[   35.511386] audit: type=1800 audit(1551625668.352:27): pid=7512 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[   35.559291] audit: type=1800 audit(1551625668.352:28): pid=7512 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   36.208183] audit: type=1800 audit(1551625669.102:29): pid=7512 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   36.227797] audit: type=1800 audit(1551625669.112:30): pid=7512 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.53' (ECDSA) to the list of known hosts.
2019/03/03 15:08:01 parsed 1 programs
2019/03/03 15:08:03 executed programs: 0
syzkaller login: [   51.150282] IPVS: ftp: loaded support on port[0] = 21
[   51.183605] IPVS: ftp: loaded support on port[0] = 21
[   51.185292] IPVS: ftp: loaded support on port[0] = 21
[   51.202537] IPVS: ftp: loaded support on port[0] = 21
[   51.206902] IPVS: ftp: loaded support on port[0] = 21
[   51.244636] IPVS: ftp: loaded support on port[0] = 21
[   51.386246] chnl_net:caif_netlink_parms(): no params data found
[   51.454148] bridge0: port 1(bridge_slave_0) entered blocking state
[   51.461062] bridge0: port 1(bridge_slave_0) entered disabled state
[   51.468005] device bridge_slave_0 entered promiscuous mode
[   51.476082] bridge0: port 2(bridge_slave_1) entered blocking state
[   51.482746] bridge0: port 2(bridge_slave_1) entered disabled state
[   51.489902] device bridge_slave_1 entered promiscuous mode
[   51.573334] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   51.585102] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   51.655760] chnl_net:caif_netlink_parms(): no params data found
[   51.663723] chnl_net:caif_netlink_parms(): no params data found
[   51.675397] team0: Port device team_slave_0 added
[   51.683557] team0: Port device team_slave_1 added
[   51.707329] chnl_net:caif_netlink_parms(): no params data found
[   51.745880] chnl_net:caif_netlink_parms(): no params data found
[   51.782949] chnl_net:caif_netlink_parms(): no params data found
[   51.851913] device hsr_slave_0 entered promiscuous mode
[   51.888619] device hsr_slave_1 entered promiscuous mode
[   51.955524] bridge0: port 1(bridge_slave_0) entered blocking state
[   51.963165] bridge0: port 1(bridge_slave_0) entered disabled state
[   51.970623] device bridge_slave_0 entered promiscuous mode
[   51.981017] bridge0: port 2(bridge_slave_1) entered blocking state
[   51.987378] bridge0: port 2(bridge_slave_1) entered disabled state
[   51.995355] device bridge_slave_1 entered promiscuous mode
[   52.041816] bridge0: port 1(bridge_slave_0) entered blocking state
[   52.048210] bridge0: port 1(bridge_slave_0) entered disabled state
[   52.057162] device bridge_slave_0 entered promiscuous mode
[   52.096825] bridge0: port 1(bridge_slave_0) entered blocking state
[   52.103809] bridge0: port 1(bridge_slave_0) entered disabled state
[   52.111220] device bridge_slave_0 entered promiscuous mode
[   52.119890] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   52.127562] bridge0: port 2(bridge_slave_1) entered blocking state
[   52.133981] bridge0: port 2(bridge_slave_1) entered disabled state
[   52.141273] device bridge_slave_1 entered promiscuous mode
[   52.163793] bridge0: port 1(bridge_slave_0) entered blocking state
[   52.171300] bridge0: port 1(bridge_slave_0) entered disabled state
[   52.178968] device bridge_slave_0 entered promiscuous mode
[   52.185425] bridge0: port 2(bridge_slave_1) entered blocking state
[   52.191866] bridge0: port 2(bridge_slave_1) entered disabled state
[   52.199195] device bridge_slave_1 entered promiscuous mode
[   52.206559] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   52.232677] bridge0: port 2(bridge_slave_1) entered blocking state
[   52.240064] bridge0: port 2(bridge_slave_1) entered disabled state
[   52.246976] device bridge_slave_1 entered promiscuous mode
[   52.263072] bridge0: port 1(bridge_slave_0) entered blocking state
[   52.269573] bridge0: port 1(bridge_slave_0) entered disabled state
[   52.276390] device bridge_slave_0 entered promiscuous mode
[   52.284958] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   52.317321] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   52.328279] team0: Port device team_slave_0 added
[   52.333434] bridge0: port 2(bridge_slave_1) entered blocking state
[   52.341517] bridge0: port 2(bridge_slave_1) entered disabled state
[   52.348338] device bridge_slave_1 entered promiscuous mode
[   52.355944] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   52.364999] bridge0: port 2(bridge_slave_1) entered blocking state
[   52.371517] bridge0: port 2(bridge_slave_1) entered forwarding state
[   52.378488] bridge0: port 1(bridge_slave_0) entered blocking state
[   52.384849] bridge0: port 1(bridge_slave_0) entered forwarding state
[   52.394169] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   52.409229] team0: Port device team_slave_1 added
[   52.415653] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   52.428450] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   52.452110] bridge0: port 1(bridge_slave_0) entered disabled state
[   52.460009] bridge0: port 2(bridge_slave_1) entered disabled state
[   52.474630] team0: Port device team_slave_0 added
[   52.485826] team0: Port device team_slave_1 added
[   52.499444] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   52.507882] team0: Port device team_slave_0 added
[   52.514747] team0: Port device team_slave_1 added
[   52.533377] team0: Port device team_slave_0 added
