Warning: Permanently added '10.128.10.14' (ECDSA) to the list of known hosts. 2020/07/30 21:34:58 parsed 1 programs 2020/07/30 21:34:58 executed programs: 0 [ 1108.911377] audit: type=1400 audit(1596144898.526:8): avc: denied { execmem } for pid=6389 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 1109.162993] IPVS: ftp: loaded support on port[0] = 21 [ 1109.972994] chnl_net:caif_netlink_parms(): no params data found [ 1110.127874] bridge0: port 1(bridge_slave_0) entered blocking state [ 1110.134850] bridge0: port 1(bridge_slave_0) entered disabled state [ 1110.143463] device bridge_slave_0 entered promiscuous mode [ 1110.151604] bridge0: port 2(bridge_slave_1) entered blocking state [ 1110.158143] bridge0: port 2(bridge_slave_1) entered disabled state [ 1110.165533] device bridge_slave_1 entered promiscuous mode [ 1110.184891] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 1110.193996] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 1110.214178] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 1110.221930] team0: Port device team_slave_0 added [ 1110.227631] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 1110.235097] team0: Port device team_slave_1 added [ 1110.253006] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1110.259300] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1110.284748] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1110.296755] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1110.303165] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1110.328679] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1110.340048] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 1110.348570] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 1110.403564] device hsr_slave_0 entered promiscuous mode [ 1110.450925] device hsr_slave_1 entered promiscuous mode [ 1110.491536] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 1110.499957] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 1110.577335] bridge0: port 2(bridge_slave_1) entered blocking state [ 1110.583999] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1110.591294] bridge0: port 1(bridge_slave_0) entered blocking state [ 1110.597769] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1110.633445] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 1110.639596] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1110.648945] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 1110.658896] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1110.678669] bridge0: port 1(bridge_slave_0) entered disabled state [ 1110.686268] bridge0: port 2(bridge_slave_1) entered disabled state [ 1110.697556] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 1110.704233] 8021q: adding VLAN 0 to HW filter on device team0 [ 1110.713745] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1110.722182] bridge0: port 1(bridge_slave_0) entered blocking state [ 1110.728546] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1110.741739] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1110.749403] bridge0: port 2(bridge_slave_1) entered blocking state [ 1110.755829] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1110.769497] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1110.777954] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1110.788761] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1110.800134] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1110.812346] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1110.823991] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 1110.831878] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1110.839119] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1110.853275] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 1110.863430] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1110.870165] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1110.882110] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1110.939991] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 1110.951589] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1110.959014] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1110.988274] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 1110.996309] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 1111.004667] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 1111.014233] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready [ 