Warning: Permanently added '10.128.15.192' (ECDSA) to the list of known hosts. 2020/05/14 02:22:11 parsed 1 programs 2020/05/14 02:22:11 executed programs: 0 [ 47.904998][ T7049] IPVS: ftp: loaded support on port[0] = 21 [ 47.914951][ T7053] IPVS: ftp: loaded support on port[0] = 21 [ 47.950111][ T7054] IPVS: ftp: loaded support on port[0] = 21 [ 47.969215][ T7059] IPVS: ftp: loaded support on port[0] = 21 [ 47.993713][ T7068] IPVS: ftp: loaded support on port[0] = 21 [ 48.029730][ T7069] IPVS: ftp: loaded support on port[0] = 21 [ 48.202208][ T7049] chnl_net:caif_netlink_parms(): no params data found [ 48.247265][ T7059] chnl_net:caif_netlink_parms(): no params data found [ 48.370261][ T7053] chnl_net:caif_netlink_parms(): no params data found [ 48.400719][ T7068] chnl_net:caif_netlink_parms(): no params data found [ 48.436952][ T7054] chnl_net:caif_netlink_parms(): no params data found [ 48.453238][ T7069] chnl_net:caif_netlink_parms(): no params data found [ 48.470579][ T7059] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.478075][ T7059] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.486948][ T7059] device bridge_slave_0 entered promiscuous mode [ 48.522124][ T7059] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.529264][ T7059] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.538353][ T7059] device bridge_slave_1 entered promiscuous mode [ 48.556215][ T7049] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.563614][ T7049] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.571462][ T7049] device bridge_slave_0 entered promiscuous mode [ 48.614359][ T7049] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.621620][ T7049] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.629046][ T7049] device bridge_slave_1 entered promiscuous mode [ 48.636460][ T7068] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.645886][ T7068] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.657551][ T7068] device bridge_slave_0 entered promiscuous mode [ 48.669162][ T7068] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.676654][ T7068] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.684862][ T7068] device bridge_slave_1 entered promiscuous mode [ 48.699353][ T7054] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.708596][ T7054] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.716436][ T7054] device bridge_slave_0 entered promiscuous mode [ 48.725753][ T7059] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 48.737413][ T7059] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 48.770405][ T7049] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 48.779496][ T7069] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.788201][ T7069] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.796124][ T7069] device bridge_slave_0 entered promiscuous mode [ 48.803818][ T7054] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.815123][ T7054] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.822840][ T7054] device bridge_slave_1 entered promiscuous mode [ 48.832885][ T7053] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.845359][ T7053] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.853157][ T7053] device bridge_slave_0 entered promiscuous mode [ 48.861268][ T7049] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 48.875639][ T7068] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 48.889224][ T7069] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.896495][ T7069] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.904571][ T7069] device bridge_slave_1 entered promiscuous mode [ 48.922910][ T7053] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.929939][ T7053] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.939388][ T7053] device bridge_slave_1 entered promiscuous mode [ 48.951925][ T7068] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 48.972723][ T7059] team0: Port device team_slave_0 added [ 48.981913][ T7069] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 48.996311][ T7069] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 49.007351][ T7054] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 49.027307][ T7068] team0: Port device team_slave_0 added [ 49.035227][ T7049] team0: Port device team_slave_0 added [ 49.045875][ T7059] team0: Port device team_slave_1 added [ 49.061886][ T7054] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 49.072322][ T7068] team0: Port device team_slave_1 added [ 49.086254][ T7049] team0: Port device team_slave_1 added [ 49.093784][ T7053] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 49.124422][ T7054] team0: Port device team_slave_0 added [ 49.134454][ T7053] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 49.144850][ T7069] team0: Port device team_slave_0 added [ 49.154166][ T7069] team0: Port device team_slave_1 added [ 49.176114][ T7054] team0: Port device team_slave_1 added [ 49.216049][ T7059] device hsr_slave_0 entered promiscuous mode [ 49.260654][ T7059] device hsr_slave_1 entered promiscuous mode [ 49.362939][ T7068] device hsr_slave_0 entered promiscuous mode [ 49.420868][ T7068] device hsr_slave_1 entered promiscuous mode [ 49.460350][ T7068] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 49.468041][ T7068] Cannot create hsr debugfs directory [ 49.512179][ T7069] device hsr_slave_0 entered promiscuous mode [ 49.540831][ T7069] device hsr_slave_1 entered promiscuous mode [ 49.620324][ T7069] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 49.627872][ T7069] Cannot create hsr debugfs directory [ 49.640789][ T7053] team0: Port device team_slave_0 added [ 49.713831][ T7049] device hsr_slave_0 entered promiscuous mode [ 49.771478][ T7049] device hsr_slave_1 entered promiscuous mode [ 49.830442][ T7049] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 49.838000][ T7049] Cannot create hsr debugfs directory [ 49.845339][ T7053] team0: Port device team_slave_1 added [ 49.868016][ T7059] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 49.983492][ T7053] device hsr_slave_0 entered promiscuous mode [ 50.040428][ T7053] device hsr_slave_1 entered promiscuous mode [ 50.100239][ T7053] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 50.107798][ T7053] Cannot create hsr debugfs directory [ 50.142800][ T7054] device hsr_slave_0 entered promiscuous mode [ 50.200594][ T7054] device hsr_slave_1 entered promiscuous mode [ 50.240218][ T7054] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 50.247776][ T7054] Cannot create hsr debugfs directory [ 50.254105][ T7059] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 50.297639][ T7059] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 50.362860][ T7059] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 50.420881][ T7069] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 50.452137][ T7069] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 50.498162][ T7069] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 50.560929][ T7069] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 50.646256][ T7068] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 50.672669][ T7068] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 50.754304][ T7049] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 50.814369][ T7049] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 50.872228][ T7068] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 50.912853][ T7068] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 50.963022][ T7049] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 50.992654][ T7049] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 51.076382][ T7053] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 51.155567][ T7053] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 51.194459][ T7053] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 51.251605][ T7053] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 51.327398][ T7054] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 51.384085][ T7054] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 51.423574][ T7054] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 51.495383][ T7059] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.503091][ T7054] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 51.546282][ T7069] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.567981][ T7059] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.594162][ T2676] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.603271][ T2676] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.611258][ T2676] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.618827][ T2676] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.629039][ T7069] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.650188][ T7068] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.662502][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 51.671445][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.679697][ T4009] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.686865][ T4009] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.696439][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 51.706147][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.714696][ T4009] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.721813][ T4009] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.729517][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 51.738501][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.746929][ T4009] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.754025][ T4009] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.761995][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 51.770707][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.778901][ T4009] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.786055][ T4009] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.794008][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.802207][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.825620][ T7049] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.832685][ T2676] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 51.842846][ T2676] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 51.858916][ T2676] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 51.891191][ T2688] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 51.904124][ T2688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 51.914821][ T2688] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 51.924406][ T2688] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.933259][ T2688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.942043][ T2688] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.950595][ T2688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.992197][ T7053] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.001896][ T7049] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.019392][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.027356][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.041193][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.049367][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.062061][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.070608][ T4009] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.085147][ T7069] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 52.096316][ T7069] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 52.108828][ T7068] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.125425][ T7059] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 52.136009][ T7059] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 52.149210][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.158624][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.167224][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.176955][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.185607][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.193979][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.202317][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.210701][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.219596][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.227953][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.247580][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 52.255266][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 52.263847][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.272601][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.281517][ T2956] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.288551][ T2956] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.297062][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.305800][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.314294][ T2956] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.321385][ T2956] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.339616][ T7054] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.357624][ T7053] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.368202][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.377007][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.385546][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 52.393353][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 52.401519][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.408993][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.417115][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.425877][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.434535][ T2956] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.441626][ T2956] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.464373][ T7069] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 52.487777][ T2688] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 52.500881][ T2688] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 52.508265][ T2688] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.518237][ T2688] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.527218][ T2688] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.534307][ T2688] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.542362][ T2688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 