[   52.552095] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   52.610594] device hsr_slave_0 entered promiscuous mode
[   52.649461] device hsr_slave_1 entered promiscuous mode
[   52.704750] team0: Port device team_slave_1 added
[   52.770746] device hsr_slave_0 entered promiscuous mode
[   52.838773] device hsr_slave_1 entered promiscuous mode
[   52.920876] device hsr_slave_0 entered promiscuous mode
[   52.968617] device hsr_slave_1 entered promiscuous mode
[   53.051099] device hsr_slave_0 entered promiscuous mode
[   53.088568] device hsr_slave_1 entered promiscuous mode
[   53.136575] team0: Port device team_slave_0 added
[   53.160399] 8021q: adding VLAN 0 to HW filter on device bond0
[   53.180493] team0: Port device team_slave_1 added
[   53.210523] 8021q: adding VLAN 0 to HW filter on device team0
[   53.230251] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   53.237616] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   53.245207] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   53.252978] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   53.260566] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.266903] bridge0: port 1(bridge_slave_0) entered forwarding state
[   53.274163] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   53.281872] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   53.289514] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.295877] bridge0: port 2(bridge_slave_1) entered forwarding state
[   53.370022] device hsr_slave_0 entered promiscuous mode
[   53.408616] device hsr_slave_1 entered promiscuous mode
[   53.468664] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   53.476692] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   53.521734] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   53.529577] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   53.537048] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   53.547210] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   53.554888] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   53.600020] 8021q: adding VLAN 0 to HW filter on device bond0
[   53.612498] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   53.620297] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   53.627682] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   53.635632] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   53.666464] 8021q: adding VLAN 0 to HW filter on device bond0
[   53.675107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   53.688747] 8021q: adding VLAN 0 to HW filter on device team0
[   53.700406] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   53.707353] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   53.732552] 8021q: adding VLAN 0 to HW filter on device bond0
[   53.740819] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   53.751399] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   53.759332] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.765662] bridge0: port 1(bridge_slave_0) entered forwarding state
[   53.779778] 8021q: adding VLAN 0 to HW filter on device bond0
[   53.797636] 8021q: adding VLAN 0 to HW filter on device team0
[   53.810196] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   53.817339] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   53.825456] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   53.833217] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.839633] bridge0: port 2(bridge_slave_1) entered forwarding state
[   53.846871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   53.854020] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   53.861197] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   53.869100] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   53.876727] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   53.884354] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.890721] bridge0: port 1(bridge_slave_0) entered forwarding state
[   53.898013] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   53.909248] 8021q: adding VLAN 0 to HW filter on device batadv0
[   53.953299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   53.967877] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   53.975491] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   53.984161] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   53.991342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   53.999448] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   54.007061] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   54.014907] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   54.022626] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   54.030766] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   54.038183] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   54.045695] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   54.053510] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   54.061505] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.067848] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.075882] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   54.086514] 8021q: adding VLAN 0 to HW filter on device team0
[   54.094834] 8021q: adding VLAN 0 to HW filter on device team0
[   54.107309] 8021q: adding VLAN 0 to HW filter on device bond0
[   54.163969] 8021q: adding VLAN 0 to HW filter on device team0
