[ 35.233898] audit: type=1800 audit(1550548552.619:27): pid=7496 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 35.257751] audit: type=1800 audit(1550548552.619:28): pid=7496 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 35.968011] audit: type=1800 audit(1550548553.419:29): pid=7496 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 35.987450] audit: type=1800 audit(1550548553.429:30): pid=7496 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.60' (ECDSA) to the list of known hosts. 2019/02/19 03:57:52 parsed 1 programs 2019/02/19 03:57:54 executed programs: 0 syzkaller login: [ 157.226028] IPVS: ftp: loaded support on port[0] = 21 [ 157.236685] IPVS: ftp: loaded support on port[0] = 21 [ 157.238180] IPVS: ftp: loaded support on port[0] = 21 [ 157.242948] IPVS: ftp: loaded support on port[0] = 21 [ 157.250260] IPVS: ftp: loaded support on port[0] = 21 [ 157.263774] IPVS: ftp: loaded support on port[0] = 21 [ 157.633977] chnl_net:caif_netlink_parms(): no params data found [ 157.671010] chnl_net:caif_netlink_parms(): no params data found [ 157.690717] chnl_net:caif_netlink_parms(): no params data found [ 157.737596] chnl_net:caif_netlink_parms(): no params data found [ 157.771841] chnl_net:caif_netlink_parms(): no params data found [ 157.860801] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.867195] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.875529] device bridge_slave_0 entered promiscuous mode [ 157.900647] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.906994] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.914228] device bridge_slave_0 entered promiscuous mode [ 157.921243] chnl_net:caif_netlink_parms(): no params data found [ 157.939086] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.945452] bridge0: port 2(bridge_slave_1) entered disabled state [ 157.953029] device bridge_slave_1 entered promiscuous mode [ 157.971826] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.978191] bridge0: port 2(bridge_slave_1) entered disabled state [ 157.985230] device bridge_slave_1 entered promiscuous mode [ 157.996064] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.004302] bridge0: port 1(bridge_slave_0) entered disabled state [ 158.014185] device bridge_slave_0 entered promiscuous mode [ 158.047895] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.054402] bridge0: port 1(bridge_slave_0) entered disabled state [ 158.062081] device bridge_slave_0 entered promiscuous mode [ 158.074617] bridge0: port 2(bridge_slave_1) entered blocking state [ 158.081192] bridge0: port 2(bridge_slave_1) entered disabled state [ 158.088235] device bridge_slave_1 entered promiscuous mode [ 158.112895] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.119333] bridge0: port 1(bridge_slave_0) entered disabled state [ 158.126676] device bridge_slave_0 entered promiscuous mode [ 158.133929] bridge0: port 2(bridge_slave_1) entered blocking state [ 158.140373] bridge0: port 2(bridge_slave_1) entered disabled state [ 158.147290] device bridge_slave_1 entered promiscuous mode [ 158.174151] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 158.181901] bridge0: port 2(bridge_slave_1) entered blocking state [ 158.188264] bridge0: port 2(bridge_slave_1) entered disabled state [ 158.196222] device bridge_slave_1 entered promiscuous mode [ 158.204078] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 158.213625] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 158.240635] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 158.250419] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 158.285959] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 158.307746] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 158.318026] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 158.325819] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.332312] bridge0: port 1(bridge_slave_0) entered disabled state [ 158.339759] device bridge_slave_0 entered promiscuous mode [ 158.359869] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 158.375760] team0: Port device team_slave_0 added [ 158.382627] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 158.402906] bridge0: port 2(bridge_slave_1) entered blocking state [ 158.409369] bridge0: port 2(bridge_slave_1) entered disabled state [ 158.416258] device bridge_slave_1 entered promiscuous mode [ 158.423503] team0: Port device team_slave_0 added [ 158.436269] team0: Port device team_slave_1 added [ 158.442169] team0: Port device team_slave_0 added [ 158.448000] team0: Port device team_slave_1 added [ 158.475194] team0: Port device team_slave_1 added [ 158.485465] team0: Port device team_slave_0 added [ 158.498306] team0: Port device team_slave_1 added [ 158.504525] team0: Port device team_slave_0 added [ 158.524111] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 