1111.021470] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1111.029217] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1111.036958] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1111.044333] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1111.053576] device veth0_vlan entered promiscuous mode [ 1111.064173] device veth1_vlan entered promiscuous mode [ 1111.070228] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 1111.079986] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 1111.092619] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 1111.104151] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 1111.111745] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1111.118983] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1111.126529] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1111.134441] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1111.145714] device veth0_macvtap entered promiscuous mode [ 1111.152249] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 1111.161778] device veth1_macvtap entered promiscuous mode [ 1111.168005] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 1111.176942] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 1111.186815] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 1111.196551] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 1111.204547] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1111.211471] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1111.218666] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1111.226174] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1111.234216] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1111.245204] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 1111.252480] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1111.259388] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1111.267265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1113.671263] QAT: Invalid ioctl 2020/07/30 21:35:03 executed programs: 14 [ 1114.431920] Bluetooth: hci0 command 0x0409 tx timeout [ 1116.510193] Bluetooth: hci0 command 0x041b tx timeout [ 1118.600059] Bluetooth: hci0 command 0x040f tx timeout 2020/07/30 21:35:08 executed programs: 176 [ 1120.679725] Bluetooth: hci0 command 0x0419 tx timeout 2020/07/30 21:35:13 executed programs: 333 [ 1126.617456] ================================================================== [ 1126.625471] BUG: KASAN: use-after-free in __list_add_valid+0x93/0xa0 [ 1126.632139] Read of size 8 at addr ffff8880a8763898 by task syz-executor.0/9907 [ 1126.639917] [ 1126.641530] CPU: 0 PID: 9907 Comm: syz-executor.0 Not tainted 4.14.190-syzkaller #0 [ 1126.649438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1126.658840] Call Trace: [ 1126.661490] dump_stack+0x1b2/0x283 [ 1126.665195] print_address_description.cold+0x54/0x1d3 [ 1126.670473] kasan_report_error.cold+0x8a/0x194 [ 1126.675183] ? __list_add_valid+0x93/0xa0 [ 1126.679337] __asan_report_load8_noabort+0x68/0x70 [ 1126.684345] ? __list_add_valid+0x93/0xa0 [ 1126.688526] __list_add_valid+0x93/0xa0 [ 1126.692596] rdma_listen+0x656/0x9b0 [ 1126.696391] ucma_listen+0x10b/0x170 [ 1126.700096] ? ucma_bind_ip+0x150/0x150 [ 1126.704061] ? _copy_from_user+0x96/0x100 [ 1126.708212] ? ucma_bind_ip+0x150/0x150 [ 1126.712173] ucma_write+0x206/0x2c0 [ 1126.715816] ? ucma_set_ib_path+0x510/0x510 [ 1126.720199] __vfs_write+0xe4/0x630 [ 1126.723831] ? ucma_set_ib_path+0x510/0x510 [ 1126.728161] ? kernel_read+0x110/0x110 [ 1126.732126] ? avc_policy_seqno+0x5/0x10 [ 1126.736208] ? selinux_file_permission+0x7e/0x530 [ 1126.741109] ? security_file_permission+0x82/0x1e0 [ 1126.746050] ? rw_verify_area+0xe1/0x2a0 [ 1126.750105] vfs_write+0x17f/0x4d0 [ 1126.753652] SyS_write+0xf2/0x210 [ 1126.757089] ? SyS_read+0x210/0x210 [ 1126.760822] ? SyS_clock_settime+0x1a0/0x1a0 [ 1126.765264] ? do_syscall_64+0x4c/0x640 [ 1126.769287] ? SyS_read+0x210/0x210 [ 1126.772953] do_syscall_64+0x1d5/0x640 [ 1126.776886] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1126.782062] RIP: 0033:0x45cc79 [ 1126.785233] RSP: 002b:00007f086f738c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1126.792923] RAX: ffffffffffffffda RBX: 00000000000375c0 RCX: 000000000045cc79 [ 1126.800445] RDX: 0000000000000010 RSI: 0000000020000080 RDI: 0000000000000006 [ 1126.807799] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 1126.815058] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 1126.822329] R13: 00007fff757208cf R14: 00007f086f7399c0 R15: 000000000078bf0c [ 1126.829604] [ 