[   54.171198] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   54.179303] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   54.186631] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   54.194464] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   54.202318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   54.210486] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   54.218158] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   54.232680] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   54.243131] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   54.256009] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   54.263725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   54.271413] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   54.279064] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   54.286898] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   54.294610] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.300995] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.301541] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   54.317540] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   54.325840] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.332247] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.339381] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   54.347366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   54.355276] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   54.363001] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.369411] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.376297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   54.384240] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   54.391919] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.398317] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.412257] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   54.420543] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   54.429260] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   54.436382] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   54.445479] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   54.469819] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   54.477181] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   54.486920] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   54.496830] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   54.504924] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   54.513465] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   54.521522] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   54.529615] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   54.537405] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   54.545306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   54.554511] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   54.565218] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   54.573254] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   54.581074] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.587460] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.594536] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   54.602056] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   54.609698] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   54.617592] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   54.625289] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.631696] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.645086] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   54.652555] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   54.659804] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   54.675853] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   54.686977] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   54.729431] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   54.737368] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   54.745743] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   54.754211] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   54.762330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   54.770157] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   54.777604] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   54.792275] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   54.800128] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   54.808200] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   54.820277] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   54.833961] 8021q: adding VLAN 0 to HW filter on device batadv0
[   54.862829] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   54.872417] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   54.881140] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   54.888947] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   54.896524] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   54.904415] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   54.940644] 8021q: adding VLAN 0 to HW filter on device batadv0
[   54.971412] 8021q: adding VLAN 0 to HW filter on device batadv0
[   54.985086] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   54.993952] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   55.001927] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   55.009575] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   55.022542] 8021q: adding VLAN 0 to HW filter on device batadv0
