Warning: Permanently added '10.128.15.209' (ECDSA) to the list of known hosts. 2020/07/30 03:29:31 parsed 1 programs 2020/07/30 03:29:31 executed programs: 0 syzkaller login: [ 40.057166][ T6828] IPVS: ftp: loaded support on port[0] = 21 [ 40.135730][ T6828] chnl_net:caif_netlink_parms(): no params data found [ 40.178911][ T6828] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.186766][ T6828] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.194298][ T6828] device bridge_slave_0 entered promiscuous mode [ 40.202963][ T6828] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.210519][ T6828] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.218835][ T6828] device bridge_slave_1 entered promiscuous mode [ 40.235847][ T6828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 40.246643][ T6828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 40.264655][ T6828] team0: Port device team_slave_0 added [ 40.271581][ T6828] team0: Port device team_slave_1 added [ 40.287833][ T6828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 40.294822][ T6828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 40.321301][ T6828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 40.333408][ T6828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 40.340481][ T6828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 40.366836][ T6828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 40.438450][ T6828] device hsr_slave_0 entered promiscuous mode [ 40.486712][ T6828] device hsr_slave_1 entered promiscuous mode [ 40.642560][ T6828] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 40.698629][ T6828] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 40.747918][ T6828] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 40.787514][ T6828] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 40.848281][ T6828] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.855580][ T6828] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.863255][ T6828] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.870395][ T6828] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.904161][ T6828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 40.918707][ T2494] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 40.928914][ T2494] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.937736][ T2494] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.945280][ T2494] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 40.957895][ T6828] 8021q: adding VLAN 0 to HW filter on device team0 [ 40.968344][ T2485] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 40.976656][ T2485] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.983702][ T2485] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.996997][ T2485] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 41.005313][ T2485] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.012400][ T2485] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.027663][ T2521] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 41.036759][ T2521] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 41.048422][ T3798] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 41.062330][ T6828] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 41.073698][ T6828] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 41.085267][ T2521] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 41.094078][ T2521] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 41.102814][ T2521] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 41.117589][ T3798] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 41.124970][ T3798] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 41.137830][ T6828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 41.153157][ T2521] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 41.162151][ T2521] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 41.183214][ T3798] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 41.191740][ T3798] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 41.201931][ T6828] device veth0_vlan entered promiscuous mode [ 41.209420][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 41.218033][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 41.229369][ T6828] device veth1_vlan entered