Warning: Permanently added '10.128.0.177' (ECDSA) to the list of known hosts.
2020/08/31 16:10:53 parsed 1 programs
2020/08/31 16:10:53 executed programs: 0
syzkaller login: [ 1048.249749] audit: type=1400 audit(1598890253.728:8): avc:  denied  { execmem } for  pid=6492 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[ 1049.362365] IPVS: ftp: loaded support on port[0] = 21
[ 1049.486355] chnl_net:caif_netlink_parms(): no params data found
[ 1049.653559] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1049.660699] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1049.669039] device bridge_slave_0 entered promiscuous mode
[ 1049.677210] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1049.683663] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1049.691628] device bridge_slave_1 entered promiscuous mode
[ 1049.711045] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 1049.720688] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 1049.739791] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[ 1049.747413] team0: Port device team_slave_0 added
[ 1049.752959] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[ 1049.761058] team0: Port device team_slave_1 added
[ 1049.777843] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1049.785915] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1049.811427] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1049.823037] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1049.829447] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1049.855875] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1049.868028] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[ 1049.876149] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[ 1049.896828] device hsr_slave_0 entered promiscuous mode
[ 1049.902691] device hsr_slave_1 entered promiscuous mode
[ 1049.909495] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[ 1049.916923] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[ 1049.989320] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1049.996524] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1050.003462] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1050.010454] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1050.048723] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[ 1050.058062] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1050.068207] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 1050.078029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1050.088341] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1050.096872] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1050.105503] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 1050.116407] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[ 1050.122598] 8021q: adding VLAN 0 to HW filter on device team0
[ 1050.136142] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1050.143780] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1050.150235] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1050.157925] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1050.167680] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1050.174189] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1050.190403] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1050.199156] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1050.209733] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1050.219826] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1050.231939] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1050.243352] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[ 1050.249479] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1050.257458] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1050.270863] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready
[ 1050.280610] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1050.288479] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1050.299922] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1050.313907] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready
[ 1050.323891] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1050.362293] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready
[ 1050.370948] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready
[ 1050.378636] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready
[ 1050.389063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1050.397207] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1050.404934] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1050.415863] device veth0_vlan entered promiscuous mode
[ 1050.425692] device veth1_vlan entered promiscuous mode
[ 1050.431619] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready
[ 1050.440580] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready
[ 1050.452198] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready
[ 1050.462772] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 1050.470612] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 1050.478614] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1050.489834] device veth0_macvtap entered promiscuous mode
[ 1050.498668] device veth1_macvtap entered promiscuous mode
[ 1050.509012] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready
[ 1050.518787] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready
[ 1050.528628] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready
[ 1050.536386] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1050.543065] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1050.551687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1050.562963] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready
[ 1050.570691] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1050.577893] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1050.586759] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1051.394943] Bluetooth: hci0: command 0x0409 tx timeout
2020/08/31 16:10:58 executed programs: 110
[ 1053.464449] Bluetooth: hci0: command 0x041b tx timeout
[ 1055.544495] Bluetooth: hci0: command 0x040f tx timeout
[ 1057.634069] Bluetooth: hci0: command 0x0419 tx timeout
2020/08/31 16:11:03 executed programs: 325
2020/08/31 16:11:08 executed programs: 553
2020/08/31 16:11:13 executed programs: 769
2020/08/31 16:11:18 executed programs: 988
2020/08/31 16:11:23 executed programs: 1199
[ 1079.726950] ==================================================================
[ 1079.737207] BUG: KASAN: use-after-free in ex_handler_refcount+0x18f/0x1c0
[ 1079.744263] Write of size 4 at addr ffff888092db2b00 by task syz-executor.0/11983
[ 1079.754977] 
[ 1079.757131] CPU: 0 PID: 11983 Comm: syz-executor.0 Not tainted 4.19.142-syzkaller #0
[ 1079.768418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1079.783699] Call Trace:
[ 1079.786771]  dump_stack+0x1fc/0x2fe
[ 1079.790978]  print_address_description.cold+0x54/0x219
[ 1079.797333]  kasan_report_error.cold+0x8a/0x1c7
[ 1079.802890]  ? ex_handler_refcount+0x18f/0x1c0
[ 1079.808931]  __asan_report_store4_noabort+0x88/0x90
[ 1079.815584]  ? ex_handler_refcount+0x18f/0x1c0
[ 1079.821131]  ex_handler_refcount+0x18f/0x1c0
[ 1079.826654]  ? ex_handler_clear_fs+0xb0/0xb0
[ 1079.831581]  fixup_exception+0x8a/0xc3
[ 1079.836801]  do_trap+0x61/0x250
[ 1079.841189]  do_error_trap+0x15d/0x310
[ 1079.846987]  ? math_error+0x310/0x310
[ 1079.851975]  ? csum_partial_copy_generic+0x54b/0x7820
[ 1079.859863]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1079.865374]  invalid_op+0x14/0x20
[ 1079.869611] RIP: 0010:csum_partial_copy_generic+0x54b/0x7820
[ 1079.876876] Code: 0b 48 8d 4d 08 0f 0b 48 8d 4b 04 0f 0b 48 8d 4d 04 0f 0b 49 8d 4c 24 04 0f 0b 49 8d 0c 24 0f 0b 49 8d 0c 24 0f 0b 48 8d 4d 00 <0f> 0b 49 8d 0c 24 0f 0b 48 8d 88 c0 00 00 00 0f 0b 48 8d 8b 80 00
[ 1079.901602] RSP: 0018:ffff88809310fe08 EFLAGS: 00010297
[ 1079.907976] RAX: ffff8880a7eee0c0 RBX: ffff88809d23f7c0 RCX: ffff888092db2b00
[ 1079.915793] RDX: 0000000000000000 RSI: ffffffff81bcf76a RDI: ffff888092db2b00
[ 1079.924733] RBP: ffff888092db2b00 R08: 0000000000000000 R09: 0000000000000000
[ 1079.936570] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88809d23f83c
[ 1079.945950] R13: ffff88809d23f7e8 R14: ffffffff81bcfc80 R15: ffff88821b6a9c20
[ 1079.957061]  ? eventfd_show_fdinfo+0x90/0x90
[ 1079.967091]  ? eventfd_ctx_put+0xa/0x40
[ 1079.975707]  ? eventfd_ctx_put+0xa/0x40
[ 1079.987266]  eventfd_release+0x4f/0x60
[ 1079.994041]  __fput+0x2ce/0x890
[ 1079.998902]  task_work_run+0x148/0x1c0
[ 1080.004555]  exit_to_usermode_loop+0x251/0x2a0
[ 1080.009868]  do_syscall_64+0x538/0x620
[ 1080.015105]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1080.023904] RIP: 0033:0x45d5b9
[ 1080.035102] Code: 5d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1080.062258] RSP: 002b:00007f5f0dd1ac78 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9
[ 1080.072972] RAX: 0000000000000000 RBX: 0000000000002ac0 RCX: 000000000045d5b9
[ 1080.087271] RDX: 0000000000000004 RSI: 0000000000000001 RDI: 0000000000000005
[ 1080.095196] RBP: 000000000118cf88 R08: 0000000000000000 R09: 0000000000000000
[ 1080.104752] R10: 0000000020fe0ff4 R11: 0000000000000246 R12: 000000000118cf4c
[ 1080.114208] R13: 00007ffe116d6b8f R14: 00007f5f0dd1b9c0 R15: 000000000118cf4c
[ 1080.123302] 
[ 1080.125341] Allocated by task 11983:
[ 1080.129934]  kmem_cache_alloc_trace+0x12f/0x380
[ 1080.136182]  do_eventfd+0x61/0x1a0
[ 1080.142820]  __x64_sys_eventfd2+0x50/0x70
[ 1080.150260]  do_syscall_64+0xf9/0x620
[ 1080.157239]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1080.164767] 
[ 1080.167102] Freed by task 11982:
[ 1080.171212]  kfree+0xcc/0x210
[ 1080.174802]  eventfd_ctx_put+0x31/0x40
[ 1080.179057]  eventfd_release+0x4f/0x60
[ 1080.183210]  __fput+0x2ce/0x890
[ 1080.187293]  task_work_run+0x148/0x1c0
[ 1080.192196]  exit_to_usermode_loop+0x251/0x2a0
[ 1080.197840]  do_syscall_64+0x538/0x620
[ 1080.201913]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1080.207613] 
[ 1080.209258] The buggy address belongs to the object at ffff888092db2b00
[ 1080.209258]  which belongs to the cache kmalloc-96 of size 96
[ 1080.223240] The buggy address is located 0 bytes inside of
[ 1080.223240]  96-byte region [ffff888092db2b00, ffff888092db2b60)
[ 1080.237369] The buggy address belongs to the page:
[ 1080.243271] page:ffffea00024b6c80 count:1 mapcount:0 mapping:ffff88812c39c4c0 index:0x0
[ 1080.252385] flags: 0xfffe0000000100(slab)
[ 1080.257345] raw: 00fffe0000000100 ffffea00023992c8 ffffea00024e6f48 ffff88812c39c4c0
[ 1080.266487] raw: 0000000000000000 ffff888092db2000 0000000100000020 0000000000000000
[ 1080.276254] page dumped because: kasan: bad access detected
[ 1080.284853] 
[ 1080.287272] Memory state around the buggy address:
[ 1080.293620]  ffff888092db2a00: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc
[ 1080.303579]  ffff888092db2a80: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 1080.312088] >ffff888092db2b00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 1080.320158]                    ^
[ 1080.324335]  ffff888092db2b80: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 1080.333913]  ffff888092db2c00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 1080.342471] ==================================================================
[ 1080.351443] Disabling lock debugging due to kernel taint
[ 1080.364829] Kernel panic - not syncing: panic_on_warn set ...
