Warning: Permanently added '10.128.0.86' (ECDSA) to the list of known hosts. 2021/05/06 01:50:15 parsed 1 programs 2021/05/06 01:50:15 executed programs: 0 [ 1226.303180] IPVS: ftp: loaded support on port[0] = 21 [ 1226.405724] chnl_net:caif_netlink_parms(): no params data found [ 1226.487085] bridge0: port 1(bridge_slave_0) entered blocking state [ 1226.493651] bridge0: port 1(bridge_slave_0) entered disabled state [ 1226.502632] device bridge_slave_0 entered promiscuous mode [ 1226.511584] bridge0: port 2(bridge_slave_1) entered blocking state [ 1226.518464] bridge0: port 2(bridge_slave_1) entered disabled state [ 1226.525428] device bridge_slave_1 entered promiscuous mode [ 1226.542797] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 1226.551724] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 1226.570249] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 1226.577807] team0: Port device team_slave_0 added [ 1226.583269] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 1226.591660] team0: Port device team_slave_1 added [ 1226.606715] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1226.613034] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1226.638559] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1226.649982] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1226.656229] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1226.681513] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1226.692187] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 1226.699806] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 1226.719567] device hsr_slave_0 entered promiscuous mode [ 1226.725554] device hsr_slave_1 entered promiscuous mode [ 1226.731950] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 1226.739291] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 1226.804799] bridge0: port 2(bridge_slave_1) entered blocking state [ 1226.811493] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1226.818539] bridge0: port 1(bridge_slave_0) entered blocking state [ 1226.825079] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1226.859592] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 1226.866045] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1226.875183] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 1226.884604] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1226.894422] bridge0: port 1(bridge_slave_0) entered disabled state [ 1226.901769] bridge0: port 2(bridge_slave_1) entered disabled state [ 1226.909333] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1226.920465] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 1226.926552] 8021q: adding VLAN 0 to HW filter on device team0 [ 1226.935715] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1226.944459] bridge0: port 1(bridge_slave_0) entered blocking state [ 1226.951303] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1226.961994] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1226.970124] bridge0: port 2(bridge_slave_1) entered blocking state [ 1226.976456] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1226.997331] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1227.007431] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1227.018576] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 1227.026567] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1227.035211] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1227.044052] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1227.052473] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1227.060960] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1227.068569] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1227.081557] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 1227.089312] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1227.095965] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1227.107227] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1227.121291] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 1227.130799] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1227.165328] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 1227.172930] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 1227.179890] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 1227.190245] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1227.198786] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1227.205609] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1227.214387] device veth0_vlan entered promiscuous mode [ 1227.222923] device veth1_vlan entered promiscuous mode [ 1227.229230] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 1227.239051] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 1227.249947] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 1227.261030] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1227.268493] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1227.275671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1227.284973] device veth0_macvtap entered promiscuous mode [ 1227.292048] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 1227.300566] device veth1_macvtap entered promiscuous mode [ 1227.309507] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 1227.319689] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 1227.330009] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1227.336743] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1227.346502] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1227.357195] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1227.364187] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1227.475106] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready [ 1227.483553] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1227.500930] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1227.503652] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready [ 1227.515630] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1227.519470] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1227.524389] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1227.538900] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1228.338563] Bluetooth: hci0: command 0x0409 tx timeout 2021/05/06 01:50:20 executed programs: 70 [ 1230.417612] Bluetooth: hci0: command 0x041b tx timeout [ 1232.507451] Bluetooth: hci0: command 0x040f tx timeout [ 1234.577860] Bluetooth: hci0: command 0x0419 tx timeout 2021/05/06 01:50:25 executed programs: 