[   55.034116] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   55.094919] 8021q: adding VLAN 0 to HW filter on device batadv0
[   55.171455] ==================================================================
[   55.178975] BUG: KASAN: use-after-free in __list_add_valid+0x9a/0xa0
[   55.185474] Read of size 8 at addr ffff88809b370220 by task syz-executor.3/7767
[   55.192912] 
[   55.192930] CPU: 1 PID: 7767 Comm: syz-executor.3 Not tainted 5.0.0-rc8+ #3
[   55.201635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   55.201640] Call Trace:
[   55.201661]  dump_stack+0x172/0x1f0
[   55.201676]  ? __list_add_valid+0x9a/0xa0
[   55.201696]  print_address_description.cold+0x7c/0x20d
[   55.226629]  ? __list_add_valid+0x9a/0xa0
[   55.230794]  ? __list_add_valid+0x9a/0xa0
[   55.234951]  kasan_report.cold+0x1b/0x40
[   55.239015]  ? __list_add_valid+0x9a/0xa0
[   55.243161]  __asan_report_load8_noabort+0x14/0x20
[   55.248084]  __list_add_valid+0x9a/0xa0
[   55.252061]  rdma_listen+0x63b/0x8e0
[   55.255763]  ucma_listen+0x14d/0x1c0
[   55.259464]  ? ucma_notify+0x190/0x190
[   55.263342]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   55.268910]  ? _copy_from_user+0xdd/0x150
[   55.273054]  ucma_write+0x2da/0x3c0
[   55.276665]  ? ucma_notify+0x190/0x190
[   55.280536]  ? ucma_open+0x290/0x290
[   55.284237]  ? __fget+0x340/0x540
[   55.287699]  __vfs_write+0x116/0x8e0
[   55.291407]  ? lock_downgrade+0x810/0x810
[   55.295554]  ? ucma_open+0x290/0x290
[   55.299253]  ? kernel_read+0x120/0x120
[   55.303125]  ? debug_lockdep_rcu_enabled+0x71/0xa0
[   55.308055]  ? common_file_perm+0x1d6/0x6f0
[   55.312379]  ? apparmor_file_permission+0x25/0x30
[   55.317206]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   55.322729]  ? security_file_permission+0x94/0x320
[   55.327646]  ? rw_verify_area+0x118/0x360
[   55.331778]  vfs_write+0x20c/0x580
[   55.335312]  ksys_write+0xea/0x1f0
[   55.338837]  ? __ia32_sys_read+0xb0/0xb0
[   55.342890]  ? do_syscall_64+0x26/0x610
[   55.346850]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   55.352198]  ? do_syscall_64+0x26/0x610
[   55.356161]  __x64_sys_write+0x73/0xb0
[   55.360042]  do_syscall_64+0x103/0x610
[   55.363917]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   55.369091] RIP: 0033:0x457e29
[   55.372269] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   55.391165] RSP: 002b:00007f42cf08ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   55.398862] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e29
[   55.406113] RDX: 0000000000000048 RSI: 0000000020000000 RDI: 0000000000000003
[   55.413383] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[   55.420636] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f42cf08f6d4
[   55.427893] R13: 00000000004cd9b8 R14: 00000000004dcc38 R15: 00000000ffffffff
[   55.435151] 
[   55.436760] Allocated by task 7772:
[   55.440378]  save_stack+0x45/0xd0
[   55.443814]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   55.448726]  kasan_kmalloc+0x9/0x10
[   55.452334]  kmem_cache_alloc_trace+0x151/0x760
[   55.456989]  __rdma_create_id+0x5f/0x4e0
[   55.461043]  ucma_create_id+0x1de/0x640
[   55.465000]  ucma_write+0x2da/0x3c0
[   55.468610]  __vfs_write+0x116/0x8e0
[   55.472306]  vfs_write+0x20c/0x580
[   55.475829]  ksys_write+0xea/0x1f0
[   55.479368]  __x64_sys_write+0x73/0xb0
[   55.483256]  do_syscall_64+0x103/0x610
[   55.487131]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   55.492300] 
[   55.493918] Freed by task 7762:
[   55.497190]  save_stack+0x45/0xd0
[   55.500628]  __kasan_slab_free+0x102/0x150
[   55.504844]  kasan_slab_free+0xe/0x10
[   55.508627]  kfree+0xcf/0x230
[   55.511719]  rdma_destroy_id+0x723/0xab0
[   55.515763]  ucma_close+0x115/0x320
[   55.519376]  __fput+0x2df/0x8d0
[   55.522638]  ____fput+0x16/0x20
[   55.525900]  task_work_run+0x14a/0x1c0
[   55.529778]  exit_to_usermode_loop+0x273/0x2c0
[   55.534348]  do_syscall_64+0x52d/0x610
[   55.538221]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   55.543396] 
[   55.545020] The buggy address belongs to the object at ffff88809b370040
[   55.545020]  which belongs to the cache kmalloc-2k of size 2048
[   55.557669] The buggy address is located 480 bytes inside of
[   55.557669]  2048-byte region [ffff88809b370040, ffff88809b370840)
[   55.569609] The buggy address belongs to the page:
[   55.574530] page:ffffea00026cdc00 count:1 mapcount:0 mapping:ffff88812c3f0c40 index:0x0 compound_mapcount: 0
[   55.584487] flags: 0x1fffc0000010200(slab|head)
[   55.589169] raw: 01fffc0000010200 ffffea000266da88 ffffea00026cdd08 ffff88812c3f0c40
[   55.597043] raw: 0000000000000000 ffff88809b370040 0000000100000003 0000000000000000
[   55.604903] page dumped because: kasan: bad access detected
[   55.610589] 
[   55.612202] Memory state around the buggy address:
[   55.617125]  ffff88809b370100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   55.624483]  ffff88809b370180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   55.631824] >ffff88809b370200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   55.639163]                                ^
[   55.643553]  ffff88809b370280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   55.650897]  ffff88809b370300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   55.658234] ==================================================================
[   55.665575] Disabling lock debugging due to kernel taint
[   55.690657] Kernel panic - not syncing: panic_on_warn set ...