[ 1080.364829] 
[ 1080.373974] CPU: 1 PID: 11983 Comm: syz-executor.0 Tainted: G    B             4.19.142-syzkaller #0
[ 1080.384862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1080.395041] Call Trace:
[ 1080.397642]  dump_stack+0x1fc/0x2fe
[ 1080.402385]  panic+0x26a/0x50e
[ 1080.405949]  ? __warn_printk+0xf3/0xf3
[ 1080.410016]  ? preempt_schedule_common+0x45/0xc0
[ 1080.414844]  ? ___preempt_schedule+0x16/0x18
[ 1080.419280]  ? trace_hardirqs_on+0x55/0x210
[ 1080.423598]  kasan_end_report+0x43/0x49
[ 1080.427602]  kasan_report_error.cold+0xa7/0x1c7
[ 1080.432262]  ? ex_handler_refcount+0x18f/0x1c0
[ 1080.436868]  __asan_report_store4_noabort+0x88/0x90
[ 1080.441880]  ? ex_handler_refcount+0x18f/0x1c0
[ 1080.446577]  ex_handler_refcount+0x18f/0x1c0
[ 1080.450983]  ? ex_handler_clear_fs+0xb0/0xb0
[ 1080.455519]  fixup_exception+0x8a/0xc3
[ 1080.459413]  do_trap+0x61/0x250
[ 1080.462697]  do_error_trap+0x15d/0x310
[ 1080.466580]  ? math_error+0x310/0x310
[ 1080.470383]  ? csum_partial_copy_generic+0x54b/0x7820
[ 1080.475584]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1080.480669]  invalid_op+0x14/0x20
[ 1080.484156] RIP: 0010:csum_partial_copy_generic+0x54b/0x7820
[ 1080.490077] Code: 0b 48 8d 4d 08 0f 0b 48 8d 4b 04 0f 0b 48 8d 4d 04 0f 0b 49 8d 4c 24 04 0f 0b 49 8d 0c 24 0f 0b 49 8d 0c 24 0f 0b 48 8d 4d 00 <0f> 0b 49 8d 0c 24 0f 0b 48 8d 88 c0 00 00 00 0f 0b 48 8d 8b 80 00
[ 1080.509239] RSP: 0018:ffff88809310fe08 EFLAGS: 00010297
[ 1080.514603] RAX: ffff8880a7eee0c0 RBX: ffff88809d23f7c0 RCX: ffff888092db2b00
[ 1080.521880] RDX: 0000000000000000 RSI: ffffffff81bcf76a RDI: ffff888092db2b00
[ 1080.529418] RBP: ffff888092db2b00 R08: 0000000000000000 R09: 0000000000000000
[ 1080.536675] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88809d23f83c
[ 1080.543988] R13: ffff88809d23f7e8 R14: ffffffff81bcfc80 R15: ffff88821b6a9c20
[ 1080.551308]  ? eventfd_show_fdinfo+0x90/0x90
[ 1080.555724]  ? eventfd_ctx_put+0xa/0x40
[ 1080.559717]  ? eventfd_ctx_put+0xa/0x40
[ 1080.563696]  eventfd_release+0x4f/0x60
[ 1080.567613]  __fput+0x2ce/0x890
[ 1080.570892]  task_work_run+0x148/0x1c0
[ 1080.575130]  exit_to_usermode_loop+0x251/0x2a0
[ 1080.579844]  do_syscall_64+0x538/0x620
[ 1080.583729]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1080.588925] RIP: 0033:0x45d5b9
[ 1080.592104] Code: 5d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1080.611144] RSP: 002b:00007f5f0dd1ac78 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9
[ 1080.618868] RAX: 0000000000000000 RBX: 0000000000002ac0 RCX: 000000000045d5b9
[ 1080.626159] RDX: 0000000000000004 RSI: 0000000000000001 RDI: 0000000000000005
[ 1080.633585] RBP: 000000000118cf88 R08: 0000000000000000 R09: 0000000000000000
[ 1080.640864] R10: 0000000020fe0ff4 R11: 0000000000000246 R12: 000000000118cf4c
[ 1080.648135] R13: 00007ffe116d6b8f R14: 00007f5f0dd1b9c0 R15: 000000000118cf4c
[ 1080.656582] Kernel Offset: disabled
[ 1080.660238] Rebooting in 86400 seconds..