Warning: Permanently added '10.128.0.40' (ECDSA) to the list of known hosts.
[   76.248200] random: sshd: uninitialized urandom read (32 bytes read)
2018/09/07 00:17:51 parsed 1 programs
[   77.429580] random: cc1: uninitialized urandom read (8 bytes read)
2018/09/07 00:17:52 executed programs: 0
[   78.611423] IPVS: ftp: loaded support on port[0] = 21
[   78.828707] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.835160] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.842591] device bridge_slave_0 entered promiscuous mode
[   78.859483] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.865864] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.873049] device bridge_slave_1 entered promiscuous mode
[   78.889785] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   78.906342] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   78.950333] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   78.969264] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   79.037990] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   79.045379] team0: Port device team_slave_0 added
[   79.061090] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   79.068251] team0: Port device team_slave_1 added
[   79.085114] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   79.103555] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   79.123347] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   79.142112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   79.274365] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.280826] bridge0: port 2(bridge_slave_1) entered forwarding state
[   79.287679] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.294031] bridge0: port 1(bridge_slave_0) entered forwarding state
[   79.763936] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   79.770268] 8021q: adding VLAN 0 to HW filter on device bond0
[   79.777310] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   79.818536] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   79.864343] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   79.870497] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   79.877813] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   79.923090] 8021q: adding VLAN 0 to HW filter on device team0
[   80.230828] hrtimer: interrupt took 45311 ns
2018/09/07 00:17:57 executed programs: 94
2018/09/07 00:18:02 executed programs: 229
[   92.564306] ==================================================================
[   92.571855] BUG: KASAN: use-after-free in ucma_put_ctx+0x1d/0x60
[   92.578005] Write of size 4 at addr ffff8801d6e99ed8 by task syz-executor0/7751
[   92.585440] 
[   92.587073] CPU: 0 PID: 7751 Comm: syz-executor0 Not tainted 4.19.0-rc2+ #2
[   92.594163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   92.603514] Call Trace:
[   92.606140]  dump_stack+0x1c9/0x2b4
[   92.609774]  ? dump_stack_print_info.cold.2+0x52/0x52
[   92.614967]  ? printk+0xa7/0xcf
[   92.618252]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   92.623023]  ? ucma_put_ctx+0x1d/0x60
[   92.626837]  print_address_description+0x6c/0x20b
[   92.631688]  ? ucma_put_ctx+0x1d/0x60
[   92.635492]  kasan_report.cold.7+0x242/0x30d
[   92.639957]  check_memory_region+0x13e/0x1b0
[   92.644370]  kasan_check_write+0x14/0x20
[   92.648438]  ucma_put_ctx+0x1d/0x60
[   92.652072]  ucma_resolve_ip+0x24d/0x2a0
[   92.656138]  ? ucma_query+0xb20/0xb20
[   92.659955]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   92.665495]  ? _copy_from_user+0xdf/0x150
[   92.669658]  ? ucma_query+0xb20/0xb20
[   92.673466]  ucma_write+0x336/0x420
[   92.677102]  ? ucma_close_id+0x60/0x60
[   92.680999]  ? lockdep_hardirqs_on+0x421/0x5c0
[   92.685593]  __vfs_write+0x117/0x9d0
[   92.689312]  ? __fget_light+0x2f7/0x440
[   92.693290]  ? ucma_close_id+0x60/0x60
[   92.697181]  ? kernel_read+0x120/0x120
[   92.701074]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   92.705838]  ? retint_kernel+0x10/0x10
[   92.709737]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   92.715281]  ? security_file_permission+0x1c2/0x230