158.540017] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 158.552993] team0: Port device team_slave_1 added [ 158.565387] team0: Port device team_slave_0 added [ 158.640309] device hsr_slave_0 entered promiscuous mode [ 158.688998] device hsr_slave_1 entered promiscuous mode [ 158.771623] device hsr_slave_0 entered promiscuous mode [ 158.838708] device hsr_slave_1 entered promiscuous mode [ 158.890272] team0: Port device team_slave_1 added [ 158.970427] device hsr_slave_0 entered promiscuous mode [ 159.028878] device hsr_slave_1 entered promiscuous mode [ 159.160428] device hsr_slave_0 entered promiscuous mode [ 159.198715] device hsr_slave_1 entered promiscuous mode [ 159.331670] device hsr_slave_0 entered promiscuous mode [ 159.388956] device hsr_slave_1 entered promiscuous mode [ 159.490552] device hsr_slave_0 entered promiscuous mode [ 159.538860] device hsr_slave_1 entered promiscuous mode [ 159.679355] 8021q: adding VLAN 0 to HW filter on device bond0 [ 159.694199] 8021q: adding VLAN 0 to HW filter on device bond0 [ 159.755622] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 159.763408] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 159.771069] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 159.777905] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 159.787478] 8021q: adding VLAN 0 to HW filter on device team0 [ 159.797368] 8021q: adding VLAN 0 to HW filter on device bond0 [ 159.819516] 8021q: adding VLAN 0 to HW filter on device team0 [ 159.839777] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 159.846761] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 159.855290] 8021q: adding VLAN 0 to HW filter on device team0 [ 159.872502] 8021q: adding VLAN 0 to HW filter on device bond0 [ 159.882764] 8021q: adding VLAN 0 to HW filter on device bond0 [ 159.891479] 8021q: adding VLAN 0 to HW filter on device bond0 [ 159.898238] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 159.907045] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 159.914969] bridge0: port 1(bridge_slave_0) entered blocking state [ 159.921412] bridge0: port 1(bridge_slave_0) entered forwarding state [ 159.928360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 159.936918] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 159.944964] bridge0: port 2(bridge_slave_1) entered blocking state [ 159.951352] bridge0: port 2(bridge_slave_1) entered forwarding state [ 159.958412] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 159.987729] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 159.996707] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 160.005949] bridge0: port 1(bridge_slave_0) entered blocking state [ 160.012332] bridge0: port 1(bridge_slave_0) entered forwarding state [ 160.020116] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 160.027838] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 160.035763] bridge0: port 1(bridge_slave_0) entered blocking state [ 160.042167] bridge0: port 1(bridge_slave_0) entered forwarding state [ 160.049163] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 160.056845] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 160.064691] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 160.072893] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 160.082841] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 160.089988] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 160.097300] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 160.104962] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 160.112207] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 160.130436] 8021q: adding VLAN 0 to HW filter on device team0 [ 160.142119] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 160.152947] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 160.160855] bridge0: port 2(bridge_slave_1) entered blocking state [ 160.167204] bridge0: port 2(bridge_slave_1) entered forwarding state [ 160.174324] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 160.181523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 160.188319] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 160.195310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 160.202550] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 160.210452] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 160.217982] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 160.225831] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 160.233424] bridge0: port 2(bridge_slave_1) entered blocking state [ 160.239824] bridge0: port 2(bridge_slave_1) entered forwarding state [ 160.250068] 8021q: adding VLAN 0 to HW filter on device team0 [ 160.276271] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 160.287148] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 160.302343] 8021q: adding VLAN 0 to HW filter on device team0 [ 