Warning: Permanently added '10.128.0.144' (ECDSA) to the list of known hosts.
2020/03/04 01:13:30 parsed 1 programs
2020/03/04 01:13:33 executed programs: 0
syzkaller login: [   83.843861][ T9528] IPVS: ftp: loaded support on port[0] = 21
[   83.897028][ T9528] chnl_net:caif_netlink_parms(): no params data found
[   83.933048][ T9528] bridge0: port 1(bridge_slave_0) entered blocking state
[   83.940352][ T9528] bridge0: port 1(bridge_slave_0) entered disabled state
[   83.948147][ T9528] device bridge_slave_0 entered promiscuous mode
[   83.956216][ T9528] bridge0: port 2(bridge_slave_1) entered blocking state
[   83.963716][ T9528] bridge0: port 2(bridge_slave_1) entered disabled state
[   83.971520][ T9528] device bridge_slave_1 entered promiscuous mode
[   83.986799][ T9528] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   83.997333][ T9528] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   84.015521][ T9528] team0: Port device team_slave_0 added
[   84.023007][ T9528] team0: Port device team_slave_1 added
[   84.037215][ T9528] batman_adv: batadv0: Adding interface: batadv_slave_0
[   84.044203][ T9528] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   84.070356][ T9528] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   84.082847][ T9528] batman_adv: batadv0: Adding interface: batadv_slave_1
[   84.089799][ T9528] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   84.115868][ T9528] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   84.183104][ T9528] device hsr_slave_0 entered promiscuous mode
[   84.221536][ T9528] device hsr_slave_1 entered promiscuous mode
[   84.362018][ T9528] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   84.413662][ T9528] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   84.473748][ T9528] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   84.513765][ T9528] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   84.576085][ T9528] bridge0: port 2(bridge_slave_1) entered blocking state
[   84.583284][ T9528] bridge0: port 2(bridge_slave_1) entered forwarding state
[   84.590840][ T9528] bridge0: port 1(bridge_slave_0) entered blocking state
[   84.597947][ T9528] bridge0: port 1(bridge_slave_0) entered forwarding state
[   84.640926][ T9528] 8021q: adding VLAN 0 to HW filter on device bond0
[   84.655770][   T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   84.665986][   T27] bridge0: port 1(bridge_slave_0) entered disabled state
[   84.674355][   T27] bridge0: port 2(bridge_slave_1) entered disabled state
[   84.683544][   T27] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   84.696021][ T9528] 8021q: adding VLAN 0 to HW filter on device team0
[   84.706543][ T2702] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   84.715103][ T2702] bridge0: port 1(bridge_slave_0) entered blocking state
[   84.722171][ T2702] bridge0: port 1(bridge_slave_0) entered forwarding state
[   84.733686][   T27] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   84.742460][   T27] bridge0: port 2(bridge_slave_1) entered blocking state
[   84.749492][   T27] bridge0: port 2(bridge_slave_1) entered forwarding state
[   84.773365][ T2702] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   84.782420][ T2702] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   84.790826][ T2702] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   84.799501][ T2702] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   84.810260][ T2773] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   84.820566][ T9528] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   84.838237][ T2773] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   84.845707][ T2773] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   84.858115][ T9528] 8021q: adding VLAN 0 to HW filter on device batadv0
[   84.876954][ T2702] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   84.896499][ T2773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   84.904818][ T2773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   84.916006][ T2773] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   84.924129][ T2773] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   84.934176][ T9528] device veth0_vlan entered promiscuous mode
[   84.945728][ T9528] device veth1_vlan entered promiscuous mode
[   84.965846][ T2773] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   84.974469][ T2773] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   84.982796][ T2773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   84.991141][ T2773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   85.001841][ T9528] device veth0_macvtap entered promiscuous mode
[   85.011013][ T9528] device veth1_macvtap entered promiscuous mode
[   85.028101][ T9528] batman_adv: batadv0: Interface activated: batadv_slave_0
[   85.035773][ T2702] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   85.044579][ T2702] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   85.053466][ T2702] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   85.062730][ T2702] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   85.074559][ T9528] batman_adv: batadv0: Interface activated: batadv_slave_1
[   85.081905][ T2773] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   85.090278][ T2773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   85.396468][ T9541] ==================================================================
[   85.404664][ T9541] BUG: KASAN: use-after-free in __list_add_valid+0x9a/0xa0
[   85.411844][ T9541] Read of size 8 at addr ffff888092e5c1e0 by task syz-executor.0/9541
[   85.419991][ T9541] 
[   85.422331][ T9541] CPU: 0 PID: 9541 Comm: syz-executor.0 Not tainted 5.6.0-rc3-syzkaller #0