[   92.720301]  ? rw_verify_area+0x118/0x360
[   92.724468]  vfs_write+0x1fc/0x560
[   92.728014]  ksys_write+0x101/0x260
[   92.731652]  ? __ia32_sys_read+0xb0/0xb0
[   92.735720]  ? trace_hardirqs_off_caller+0x2b0/0x2b0
[   92.740831]  __x64_sys_write+0x73/0xb0
[   92.744725]  do_syscall_64+0x1b9/0x820
[   92.748618]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   92.753988]  ? syscall_return_slowpath+0x5e0/0x5e0
[   92.758917]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   92.763762]  ? trace_hardirqs_on_caller+0x2c0/0x2c0
[   92.768800]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   92.773826]  ? prepare_exit_to_usermode+0x291/0x3b0
[   92.778853]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   92.783705]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   92.788895] RIP: 0033:0x457099
[   92.792091] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   92.811019] RSP: 002b:00007fdc23c4fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   92.818730] RAX: ffffffffffffffda RBX: 00007fdc23c506d4 RCX: 0000000000457099
[   92.826006] RDX: 0000000000000048 RSI: 0000000020000240 RDI: 0000000000000005
[   92.833294] RBP: 0000000000930140 R08: 0000000000000000 R09: 0000000000000000
[   92.840564] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[   92.847830] R13: 00000000004d8100 R14: 00000000004c1c28 R15: 0000000000000001
[   92.855110] 
[   92.856732] Allocated by task 7751:
[   92.860360]  save_stack+0x43/0xd0
[   92.863812]  kasan_kmalloc+0xc4/0xe0
[   92.867541]  kmem_cache_alloc_trace+0x152/0x730
[   92.872216]  ucma_alloc_ctx+0xd5/0x670
[   92.876099]  ucma_create_id+0x276/0x9d0
[   92.880073]  ucma_write+0x336/0x420
[   92.883700]  __vfs_write+0x117/0x9d0
[   92.887412]  vfs_write+0x1fc/0x560
[   92.890950]  ksys_write+0x101/0x260
[   92.894578]  __x64_sys_write+0x73/0xb0
[   92.898465]  do_syscall_64+0x1b9/0x820
[   92.902353]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   92.907548] 
[   92.909171] Freed by task 7747:
[   92.912448]  save_stack+0x43/0xd0
[   92.915899]  __kasan_slab_free+0x11a/0x170
[   92.920135]  kasan_slab_free+0xe/0x10
[   92.923933]  kfree+0xd9/0x210
[   92.927037]  ucma_free_ctx+0x9e2/0xe20
[   92.930920]  ucma_close+0x10d/0x300
[   92.934555]  __fput+0x38a/0xa40
[   92.937838]  ____fput+0x15/0x20
[   92.941119]  task_work_run+0x1e8/0x2a0
[   92.945010]  exit_to_usermode_loop+0x318/0x380
[   92.949596]  do_syscall_64+0x6be/0x820
[   92.953482]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   92.958663] 
[   92.960292] The buggy address belongs to the object at ffff8801d6e99e80
[   92.960292]  which belongs to the cache kmalloc-256 of size 256
[   92.972950] The buggy address is located 88 bytes inside of
[   92.972950]  256-byte region [ffff8801d6e99e80, ffff8801d6e99f80)
[   92.984731] The buggy address belongs to the page:
[   92.989662] page:ffffea00075ba640 count:1 mapcount:0 mapping:ffff8801dac007c0 index:0x0
[   92.997806] flags: 0x2fffc0000000100(slab)
[   93.002049] raw: 02fffc0000000100 ffffea0007272788 ffffea0006f48708 ffff8801dac007c0
[   93.009935] raw: 0000000000000000 ffff8801d6e990c0 000000010000000c 0000000000000000
[   93.017809] page dumped because: kasan: bad access detected
[   93.023541] 
[   93.025181] Memory state around the buggy address:
[   93.030130]  ffff8801d6e99d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   93.037483]  ffff8801d6e99e00: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[   93.044842] >ffff8801d6e99e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   93.052195]                                                     ^
[   93.058493]  ffff8801d6e99f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   93.065867]  ffff8801d6e99f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   93.073219] ==================================================================
[   93.080585] Disabling lock debugging due to kernel taint
[   93.087015] Kernel panic - not syncing: panic_on_warn set ...
