[ 36.380899] audit: type=1800 audit(1551625638.138:27): pid=7544 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 36.400786] audit: type=1800 audit(1551625638.138:28): pid=7544 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 37.140396] audit: type=1800 audit(1551625638.948:29): pid=7544 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 37.159023] audit: type=1800 audit(1551625638.948:30): pid=7544 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.193' (ECDSA) to the list of known hosts. 2019/03/03 15:07:31 parsed 1 programs 2019/03/03 15:07:33 executed programs: 0 syzkaller login: [ 51.557903] IPVS: ftp: loaded support on port[0] = 21 [ 51.557911] IPVS: ftp: loaded support on port[0] = 21 [ 51.589009] IPVS: ftp: loaded support on port[0] = 21 [ 51.629726] IPVS: ftp: loaded support on port[0] = 21 [ 51.657359] IPVS: ftp: loaded support on port[0] = 21 [ 51.666352] IPVS: ftp: loaded support on port[0] = 21 [ 51.718484] chnl_net:caif_netlink_parms(): no params data found [ 51.798998] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.806212] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.813258] device bridge_slave_0 entered promiscuous mode [ 51.821677] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.828518] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.835333] device bridge_slave_1 entered promiscuous mode [ 51.846385] chnl_net:caif_netlink_parms(): no params data found [ 51.885680] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 51.918714] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 51.942699] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.950444] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.957833] device bridge_slave_0 entered promiscuous mode [ 51.966299] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.972621] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.979479] device bridge_slave_1 entered promiscuous mode [ 51.994192] team0: Port device team_slave_0 added [ 52.000089] team0: Port device team_slave_1 added [ 52.005492] chnl_net:caif_netlink_parms(): no params data found [ 52.023428] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 52.046995] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 52.126457] device hsr_slave_0 entered promiscuous mode [ 52.165358] device hsr_slave_1 entered promiscuous mode [ 52.213979] team0: Port device team_slave_0 added [ 52.221655] team0: Port device team_slave_1 added [ 52.247890] chnl_net:caif_netlink_parms(): no params data found [ 52.285808] chnl_net:caif_netlink_parms(): no params data found [ 52.293109] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.300837] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.307780] device bridge_slave_0 entered promiscuous mode [ 52.314148] chnl_net:caif_netlink_parms(): no params data found [ 52.376629] device hsr_slave_0 entered promiscuous mode [ 52.435039] device hsr_slave_1 entered promiscuous mode [ 52.483366] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.490447] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.499164] device bridge_slave_0 entered promiscuous mode [ 52.505639] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.511975] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.519171] device bridge_slave_1 entered promiscuous mode [ 52.547960] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.554329] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.561281] device bridge_slave_1 entered promiscuous mode [ 52.573246] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.582871] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.589735] device bridge_slave_0 entered promiscuous mode [ 52.596339] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.602708] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.609556] device bridge_slave_1 entered promiscuous mode [ 52.622764] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.629203] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.636013] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.642346] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.654540] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 52.666664] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 52.696069] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.702421] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.709057] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.715491] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.725118] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 52.747155] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 52.759451] team0: Port device team_slave_0 added [ 52.765837] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 52.780099] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 52.796530] team0: Port device team_slave_1 added [ 52.802481] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.822813] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.832017] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.838912] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.848659] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.855034] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.861886] device bridge_slave_0 entered promiscuous mode [ 52.871280] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.878730] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.885854] device bridge_slave_1 entered promiscuous mode [ 52.894895] team0: Port device team_slave_0 added [ 52.900720] team0: Port device team_slave_1 added [ 52.911638] team0: Port device team_slave_0 added [ 52.920590] team0: Port device team_slave_1 added [ 52.927706] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.976417] device hsr_slave_0 entered promiscuous mode [ 53.015035] device hsr_slave_1 entered promiscuous mode [ 53.064471] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.074431] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.126244] device