[   85.430959][ T9541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   85.441260][ T9541] Call Trace:
[   85.444543][ T9541]  dump_stack+0x197/0x210
[   85.448863][ T9541]  ? __list_add_valid+0x9a/0xa0
[   85.453715][ T9541]  print_address_description.constprop.0.cold+0xd4/0x30b
[   85.460720][ T9541]  ? __list_add_valid+0x9a/0xa0
[   85.465555][ T9541]  ? __list_add_valid+0x9a/0xa0
[   85.470403][ T9541]  __kasan_report.cold+0x1b/0x32
[   85.475327][ T9541]  ? __list_add_valid+0x9a/0xa0
[   85.480164][ T9541]  kasan_report+0x12/0x20
[   85.484486][ T9541]  __asan_report_load8_noabort+0x14/0x20
[   85.490118][ T9541]  __list_add_valid+0x9a/0xa0
[   85.494791][ T9541]  rdma_listen+0x6b7/0x970
[   85.499190][ T9541]  ? _raw_spin_unlock+0x28/0x40
[   85.504026][ T9541]  ucma_listen+0x14d/0x1c0
[   85.508459][ T9541]  ? ucma_notify+0x190/0x190
[   85.513229][ T9541]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   85.519453][ T9541]  ? _copy_from_user+0x12c/0x1a0
[   85.524486][ T9541]  ucma_write+0x2d7/0x3c0
[   85.528793][ T9541]  ? ucma_notify+0x190/0x190
[   85.533403][ T9541]  ? ucma_open+0x290/0x290
[   85.537805][ T9541]  ? apparmor_file_permission+0x27/0x30
[   85.543339][ T9541]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   85.549584][ T9541]  ? security_file_permission+0x8f/0x380
[   85.555204][ T9541]  __vfs_write+0x8a/0x110
[   85.559516][ T9541]  ? ucma_open+0x290/0x290
[   85.563922][ T9541]  vfs_write+0x268/0x5d0
[   85.568167][ T9541]  ksys_write+0x220/0x290
[   85.572628][ T9541]  ? __ia32_sys_read+0xb0/0xb0
[   85.577436][ T9541]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   85.582885][ T9541]  ? do_fast_syscall_32+0xd1/0xe16
[   85.587990][ T9541]  ? entry_SYSENTER_compat+0x70/0x7f
[   85.593274][ T9541]  ? do_fast_syscall_32+0xd1/0xe16
[   85.598471][ T9541]  __ia32_sys_write+0x71/0xb0
[   85.603128][ T9541]  do_fast_syscall_32+0x27b/0xe16
[   85.608136][ T9541]  entry_SYSENTER_compat+0x70/0x7f
[   85.613321][ T9541] RIP: 0023:0xf7f1ce39
[   85.617368][ T9541] Code: 1d 00 00 00 89 d3 5b 5e 5d c3 8b 04 24 c3 8b 1c 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[   85.636949][ T9541] RSP: 002b:00000000f7f170cc EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[   85.645337][ T9541] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000040
[   85.653287][ T9541] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000
[   85.661251][ T9541] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   85.669199][ T9541] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   85.677173][ T9541] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   85.685163][ T9541] 
[   85.687480][ T9541] Allocated by task 9535:
[   85.691804][ T9541]  save_stack+0x23/0x90
[   85.695988][ T9541]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   85.701598][ T9541]  kasan_kmalloc+0x9/0x10
[   85.705913][ T9541]  kmem_cache_alloc_trace+0x158/0x790
[   85.711265][ T9541]  __rdma_create_id+0x5e/0x870
[   85.716033][ T9541]  ucma_create_id+0x1de/0x620
[   85.720693][ T9541]  ucma_write+0x2d7/0x3c0
[   85.725022][ T9541]  __vfs_write+0x8a/0x110
[   85.729330][ T9541]  vfs_write+0x268/0x5d0
[   85.733552][ T9541]  ksys_write+0x220/0x290
[   85.737874][ T9541]  __ia32_sys_write+0x71/0xb0
[   85.742531][ T9541]  do_fast_syscall_32+0x27b/0xe16
[   85.747535][ T9541]  entry_SYSENTER_compat+0x70/0x7f
[   85.752619][ T9541] 
[   85.754926][ T9541] Freed by task 9535:
[   85.758887][ T9541]  save_stack+0x23/0x90
[   85.763021][ T9541]  __kasan_slab_free+0x102/0x150
[   85.767936][ T9541]  kasan_slab_free+0xe/0x10
[   85.772421][ T9541]  kfree+0x10a/0x2c0
[   85.776304][ T9541]  rdma_destroy_id+0x7c6/0xdd0
[   85.781065][ T9541]  ucma_close+0x115/0x310
[   85.785373][ T9541]  __fput+0x2ff/0x890
[   85.789333][ T9541]  ____fput+0x16/0x20
[   85.793321][ T9541]  task_work_run+0x145/0x1c0
[   85.797890][ T9541]  exit_to_usermode_loop+0x316/0x380
[   85.803167][ T9541]  do_fast_syscall_32+0xbbd/0xe16
[   85.808173][ T9541]  entry_SYSENTER_compat+0x70/0x7f
[   85.813257][ T9541] 
[   85.815565][ T9541] The buggy address belongs to the object at ffff888092e5c000
[   85.815565][ T9541]  which belongs to the cache kmalloc-2k of size 2048
[   85.829600][ T9541] The buggy address is located 480 bytes inside of
[   85.829600][ T9541]  2048-byte region [ffff888092e5c000, ffff888092e5c800)
[   85.843046][ T9541] The buggy address belongs to the page:
[   85.848748][ T9541] page:ffffea00024b9700 refcount:1 mapcount:0 mapping:ffff8880aa400e00 index:0x0
[   85.857832][ T9541] flags: 0xfffe0000000200(slab)
[   85.862675][ T9541] raw: 00fffe0000000200 ffffea0002561248 ffffea00027aa788 ffff8880aa400e00
[   85.871243][ T9541] raw: 0000000000000000 ffff888092e5c000 0000000100000001 0000000000000000
[   85.879807][ T9541] page dumped because: kasan: bad access detected
[   85.886201][ T9541] 
[   85.888518][ T9541] Memory state around the buggy address:
[   85.894156][ T9541]  ffff888092e5c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   85.902234][ T9541]  ffff888092e5c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   85.910277][ T9541] >ffff888092e5c180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   85.918313][ T9541]                                                        ^
[   85.925525][ T9541]  ffff888092e5c200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   85.933655][ T9541]  ffff888092e5c280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   85.941693][ T9541] ==================================================================
[   85.949737][ T9541] Disabling lock debugging due to kernel taint
[   85.960289][ T9541] Kernel panic - not syncing: panic_on_warn set ...