52.551143][ T2688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.559494][ T2688] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.568068][ T2688] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.575186][ T2688] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.583332][ T2688] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.591939][ T2688] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.600840][ T2688] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.607863][ T2688] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.615368][ T2688] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 52.623839][ T2688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.632496][ T2688] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.644583][ T7059] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 52.691849][ T7054] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.698822][ T2688] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.720741][ T2688] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.728337][ T2688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 52.740788][ T2688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 52.749300][ T2688] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.759108][ T2688] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.775705][ T7990] ================================================================== [ 52.783833][ T7990] BUG: KASAN: use-after-free in eth_type_trans+0x601/0x740 [ 52.790997][ T7990] Read of size 8 at addr ffff8880797f0040 by task syz-executor.1/7990 [ 52.799479][ T7990] [ 52.801781][ T7990] CPU: 0 PID: 7990 Comm: syz-executor.1 Not tainted 5.7.0-rc5-syzkaller #0 [ 52.810336][ T7990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.820366][ T7990] Call Trace: [ 52.823629][ T7990] dump_stack+0x12d/0x187 [ 52.827931][ T7990] ? eth_type_trans+0x601/0x740 [ 52.832751][ T7990] ? eth_type_trans+0x601/0x740 [ 52.837571][ T7990] print_address_description.constprop.8.cold.10+0x9/0x31d [ 52.844734][ T7990] ? eth_type_trans+0x601/0x740 [ 52.849553][ T7990] ? eth_type_trans+0x601/0x740 [ 52.854375][ T7990] __kasan_report.cold.11+0x37/0x4e [ 52.859544][ T7990] ? eth_type_trans+0x601/0x740 [ 52.864366][ T7990] kasan_report+0x38/0x50 [ 52.868666][ T7990] __asan_report_load8_noabort+0x14/0x20 [ 52.874266][ T7990] eth_type_trans+0x601/0x740 [ 52.878915][ T7990] ? eth_gro_receive+0x940/0x940 [ 52.883820][ T7990] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 52.889336][ T7990] ? llc_ui_connect+0xa2e/0xa70 [ 52.894161][ T7990] napi_gro_frags+0x6da/0xb00 [ 52.899141][ T7990] tun_get_user+0x2609/0x3a70 [ 52.903789][ T7990] ? __kasan_check_read+0x11/0x20 [ 52.908788][ T7990] ? tun_build_skb.isra.53+0x1120/0x1120 [ 52.914404][ T7990] ? mark_held_locks+0x130/0x130 [ 52.919313][ T7990] ? find_held_lock+0x36/0x1d0 [ 52.924052][ T7990] ? tun_get+0xf3/0x1d0 [ 52.928177][ T7990] ? lock_downgrade+0x960/0x960 [ 52.933014][ T7990] ? rcu_read_lock_held+0x9c/0xb0 [ 52.938007][ T7990] ? __kasan_check_read+0x11/0x20 [ 52.943006][ T7990] tun_chr_write_iter+0xb5/0x156 [ 52.947916][ T7990] do_iter_readv_writev+0x532/0xa70 [ 52.953085][ T7990] ? no_seek_end_llseek_size+0x20/0x20 [ 52.958515][ T7990] ? rw_verify_area+0xc5/0x2c0 [ 52.963268][ T7990] do_iter_write+0x130/0x510 [ 52.967827][ T7990] ? dup_iter+0x220/0x220 [ 52.972132][ T7990] vfs_writev+0x16d/0x2d0 [ 52.976432][ T7990] ? vfs_iter_write+0xb0/0xb0 [ 52.981080][ T7990] ? __kasan_check_read+0x11/0x20 [ 52.986084][ T7990] ? ksys_dup3+0x2e0/0x2e0 [ 52.990476][ T7990] ? __fget_light+0x1b1/0x230 [ 52.995603][ T7990] do_writev+0x118/0x2e0 [ 52.999816][ T7990] ? lock_downgrade+0x960/0x960 [ 53.004637][ T7990] ? vfs_writev+0x2d0/0x2d0 [ 53.009111][ T7990] ? do_syscall_64+0x21/0x630 [ 53.013759][ T7990] ? entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 53.019808][ T7990] __x64_sys_writev+0x70/0xb0 [ 53.024456][ T7990] do_syscall_64+0xca/0x630 [ 53.028931][ T7990] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 53.034792][ T7990] RIP: 0033:0x45a7d1 [ 53.038656][ T7990] Code: 75 14 b8 14 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 e4 b7 fb ff c3 48 83 ec 08 e8 fa 2c 00 00 48 89 04 24 b8 14 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 43 2d 00 00 48 89 d0 48 83 c4 08 48 3d 01 [ 53.058235][ T7990] RSP: 002b:00007f606f354ba0 EFLAGS: 00000293 ORIG_RAX: 0000000000000014 [ 53.066621][ T7990] RAX: ffffffffffffffda RBX: 0000000000207843 RCX: 000000000045a7d1 [ 53.074572][ T7990] RDX: 0000000000000001 RSI: 00007f606f354c00 RDI: 00000000000000f0 [ 53.082514][ T7990] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 53.090456][ T7990] R10: 00007f606f3559d0 R11: 0000000000000293 R12: 00007f606f3556d4 [ 53.098398][ T7990] R13: 00000000004cab1f R14: 00000000004e4040 R15: 00000000ffffffff [ 53.106355][ T7990] [ 53.108655][ T7990] The buggy address belongs to the page: [ 53.114346][ T7990] page:ffffea0001e5fc00 refcount:0 mapcount:0 mapping:00000000a3cb0c44 index:0x0 [ 53.123419][ T7990] flags: 0xfffe0000000000() [ 53.127889][ T7990] raw: 00fffe0000000000 ffffea0001e5fc08 ffffea0001e5fc08 0000000000000000 [ 53.136437][ T7990] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 53.144999][ T7990] page dumped because: kasan: bad access detected [ 53.151399][ T7990] [ 53.153710][ T7990] Memory state around the buggy address: [ 53.159308][ T7990] ffff8880797eff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 53.167337][ T7990] ffff8880797eff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 53.175364][ T7990] >ffff8880797f0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 53.183418][ T7990] ^ [ 53.189549][ T7990] ffff8880797f0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 53.197964][ T7990] ffff8880797f0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 53.205996][ T7990] ================================================================== [ 53.214030][ T7990] Disabling lock debugging due to kernel taint [ 53.220218][ T7990] Kernel panic - not syncing: panic_on_warn set ... [ 53.226791][ T7990] CPU: 0 PID: 7990 Comm: syz-executor.1 Tainted: G B 5.7.0-rc5-syzkaller #0 [ 53.236740][ T7990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.246770][ T7990] Call Trace: [ 53.250046][ T7990] dump_stack+0x12d/0x187 [ 53.254343][ T7990] ? eth_type_trans+0x5f0/0x740 [ 53.259156][ T7990] ? eth_type_trans+0x601/0x740 [ 53.263981][ T7990] panic+0x22a/0x4e3 [ 53.267840][ T7990] ? add_taint.cold.7+0x11/0x11 [ 53.272654][ T7990] ? do_raw_spin_unlock+0x54/0x260 [ 53.277735][ T7990] ? eth_type_trans+0x601/0x740 [ 53.282548][ T7990] ? eth_type_trans+0x601/0x740 [ 53.287374][ T7990] end_report+0x51/0x59 [ 53.291507][ T7990] __kasan_report.cold.11+0xe/0x4e [ 53.296593][ T7990] ? eth_type_trans+0x601/0x740 [ 53.301406][ T7990] kasan_report+0x38/0x50 [ 53.305709][ T7990] __asan_report_load8_noabort+0x14/0x20 [ 53.311420][ T7990] eth_type_trans+0x601/0x740 [ 53.316067][ T7990] ? eth_gro_receive+0x940/0x940 [ 53.321021][ T7990] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 53.326531][ T7990] ? llc_ui_connect+0xa2e/0xa70 [ 53.331348][ T7990] napi_gro_frags+0x6da/0xb00 [ 53.335992][ T7990] tun_get_user+0x2609/0x3a70 [ 53.340636][ T7990] ? __kasan_check_read+0x11/0x20 [ 53.345674][ T7990] ? tun_build_skb.isra.53+0x1120/0x1120 [ 53.351285][ T7990] ? mark_held_locks+0x130/0x130 [ 53.356191][ T7990] ? find_held_lock+0x36/0x1d0 [ 53.360937][ T7990] ? tun_get+0xf3/0x1d0 [ 53.365060][ T7990] ? lock_downgrade+0x960/0x960 [ 53.369922][ T7990] ? rcu_read_lock_held+0x9c/0xb0 [ 53.374920][ T7990] ? __kasan_check_read+0x11/0x20 [ 53.379927][ T7990] tun_chr_write_iter+0xb5/0x156 [ 53.384831][ T7990] do_iter_readv_writev+0x532/0xa70 [ 53.389992][ T7990] ? no_seek_end_llseek_size+0x20/0x20 [ 53.395413][ T7990] ? rw_verify_area+0xc5/0x2c0 [ 53.400140][ T7990] do_iter_write+0x130/0x510 [ 53.404700][ T7990] ? dup_iter+0x220/0x220 [ 53.409101][ T7990] vfs_writev+0x16d/0x2d0 [ 53.413396][ T7990] ? vfs_iter_write+0xb0/0xb0 [ 53.418037][ T7990] ? __kasan_check_read+0x11/0x20 [ 53.423040][ T7990] ? ksys_dup3+0x2e0/0x2e0 [ 53.427420][ T7990] ? __fget_light+0x1b1/0x230 [ 53.432060][ T7990] do_writev+0x118/0x2e0 [ 53.436280][ T7990] ? lock_downgrade+0x960/0x960 [ 53.441096][ T7990] ? vfs_writev+0x2d0/0x2d0 [ 53.445568][ T7990] ? do_syscall_64+0x21/0x630 [ 53.450222][ T7990] ? entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 53.456272][ T7990] __x64_sys_writev+0x70/0xb0 [ 53.460917][ T7990] do_syscall_64+0xca/0x630 [ 53.465394][ T7990] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 53.471247][ T7990] RIP: 0033:0x45a7d1 [ 53.475107][ T7990] Code: 75 14 b8 14 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 e4 b7 fb ff c3 48 83 ec 08 e8 fa 2c 00 00 48 89 04 24 b8 14 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 43 2d 00 00 48 89 d0 48 83 c4 08 48 3d 01 [ 53.494673][ T7990] RSP: 002b:00007f606f354ba0 EFLAGS: 00000293 ORIG_RAX: 0000000000000014 [ 53.503048][ T7990] RAX: ffffffffffffffda RBX: 0000000000207843 RCX: 000000000045a7d1 [ 53.510991][ T7990] RDX: 0000000000000001 RSI: 00007f606f354c00 RDI: 00000000000000f0 [ 53.518932][ T7990] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 53.526877][ T7990] R10: 00007f606f3559d0 R11: 0000000000000293 R12: 00007f606f3556d4 [ 53.534820][ T7990] R13: 00000000004cab1f R14: 00000000004e4040 R15: 00000000ffffffff [ 53.543482][ T7990] Kernel Offset: disabled [ 53.547798][ T7990] Rebooting in 86400 seconds..