[   93.087015] 
[   93.094401] CPU: 0 PID: 7751 Comm: syz-executor0 Tainted: G    B             4.19.0-rc2+ #2
[   93.102884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   93.112218] Call Trace:
[   93.114808]  dump_stack+0x1c9/0x2b4
[   93.118453]  ? dump_stack_print_info.cold.2+0x52/0x52
[   93.123650]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   93.128391]  panic+0x238/0x4e7
[   93.131582]  ? add_taint.cold.5+0x16/0x16
[   93.135715]  ? trace_hardirqs_on+0x9a/0x2c0
[   93.140081]  ? trace_hardirqs_on+0xb4/0x2c0
[   93.144401]  ? trace_hardirqs_on+0xb4/0x2c0
[   93.148704]  ? trace_hardirqs_on+0x9a/0x2c0
[   93.153015]  ? ucma_put_ctx+0x1d/0x60
[   93.156830]  kasan_end_report+0x47/0x4f
[   93.160797]  kasan_report.cold.7+0x76/0x30d
[   93.165116]  check_memory_region+0x13e/0x1b0
[   93.169507]  kasan_check_write+0x14/0x20
[   93.173569]  ucma_put_ctx+0x1d/0x60
[   93.177196]  ucma_resolve_ip+0x24d/0x2a0
[   93.181240]  ? ucma_query+0xb20/0xb20
[   93.185220]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   93.190743]  ? _copy_from_user+0xdf/0x150
[   93.194879]  ? ucma_query+0xb20/0xb20
[   93.198663]  ucma_write+0x336/0x420
[   93.202286]  ? ucma_close_id+0x60/0x60
[   93.206171]  ? lockdep_hardirqs_on+0x421/0x5c0
[   93.210741]  __vfs_write+0x117/0x9d0
[   93.214439]  ? __fget_light+0x2f7/0x440
[   93.218407]  ? ucma_close_id+0x60/0x60
[   93.222278]  ? kernel_read+0x120/0x120
[   93.226150]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   93.230896]  ? retint_kernel+0x10/0x10
[   93.234788]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   93.240329]  ? security_file_permission+0x1c2/0x230
[   93.245341]  ? rw_verify_area+0x118/0x360
[   93.249475]  vfs_write+0x1fc/0x560
[   93.253003]  ksys_write+0x101/0x260
[   93.256615]  ? __ia32_sys_read+0xb0/0xb0
[   93.260755]  ? trace_hardirqs_off_caller+0x2b0/0x2b0
[   93.265848]  __x64_sys_write+0x73/0xb0
[   93.269721]  do_syscall_64+0x1b9/0x820
[   93.273592]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   93.278940]  ? syscall_return_slowpath+0x5e0/0x5e0
[   93.283855]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   93.288703]  ? trace_hardirqs_on_caller+0x2c0/0x2c0
[   93.293718]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   93.298727]  ? prepare_exit_to_usermode+0x291/0x3b0
[   93.303752]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   93.308583]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   93.313752] RIP: 0033:0x457099
[   93.316928] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   93.335829] RSP: 002b:00007fdc23c4fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   93.343531] RAX: ffffffffffffffda RBX: 00007fdc23c506d4 RCX: 0000000000457099
[   93.350793] RDX: 0000000000000048 RSI: 0000000020000240 RDI: 0000000000000005
[   93.358056] RBP: 0000000000930140 R08: 0000000000000000 R09: 0000000000000000
[   93.365308] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[   93.372560] R13: 00000000004d8100 R14: 00000000004c1c28 R15: 0000000000000001
[   93.380125] Dumping ftrace buffer:
[   93.383654]    (ftrace buffer empty)
[   93.387341] Kernel Offset: disabled
[   93.390949] Rebooting in 86400 seconds..