink_parms(): no params data found [ 52.149077][ T7035] chnl_net:caif_netlink_parms(): no params data found [ 52.173425][ T7042] chnl_net:caif_netlink_parms(): no params data found [ 52.312388][ T7038] chnl_net:caif_netlink_parms(): no params data found [ 52.330844][ T7035] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.339187][ T7035] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.346904][ T7035] device bridge_slave_0 entered promiscuous mode [ 52.359762][ T7043] chnl_net:caif_netlink_parms(): no params data found [ 52.401254][ T7035] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.408488][ T7035] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.415990][ T7035] device bridge_slave_1 entered promiscuous mode [ 52.440203][ T7036] chnl_net:caif_netlink_parms(): no params data found [ 52.479159][ T7040] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.486229][ T7040] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.495194][ T7040] device bridge_slave_0 entered promiscuous mode [ 52.506800][ T7040] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.514522][ T7040] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.523408][ T7040] device bridge_slave_1 entered promiscuous mode [ 52.546394][ T7042] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.553755][ T7042] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.562138][ T7042] device bridge_slave_0 entered promiscuous mode [ 52.588665][ T7035] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 52.604420][ T7042] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.613056][ T7042] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.624045][ T7042] device bridge_slave_1 entered promiscuous mode [ 52.635247][ T7038] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.643534][ T7038] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.651967][ T7038] device bridge_slave_0 entered promiscuous mode [ 52.665447][ T7035] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 52.676610][ T7043] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.683801][ T7043] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.692145][ T7043] device bridge_slave_0 entered promiscuous mode [ 52.702853][ T7043] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.710247][ T7043] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.718945][ T7043] device bridge_slave_1 entered promiscuous mode [ 52.729606][ T7038] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.736669][ T7038] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.744937][ T7038] device bridge_slave_1 entered promiscuous mode [ 52.753347][ T7040] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 52.807463][ T7043] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 52.818209][ T7040] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 52.829946][ T7035] team0: Port device team_slave_0 added [ 52.837548][ T7042] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 52.852366][ T7042] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 52.862150][ T7036] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.869495][ T7036] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.878204][ T7036] device bridge_slave_0 entered promiscuous mode [ 52.886804][ T7043] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 52.901862][ T7035] team0: Port device team_slave_1 added [ 52.910655][ T7038] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 52.923802][ T7038] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 52.937412][ T7036] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.944462][ T7036] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.952835][ T7036] device bridge_slave_1 entered promiscuous mode [ 53.005012][ T7040] team0: Port device team_slave_0 added [ 53.012592][ T7036] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.033274][ T7042] team0: Port device team_slave_0 added [ 53.046197][ T7038] team0: Port device team_slave_0 added [ 53.053112][ T7040] team0: Port device team_slave_1 added [ 53.063888][ T7036] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.075236][ T7043] team0: Port device team_slave_0 added [ 53.085825][ T7043] team0: Port device team_slave_1 added [ 53.097723][ T7042] team0: Port device team_slave_1 added [ 53.129484][ T7035] device hsr_slave_0 entered promiscuous mode [ 53.167265][ T7035] device hsr_slave_1 entered promiscuous mode [ 53.239143][ T7038] team0: Port device team_slave_1 added [ 53.297865][ T7036] team0: Port device team_slave_0 added [ 53.339440][ T7043] device hsr_slave_0 entered promiscuous mode [ 53.377553][ T7043] device hsr_slave_1 entered promiscuous mode [ 53.438152][ T7043] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 53.445920][ T7043] Cannot create hsr debugfs directory [ 53.518659][ T7042] device hsr_slave_0 entered promiscuous mode [ 53.537112][ T7042] device hsr_slave_1 entered promiscuous mode [ 53.577068][ T7042] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 53.584621][ T7042] Cannot create hsr debugfs directory [ 53.592069][ T7036] team0: Port device team_slave_1 added [ 53.662321][ T7040] device hsr_slave_0 entered promiscuous mode [ 53.717100][ T7040] device hsr_slave_1 entered promiscuous mode [ 53.756885][ T7040] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 53.764466][ T7040] Cannot create hsr debugfs directory [ 53.830135][ T7038] device hsr_slave_0 entered promiscuous mode [ 53.877481][ T7038] device hsr_slave_1 entered promiscuous mode [ 53.946851][ T7038] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 53.954453][ T7038] Cannot create hsr debugfs directory [ 54.009907][ T7036] device hsr_slave_0 entered promiscuous mode [ 54.037157][ T7036] device hsr_slave_1 entered promiscuous mode [ 54.076740][ T7036] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 54.084399][ T7036] Cannot create hsr debugfs directory [ 54.112964][ T7035] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 54.170800][ T7035] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 54.239628][ T7043] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 54.290751][ T7035] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 54.352275][ T7043] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 54.413269][ T7043] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 54.470488][ T7035] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 54.537718][ T7043] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 54.619284][ T7038] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 54.660187][ T7038] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 54.720710][ T7038] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 54.770903][ T7038] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 54.893518][ T7042] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 54.978621][ T7042] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 55.019148][ T7042] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 55.062431][ T7040] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 55.101275][ T7040] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 55.183116][ T7040] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 55.231833][ T7040] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 55.277985][ T7042] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 55.360746][ T7036] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 55.398528][ T7036] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 55.455219][ T7035] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.464321][ T7043] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.483928][ T7036] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 55.533178][ T7038] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.544198][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.557890][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.565640][ T7036] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 55.640276][ T7035] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.651343][ T2680] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.659783][ T2680] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.668506][ T2680] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.676081][ T2680] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.703685][ T7038] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.713108][ T7043] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.727237][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.735711][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.744628][ T4009] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.751860][ T4009] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.782956][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 55.792440][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.803736][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.812665][ T23] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.819780][ T23] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.828604][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.837942][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.846462][ T23] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.853511][ T23] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.861454][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.870294][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.879081][ T23] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.886277][ T23] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.894341][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 55.934773][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 55.943496][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 55.957662][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.970854][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.980145][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.987255][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.999539][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 56.007985][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 56.020442][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.028770][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.035783][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.047730][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 56.060813][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 56.068784][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 56.094503][ T7042] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.115242][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 56.125551][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.134737][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 56.144920][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.153805][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 56.163416][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.172049][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 56.191556][ T7040] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.205727][ T7036] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.217540][ T7038] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 56.228556][ T7038] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 56.241572][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 56.250081][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 56.257989][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 56.266361][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.274909][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 56.287206][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.295555][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 56.304481][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.313510][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 56.322046][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.330706][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 56.339444][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.353948][ T7042] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.377210][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 56.384965][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 56.395072][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.403710][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.411866][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 56.420665][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.428957][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 56.437750][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.446233][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 56.454688][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.463281][ T4009] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.470398][ T4009] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.478421][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 56.487173][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.496163][ T4009] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.503338][ T4009] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.511414][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 56.522040][ T7035] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 56.547943][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 56.558040][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.567179][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.574771][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.583534][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 56.602273][ T7040] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.613167][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 56.622784][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 56.631693][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.640809][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.648832][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 56.659386][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.672411][ T7043] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 56.682096][ T7036] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.692639][ T7038] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.708155][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 56.719529][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 56.729243][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.738595][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.745635][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.785676][ T7035] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.809486][ T2747] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 56.840157][ T2747] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 56.863258][ T1607] ================================================================== [ 56.871426][ T2747] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.879212][ T1607] BUG: KASAN: slab-out-of-bounds in bacpy+0xe/0x10 [ 56.879220][ T1607] Read of size 6 at addr ffff88809cad4608 by task kworker/u5:0/1607 [ 56.879223][ T1607] [ 56.879230][ T1607] CPU: 1 PID: 1607 Comm: kworker/u5:0 Not tainted 5.7.0-rc5-syzkaller #0 [ 56.879234][ T1607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.879243][ T1607] Workqueue: hci0 hci_rx_work [ 56.879248][ T1607] Call Trace: [ 56.879258][ T1607] dump_stack+0x12d/0x187 [ 56.879265][ T1607] ? bacpy+0xe/0x10 [ 56.879270][ T1607] ? bacpy+0xe/0x10 [ 56.879279][ T1607] print_address_description.constprop.8.cold.10+0x9/0x41c [ 56.879293][ T1607] ? bacpy+0xe/0x10 [ 56.879297][ T1607] ? bacpy+0xe/0x10 [ 56.879304][ T1607] __kasan_report.cold.11+0x23/0x3a [ 56.879312][ T1607] ? bacpy+0xe/0x10 [ 56.879321][ T1607] kasan_report+0x38/0x50 [ 56.879332][ T1607] check_memory_region+0x1cc/0x1f0 [ 56.879340][ T1607] memcpy+0x23/0x60 [ 56.879347][ T1607] bacpy+0xe/0x10 [ 56.879354][ T1607] hci_event_packet+0x3195/0x9652 [ 56.879371][ T1607] ? hci_cmd_complete_evt+0xb6a0/0xb6a0 [ 56.896729][ T2747] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 56.904551][ T1607] ? ret_from_fork+0x24/0x30 [ 56.928163][ T2747] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.930674][ T1607] ? stack_trace_save+0x82/0xb0 [ 56.935049][ T2747] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.941879][ T1607] ? stack_trace_consume_entry+0x170/0x170 [ 56.941888][ T1607] ? unwind_next_frame+0x3e/0x50 [ 56.941900][ T1607] ? save_trace+0x45/0xab0 [ 56.941911][ T1607] ? __kasan_check_write+0x14/0x20 [ 56.941917][ T1607] ? lockdep_unlock+0x115/0x1b0 [ 56.941923][ T1607] ? __lock_acquire+0x2c81/0x3bf0 [ 56.941929][ T1607] ? stack_trace_consume_entry+0x170/0x170 [ 56.941934][ T1607] ? save_trace+0x5ce/0xab0 [ 56.941952][ T1607] ? mark_held_locks+0x130/0x130 [ 56.941956][ T1607] ? lockdep_unlock+0x115/0x1b0 [ 56.941965][ T1607] ? find_held_lock+0x36/0x1d0 [ 56.945870][ T2747] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.949748][ T1607] ? __kasan_check_read+0x11/0x20 [ 56.949754][ T1607] ? mark_lock+0xbf/0x630 [ 56.949765][ T1607] ? mark_held_locks+0xb8/0x130 [ 56.949776][ T1607] ? _raw_spin_unlock_irqrestore+0x7d/0xd0 [ 56.949783][ T1607] ? skb_dequeue+0x14d/0x1f0 [ 56.949789][ T1607] ? lockdep_hardirqs_on+0x481/0x620 [ 57.022384][ T2747] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 57.024237][ T1607] ? _raw_spin_unlock_irqrestore+0x7d/0xd0 [ 57.066753][ T2747] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 57.068572][ T1607] ? trace_hardirqs_on+0x28/0x1a0 [ 57.073727][ T2747] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 57.080527][ T1607] hci_rx_work+0x18e/0x950 [ 57.080533][ T1607] ? hci_rx_work+0x18e/0x950 [ 57.080542][ T1607] ? rcu_read_lock_any_held.part.10+0x50/0x50 [ 57.080548][ T1607] ? trace_hardirqs_on+0x28/0x1a0 [ 57.080561][ T1607] process_one_work+0x893/0x1690 [ 57.080577][ T1607] ? pwq_dec_nr_in_flight+0x2c0/0x2c0 [ 57.080595][ T1607] worker_thread+0x85/0xb60 [ 57.080601][ T1607] ? __kthread_parkme+0x37/0x1c0 [ 57.080616][ T1607] kthread+0x354/0x420 [ 57.080621][ T1607] ? process_one_work+0x1690/0x1690 [ 57.080627][ T1607] ? kthread_mod_delayed_work+0x190/0x190 [ 57.080638][ T1607] ret_from_fork+0x24/0x30 [ 57.080656][ T1607] [ 57.080661][ T1607] Allocated by task 7999: [ 57.080668][ T1607] save_stack+0x21/0x50 [ 57.080673][ T1607] __kasan_kmalloc.constprop.17+0xc7/0xd0 [ 57.080677][ T1607] kasan_kmalloc+0x9/0x10 [ 57.080685][ T1607] __kmalloc_node_track_caller+0x4d/0x70 [ 57.080691][ T1607] __kmalloc_reserve.isra.46+0x2c/0xc0 [ 57.080695][ T1607] __alloc_skb+0xd7/0x570 [ 57.080699][ T1607] vhci_write+0xa8/0x3e0 [ 57.080706][ T1607] new_sync_write+0x400/0x7e0 [ 57.080710][ T1607] __vfs_write+0x94/0x110 [ 57.080715][ T1607] vfs_write+0x190/0x530 [ 57.080719][ T1607] ksys_write+0x10b/0x220 [ 57.080723][ T1607] __x64_sys_write+0x6e/0xb0 [ 57.080730][ T1607] do_syscall_64+0xca/0x630 [ 57.080735][ T1607] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 57.080737][ T1607] [ 57.080741][ T1607] Freed by task 0: [ 57.080744][ T1607] (stack is not available) [ 57.080747][ T1607] [ 57.080752][ T1607] The buggy address belongs to the object at ffff88809cad4400 [ 57.080752][ T1607] which belongs to the cache kmalloc-512 of size 512 [ 57.080757][ T1607] The buggy address is located 8 bytes to the right of [ 57.080757][ T1607] 512-byte region [ffff88809cad4400, ffff88809cad4600) [ 57.080760][ T1607] The buggy address belongs to the page: [ 57.080767][ T1607] page:ffffea000272b500 refcount:1 mapcount:0 mapping:00000000e5a8f640 index:0x0 [ 57.080773][ T1607] flags: 0xfffe0000000200(slab) [ 57.080781][ T1607] raw: 00fffe0000000200 ffffea00027367c8 ffffea00027cdf88 ffff8880aa400a80 [ 57.080787][ T1607] raw: 0000000000000000 ffff88809cad4000 0000000100000004 0000000000000000 [ 57.080791][ T1607] page dumped because: kasan: bad access detected [ 57.080794][ T1607] [ 57.080797][ T1607] Memory state around the buggy address: [ 57.080802][ T1607] ffff88809cad4500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 57.080807][ T1607] ffff88809cad4580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 57.080812][ T1607] >ffff88809cad4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.080815][ T1607] ^ [ 57.080820][ T1607] ffff88809cad4680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.080824][ T1607] ffff88809cad4700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.080828][ T1607] ================================================================== [ 57.080831][ T1607] Disabling lock debugging due to kernel taint [ 57.082804][ T1607] Kernel panic - not syncing: panic_on_warn set ... [ 57.435162][ T1607] CPU: 1 PID: 1607 Comm: kworker/u5:0 Tainted: G B 5.7.0-rc5-syzkaller #0 [ 57.445368][ T1607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.455401][ T1607] Workqueue: hci0 hci_rx_work [ 57.460042][ T1607] Call Trace: [ 57.463300][ T1607] dump_stack+0x12d/0x187 [ 57.467594][ T1607] ? hci_encrypt_cfm+0x1c0/0x1c0 [ 57.472514][ T1607] ? bacpy+0xe/0x10 [ 57.476288][ T1607] panic+0x22a/0x4e3 [ 57.480149][ T1607] ? add_taint.cold.7+0x11/0x11 [ 57.484966][ T1607] ? preempt_schedule_thunk+0x16/0x18 [ 57.490302][ T1607] ? bacpy+0xe/0x10 [ 57.494160][ T1607] ? bacpy+0xe/0x10 [ 57.497933][ T1607] end_report+0x51/0x59 [ 57.502052][ T1607] __kasan_report.cold.11+0xe/0x3a [ 57.507141][ T1607] ? bacpy+0xe/0x10 [ 57.510925][ T1607] kasan_report+0x38/0x50 [ 57.515219][ T1607] check_memory_region+0x1cc/0x1f0 [ 57.520306][ T1607] memcpy+0x23/0x60 [ 57.524078][ T1607] bacpy+0xe/0x10 [ 57.527677][ T1607] hci_event_packet+0x3195/0x9652 [ 57.532669][ T1607] ? hci_cmd_complete_evt+0xb6a0/0xb6a0 [ 57.538179][ T1607] ? ret_from_fork+0x24/0x30 [ 57.542734][ T1607] ? stack_trace_save+0x82/0xb0 [ 57.547547][ T1607] ? stack_trace_consume_entry+0x170/0x170 [ 57.553317][ T1607] ? unwind_next_frame+0x3e/0x50 [ 57.558218][ T1607] ? save_trace+0x45/0xab0 [ 57.562599][ T1607] ? __kasan_check_write+0x14/0x20 [ 57.567673][ T1607] ? lockdep_unlock+0x115/0x1b0 [ 57.572488][ T1607] ? __lock_acquire+0x2c81/0x3bf0 [ 57.577476][ T1607] ? stack_trace_consume_entry+0x170/0x170 [ 57.583243][ T1607] ? save_trace+0x5ce/0xab0 [ 57.587725][ T1607] ? mark_held_locks+0x130/0x130 [ 57.592630][ T1607] ? lockdep_unlock+0x115/0x1b0 [ 57.597448][ T1607] ? find_held_lock+0x36/0x1d0 [ 57.602175][ T1607] ? __kasan_check_read+0x11/0x20 [ 57.607180][ T1607] ? mark_lock+0xbf/0x630 [ 57.611474][ T1607] ? mark_held_locks+0xb8/0x130 [ 57.616288][ T1607] ? _raw_spin_unlock_irqrestore+0x7d/0xd0 [ 57.622060][ T1607] ? skb_dequeue+0x14d/0x1f0 [ 57.626615][ T1607] ? lockdep_hardirqs_on+0x481/0x620 [ 57.631863][ T1607] ? _raw_spin_unlock_irqrestore+0x7d/0xd0 [ 57.637636][ T1607] ? trace_hardirqs_on+0x28/0x1a0 [ 57.642629][ T1607] hci_rx_work+0x18e/0x950 [ 57.647099][ T1607] ? hci_rx_work+0x18e/0x950 [ 57.651679][ T1607] ? rcu_read_lock_any_held.part.10+0x50/0x50 [ 57.657801][ T1607] ? trace_hardirqs_on+0x28/0x1a0 [ 57.662790][ T1607] process_one_work+0x893/0x1690 [ 57.667692][ T1607] ? pwq_dec_nr_in_flight+0x2c0/0x2c0 [ 57.673030][ T1607] worker_thread+0x85/0xb60 [ 57.677508][ T1607] ? __kthread_parkme+0x37/0x1c0 [ 57.682409][ T1607] kthread+0x354/0x420 [ 57.686528][ T1607] ? process_one_work+0x1690/0x1690 [ 57.691699][ T1607] ? kthread_mod_delayed_work+0x190/0x190 [ 57.697384][ T1607] ret_from_fork+0x24/0x30 [ 57.703167][ T1607] Kernel Offset: disabled [ 57.707491][ T1607] Rebooting in 86400 seconds..