hsr_slave_0 entered promiscuous mode [ 53.164937] device hsr_slave_1 entered promiscuous mode [ 53.256350] device hsr_slave_0 entered promiscuous mode [ 53.295148] device hsr_slave_1 entered promiscuous mode [ 53.363264] 8021q: adding VLAN 0 to HW filter on device team0 [ 53.377994] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 53.387844] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.399168] team0: Port device team_slave_0 added [ 53.428364] team0: Port device team_slave_1 added [ 53.444086] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 53.451913] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 53.459692] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.466081] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.482694] 8021q: adding VLAN 0 to HW filter on device bond0 [ 53.534236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 53.542324] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 53.550654] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.557060] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.565423] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 53.573221] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 53.580486] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.637775] device hsr_slave_0 entered promiscuous mode [ 53.685183] device hsr_slave_1 entered promiscuous mode [ 53.734481] 8021q: adding VLAN 0 to HW filter on device team0 [ 53.752404] 8021q: adding VLAN 0 to HW filter on device bond0 [ 53.764437] 8021q: adding VLAN 0 to HW filter on device bond0 [ 53.772742] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 53.782235] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 53.790414] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 53.798086] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 53.808253] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 53.816049] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 53.823711] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 53.831362] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.837741] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.844599] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 53.852177] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 53.860078] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 53.881681] 8021q: adding VLAN 0 to HW filter on device team0 [ 53.893572] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 53.902009] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 53.912164] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.918578] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.926672] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 53.934317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 53.942125] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 53.948980] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.961455] 8021q: adding VLAN 0 to HW filter on device bond0 [ 53.975427] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 53.987051] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 53.994616] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 54.002583] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 54.010721] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 54.018295] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 54.029039] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 54.050455] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 54.058057] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 54.066008] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 54.073359] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.080641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.088063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.095944] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.103445] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.109840] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.119432] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.134068] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 54.141544] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.150426] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.158169] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.164518] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.172193] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 54.180187] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.188093] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.196050] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.202390] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.210435] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 54.225937] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.244573] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 54.254997] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 54.266339] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.273402] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.280928] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 54.289432] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 54.297229] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.305119] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.312664] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.319052] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.326232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 54.333910] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 54.341704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 54.349311] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 54.357092] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 54.364911] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 54.372406] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 