[   85.966881][ T9541] CPU: 0 PID: 9541 Comm: syz-executor.0 Tainted: G    B             5.6.0-rc3-syzkaller #0
[   85.976881][ T9541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   85.986957][ T9541] Call Trace:
[   85.990235][ T9541]  dump_stack+0x197/0x210
[   85.994555][ T9541]  panic+0x2e3/0x75c
[   85.998432][ T9541]  ? add_taint.cold+0x16/0x16
[   86.003094][ T9541]  ? __list_add_valid+0x9a/0xa0
[   86.007925][ T9541]  ? preempt_schedule+0x4b/0x60
[   86.012754][ T9541]  ? ___preempt_schedule+0x16/0x18
[   86.017846][ T9541]  ? trace_hardirqs_on+0x5e/0x240
[   86.022852][ T9541]  ? __list_add_valid+0x9a/0xa0
[   86.027693][ T9541]  end_report+0x47/0x4f
[   86.031823][ T9541]  ? __list_add_valid+0x9a/0xa0
[   86.036655][ T9541]  __kasan_report.cold+0xe/0x32
[   86.041485][ T9541]  ? __list_add_valid+0x9a/0xa0
[   86.046315][ T9541]  kasan_report+0x12/0x20
[   86.050625][ T9541]  __asan_report_load8_noabort+0x14/0x20
[   86.056283][ T9541]  __list_add_valid+0x9a/0xa0
[   86.060950][ T9541]  rdma_listen+0x6b7/0x970
[   86.065461][ T9541]  ? _raw_spin_unlock+0x28/0x40
[   86.070292][ T9541]  ucma_listen+0x14d/0x1c0
[   86.074699][ T9541]  ? ucma_notify+0x190/0x190
[   86.079274][ T9541]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   86.085491][ T9541]  ? _copy_from_user+0x12c/0x1a0
[   86.090409][ T9541]  ucma_write+0x2d7/0x3c0
[   86.094723][ T9541]  ? ucma_notify+0x190/0x190
[   86.099288][ T9541]  ? ucma_open+0x290/0x290
[   86.103686][ T9541]  ? apparmor_file_permission+0x27/0x30
[   86.109241][ T9541]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   86.115466][ T9541]  ? security_file_permission+0x8f/0x380
[   86.121081][ T9541]  __vfs_write+0x8a/0x110
[   86.125387][ T9541]  ? ucma_open+0x290/0x290
[   86.129781][ T9541]  vfs_write+0x268/0x5d0
[   86.134038][ T9541]  ksys_write+0x220/0x290
[   86.138350][ T9541]  ? __ia32_sys_read+0xb0/0xb0
[   86.143106][ T9541]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   86.148541][ T9541]  ? do_fast_syscall_32+0xd1/0xe16
[   86.153632][ T9541]  ? entry_SYSENTER_compat+0x70/0x7f
[   86.158904][ T9541]  ? do_fast_syscall_32+0xd1/0xe16
[   86.164034][ T9541]  __ia32_sys_write+0x71/0xb0
[   86.168688][ T9541]  do_fast_syscall_32+0x27b/0xe16
[   86.173730][ T9541]  entry_SYSENTER_compat+0x70/0x7f
[   86.178820][ T9541] RIP: 0023:0xf7f1ce39
[   86.182869][ T9541] Code: 1d 00 00 00 89 d3 5b 5e 5d c3 8b 04 24 c3 8b 1c 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[   86.202446][ T9541] RSP: 002b:00000000f7f170cc EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[   86.210833][ T9541] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000040
[   86.218791][ T9541] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000
[   86.226766][ T9541] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   86.234722][ T9541] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   86.242678][ T9541] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   86.251391][ T9541] Kernel Offset: disabled
[   86.255769][ T9541] Rebooting in 86400 seconds..