Warning: Permanently added '10.128.0.214' (ECDSA) to the list of known hosts. 2020/08/03 23:22:14 parsed 1 programs 2020/08/03 23:22:14 executed programs: 0 [ 61.958495][ T6859] IPVS: ftp: loaded support on port[0] = 21 [ 62.065379][ T6859] chnl_net:caif_netlink_parms(): no params data found [ 62.119710][ T6859] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.127088][ T6859] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.135858][ T6859] device bridge_slave_0 entered promiscuous mode [ 62.144652][ T6859] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.152129][ T6859] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.159969][ T6859] device bridge_slave_1 entered promiscuous mode [ 62.181338][ T6859] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.192165][ T6859] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.215412][ T6859] team0: Port device team_slave_0 added [ 62.222788][ T6859] team0: Port device team_slave_1 added [ 62.240993][ T6859] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.248019][ T6859] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.274744][ T6859] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.287887][ T6859] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.294829][ T6859] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.321628][ T6859] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.400800][ T6859] device hsr_slave_0 entered promiscuous mode [ 62.467752][ T6859] device hsr_slave_1 entered promiscuous mode [ 62.606238][ T6859] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 62.649974][ T6859] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 62.719855][ T6859] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 62.779505][ T6859] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 62.833620][ T6859] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.840786][ T6859] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.848731][ T6859] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.855794][ T6859] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.901084][ T6859] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.913742][ T2582] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.925091][ T2582] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.933830][ T2582] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.942271][ T2582] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 62.955275][ T6859] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.966886][ T2603] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 62.975828][ T2603] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.982947][ T2603] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.998829][ T2582] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 63.008211][ T2582] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.015339][ T2582] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.038163][ T2582] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 63.046917][ T2582] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 63.056517][ T2582] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 63.065741][ T2582] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 63.077431][ T2603] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 63.086662][ T2603] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 63.098895][ T6859] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 63.118483][ T2603] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 63.125907][ T2603] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 63.139430][ T6859] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.159089][ T2603] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 63.169636][ T2603] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 63.189976][ T2582] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 63.199153][ T2582] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 63.209949][ T2582] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 63.217728][ T2582] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 63.226622][ T6859] device veth0_vlan entered promiscuous mode [ 63.239391][ T6859] device veth1_vlan entered promiscuous mode [ 63.260299][ T2603] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 63.269163][ T2603] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 63.277883][ T2603] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 63.286319][ T2603] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 63.296841][ T6859] device veth0_macvtap entered promiscuous mode [ 63.310306][ T6859] device veth1_macvtap entered promiscuous mode [ 63.327969][ T6859] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 63.335343][ T2582] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 63.344605][ T2582] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 63.352788][ T2582] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 63.362765][ T2582] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 63.374217][ T6859] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 63.382267][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 63.391829][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 63.404553][ T6859] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.416625][ T6859] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.428064][ T6859] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.436770][ T6859] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.313388][ T7241] ================================================================== [ 66.321928][ T7241] BUG: KASAN: use-after-free in delete_and_unsubscribe_port+0x420/0x4f0 [ 66.330532][ T7241] Read of size 8 at addr ffff8880a29fec60 by task syz-executor.0/7241 [ 66.338873][ T7241] [ 66.341345][ T7241] CPU: 0 PID: 7241 Comm: syz-executor.0 Not tainted 5.8.0-rc7-next-20200731-syzkaller #0 [ 66.351341][ T7241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.361691][ T7241] Call Trace: [ 66.365012][ T7241] dump_stack+0x18f/0x20d [ 66.369497][ T7241] ? delete_and_unsubscribe_port+0x420/0x4f0 [ 66.375693][ T7241] ? delete_and_unsubscribe_port+0x420/0x4f0 [ 66.382015][ T7241] print_address_description.constprop.0.cold+0xae/0x497 [ 66.389447][ T7241] ? lock_release+0x8e0/0x8e0 [ 66.394361][ T7241] ? lockdep_hardirqs_off+0x7e/0xb0 [ 66.399653][ T7241] ? vprintk_func+0x97/0x1a6 [ 66.404594][ T7241] ? delete_and_unsubscribe_port+0x420/0x4f0 [ 66.410886][ T7241] ? delete_and_unsubscribe_port+0x420/0x4f0 [ 66.417113][ T7241] kasan_report.cold+0x1f/0x37 [ 66.421984][ T7241] ? delete_and_unsubscribe_port+0x420/0x4f0 [ 66.428580][ T7241] delete_and_unsubscribe_port+0x420/0x4f0 [ 66.434392][ T7241] snd_seq_port_disconnect+0x4b9/0x5c0 [ 66.439951][ T7241] snd_seq_ioctl_unsubscribe_port+0x1fc/0x400 [ 66.446775][ T7241] ? snd_seq_ioctl_running_mode+0x180/0x180 [ 66.454755][ T7241] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 66.460738][ T7241] ? lockdep_hardirqs_on_prepare+0x354/0x530 [ 66.466979][ T7241] snd_seq_kernel_client_ctl+0xeb/0x130 [ 66.472673][ T7241] snd_seq_oss_midi_close+0x36e/0x4d0 [ 66.478311][ T7241] ? snd_seq_oss_midi_open_all+0xe0/0xe0 [ 66.484142][ T7241] ? tomoyo_execute_permission+0x470/0x470 [ 66.490289][ T7241] snd_seq_oss_synth_reset+0x418/0x860 [ 66.499935][ T7241] ? snd_seq_oss_synth_cleanup+0x460/0x460 [ 66.506847][ T7241] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 66.513150][ T7241] snd_seq_oss_reset+0x6f/0x290 [ 66.518201][ T7241] snd_seq_oss_ioctl+0xb7b/0xd40 [ 66.523852][ T7241] ? snd_seq_oss_midi_info_user+0x140/0x140 [ 66.530211][ T7241] ? __fget_files+0x294/0x400 [ 66.535721][ T7241] odev_ioctl+0x4f/0x90 [ 66.540412][ T7241] ? odev_open+0x90/0x90 [ 66.545380][ T7241] __x64_sys_ioctl+0x193/0x200 [ 66.550535][ T7241] do_syscall_64+0x2d/0x70 [ 66.555194][ T7241] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 66.561841][ T7241] RIP: 0033:0x45cce9 [ 66.566215][ T7241] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 66.587637][ T7241] RSP: 002b:00007f54b9cb3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 66.596488][ T7241] RAX: ffffffffffffffda RBX: 00000000000154c0 RCX: 000000000045cce9 [ 66.605555][ T7241] RDX: 0000000000000000 RSI: 0000000000005100 RDI: 0000000000000003 [ 66.614400][ T7241] RBP: 000000000078bfd8 R08: 0000000000000000 R09: 0000000000000000 [ 66.623252][ T7241] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bfac [ 66.631489][ T7241] R13: 00007fff87e890af R14: 00007f54b9cb49c0 R15: 000000000078bfac [ 66.640176][ T7241] [ 66.642964][ T7241] Allocated by task 7240: [ 66.647625][ T7241] kasan_save_stack+0x1b/0x40 [ 66.652489][ T7241] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 66.658635][ T7241] kmem_cache_alloc_trace+0x16e/0x2c0 [ 66.665544][ T7241] snd_seq_port_connect+0x5d/0x520 [ 66.671389][ T7241] snd_seq_ioctl_subscribe_port+0x1fc/0x400 [ 66.678027][ T7241] snd_seq_kernel_client_ctl+0xeb/0x130 [ 66.684579][ T7241] snd_seq_oss_midi_open+0x466/0x6e0 [ 66.690471][ T7241] snd_seq_oss_synth_setup_midi+0x123/0x520 [ 66.697231][ T7241] snd_seq_oss_open+0x87e/0xa10 [ 66.703531][ T7241] odev_open+0x6c/0x90 [ 66.709557][ T7241] soundcore_open+0x445/0x600 [ 66.714419][ T7241] chrdev_open+0x266/0x770 [ 66.719125][ T7241] do_dentry_open+0x4b9/0x11b0 [ 66.724424][ T7241] path_openat+0x1b9a/0x2730 [ 66.729459][ T7241] do_filp_open+0x17e/0x3c0 [ 66.734196][ T7241] do_sys_openat2+0x16d/0x420 [ 66.739025][ T7241] __x64_sys_openat+0x13f/0x1f0 [ 66.743885][ T7241] do_syscall_64+0x2d/0x70 [ 66.748305][ T7241] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 66.754201][ T7241] [ 66.756912][ T7241] Freed by task 7240: [ 66.761173][ T7241] kasan_save_stack+0x1b/0x40 [ 66.766113][ T7241] kasan_set_track+0x1c/0x30 [ 66.770974][ T7241] kasan_set_free_info+0x1b/0x30 [ 66.776065][ T7241] __kasan_slab_free+0xd8/0x120 [ 66.781285][ T7241] kfree+0x103/0x2c0 [ 66.785613][ T7241] snd_seq_port_disconnect+0x4c1/0x5c0 [ 66.791360][ T7241] snd_seq_ioctl_unsubscribe_port+0x1fc/0x400 [ 66.797960][ T7241] snd_seq_kernel_client_ctl+0xeb/0x130 [ 66.804019][ T7241] snd_seq_oss_midi_close+0x36e/0x4d0 [ 66.809760][ T7241] snd_seq_oss_synth_reset+0x418/0x860 [ 66.815573][ T7241] snd_seq_oss_reset+0x6f/0x290 [ 66.820517][ T7241] snd_seq_oss_ioctl+0xb7b/0xd40 [ 66.825805][ T7241] odev_ioctl+0x4f/0x90 [ 66.830508][ T7241] __x64_sys_ioctl+0x193/0x200 [ 66.835868][ T7241] do_syscall_64+0x2d/0x70 [ 66.840301][ T7241] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 66.847289][ T7241] [ 66.849917][ T7241] The buggy address belongs to the object at ffff8880a29fec00 [ 66.849917][ T7241] which belongs to the cache kmalloc-128 of size 128 [ 66.865010][ T7241] The buggy address is located 96 bytes inside of [ 66.865010][ T7241] 128-byte region [ffff8880a29fec00, ffff8880a29fec80) [ 66.879059][ T7241] The buggy address belongs to the page: [ 66.886024][ T7241] page:00000000b19e21d1 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xa29fe [ 66.896933][ T7241] flags: 0xfffe0000000200(slab) [ 66.902388][ T7241] raw: 00fffe0000000200 ffffea0002a1ee48 ffffea00029ab048 ffff8880aa000400 [ 66.912076][ T7241] raw: 0000000000000000 ffff8880a29fe000 0000000100000010 0000000000000000 [ 66.920797][ T7241] page dumped because: kasan: bad access detected [ 66.927462][ T7241] [ 66.929789][ T7241] Memory state around the buggy address: [ 66.935786][ T7241] ffff8880a29feb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 66.945123][ T7241] ffff8880a29feb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 66.955614][ T7241] >ffff8880a29fec00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.963774][ T7241] ^ [ 66.971406][ T7241] ffff8880a29fec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 66.980232][ T7241] ffff8880a29fed00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.989373][ T7241] ================================================================== [ 66.997931][ T7241] Disabling lock debugging due to kernel taint [ 67.004494][ T7241] Kernel panic - not syncing: panic_on_warn set ... [ 67.011504][ T7241] CPU: 0 PID: 7241 Comm: syz-executor.0 Tainted: G B 5.8.0-rc7-next-20200731-syzkaller #0 [ 67.023808][ T7241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.034889][ T7241] Call Trace: [ 67.038370][ T7241] dump_stack+0x18f/0x20d [ 67.043206][ T7241] ? delete_and_unsubscribe_port+0x340/0x4f0 [ 67.049687][ T7241] panic+0x2e3/0x75c [ 67.054008][ T7241] ? __warn_printk+0xf3/0xf3 [ 67.059755][ T7241] ? _raw_spin_unlock_irqrestore+0x5b/0xe0 [ 67.066504][ T7241] ? delete_and_unsubscribe_port+0x420/0x4f0 [ 67.072665][ T7241] ? delete_and_unsubscribe_port+0x420/0x4f0 [ 67.078652][ T7241] end_report+0x4d/0x53 [ 67.082990][ T7241] kasan_report.cold+0xd/0x37 [ 67.087941][ T7241] ? delete_and_unsubscribe_port+0x420/0x4f0 [ 67.094336][ T7241] delete_and_unsubscribe_port+0x420/0x4f0 [ 67.100157][ T7241] snd_seq_port_disconnect+0x4b9/0x5c0 [ 67.106222][ T7241] snd_seq_ioctl_unsubscribe_port+0x1fc/0x400 [ 67.112388][ T7241] ? snd_seq_ioctl_running_mode+0x180/0x180 [ 67.118371][ T7241] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 67.125041][ T7241] ? lockdep_hardirqs_on_prepare+0x354/0x530 [ 67.131400][ T7241] snd_seq_kernel_client_ctl+0xeb/0x130 [ 67.137361][ T7241] snd_seq_oss_midi_close+0x36e/0x4d0 [ 67.143610][ T7241] ? snd_seq_oss_midi_open_all+0xe0/0xe0 [ 67.149990][ T7241] ? tomoyo_execute_permission+0x470/0x470 [ 67.156641][ T7241] snd_seq_oss_synth_reset+0x418/0x860 [ 67.162376][ T7241] ? snd_seq_oss_synth_cleanup+0x460/0x460 [ 67.168641][ T7241] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 67.174820][ T7241] snd_seq_oss_reset+0x6f/0x290 [ 67.180621][ T7241] snd_seq_oss_ioctl+0xb7b/0xd40 [ 67.186197][ T7241] ? snd_seq_oss_midi_info_user+0x140/0x140 [ 67.192373][ T7241] ? __fget_files+0x294/0x400 [ 67.197567][ T7241] odev_ioctl+0x4f/0x90 [ 67.202493][ T7241] ? odev_open+0x90/0x90 [ 67.207693][ T7241] __x64_sys_ioctl+0x193/0x200 [ 67.213348][ T7241] do_syscall_64+0x2d/0x70 [ 67.218527][ T7241] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.225302][ T7241] RIP: 0033:0x45cce9 [ 67.229671][ T7241] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 67.250507][ T7241] RSP: 002b:00007f54b9cb3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 67.259416][ T7241] RAX: ffffffffffffffda RBX: 00000000000154c0 RCX: 000000000045cce9 [ 67.268147][ T7241] RDX: 0000000000000000 RSI: 0000000000005100 RDI: 0000000000000003 [ 67.276298][ T7241] RBP: 000000000078bfd8 R08: 0000000000000000 R09: 0000000000000000 [ 67.284801][ T7241] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bfac [ 67.293342][ T7241] R13: 00007fff87e890af R14: 00007f54b9cb49c0 R15: 000000000078bfac [ 67.302911][ T7241] Kernel Offset: disabled [ 67.307252][ T7241] Rebooting in 86400 seconds..