54.380008] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 54.388288] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 54.396161] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 54.404490] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 54.411626] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 54.425547] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.433539] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.444545] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.452440] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.458850] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.467150] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 54.482970] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.491451] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 54.559709] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 54.570729] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.578751] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.586523] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.592854] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.599734] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 54.607863] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 54.615985] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 54.623587] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 54.631170] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 54.638799] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 54.646480] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 54.653889] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 54.661367] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 54.690236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 54.699312] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 54.707445] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 54.715344] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 54.722903] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 54.730496] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 54.737852] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 54.745691] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 54.753013] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 54.760790] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 54.769272] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 54.783007] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.798371] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 54.831940] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 54.867253] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.875404] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.882356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.908134] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.928293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.939324] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.971235] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.977718] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.993856] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.003317] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.010991] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.017378] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.043400] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 55.080429] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.096939] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 55.116275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 55.172463] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.201223] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 55.216742] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 55.226088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 55.280631] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 55.302144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 55.331129] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.350212] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 55.379740] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.400089] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 55.411374] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 55.485709] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.605431] ================================================================== [ 55.613011] BUG: KASAN: use-after-free in __list_add_valid+0x9a/0xa0 [ 55.619541] Read of size 8 at addr ffff88808cdda260 by task syz-executor.1/7848 [ 55.626988] [ 55.628628] CPU: 0 PID: 7848 Comm: syz-executor.1 Not tainted 5.0.0-rc8+ #3 [ 55.635718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.645062] Call Trace: [ 55.647652] dump_stack+0x172/0x1f0 [ 55.651262] ? __list_add_valid+0x9a/0xa0 [ 55.655441] print_address_description.cold+0x7c/0x20d [ 55.660718] ? __list_add_valid+0x9a/0xa0 [ 55.664897] ? __list_add_valid+0x9a/0xa0 [ 55.664917] kasan_report.cold+0x1b/0x40 [ 55.664933] ? __list_add_valid+0x9a/0xa0 [ 55.664951] __asan_report_load8_noabort+0x14/0x20 [ 55.664964] __list_add_valid+0x9a/0xa0 [ 55.686313] rdma_listen+0x63b/0x8e0 [ 55.690043] ucma_listen+0x14d/0x1c0 [ 55.693765] ? ucma_notify+0x190/0x190 [ 55.697690] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 55.703238] ? _copy_from_user+0xdd/0x150 [ 55.707382] ucma_write+0x2da/0x3c0 [ 55.710997] ? ucma_notify+0x190/0x190 [ 55.714881] ? ucma_open+0x290/0x290 [ 55.718596] ? __fget+0x340/0x540 [ 55.722039] __vfs_write+0x116/0x8e0 [ 55.725756] ? lock_downgrade+0x810/0x810 [ 55.729911] ? ucma_open+0x290/0x290 [ 55.733895] ? kernel_read+0x120/0x120 [ 55.737804] ? __fget+0x367/0x540 [ 55.741268] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 55.746820] ? security_file_permission+0x94/0x320 [ 55.751758] ? rw_verify_area+0x118/0x360 [ 55.755921] vfs_write+0x20c/0x580 [ 