160.314554] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 160.322619] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 160.330462] bridge0: port 1(bridge_slave_0) entered blocking state [ 160.336837] bridge0: port 1(bridge_slave_0) entered forwarding state [ 160.343873] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 160.351704] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 160.359738] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 160.367372] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 160.375144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 160.382799] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 160.390611] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 160.398049] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 160.405621] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 160.413105] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 160.421156] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 160.428797] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 160.436173] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 160.444173] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 160.451898] bridge0: port 1(bridge_slave_0) entered blocking state [ 160.458267] bridge0: port 1(bridge_slave_0) entered forwarding state [ 160.465244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 160.473054] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 160.480989] bridge0: port 1(bridge_slave_0) entered blocking state [ 160.487335] bridge0: port 1(bridge_slave_0) entered forwarding state [ 160.494284] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 160.502232] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 160.510017] bridge0: port 2(bridge_slave_1) entered blocking state [ 160.516360] bridge0: port 2(bridge_slave_1) entered forwarding state [ 160.523346] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 160.531080] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 160.538192] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 160.545186] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 160.552566] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 160.569264] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 160.577077] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 160.585233] bridge0: port 2(bridge_slave_1) entered blocking state [ 160.591662] bridge0: port 2(bridge_slave_1) entered forwarding state [ 160.599195] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 160.606671] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 160.630034] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 160.637842] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 160.646529] bridge0: port 2(bridge_slave_1) entered blocking state [ 160.652982] bridge0: port 2(bridge_slave_1) entered forwarding state [ 160.660826] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 160.668690] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 160.676397] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 160.684374] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 160.692394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 160.730078] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 160.741964] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 160.752073] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 160.760547] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 160.768214] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 160.775907] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 160.783351] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 160.790934] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 160.798376] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 160.805861] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 160.813551] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 160.821351] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 160.829383] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 160.836896] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 160.844795] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 160.852550] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 160.860260] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 160.867767] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 160.876134] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 160.883836] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 160.891485] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 160.899469] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 160.906605] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 160.913816] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 160.923251] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 160.934617] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 