[   35.580091] audit: type=1800 audit(1551626797.476:27): pid=7458 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[   35.600198] audit: type=1800 audit(1551626797.476:28): pid=7458 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   36.603791] audit: type=1800 audit(1551626798.556:29): pid=7458 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   36.623468] audit: type=1800 audit(1551626798.556:30): pid=7458 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.35' (ECDSA) to the list of known hosts.
2019/03/03 15:26:48 parsed 1 programs
2019/03/03 15:26:52 executed programs: 0
syzkaller login: [   50.327324] IPVS: ftp: loaded support on port[0] = 21
[   50.331707] IPVS: ftp: loaded support on port[0] = 21
[   50.361491] IPVS: ftp: loaded support on port[0] = 21
[   50.378064] IPVS: ftp: loaded support on port[0] = 21
[   50.399067] IPVS: ftp: loaded support on port[0] = 21
[   50.413495] IPVS: ftp: loaded support on port[0] = 21
[   50.686416] chnl_net:caif_netlink_parms(): no params data found
[   50.716444] chnl_net:caif_netlink_parms(): no params data found
[   50.724278] chnl_net:caif_netlink_parms(): no params data found
[   50.743709] chnl_net:caif_netlink_parms(): no params data found
[   50.834624] chnl_net:caif_netlink_parms(): no params data found
[   50.854437] bridge0: port 1(bridge_slave_0) entered blocking state
[   50.861100] bridge0: port 1(bridge_slave_0) entered disabled state
[   50.868256] device bridge_slave_0 entered promiscuous mode
[   50.878686] bridge0: port 2(bridge_slave_1) entered blocking state
[   50.885619] bridge0: port 2(bridge_slave_1) entered disabled state
[   50.893009] device bridge_slave_1 entered promiscuous mode
[   50.921528] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   50.950841] bridge0: port 1(bridge_slave_0) entered blocking state
[   50.959082] bridge0: port 1(bridge_slave_0) entered disabled state
[   50.966116] device bridge_slave_0 entered promiscuous mode
[   50.978623] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   50.991475] bridge0: port 1(bridge_slave_0) entered blocking state
[   50.999086] bridge0: port 1(bridge_slave_0) entered disabled state
[   51.006137] device bridge_slave_0 entered promiscuous mode
[   51.027001] bridge0: port 2(bridge_slave_1) entered blocking state
[   51.034710] bridge0: port 2(bridge_slave_1) entered disabled state
[   51.041541] device bridge_slave_1 entered promiscuous mode
[   51.065623] team0: Port device team_slave_0 added
[   51.070873] bridge0: port 2(bridge_slave_1) entered blocking state
[   51.077367] bridge0: port 2(bridge_slave_1) entered disabled state
[   51.084729] device bridge_slave_1 entered promiscuous mode
[   51.115770] team0: Port device team_slave_1 added
[   51.122330] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   51.135912] bridge0: port 1(bridge_slave_0) entered blocking state
[   51.142543] bridge0: port 1(bridge_slave_0) entered disabled state
[   51.149367] device bridge_slave_0 entered promiscuous mode
[   51.158687] bridge0: port 2(bridge_slave_1) entered blocking state
[   51.165334] bridge0: port 2(bridge_slave_1) entered disabled state
[   51.172533] device bridge_slave_1 entered promiscuous mode
[   51.185249] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   51.205423] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   51.214485] chnl_net:caif_netlink_parms(): no params data found
[   51.235084] bridge0: port 1(bridge_slave_0) entered blocking state
[   51.241472] bridge0: port 1(bridge_slave_0) entered disabled state
[   51.248739] device bridge_slave_0 entered promiscuous mode
[   51.256285] team0: Port device team_slave_0 added
[   51.262640] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   51.270256] bridge0: port 2(bridge_slave_1) entered blocking state
[   51.276702] bridge0: port 2(bridge_slave_1) entered disabled state
[   51.283722] device bridge_slave_1 entered promiscuous mode
[   51.305571] team0: Port device team_slave_1 added
[   51.345282] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   51.404781] device hsr_slave_0 entered promiscuous mode
[   51.462476] device hsr_slave_1 entered promiscuous mode
[   51.509070] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   51.521606] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   51.536326] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   51.545179] team0: Port device team_slave_0 added
[   51.570708] team0: Port device team_slave_1 added
[   51.580814] team0: Port device team_slave_0 added
[   51.644604] device hsr_slave_0 entered promiscuous mode
[   51.692239] device hsr_slave_1 entered promiscuous mode
[   51.775846] bridge0: port 1(bridge_slave_0) entered blocking state
[   51.782686] bridge0: port 1(bridge_slave_0) entered disabled state
[   51.789903] device bridge_slave_0 entered promiscuous mode
[   51.797797] team0: Port device team_slave_1 added
[   51.803881] team0: Port device team_slave_0 added
[   51.831915] bridge0: port 2(bridge_slave_1) entered blocking state
[   51.838310] bridge0: port 2(bridge_slave_1) entered disabled state
[   51.845890] device bridge_slave_1 entered promiscuous mode
[   51.858438] team0: Port device team_slave_1 added
[   51.924383] device hsr_slave_0 entered promiscuous mode
[   51.972201] device hsr_slave_1 entered promiscuous mode
[   52.019150] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   52.034865] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   52.106538] device hsr_slave_0 entered promiscuous mode
[   52.142989] device hsr_slave_1 entered promiscuous mode
[   52.233360] device hsr_slave_0 entered promiscuous mode
[   52.282186] device hsr_slave_1 entered promiscuous mode
[   52.373486] team0: Port device team_slave_0 added
[   52.390041] team0: Port device team_slave_1 added
[   52.494492] device hsr_slave_0 entered promiscuous mode
[   52.532201] device hsr_slave_1 entered promiscuous mode
[   52.676767] 8021q: adding VLAN 0 to HW filter on device bond0
[   52.691596] 8021q: adding VLAN 0 to HW filter on device bond0
[   52.710253] 8021q: adding VLAN 0 to HW filter on device bond0
[   52.720698] 8021q: adding VLAN 0 to HW filter on device bond0
[   52.738606] 8021q: adding VLAN 0 to HW filter on device team0
[   52.758728] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   52.766464] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   52.773752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   52.780556] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   52.796523] 8021q: adding VLAN 0 to HW filter on device team0
[   52.808399] 8021q: adding VLAN 0 to HW filter on device bond0
[   52.817062] 8021q: adding VLAN 0 to HW filter on device team0
[   52.828696] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   52.835854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   52.857379] 8021q: adding VLAN 0 to HW filter on device team0
[   52.865489] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   52.873983] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   52.881589] bridge0: port 1(bridge_slave_0) entered blocking state
[   52.888090] bridge0: port 1(bridge_slave_0) entered forwarding state
[   52.895534] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   52.902809] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   52.909673] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   52.917580] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   52.925138] bridge0: port 1(bridge_slave_0) entered blocking state
[   52.931462] bridge0: port 1(bridge_slave_0) entered forwarding state
[   52.938695] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   52.947066] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   52.972178] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   52.982275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   52.989130] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   52.999697] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   53.007505] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.013905] bridge0: port 2(bridge_slave_1) entered forwarding state
[   53.020893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   53.029150] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   53.036884] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.043277] bridge0: port 1(bridge_slave_0) entered forwarding state