promiscuous mode [ 41.246218][ T2521] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 41.254086][ T2521] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 41.262473][ T2521] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 41.271261][ T2521] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 41.281753][ T6828] device veth0_macvtap entered promiscuous mode [ 41.290715][ T6828] device veth1_macvtap entered promiscuous mode [ 41.305010][ T6828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 41.313053][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 41.321747][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 41.329821][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 41.339022][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 41.350335][ T6828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 41.358095][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 41.366939][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 42.227233][ T7202] ================================================================== [ 42.235615][ T7202] BUG: KASAN: use-after-free in delete_and_unsubscribe_port+0x8b/0x450 [ 42.243838][ T7202] Read of size 8 at addr ffff888098523060 by task syz-executor.0/7202 [ 42.251966][ T7202] [ 42.254271][ T7202] CPU: 1 PID: 7202 Comm: syz-executor.0 Not tainted 5.8.0-rc7-syzkaller #0 [ 42.262889][ T7202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.272917][ T7202] Call Trace: [ 42.276183][ T7202] dump_stack+0x1f0/0x31e [ 42.280485][ T7202] print_address_description+0x66/0x5a0 [ 42.286000][ T7202] ? vprintk_emit+0x342/0x3c0 [ 42.290825][ T7202] ? printk+0x62/0x83 [ 42.294820][ T7202] ? vprintk_emit+0x339/0x3c0 [ 42.299476][ T7202] kasan_report+0x132/0x1d0 [ 42.304061][ T7202] ? delete_and_unsubscribe_port+0x8b/0x450 [ 42.310012][ T7202] ? do_raw_write_lock+0xf1/0x440 [ 42.315008][ T7202] delete_and_unsubscribe_port+0x8b/0x450 [ 42.320702][ T7202] snd_seq_port_disconnect+0x568/0x610 [ 42.326171][ T7202] snd_seq_ioctl_unsubscribe_port+0x349/0x6c0 [ 42.332210][ T7202] ? _raw_spin_unlock_irqrestore+0x6f/0xd0 [ 42.338006][ T7202] snd_seq_oss_midi_close+0x397/0x620 [ 42.343889][ T7202] snd_seq_oss_synth_reset+0x335/0x8b0 [ 42.349337][ T7202] snd_seq_oss_reset+0x5b/0x250 [ 42.354158][ T7202] snd_seq_oss_ioctl+0x5c2/0x1090 [ 42.359177][ T7202] ? do_vfs_ioctl+0x6bc/0x16d0 [ 42.364549][ T7202] odev_ioctl+0x51/0x70 [ 42.368852][ T7202] ? odev_poll+0x70/0x70 [ 42.373061][ T7202] __se_sys_ioctl+0xf9/0x160 [ 42.378072][ T7202] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 42.384110][ T7202] do_syscall_64+0x73/0xe0 [ 42.388512][ T7202] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 42.394407][ T7202] RIP: 0033:0x45c429 [ 42.398276][ T7202] Code: 8d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 42.417852][ T7202] RSP: 002b:00007f6e48930c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 42.426237][ T7202] RAX: ffffffffffffffda RBX: 00000000000154c0 RCX: 000000000045c429 [ 42.434182][ T7202] RDX: 0000000000000000 RSI: 0000000000005100 RDI: 0000000000000003 [ 42.442131][ T7202] RBP: 000000000078bf38 R08: 0000000000000000 R09: 0000000000000000 [ 42.450089][ T7202] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 42.458043][ T7202] R13: 00007ffe51b9d10f R14: 00007f6e489319c0 R15: 000000000078bf0c [ 42.466000][ T7202] [ 42.468300][ T7202] Allocated by task 7202: [ 42.472602][ T7202] __kasan_kmalloc+0x103/0x140 [ 42.477721][ T7202] kmem_cache_alloc_trace+0x234/0x300 [ 42.483062][ T7202] snd_seq_port_connect+0x66/0x460 [ 42.488148][ T7202] snd_seq_ioctl_subscribe_port+0x349/0x6c0 [ 42.494032][ T7202] snd_seq_oss_midi_open+0x4db/0x830 [ 42.499313][ T7202] snd_seq_oss_synth_setup_midi+0x108/0x510 [ 42.505180][ T7202] snd_seq_oss_open+0x899/0xe90 [ 42.510003][ T7202] odev_open+0x5e/0x90 [ 42.514040][ T7202] chrdev_open+0x498/0x580 [ 42.518427][ T7202] do_dentry_open+0x813/0x1070 [ 42.523160][ T7202] path_openat+0x278d/0x37f0 [ 42.527719][ T7202] do_filp_open+0x191/0x3a0 [ 42.532197][ T7202] do_sys_openat2+0x463/0x770 [ 42.536858][ T7202] __x64_sys_openat+0x1c8/0x1f0 [ 42.541689][ T7202] do_syscall_64+0x73/0xe0 [ 42.546073][ T7202] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 42.551956][ T7202] [ 42.554280][ T7202] Freed by task 7203: [ 