Warning: Permanently added '10.128.0.254' (ECDSA) to the list of known hosts. 2020/07/30 04:07:29 parsed 1 programs 2020/07/30 04:07:29 executed programs: 0 syzkaller login: [ 43.169058][ T6821] IPVS: ftp: loaded support on port[0] = 21 [ 43.255935][ T6821] chnl_net:caif_netlink_parms(): no params data found [ 43.302717][ T6821] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.310619][ T6821] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.319299][ T6821] device bridge_slave_0 entered promiscuous mode [ 43.328982][ T6821] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.336049][ T6821] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.344236][ T6821] device bridge_slave_1 entered promiscuous mode [ 43.362156][ T6821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 43.372684][ T6821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 43.393621][ T6821] team0: Port device team_slave_0 added [ 43.401106][ T6821] team0: Port device team_slave_1 added [ 43.417161][ T6821] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 43.424100][ T6821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 43.450020][ T6821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 43.462098][ T6821] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 43.469113][ T6821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 43.495443][ T6821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 43.578914][ T6821] device hsr_slave_0 entered promiscuous mode [ 43.637863][ T6821] device hsr_slave_1 entered promiscuous mode [ 43.755339][ T6821] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 43.789102][ T6821] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 43.838997][ T6821] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 43.888439][ T6821] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 43.959049][ T6821] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.966237][ T6821] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.973800][ T6821] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.980926][ T6821] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.017996][ T6821] 8021q: adding VLAN 0 to HW filter on device bond0 [ 44.033214][ T3855] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.043471][ T3855] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.051562][ T3855] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.059452][ T3855] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 44.071969][ T6821] 8021q: adding VLAN 0 to HW filter on device team0 [ 44.081646][ T2491] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.090745][ T2491] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.097865][ T2491] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.117173][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.125439][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.132534][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.140900][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 44.157762][ T2490] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 44.165518][ T2490] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 44.174850][ T2490] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.183198][ T2490] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.193771][ T6821] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 44.211035][ T2491] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 44.218488][ T2491] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 44.232271][ T6821] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 44.249891][ T2491] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 44.258949][ T2491] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 44.276600][ T2491] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 44.285007][ T2491] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 44.295271][ T6821] device veth0_vlan entered promiscuous mode [ 44.303641][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 44.312272][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 44.323378][ T6821] device veth1_vlan entered promiscuous mode [ 44.344597][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 44.353391][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 