160.945939] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 160.968858] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 160.976365] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 160.984185] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 160.992857] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 161.000882] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 161.009034] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 161.016490] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 161.024520] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 161.054355] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 161.066180] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 161.081432] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 161.090270] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 161.098161] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 161.106480] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 161.114459] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 161.121988] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 161.129685] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 161.137025] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 161.144632] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 161.156245] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 161.165929] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 161.180222] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 161.222822] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 161.253311] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 161.286867] 8021q: adding VLAN 0 to HW filter on device batadv0 2019/02/19 03:57:59 executed programs: 37 2019/02/19 03:58:04 executed programs: 275 2019/02/19 03:58:09 executed programs: 524 2019/02/19 03:58:14 executed programs: 772 2019/02/19 03:58:19 executed programs: 1028 2019/02/19 03:58:24 executed programs: 1278 2019/02/19 03:58:29 executed programs: 1521 2019/02/19 03:58:34 executed programs: 1777 2019/02/19 03:58:39 executed programs: 2042 2019/02/19 03:58:44 executed programs: 2305 2019/02/19 03:58:49 executed programs: 2569 2019/02/19 03:58:54 executed programs: 2827 [ 218.171010] ================================================================== [ 218.178429] BUG: KASAN: use-after-free in __lock_acquire+0x30e0/0x4700 [ 218.185095] Read of size 8 at addr ffff88808bfc1150 by task kworker/u4:5/7685 [ 218.192364] [ 218.193993] CPU: 1 PID: 7685 Comm: kworker/u4:5 Not tainted 5.0.0-rc7 #77 [ 218.201073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 218.210431] Workqueue: ib_addr process_one_req [ 218.215002] Call Trace: [ 218.217595] dump_stack+0x172/0x1f0 [ 218.221222] ? __lock_acquire+0x30e0/0x4700 [ 218.225548] print_address_description.cold+0x7c/0x20d [ 218.225560] ? __lock_acquire+0x30e0/0x4700 [ 218.225571] ? __lock_acquire+0x30e0/0x4700 [ 218.225583] kasan_report.cold+0x1b/0x40 [ 218.225605] ? __lock_acquire+0x30e0/0x4700 [ 218.225622] __asan_report_load8_noabort+0x14/0x20 [ 218.225631] __lock_acquire+0x30e0/0x4700 [ 218.225641] ? __lock_acquire+0x53b/0x4700 [ 218.239604] ? mark_held_locks+0x100/0x100 [ 218.239617] ? mark_held_locks+0x100/0x100 [ 218.239627] ? mark_held_locks+0x100/0x100 [ 218.239640] ? update_curr+0x3c4/0x8a0 [ 218.239651] ? __lock_acquire+0x53b/0x4700 [ 218.239663] ? __lock_is_held+0xb6/0x140 [ 218.265536] ? addr_handler+0xa5/0x300 [ 218.265549] lock_acquire+0x16f/0x3f0 [ 218.265561] ? addr_handler+0xa5/0x300 [ 218.265574] ? addr_handler+0xa5/0x300 [ 218.265596] __mutex_lock+0xf7/0x1310 [ 218.265617] ? addr_handler+0xa5/0x300 [ 218.277917] ? check_noncircular+0x20/0x20 [ 218.277928] ? addr_handler+0xa5/0x300 [ 218.277944] ? mutex_trylock+0x1e0/0x1e0 [ 218.277955] ? __lock_acquire+0x53b/0x4700 [ 218.277968] ? try_to_wake_up+0xc6/0xff0 [ 218.277979] ? find_held_lock+0x35/0x130 [ 218.277993] ? try_to_wake_up+0xc6/0xff0 [ 218.321537] mutex_lock_nested+0x16/0x20 [ 218.321548] ? mutex_lock_nested+0x16/0x20 [ 218.321558] addr_handler+0xa5/0x300 [ 218.321570] ? cma_work_handler+0x1f0/0x1f0 [ 218.321579] ? find_held_lock+0x35/0x130 [ 218.321602] ? __lock_is_held+0xb6/0x140 [ 218.337973] ? check_preemption_disabled+0x48/0x290 [ 218.337988] process_one_req+0x109/0x680 [ 218.338003] process_one_work+0x98e/0x1790 [ 218.338019] ? pwq_dec_nr_in_flight+0x320/0x320 [ 218.338028] ? lock_acquire+0x16f/0x3f0 [ 218.338043] worker_thread+0x98/0xe40 [ 218.367422] ? trace_hardirqs_on+0x67/0x230 [ 218.367443] kthread+0x357/0x430 [ 218.367456] ? process_one_work+0x1790/0x1790 [ 218.367468] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 218.367479] ret_from_fork+0x3a/0x50 [ 218.367487] [ 218.392508] Allocated by task 27464: [ 218.392521] save_stack+0x45/0xd0 [ 218.392532] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 218.392542] kasan_kmalloc+0x9/0x10 [ 