42.558252][ T7202] __kasan_slab_free+0x114/0x170 [ 42.563156][ T7202] kfree+0x10a/0x220 [ 42.567192][ T7202] snd_seq_port_disconnect+0x570/0x610 [ 42.572621][ T7202] snd_seq_ioctl_unsubscribe_port+0x349/0x6c0 [ 42.578659][ T7202] snd_seq_oss_midi_close+0x397/0x620 [ 42.583999][ T7202] snd_seq_oss_synth_reset+0x335/0x8b0 [ 42.589445][ T7202] snd_seq_oss_reset+0x5b/0x250 [ 42.594262][ T7202] snd_seq_oss_ioctl+0x5c2/0x1090 [ 42.599257][ T7202] odev_ioctl+0x51/0x70 [ 42.603428][ T7202] __se_sys_ioctl+0xf9/0x160 [ 42.607990][ T7202] do_syscall_64+0x73/0xe0 [ 42.612415][ T7202] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 42.618358][ T7202] [ 42.620662][ T7202] The buggy address belongs to the object at ffff888098523000 [ 42.620662][ T7202] which belongs to the cache kmalloc-128 of size 128 [ 42.634697][ T7202] The buggy address is located 96 bytes inside of [ 42.634697][ T7202] 128-byte region [ffff888098523000, ffff888098523080) [ 42.647864][ T7202] The buggy address belongs to the page: [ 42.653469][ T7202] page:ffffea00026148c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 42.662541][ T7202] flags: 0xfffe0000000200(slab) [ 42.667365][ T7202] raw: 00fffe0000000200 ffffea0002613988 ffffea000262c648 ffff8880aa400700 [ 42.675928][ T7202] raw: 0000000000000000 ffff888098523000 0000000100000010 0000000000000000 [ 42.684566][ T7202] page dumped because: kasan: bad access detected [ 42.690946][ T7202] [ 42.693244][ T7202] Memory state around the buggy address: [ 42.698861][ T7202] ffff888098522f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.706894][ T7202] ffff888098522f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.714943][ T7202] >ffff888098523000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.722973][ T7202] ^ [ 42.730139][ T7202] ffff888098523080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.738173][ T7202] ffff888098523100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.746203][ T7202] ================================================================== [ 42.754242][ T7202] Disabling lock debugging due to kernel taint [ 42.760374][ T7202] Kernel panic - not syncing: panic_on_warn set ... [ 42.766930][ T7202] CPU: 1 PID: 7202 Comm: syz-executor.0 Tainted: G B 5.8.0-rc7-syzkaller #0 [ 42.776869][ T7202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.786892][ T7202] Call Trace: [ 42.790168][ T7202] dump_stack+0x1f0/0x31e [ 42.794481][ T7202] panic+0x264/0x7a0 [ 42.798375][ T7202] ? trace_hardirqs_off+0x24/0x70 [ 42.803367][ T7202] ? _raw_spin_unlock_irqrestore+0x68/0xd0 [ 42.809142][ T7202] kasan_report+0x1c9/0x1d0 [ 42.813634][ T7202] ? delete_and_unsubscribe_port+0x8b/0x450 [ 42.819495][ T7202] ? do_raw_write_lock+0xf1/0x440 [ 42.824492][ T7202] delete_and_unsubscribe_port+0x8b/0x450 [ 42.830197][ T7202] snd_seq_port_disconnect+0x568/0x610 [ 42.835646][ T7202] snd_seq_ioctl_unsubscribe_port+0x349/0x6c0 [ 42.841680][ T7202] ? _raw_spin_unlock_irqrestore+0x6f/0xd0 [ 42.847552][ T7202] snd_seq_oss_midi_close+0x397/0x620 [ 42.852893][ T7202] snd_seq_oss_synth_reset+0x335/0x8b0 [ 42.858323][ T7202] snd_seq_oss_reset+0x5b/0x250 [ 42.863141][ T7202] snd_seq_oss_ioctl+0x5c2/0x1090 [ 42.868134][ T7202] ? do_vfs_ioctl+0x6bc/0x16d0 [ 42.872865][ T7202] odev_ioctl+0x51/0x70 [ 42.876990][ T7202] ? odev_poll+0x70/0x70 [ 42.881372][ T7202] __se_sys_ioctl+0xf9/0x160 [ 42.885932][ T7202] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 42.891965][ T7202] do_syscall_64+0x73/0xe0 [ 42.896367][ T7202] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 42.902348][ T7202] RIP: 0033:0x45c429 [ 42.906217][ T7202] Code: 8d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 42.925800][ T7202] RSP: 002b:00007f6e48930c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 42.934178][ T7202] RAX: ffffffffffffffda RBX: 00000000000154c0 RCX: 000000000045c429 [ 42.942147][ T7202] RDX: 0000000000000000 RSI: 0000000000005100 RDI: 0000000000000003 [ 42.950089][ T7202] RBP: 000000000078bf38 R08: 0000000000000000 R09: 0000000000000000 [ 42.958032][ T7202] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 42.965975][ T7202] R13: 00007ffe51b9d10f R14: 00007f6e489319c0 R15: 000000000078bf0c [ 42.975128][ T7202] Kernel Offset: disabled [ 42.979437][ T7202] Rebooting in 86400 seconds..