208 [ 1239.067688] ================================================================== [ 1239.075410] BUG: KASAN: use-after-free in tasklet_action_common.constprop.0+0x29e/0x360 [ 1239.083648] Read of size 8 at addr ffff88809b598e50 by task syz-executor.0/9939 [ 1239.091074] [ 1239.092691] CPU: 0 PID: 9939 Comm: syz-executor.0 Not tainted 4.19.189-syzkaller #0 [ 1239.100758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1239.110115] Call Trace: [ 1239.112816] [ 1239.114980] dump_stack+0x1fc/0x2ef [ 1239.118608] print_address_description.cold+0x54/0x219 [ 1239.123886] kasan_report_error.cold+0x8a/0x1b9 [ 1239.128668] ? tasklet_action_common.constprop.0+0x29e/0x360 [ 1239.134453] __asan_report_load8_noabort+0x88/0x90 [ 1239.139374] ? tasklet_action_common.constprop.0+0x29e/0x360 [ 1239.145160] tasklet_action_common.constprop.0+0x29e/0x360 [ 1239.150789] __do_softirq+0x265/0x980 [ 1239.154602] do_softirq_own_stack+0x2a/0x40 [ 1239.159082] [ 1239.161312] do_softirq.part.0+0x160/0x1c0 [ 1239.165604] ? bcm_release+0x555/0x700 [ 1239.169571] __local_bh_enable_ip+0x20e/0x270 [ 1239.174052] bcm_release+0x555/0x700 [ 1239.177757] __sock_release+0xcd/0x2a0 [ 1239.181690] ? __sock_release+0x2a0/0x2a0 [ 1239.185985] sock_close+0x15/0x20 [ 1239.189430] __fput+0x2ce/0x890 [ 1239.192702] task_work_run+0x148/0x1c0 [ 1239.196596] exit_to_usermode_loop+0x251/0x2a0 [ 1239.201170] do_syscall_64+0x538/0x620 [ 1239.205045] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1239.210218] RIP: 0033:0x41940b [ 1239.213427] Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 63 fc ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 fc ff ff 8b 44 [ 1239.232313] RSP: 002b:00007fffd7ae3330 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 1239.240028] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 000000000041940b [ 1239.247293] RDX: 00000000005709e0 RSI: 0000000000000080 RDI: 0000000000000004 [ 1239.254548] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1239.261832] R10: 00007fffd7ae3420 R11: 0000000000000293 R12: 000000000012e856 [ 1239.269100] R13: 00000000000003e8 R14: 000000000056bf60 R15: 000000000012e852 [ 1239.276366] [ 1239.277974] Allocated by task 9941: [ 1239.281585] kmem_cache_alloc_trace+0x12f/0x380 [ 1239.286322] bcm_sendmsg+0x25be/0x4130 [ 1239.290190] sock_sendmsg+0xc3/0x120 [ 1239.293884] ___sys_sendmsg+0x7bb/0x8e0 [ 1239.297837] __x64_sys_sendmsg+0x132/0x220 [ 1239.302050] do_syscall_64+0xf9/0x620 [ 1239.305832] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1239.310995] [ 1239.312603] Freed by task 9939: [ 1239.315863] kfree+0xcc/0x210 [ 1239.318951] bcm_release+0xff/0x700 [ 1239.322559] __sock_release+0xcd/0x2a0 [ 1239.326426] sock_close+0x15/0x20 [ 1239.329877] __fput+0x2ce/0x890 [ 1239.333136] task_work_run+0x148/0x1c0 [ 1239.337009] exit_to_usermode_loop+0x251/0x2a0 [ 1239.341583] do_syscall_64+0x538/0x620 [ 1239.345452] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1239.350616] [ 1239.352226] The buggy address belongs to the object at ffff88809b598d80 [ 1239.352226] which belongs to the cache kmalloc-1024 of size 1024 [ 1239.365056] The buggy address is located 208 bytes inside of [ 1239.365056] 1024-byte region [ffff88809b598d80, ffff88809b599180) [ 1239.376999] The buggy address belongs to the page: [ 1239.381934] page:ffffea00026d6600 count:1 mapcount:0 mapping:ffff88813bff0ac0 index:0xffff88809b598900 compound_mapcount: 0 [ 1239.393360] flags: 0xfff00000008100(slab|head) [ 1239.397936] raw: 00fff00000008100 ffffea0002bf0b88 ffffea0002af3a08 ffff88813bff0ac0 [ 1239.405986] raw: ffff88809b598900 ffff88809b598000 0000000100000002 0000000000000000 [ 1239.413857] page dumped because: kasan: bad access detected [ 1239.419564] [ 1239.421172] Memory state around the buggy address: [ 1239.426081] ffff88809b598d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1239.433423] ffff88809b598d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1239.440771] >ffff88809b598e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1239.448249] ^ [ 1239.454202] ffff88809b598e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1239.461544] ffff88809b598f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1239.468880] ================================================================== [ 1239.476216] Disabling lock debugging due to kernel taint [ 1239.481743] Kernel panic - not syncing: panic_on_warn set ... [ 1239.481743] [ 1239.489119] CPU: 0 PID: 9939 Comm: syz-executor.0 Tainted: G B 4.19.189-syzkaller #0 [ 1239.498319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1239.507669] Call Trace: [ 1239.510242] [ 1239.512376] dump_stack+0x1fc/0x2ef [ 1239.515988] panic+0x26a/0x50e [ 1239.519162] ? __warn_printk+0xf3/0xf3 [ 1239.523046] ? trace_hardirqs_on+0x55/0x210 [ 1239.527354] kasan_end_report+0x43/0x49 [ 1239.531637] kasan_report_error.cold+0xa7/0x1b9 [ 1239.536295] ? tasklet_action_common.constprop.0+0x29e/0x360 [ 1239.542085] __asan_report_load8_noabort+0x88/0x90 [ 1239.547014] ? tasklet_action_common.constprop.0+0x29e/0x360 [ 1239.552801] tasklet_action_common.constprop.0+0x29e/0x360 [ 1239.558588] __do_softirq+0x265/0x980 [ 1239.562381] do_softirq_own_stack+0x2a/0x40 [ 1239.566678] [ 1239.568898] do_softirq.part.0+0x160/0x1c0 [ 1239.573129] ? bcm_release+0x555/0x700 [ 1239.577082] __local_bh_enable_ip+0x20e/0x270 [ 1239.581615] bcm_release+0x555/0x700 [ 1239.585318] __sock_release+0xcd/0x2a0 [ 1239.589191] ? __sock_release+0x2a0/0x2a0 [ 1239.593418] sock_close+0x15/0x20 [ 1239.596856] __fput+0x2ce/0x890 [ 1239.600120] task_work_run+0x148/0x1c0 [ 1239.604017] exit_to_usermode_loop+0x251/0x2a0 [ 1239.608669] do_syscall_64+0x538/0x620 [ 1239.612554] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1239.617725] RIP: 0033:0x41940b [ 1239.620904] Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 63 fc ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 fc ff ff 8b 44 [ 1239.639907] RSP: 002b:00007fffd7ae3330 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 1239.647616] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 000000000041940b [ 1239.654865] RDX: 00000000005709e0 RSI: 0000000000000080 RDI: 0000000000000004 [ 1239.662114] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1239.669377] R10: 00007fffd7ae3420 R11: 0000000000000293 R12: 000000000012e856 [ 1239.676647] R13: 00000000000003e8 R14: 000000000056bf60 R15: 000000000012e852 [ 1239.684638] Kernel Offset: disabled [ 1239.688276] Rebooting in 86400 seconds..