218.392552] kmem_cache_alloc_trace+0x151/0x760 [ 218.392561] __rdma_create_id+0x5f/0x4e0 [ 218.392596] ucma_create_id+0x1de/0x640 [ 218.423350] ucma_write+0x2da/0x3c0 [ 218.423361] __vfs_write+0x116/0x8e0 [ 218.423371] vfs_write+0x20c/0x580 [ 218.423384] ksys_write+0xea/0x1f0 [ 218.431650] __x64_sys_write+0x73/0xb0 [ 218.431663] do_syscall_64+0x103/0x610 [ 218.431673] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 218.431679] [ 218.443286] Freed by task 27463: [ 218.443301] save_stack+0x45/0xd0 [ 218.450524] __kasan_slab_free+0x102/0x150 [ 218.450535] kasan_slab_free+0xe/0x10 [ 218.450556] kfree+0xcf/0x230 [ 218.450566] rdma_destroy_id+0x723/0xab0 [ 218.450576] ucma_close+0x115/0x320 [ 218.450601] __fput+0x2df/0x8d0 [ 218.458009] ____fput+0x16/0x20 [ 218.458020] task_work_run+0x14a/0x1c0 [ 218.458030] exit_to_usermode_loop+0x273/0x2c0 [ 218.458053] do_syscall_64+0x52d/0x610 [ 218.458067] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 218.467106] [ 218.467115] The buggy address belongs to the object at ffff88808bfc0dc0 [ 218.467115] which belongs to the cache kmalloc-2k of size 2048 [ 218.467124] The buggy address is located 912 bytes inside of [ 218.467124] 2048-byte region [ffff88808bfc0dc0, ffff88808bfc15c0) [ 218.467127] The buggy address belongs to the page: [ 218.467137] page:ffffea00022ff000 count:1 mapcount:0 mapping:ffff88812c3f0c40 index:0x0 compound_mapcount: 0 [ 218.544566] flags: 0x1fffc0000010200(slab|head) [ 218.544581] raw: 01fffc0000010200 ffffea000281a888 ffffea0002999e08 ffff88812c3f0c40 [ 218.559472] raw: 0000000000000000 ffff88808bfc0540 0000000100000003 0000000000000000 [ 218.559477] page dumped because: kasan: bad access detected [ 218.559479] [ 218.559482] Memory state around the buggy address: [ 218.559491] ffff88808bfc1000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 218.559498] ffff88808bfc1080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 218.559506] >ffff88808bfc1100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 218.559513] ^ [ 218.620111] ffff88808bfc1180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 218.627456] ffff88808bfc1200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 218.634798] ================================================================== [ 218.642139] Disabling lock debugging due to kernel taint [ 218.647582] Kernel panic - not syncing: panic_on_warn set ... [ 218.653481] CPU: 1 PID: 7685 Comm: kworker/u4:5 Tainted: G B 5.0.0-rc7 #77 [ 218.661775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 218.671134] Workqueue: ib_addr process_one_req [ 218.675701] Call Trace: [ 218.678281] dump_stack+0x172/0x1f0 [ 218.681903] panic+0x2cb/0x65c [ 218.685090] ? __warn_printk+0xf3/0xf3 [ 218.688969] ? lock_downgrade+0x810/0x810 [ 218.693108] ? __lock_acquire+0x30e0/0x4700 [ 218.697420] ? trace_hardirqs_off+0x62/0x220 [ 218.701830] ? trace_hardirqs_off+0x59/0x220 [ 218.706226] ? __lock_acquire+0x30e0/0x4700 [ 218.710536] end_report+0x47/0x4f [ 218.713989] ? __lock_acquire+0x30e0/0x4700 [ 218.718301] kasan_report.cold+0xe/0x40 [ 218.722269] ? __lock_acquire+0x30e0/0x4700 [ 218.726611] __asan_report_load8_noabort+0x14/0x20 [ 218.731540] __lock_acquire+0x30e0/0x4700 [ 218.735684] ? __lock_acquire+0x53b/0x4700 [ 218.739918] ? mark_held_locks+0x100/0x100 [ 218.744144] ? mark_held_locks+0x100/0x100 [ 218.748367] ? mark_held_locks+0x100/0x100 [ 218.752622] ? update_curr+0x3c4/0x8a0 [ 218.756510] ? __lock_acquire+0x53b/0x4700 [ 218.760732] ? __lock_is_held+0xb6/0x140 [ 218.764794] ? addr_handler+0xa5/0x300 [ 218.768669] lock_acquire+0x16f/0x3f0 [ 218.772455] ? addr_handler+0xa5/0x300 [ 218.776340] ? addr_handler+0xa5/0x300 [ 218.780219] __mutex_lock+0xf7/0x1310 [ 218.784010] ? addr_handler+0xa5/0x300 [ 218.787886] ? check_noncircular+0x20/0x20 [ 218.792112] ? addr_handler+0xa5/0x300 [ 218.795988] ? mutex_trylock+0x1e0/0x1e0 [ 218.800040] ? __lock_acquire+0x53b/0x4700 [ 218.804263] ? try_to_wake_up+0xc6/0xff0 [ 218.808321] ? find_held_lock+0x35/0x130 [ 218.812368] ? try_to_wake_up+0xc6/0xff0 [ 218.816435] mutex_lock_nested+0x16/0x20 [ 218.820501] ? mutex_lock_nested+0x16/0x20 [ 218.824739] addr_handler+0xa5/0x300 [ 218.828437] ? cma_work_handler+0x1f0/0x1f0 [ 218.832761] ? find_held_lock+0x35/0x130 [ 218.836822] ? __lock_is_held+0xb6/0x140 [ 218.840872] ? check_preemption_disabled+0x48/0x290 [ 218.845909] process_one_req+0x109/0x680 [ 218.849976] process_one_work+0x98e/0x1790 [ 218.854230] ? pwq_dec_nr_in_flight+0x320/0x320 [ 218.858891] ? lock_acquire+0x16f/0x3f0 [ 218.862858] worker_thread+0x98/0xe40 [ 218.866648] ? trace_hardirqs_on+0x67/0x230 [ 218.870965] kthread+0x357/0x430 [ 218.874328] ? process_one_work+0x1790/0x1790 [ 218.878814] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 218.884343] ret_from_fork+0x3a/0x50 [ 218.889026] Kernel Offset: disabled [ 218.892643] Rebooting in 86400 seconds..