55.759472] ksys_write+0xea/0x1f0 [ 55.763033] ? __ia32_sys_read+0xb0/0xb0 [ 55.767095] ? do_syscall_64+0x26/0x610 [ 55.771091] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.776448] ? do_syscall_64+0x26/0x610 [ 55.780485] __x64_sys_write+0x73/0xb0 [ 55.784387] do_syscall_64+0x103/0x610 [ 55.788281] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.793473] RIP: 0033:0x457e29 [ 55.796717] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 55.796725] RSP: 002b:00007f38ff14fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 55.796740] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e29 [ 55.796748] RDX: 0000000000000048 RSI: 0000000020000000 RDI: 0000000000000003 [ 55.796756] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 55.796768] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f38ff1506d4 [ 55.852459] R13: 00000000004cd9b8 R14: 00000000004dcc38 R15: 00000000ffffffff [ 55.859719] [ 55.861330] Allocated by task 7842: [ 55.864947] save_stack+0x45/0xd0 [ 55.868384] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 55.873314] kasan_kmalloc+0x9/0x10 [ 55.876942] kmem_cache_alloc_trace+0x151/0x760 [ 55.881620] __rdma_create_id+0x5f/0x4e0 [ 55.885684] ucma_create_id+0x1de/0x640 [ 55.889649] ucma_write+0x2da/0x3c0 [ 55.889665] __vfs_write+0x116/0x8e0 [ 55.896981] vfs_write+0x20c/0x580 [ 55.896996] ksys_write+0xea/0x1f0 [ 55.897008] __x64_sys_write+0x73/0xb0 [ 55.897022] do_syscall_64+0x103/0x610 [ 55.897037] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.897043] [ 55.918660] Freed by task 7838: [ 55.921962] save_stack+0x45/0xd0 [ 55.925419] __kasan_slab_free+0x102/0x150 [ 55.929663] kasan_slab_free+0xe/0x10 [ 55.933462] kfree+0xcf/0x230 [ 55.936554] rdma_destroy_id+0x723/0xab0 [ 55.940608] ucma_close+0x115/0x320 [ 55.944249] __fput+0x2df/0x8d0 [ 55.947546] ____fput+0x16/0x20 [ 55.950824] task_work_run+0x14a/0x1c0 [ 55.954717] exit_to_usermode_loop+0x273/0x2c0 [ 55.959300] do_syscall_64+0x52d/0x610 [ 55.963188] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.968383] [ 55.970019] The buggy address belongs to the object at ffff88808cdda080 [ 55.970019] which belongs to the cache kmalloc-2k of size 2048 [ 55.982683] The buggy address is located 480 bytes inside of [ 55.982683] 2048-byte region [ffff88808cdda080, ffff88808cdda880) [ 55.994669] The buggy address belongs to the page: [ 55.999596] page:ffffea0002337680 count:1 mapcount:0 mapping:ffff88812c3f0c40 index:0x0 compound_mapcount: 0 [ 56.009556] flags: 0x1fffc0000010200(slab|head) [ 56.014236] raw: 01fffc0000010200 ffffea0002340988 ffffea00029ab908 ffff88812c3f0c40 [ 56.022115] raw: 0000000000000000 ffff88808cdda080 0000000100000003 0000000000000000 [ 56.022122] page dumped because: kasan: bad access detected [ 56.022125] [ 56.022133] Memory state around the buggy address: [ 56.022145] ffff88808cdda100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 56.022159] ffff88808cdda180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 56.056986] >ffff88808cdda200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 56.064344] ^ [ 56.070840] ffff88808cdda280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 56.078217] ffff88808cdda300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 56.085553] ================================================================== [ 56.092925] Disabling lock debugging due to kernel taint [ 56.117424] Kernel panic - not syncing: panic_on_warn set ... [ 56.123324] CPU: 0 PID: 7848 Comm: syz-executor.1 Tainted: G B 5.0.0-rc8+ #3 [ 56.131804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.141142] Call Trace: [ 56.143741] dump_stack+0x172/0x1f0 [ 56.147371] panic+0x2cb/0x65c [ 56.150550] ? __warn_printk+0xf3/0xf3 [ 56.154434] ? __list_add_valid+0x9a/0xa0 [ 56.158568] ? preempt_schedule+0x4b/0x60 [ 56.162703] ? ___preempt_schedule+0x16/0x18 [ 56.167095] ? trace_hardirqs_on+0x5e/0x230 [ 56.171401] ? __list_add_valid+0x9a/0xa0 [ 56.175548] end_report+0x47/0x4f [ 56.178991] ? __list_add_valid+0x9a/0xa0 [ 56.183123] kasan_report.cold+0xe/0x40 [ 56.187126] ? __list_add_valid+0x9a/0xa0 [ 56.191263] __asan_report_load8_noabort+0x14/0x20 [ 56.196219] __list_add_valid+0x9a/0xa0 [ 56.200191] rdma_listen+0x63b/0x8e0 [ 56.203903] ucma_listen+0x14d/0x1c0 [ 56.207623] ? ucma_notify+0x190/0x190 [ 56.211517] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 56.217038] ? _copy_from_user+0xdd/0x150 [ 56.221171] ucma_write+0x2da/0x3c0 [ 56.224794] ? ucma_notify+0x190/0x190 [ 56.228666] ? ucma_open+0x290/0x290 [ 56.232361] ? __fget+0x340/0x540 [ 56.235814] __vfs_write+0x116/0x8e0 [ 56.239538] ? lock_downgrade+0x810/0x810 [ 56.243726] ? ucma_open+0x290/0x290 [ 56.247436] ? kernel_read+0x120/0x120 [ 56.251308] ? __fget+0x367/0x540 [ 56.254759] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 56.260307] ? security_file_permission+0x94/0x320 [ 56.265229] ? rw_verify_area+0x118/0x360 [ 56.269362] vfs_write+0x20c/0x580 [ 56.272889] ksys_write+0xea/0x1f0 [ 56.276409] ? __ia32_sys_read+0xb0/0xb0 [ 56.280458] ? do_syscall_64+0x26/0x610 [ 56.284430] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.289775] ? do_syscall_64+0x26/0x610 [ 56.293750] __x64_sys_write+0x73/0xb0 [ 56.297650] do_syscall_64+0x103/0x610 [ 56.301539] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.306723] RIP: 0033:0x457e29 [ 56.309913] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 56.328802] RSP: 002b:00007f38ff14fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 56.336491] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e29 [ 56.343756] RDX: 0000000000000048 RSI: 0000000020000000 RDI: 0000000000000003 [ 56.351037] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 56.358301] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f38ff1506d4 [ 56.365566] R13: 00000000004cd9b8 R14: 00000000004dcc38 R15: 00000000ffffffff [ 56.373795] Kernel Offset: disabled [ 56.377414] Rebooting in 86400 seconds..