[   55.696579] CPU: 1 PID: 7767 Comm: syz-executor.3 Tainted: G    B             5.0.0-rc8+ #3
[   55.699736] kobject: 'loop1' (00000000a60ee4d9): kobject_uevent_env
[   55.705065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   55.720162] kobject: 'loop1' (00000000a60ee4d9): fill_kobj_path: path = '/devices/virtual/block/loop1'
[   55.720809] Call Trace:
[   55.732834]  dump_stack+0x172/0x1f0
[   55.735096] kobject: 'loop2' (000000005f88fddb): kobject_uevent_env
[   55.736476]  panic+0x2cb/0x65c
[   55.736491]  ? __warn_printk+0xf3/0xf3
[   55.736509]  ? __list_add_valid+0x9a/0xa0
[   55.750459] kobject: 'loop2' (000000005f88fddb): fill_kobj_path: path = '/devices/virtual/block/loop2'
[   55.754081]  ? preempt_schedule+0x4b/0x60
[   55.754098]  ? ___preempt_schedule+0x16/0x18
[   55.754117]  ? trace_hardirqs_on+0x5e/0x230
[   55.776390]  ? __list_add_valid+0x9a/0xa0
[   55.780547]  end_report+0x47/0x4f
[   55.784022]  ? __list_add_valid+0x9a/0xa0
[   55.788192]  kasan_report.cold+0xe/0x40
[   55.792161]  ? __list_add_valid+0x9a/0xa0
[   55.796307]  __asan_report_load8_noabort+0x14/0x20
[   55.801219]  __list_add_valid+0x9a/0xa0
[   55.805183]  rdma_listen+0x63b/0x8e0
[   55.808888]  ucma_listen+0x14d/0x1c0
[   55.812592]  ? ucma_notify+0x190/0x190
[   55.816486]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   55.818713] kobject: 'loop1' (00000000a60ee4d9): kobject_uevent_env
[   55.822036]  ? _copy_from_user+0xdd/0x150
[   55.830204] kobject: 'loop1' (00000000a60ee4d9): fill_kobj_path: path = '/devices/virtual/block/loop1'
[   55.832580]  ucma_write+0x2da/0x3c0
[   55.832594]  ? ucma_notify+0x190/0x190
[   55.832609]  ? ucma_open+0x290/0x290
[   55.853243]  ? __fget+0x340/0x540
[   55.856705]  __vfs_write+0x116/0x8e0
[   55.857215] kobject: 'loop2' (000000005f88fddb): kobject_uevent_env
[   55.860420]  ? lock_downgrade+0x810/0x810
[   55.860436]  ? ucma_open+0x290/0x290
[   55.860450]  ? kernel_read+0x120/0x120
[   55.875552] kobject: 'loop2' (000000005f88fddb): fill_kobj_path: path = '/devices/virtual/block/loop2'
[   55.878558]  ? debug_lockdep_rcu_enabled+0x71/0xa0
[   55.878574]  ? common_file_perm+0x1d6/0x6f0
[   55.878590]  ? apparmor_file_permission+0x25/0x30
[   55.878604]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   55.878623]  ? security_file_permission+0x94/0x320
[   55.912548]  ? rw_verify_area+0x118/0x360
[   55.916692]  vfs_write+0x20c/0x580
[   55.920235]  ksys_write+0xea/0x1f0
[   55.923772]  ? __ia32_sys_read+0xb0/0xb0
[   55.927835]  ? do_syscall_64+0x26/0x610
[   55.931813]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   55.937172]  ? do_syscall_64+0x26/0x610
[   55.941144]  __x64_sys_write+0x73/0xb0
[   55.945039]  do_syscall_64+0x103/0x610
[   55.948962]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   55.954164] RIP: 0033:0x457e29
[   55.957356] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   55.976253] RSP: 002b:00007f42cf08ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   55.983959] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e29
[   55.991226] RDX: 0000000000000048 RSI: 0000000020000000 RDI: 0000000000000003
[   55.998486] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[   56.005746] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f42cf08f6d4
[   56.013010] R13: 00000000004cd9b8 R14: 00000000004dcc38 R15: 00000000ffffffff
[   56.021224] Kernel Offset: disabled
[   56.024847] Rebooting in 86400 seconds..