44.362089][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 44.371007][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 44.382283][ T6821] device veth0_macvtap entered promiscuous mode [ 44.391922][ T6821] device veth1_macvtap entered promiscuous mode [ 44.407240][ T6821] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 44.414648][ T2490] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 44.423710][ T2490] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 44.432909][ T2490] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 44.441829][ T2490] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 44.454289][ T6821] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 44.462078][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 44.471775][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 45.807180][ T7212] ================================================================== [ 45.815356][ T7212] BUG: KASAN: use-after-free in delete_and_unsubscribe_port+0x8b/0x450 [ 45.823581][ T7212] Read of size 8 at addr ffff88809f60ea60 by task syz-executor.0/7212 [ 45.831757][ T7212] [ 45.834064][ T7212] CPU: 1 PID: 7212 Comm: syz-executor.0 Not tainted 5.8.0-rc7-syzkaller #0 [ 45.842617][ T7212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.852648][ T7212] Call Trace: [ 45.855913][ T7212] dump_stack+0x1f0/0x31e [ 45.860229][ T7212] print_address_description+0x66/0x5a0 [ 45.865757][ T7212] ? vprintk_emit+0x342/0x3c0 [ 45.870422][ T7212] ? printk+0x62/0x83 [ 45.874391][ T7212] ? vprintk_emit+0x339/0x3c0 [ 45.879052][ T7212] kasan_report+0x132/0x1d0 [ 45.883553][ T7212] ? delete_and_unsubscribe_port+0x8b/0x450 [ 45.889428][ T7212] ? do_raw_write_lock+0xf1/0x440 [ 45.894443][ T7212] delete_and_unsubscribe_port+0x8b/0x450 [ 45.900171][ T7212] snd_seq_port_disconnect+0x568/0x610 [ 45.905649][ T7212] snd_seq_ioctl_unsubscribe_port+0x349/0x6c0 [ 45.911718][ T7212] ? _raw_spin_unlock_irqrestore+0x6f/0xd0 [ 45.917528][ T7212] snd_seq_oss_midi_close+0x397/0x620 [ 45.922935][ T7212] snd_seq_oss_synth_reset+0x335/0x8b0 [ 45.928409][ T7212] snd_seq_oss_reset+0x5b/0x250 [ 45.933238][ T7212] snd_seq_oss_ioctl+0x5c2/0x1090 [ 45.938242][ T7212] ? do_vfs_ioctl+0x6bc/0x16d0 [ 45.942994][ T7212] odev_ioctl+0x51/0x70 [ 45.947122][ T7212] ? odev_poll+0x70/0x70 [ 45.951346][ T7212] __se_sys_ioctl+0xf9/0x160 [ 45.955917][ T7212] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 45.961958][ T7212] do_syscall_64+0x73/0xe0 [ 45.966350][ T7212] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 45.972240][ T7212] RIP: 0033:0x45c429 [ 45.976111][ T7212] Code: 8d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 45.995712][ T7212] RSP: 002b:00007f9cfb928c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 46.004095][ T7212] RAX: ffffffffffffffda RBX: 00000000000154c0 RCX: 000000000045c429 [ 46.012054][ T7212] RDX: 0000000000000000 RSI: 0000000000005100 RDI: 0000000000000003 [ 46.020013][ T7212] RBP: 000000000078bfd8 R08: 0000000000000000 R09: 0000000000000000 [ 46.027958][ T7212] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bfac [ 46.035908][ T7212] R13: 00007fff5f38710f R14: 00007f9cfb9299c0 R15: 000000000078bfac [ 46.043860][ T7212] [ 46.046163][ T7212] Allocated by task 7211: [ 46.050471][ T7212] __kasan_kmalloc+0x103/0x140 [ 46.055237][ T7212] kmem_cache_alloc_trace+0x234/0x300 [ 46.060596][ T7212] snd_seq_port_connect+0x66/0x460 [ 46.065704][ T7212] snd_seq_ioctl_subscribe_port+0x349/0x6c0 [ 46.071569][ T7212] snd_seq_oss_midi_open+0x4db/0x830 [ 46.076826][ T7212] snd_seq_oss_synth_setup_midi+0x108/0x510 [ 46.082704][ T7212] snd_seq_oss_open+0x899/0xe90 [ 46.087526][ T7212] odev_open+0x5e/0x90 [ 46.091570][ T7212] chrdev_open+0x498/0x580 [ 46.095966][ T7212] do_dentry_open+0x813/0x1070 [ 46.100712][ T7212] path_openat+0x278d/0x37f0 [ 46.105274][ T7212] do_filp_open+0x191/0x3a0 [ 46.109749][ T7212] do_sys_openat2+0x463/0x770 [ 46.114398][ T7212] __x64_sys_openat+0x1c8/0x1f0 [ 46.119225][ T7212] do_syscall_64+0x73/0xe0 [ 46.123614][ T7212] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 46.129472][ T7212] [ 46.131772][ T7212] Freed by task 7211: [ 46.135726][ T7212] __kasan_slab_free+0x114/0x170 [ 46.140635][ T7212] kfree+0x10a/0x220 [ 46.144504][ T7212] snd_seq_port_disconnect+0x570/0x610 [ 46.149936][ T7212] snd_seq_ioctl_unsubscribe_port+0x349/0x6c0 [ 46.155987][ T7212] snd_seq_oss_midi_close+0x397/0x620 [ 46.161332][ T7212] snd_seq_oss_synth_reset+0x335/0x8b0 [ 46.166762][ T7212] snd_seq_oss_reset+0x5b/0x250 [ 46.171582][ T7212] snd_seq_oss_ioctl+0x5c2/0x1090 [ 46.176576][ T7212] odev_ioctl+0x51/0x70 [ 46.180704][ T7212] __se_sys_ioctl+0xf9/0x160 [ 46.185267][ T7212] do_syscall_64+0x73/0xe0 [ 46.189654][ T7212] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 46.195513][ T7212] [ 46.197816][ T7212] The buggy address belongs to the object at ffff88809f60ea00 [ 46.197816][ T7212] which belongs to the cache kmalloc-128 of size 128 [ 46.211841][ T7212] The buggy address is located 96 bytes inside of [ 46.211841][ T7212] 128-byte region [ffff88809f60ea00, ffff88809f60ea80) [ 46.226109][ T7212] The buggy address belongs to the page: [ 46.231749][ T7212] page:ffffea00027d8380 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 46.240837][ T7212] flags: 0xfffe0000000200(slab) [ 46.245756][ T7212] raw: 00fffe0000000200 ffffea00027dc508 ffff8880aa401550 ffff8880aa400700 [ 46.254419][ T7212] raw: 0000000000000000 ffff88809f60e000 0000000100000010 0000000000000000 [ 46.263087][ T7212] page dumped because: kasan: bad access detected [ 46.269506][ T7212] [ 46.271808][ T7212] Memory state around the buggy address: [ 46.277414][ T7212] ffff88809f60e900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 46.285460][ T7212] ffff88809f60e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.293510][ T7212] >ffff88809f60ea00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 46.301549][ T7212] ^ [ 46.308718][ T7212] ffff88809f60ea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.316758][ T7212] ffff88809f60eb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 46.324790][ T7212] ================================================================== [ 46.332957][ T7212] Disabling lock debugging due to kernel taint [ 46.339081][ T7212] Kernel panic - not syncing: panic_on_warn set ... [ 46.345742][ T7212] CPU: 1 PID: 7212 Comm: syz-executor.0 Tainted: G B 5.8.0-rc7-syzkaller #0 [ 46.355682][ T7212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.365796][ T7212] Call Trace: [ 46.369061][ T7212] dump_stack+0x1f0/0x31e [ 46.373389][ T7212] panic+0x264/0x7a0 [ 46.377271][ T7212] ? trace_hardirqs_off+0x24/0x70 [ 46.382297][ T7212] ? _raw_spin_unlock_irqrestore+0x68/0xd0 [ 46.388075][ T7212] kasan_report+0x1c9/0x1d0 [ 46.392617][ T7212] ? delete_and_unsubscribe_port+0x8b/0x450 [ 46.398481][ T7212] ? do_raw_write_lock+0xf1/0x440 [ 46.403479][ T7212] delete_and_unsubscribe_port+0x8b/0x450 [ 46.409192][ T7212] snd_seq_port_disconnect+0x568/0x610 [ 46.414648][ T7212] snd_seq_ioctl_unsubscribe_port+0x349/0x6c0 [ 46.420695][ T7212] ? _raw_spin_unlock_irqrestore+0x6f/0xd0 [ 46.426480][ T7212] snd_seq_oss_midi_close+0x397/0x620 [ 46.431829][ T7212] snd_seq_oss_synth_reset+0x335/0x8b0 [ 46.437269][ T7212] snd_seq_oss_reset+0x5b/0x250 [ 46.442098][ T7212] snd_seq_oss_ioctl+0x5c2/0x1090 [ 46.447101][ T7212] ? do_vfs_ioctl+0x6bc/0x16d0 [ 46.451913][ T7212] odev_ioctl+0x51/0x70 [ 46.456068][ T7212] ? odev_poll+0x70/0x70 [ 46.460308][ T7212] __se_sys_ioctl+0xf9/0x160 [ 46.464876][ T7212] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 46.470918][ T7212] do_syscall_64+0x73/0xe0 [ 46.475311][ T7212] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 46.481370][ T7212] RIP: 0033:0x45c429 [ 46.485237][ T7212] Code: 8d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 46.504836][ T7212] RSP: 002b:00007f9cfb928c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 46.513234][ T7212] RAX: ffffffffffffffda RBX: 00000000000154c0 RCX: 000000000045c429 [ 46.521204][ T7212] RDX: 0000000000000000 RSI: 0000000000005100 RDI: 0000000000000003 [ 46.529236][ T7212] RBP: 000000000078bfd8 R08: 0000000000000000 R09: 0000000000000000 [ 46.537181][ T7212] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bfac [ 46.545133][ T7212] R13: 00007fff5f38710f R14: 00007f9cfb9299c0 R15: 000000000078bfac [ 46.554257][ T7212] Kernel Offset: disabled [ 46.558588][ T7212] Rebooting in 86400 seconds..