1126.831221] Allocated by task 9904: [ 1126.834836] kasan_kmalloc+0xeb/0x160 [ 1126.838617] kmem_cache_alloc_trace+0x131/0x3d0 [ 1126.843288] rdma_create_id+0x57/0x4c0 [ 1126.847179] ucma_create_id+0x18b/0x500 [ 1126.851153] ucma_write+0x206/0x2c0 [ 1126.854780] __vfs_write+0xe4/0x630 [ 1126.858394] vfs_write+0x17f/0x4d0 [ 1126.861940] SyS_write+0xf2/0x210 [ 1126.865417] do_syscall_64+0x1d5/0x640 [ 1126.869292] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1126.874463] [ 1126.876091] Freed by task 9898: [ 1126.879383] kasan_slab_free+0xc3/0x1a0 [ 1126.883337] kfree+0xc9/0x250 [ 1126.886424] ucma_close+0x11a/0x340 [ 1126.890049] __fput+0x25f/0x7a0 [ 1126.893513] task_work_run+0x11f/0x190 [ 1126.897407] exit_to_usermode_loop+0x1ad/0x200 [ 1126.902148] do_syscall_64+0x4a3/0x640 [ 1126.906021] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1126.911189] [ 1126.912910] The buggy address belongs to the object at ffff8880a87636c0 [ 1126.912910] which belongs to the cache kmalloc-1024 of size 1024 [ 1126.925732] The buggy address is located 472 bytes inside of [ 1126.925732] 1024-byte region [ffff8880a87636c0, ffff8880a8763ac0) [ 1126.938812] The buggy address belongs to the page: [ 1126.943737] page:ffffea0002a1d880 count:1 mapcount:0 mapping:ffff8880a8762040 index:0xffff8880a8762dc0 compound_mapcount: 0 [ 1126.955496] flags: 0xfffe0000008100(slab|head) [ 1126.960102] raw: 00fffe0000008100 ffff8880a8762040 ffff8880a8762dc0 0000000100000003 [ 1126.967983] raw: ffffea00028496a0 ffffea0002a121a0 ffff88812fe52ac0 0000000000000000 [ 1126.975888] page dumped because: kasan: bad access detected [ 1126.981578] [ 1126.983203] Memory state around the buggy address: [ 1126.988137] ffff8880a8763780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1126.995506] ffff8880a8763800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1127.002907] >ffff8880a8763880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1127.011225] ^ [ 1127.015376] ffff8880a8763900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1127.022718] ffff8880a8763980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1127.030085] ================================================================== [ 1127.037492] Disabling lock debugging due to kernel taint [ 1127.047087] Kernel panic - not syncing: panic_on_warn set ... [ 1127.047087] [ 1127.054749] CPU: 1 PID: 9907 Comm: syz-executor.0 Tainted: G B 4.14.190-syzkaller #0 [ 1127.063845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1127.073203] Call Trace: [ 1127.075789] dump_stack+0x1b2/0x283 [ 1127.079456] panic+0x1f9/0x42d [ 1127.082856] ? add_taint.cold+0x16/0x16 [ 1127.086874] ? ___preempt_schedule+0x16/0x18 [ 1127.091379] kasan_end_report+0x43/0x49 [ 1127.095356] kasan_report_error.cold+0xa7/0x194 [ 1127.100109] ? __list_add_valid+0x93/0xa0 [ 1127.104261] __asan_report_load8_noabort+0x68/0x70 [ 1127.109172] ? __list_add_valid+0x93/0xa0 [ 1127.113387] __list_add_valid+0x93/0xa0 [ 1127.117365] rdma_listen+0x656/0x9b0 [ 1127.121060] ucma_listen+0x10b/0x170 [ 1127.124748] ? ucma_bind_ip+0x150/0x150 [ 1127.128715] ? _copy_from_user+0x96/0x100 [ 1127.132865] ? ucma_bind_ip+0x150/0x150 [ 1127.136843] ucma_write+0x206/0x2c0 [ 1127.140458] ? ucma_set_ib_path+0x510/0x510 [ 1127.145180] __vfs_write+0xe4/0x630 [ 1127.148787] ? ucma_set_ib_path+0x510/0x510 [ 1127.153108] ? kernel_read+0x110/0x110 [ 1127.157069] ? avc_policy_seqno+0x5/0x10 [ 1127.161125] ? selinux_file_permission+0x7e/0x530 [ 1127.165951] ? security_file_permission+0x82/0x1e0 [ 1127.170860] ? rw_verify_area+0xe1/0x2a0 [ 1127.174901] vfs_write+0x17f/0x4d0 [ 1127.178419] SyS_write+0xf2/0x210 [ 1127.181854] ? SyS_read+0x210/0x210 [ 1127.185460] ? SyS_clock_settime+0x1a0/0x1a0 [ 1127.189858] ? do_syscall_64+0x4c/0x640 [ 1127.193827] ? SyS_read+0x210/0x210 [ 1127.197463] do_syscall_64+0x1d5/0x640 [ 1127.201500] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1127.206690] RIP: 0033:0x45cc79 [ 1127.210344] RSP: 002b:00007f086f738c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1127.218048] RAX: ffffffffffffffda RBX: 00000000000375c0 RCX: 000000000045cc79 [ 1127.225389] RDX: 0000000000000010 RSI: 0000000020000080 RDI: 0000000000000006 [ 1127.232674] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 1127.240068] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 1127.247314] R13: 00007fff757208cf R14: 00007f086f7399c0 R15: 000000000078bf0c [ 1127.256735] Kernel Offset: disabled [ 1127.260606] Rebooting in 86400 seconds..