Warning: Permanently added '10.128.10.31' (ECDSA) to the list of known hosts. 2020/12/15 15:55:29 parsed 1 programs 2020/12/15 15:55:29 executed programs: 0 [ 33.549910] IPVS: ftp: loaded support on port[0] = 21 [ 33.637610] chnl_net:caif_netlink_parms(): no params data found [ 33.732695] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.739446] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.747453] device bridge_slave_0 entered promiscuous mode [ 33.755252] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.762272] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.769151] device bridge_slave_1 entered promiscuous mode [ 33.785653] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 33.794284] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 33.811897] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 33.819683] team0: Port device team_slave_0 added [ 33.825610] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 33.833168] team0: Port device team_slave_1 added [ 33.848179] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 33.854585] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 33.880624] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 33.893014] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 33.899240] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 33.925029] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 33.935855] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 33.943513] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 33.961345] device hsr_slave_0 entered promiscuous mode [ 33.966986] device hsr_slave_1 entered promiscuous mode [ 33.973392] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 33.980277] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 34.039978] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.046417] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.053227] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.059570] bridge0: port 1(bridge_slave_0) entered forwarding state [ 34.087189] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 34.094084] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.102742] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 34.110636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 34.119084] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.126285] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.135575] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 34.142572] 8021q: adding VLAN 0 to HW filter on device team0 [ 34.151181] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 34.159291] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.165693] bridge0: port 1(bridge_slave_0) entered forwarding state [ 34.176639] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 34.186252] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.194037] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.207943] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 34.215709] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 34.226046] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 34.238737] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 34.250142] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 34.261709] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 34.267958] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 34.275719] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 34.283719] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 34.295779] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 34.303222] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 34.309850] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 34.320371] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 34.368567] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 34.378436] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 34.406521] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 34.413984] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 34.420394] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 34.429999] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 34.437745] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 34.444713] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 34.454265] device veth0_vlan entered promiscuous mode [ 34.463022] device veth1_vlan entered promiscuous mode [ 34.469349] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 34.478101] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 34.488404] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 34.497810] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 34.505390] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 34.513047] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 34.522835] device veth0_macvtap entered promiscuous mode [ 34.528841] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 34.537521] device veth1_macvtap entered promiscuous mode [ 34.546327] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 34.555143] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 34.564856] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 34.571757] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 34.579697] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 34.589530] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 34.596346] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 34.621242] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 35.581092] Bluetooth: hci0 command 0x0409 tx timeout [ 35.606614] ================================================================== [ 35.614073] BUG: KASAN: use-after-free in drm_getunique+0x1b4/0x250 [ 35.620483] Read of size 4 at addr ffff8880af695818 by task syz-executor.0/8538 [ 35.627932] [ 35.629557] CPU: 1 PID: 8538 Comm: syz-executor.0 Not tainted 4.14.212-syzkaller #0 [ 35.637325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.646674] Call Trace: [ 35.649247] dump_stack+0x1b2/0x283 [ 35.652859] print_address_description.cold+0x54/0x1d3 [ 35.658126] kasan_report_error.cold+0x8a/0x194 [ 35.662776] ? drm_getunique+0x1b4/0x250 [ 35.666827] __asan_report_load4_noabort+0x68/0x70 [ 35.671759] ? drm_getunique+0x1b4/0x250 [ 35.675797] drm_getunique+0x1b4/0x250 [ 35.679677] ? drm_invalid_op+0x10/0x10 [ 35.683641] drm_ioctl_kernel+0x14c/0x200 [ 35.687794] drm_ioctl+0x419/0x870 [ 35.691323] ? drm_invalid_op+0x10/0x10 [ 35.695283] ? drm_getstats+0x20/0x20 [ 35.699072] ? futex_exit_release+0x220/0x220 [ 35.703547] ? dput.part.0+0x13d/0x710 [ 35.707423] ? __might_fault+0x104/0x1b0 [ 35.711470] ? lock_acquire+0x170/0x3f0 [ 35.715423] ? drm_getstats+0x20/0x20 [ 35.719291] do_vfs_ioctl+0x75a/0xff0 [ 35.723094] ? ioctl_preallocate+0x1a0/0x1a0 [ 35.727506] ? lock_downgrade+0x740/0x740 [ 35.731640] ? __fget+0x225/0x360 [ 35.735194] ? do_vfs_ioctl+0xff0/0xff0 [ 35.739167] ? security_file_ioctl+0x83/0xb0 [ 35.743572] SyS_ioctl+0x7f/0xb0 [ 35.746918] ? do_vfs_ioctl+0xff0/0xff0 [ 35.750881] do_syscall_64+0x1d5/0x640 [ 35.754750] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 35.760008] RIP: 0033:0x45e159 [ 35.763198] RSP: 002b:00007fdd9f7dfc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 35.770900] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045e159 [ 35.778194] RDX: 0000000020000180 RSI: 00000000c0145401 RDI: 0000000000000003 [ 35.785663] RBP: 000000000119c068 R08: 0000000000000000 R09: 0000000000000000 [ 35.792927] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000119c034 [ 35.800180] R13: 00007fff4256ec3f R14: 00007fdd9f7e09c0 R15: 000000000119c034 [ 35.807439] [ 35.809066] Allocated by task 8536: [ 35.812681] kasan_kmalloc+0xeb/0x160 [ 35.816513] kmem_cache_alloc_trace+0x131/0x3d0 [ 35.821204] drm_new_set_master+0x11a/0x5e0 [ 35.825528] drm_master_open+0xee/0x120 [ 35.829497] drm_open+0x873/0x1010 [ 35.833076] drm_stub_open+0x27b/0x400 [ 35.837073] chrdev_open+0x23c/0x6d0 [ 35.840768] do_dentry_open+0x44b/0xec0 [ 35.844719] vfs_open+0x105/0x220 [ 35.848149] path_openat+0x628/0x2970 [ 35.851937] do_filp_open+0x179/0x3c0 [ 35.855728] do_sys_open+0x296/0x410 [ 35.859424] do_syscall_64+0x1d5/0x640 [ 35.863318] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 35.868489] [ 35.870467] Freed by task 8536: [ 35.873729] kasan_slab_free+0xc3/0x1a0 [ 35.877683] kfree+0xc9/0x250 [ 35.880782] drm_master_put+0x134/0x180 [ 35.884758] drm_new_set_master+0x3b1/0x5e0 [ 35.889059] drm_setmaster_ioctl+0x222/0x2c0 [ 35.894594] drm_ioctl_kernel+0x14c/0x200 [ 35.898725] drm_ioctl+0x419/0x870 [ 35.903214] do_vfs_ioctl+0x75a/0xff0 [ 35.906993] SyS_ioctl+0x7f/0xb0 [ 35.910339] do_syscall_64+0x1d5/0x640 [ 35.914212] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 35.919403] [ 35.921008] The buggy address belongs to the object at ffff8880af695800 [ 35.921008] which belongs to the cache kmalloc-256 of size 256 [ 35.933654] The buggy address is located 24 bytes inside of [ 35.933654] 256-byte region [ffff8880af695800, ffff8880af695900) [ 35.945417] The buggy address belongs to the page: [ 35.950325] page:ffffea0002bda540 count:1 mapcount:0 mapping:ffff8880af695080 index:0xffff8880af695940 [ 35.959746] flags: 0xfff00000000100(slab) [ 35.963878] raw: 00fff00000000100 ffff8880af695080 ffff8880af695940 000000010000000a [ 35.971746] raw: ffffea0002bda160 ffffea0002ca30e0 ffff88813fe807c0 0000000000000000 [ 35.979624] page dumped because: kasan: bad access detected [ 35.985322] [ 35.986925] Memory state around the buggy address: [ 35.991830] ffff8880af695700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.999168] ffff8880af695780: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.006509] >ffff8880af695800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.013864] ^ [ 36.018011] ffff8880af695880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.025360] ffff8880af695900: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 36.032703] ================================================================== [ 36.040042] Disabling lock debugging due to kernel taint [ 36.049740] Kernel panic - not syncing: panic_on_warn set ... [ 36.049740] [ 36.057112] CPU: 1 PID: 8538 Comm: syz-executor.0 Tainted: G B 4.14.212-syzkaller #0 [ 36.066113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.075456] Call Trace: [ 36.078040] dump_stack+0x1b2/0x283 [ 36.081660] panic+0x1f9/0x42d [ 36.084834] ? add_taint.cold+0x16/0x16 [ 36.088797] ? ___preempt_schedule+0x16/0x18 [ 36.093184] kasan_end_report+0x43/0x49 [ 36.097134] kasan_report_error.cold+0xa7/0x194 [ 36.101794] ? drm_getunique+0x1b4/0x250 [ 36.105834] __asan_report_load4_noabort+0x68/0x70 [ 36.110757] ? drm_getunique+0x1b4/0x250 [ 36.114805] drm_getunique+0x1b4/0x250 [ 36.118686] ? drm_invalid_op+0x10/0x10 [ 36.122636] drm_ioctl_kernel+0x14c/0x200 [ 36.126761] drm_ioctl+0x419/0x870 [ 36.130311] ? drm_invalid_op+0x10/0x10 [ 36.134289] ? drm_getstats+0x20/0x20 [ 36.138070] ? futex_exit_release+0x220/0x220 [ 36.142557] ? dput.part.0+0x13d/0x710 [ 36.146431] ? __might_fault+0x104/0x1b0 [ 36.150470] ? lock_acquire+0x170/0x3f0 [ 36.154427] ? drm_getstats+0x20/0x20 [ 36.158305] do_vfs_ioctl+0x75a/0xff0 [ 36.162087] ? ioctl_preallocate+0x1a0/0x1a0 [ 36.166475] ? lock_downgrade+0x740/0x740 [ 36.170606] ? __fget+0x225/0x360 [ 36.174085] ? do_vfs_ioctl+0xff0/0xff0 [ 36.178057] ? security_file_ioctl+0x83/0xb0 [ 36.182451] SyS_ioctl+0x7f/0xb0 [ 36.185814] ? do_vfs_ioctl+0xff0/0xff0 [ 36.189772] do_syscall_64+0x1d5/0x640 [ 36.193642] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 36.198808] RIP: 0033:0x45e159 [ 36.201990] RSP: 002b:00007fdd9f7dfc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 36.209677] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045e159 [ 36.216931] RDX: 0000000020000180 RSI: 00000000c0145401 RDI: 0000000000000003 [ 36.224177] RBP: 000000000119c068 R08: 0000000000000000 R09: 0000000000000000 [ 36.231437] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000119c034 [ 36.239087] R13: 00007fff4256ec3f R14: 00007fdd9f7e09c0 R15: 000000000119c034 [ 36.246407] Kernel Offset: disabled [ 36.250017] Rebooting in 86400 seconds..