[   53.050145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   53.058322] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   53.066105] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.072497] bridge0: port 1(bridge_slave_0) entered forwarding state
[   53.079295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   53.087174] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   53.095297] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.101631] bridge0: port 2(bridge_slave_1) entered forwarding state
[   53.108794] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   53.116533] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   53.124433] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   53.132710] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   53.140233] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   53.147979] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   53.155642] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   53.163262] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   53.171247] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   53.178498] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   53.186116] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   53.203770] 8021q: adding VLAN 0 to HW filter on device team0
[   53.217706] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   53.228355] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   53.236394] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.242786] bridge0: port 2(bridge_slave_1) entered forwarding state
[   53.250094] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   53.258060] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   53.265616] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   53.273202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   53.280869] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   53.295485] 8021q: adding VLAN 0 to HW filter on device bond0
[   53.317118] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   53.328522] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   53.336410] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.342793] bridge0: port 2(bridge_slave_1) entered forwarding state
[   53.349861] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   53.357874] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   53.365630] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   53.373340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   53.380999] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   53.388616] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.394971] bridge0: port 1(bridge_slave_0) entered forwarding state
[   53.401704] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   53.409610] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   53.417208] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   53.425028] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   53.432671] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.439000] bridge0: port 2(bridge_slave_1) entered forwarding state
[   53.446041] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   53.453684] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   53.461496] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   53.468745] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   53.481917] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   53.488893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   53.515691] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   53.525497] 8021q: adding VLAN 0 to HW filter on device team0
[   53.535588] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   53.544370] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   53.552976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   53.560599] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   53.568511] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   53.576425] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   53.584196] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   53.591990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   53.599601] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   53.607551] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   53.615410] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   53.623684] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   53.631079] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   53.638953] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   53.646104] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   53.659095] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   53.669119] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   53.699042] 8021q: adding VLAN 0 to HW filter on device batadv0
[   53.706738] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   53.714439] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   53.722681] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   53.730082] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   53.737743] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   53.745622] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   53.753482] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   53.760948] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   53.768753] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   53.776328] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.782742] bridge0: port 1(bridge_slave_0) entered forwarding state
[   53.789894] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   53.796814] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   53.803949] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   53.830391] 8021q: adding VLAN 0 to HW filter on device batadv0
[   53.859703] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   53.868423] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   53.877777] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   53.886967] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   53.895386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   53.902868] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   53.910178] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   53.917763] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   53.925333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   53.933315] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   53.940985] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.947367] bridge0: port 2(bridge_slave_1) entered forwarding state
[   53.954257] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   53.962376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   53.970149] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   53.977939] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   53.985692] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   53.995762] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   54.008155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   54.029522] 8021q: adding VLAN 0 to HW filter on device batadv0
[   54.047091] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   54.059443] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   54.081655] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   54.094237] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   54.106217] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   54.118836] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   54.131315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   54.144914] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   54.154990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   54.166388] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   54.174250] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   54.182367] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   54.200526] 8021q: adding VLAN 0 to HW filter on device batadv0
[   54.258636] 8021q: adding VLAN 0 to HW filter on device batadv0
[   54.276019] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   54.375005] 8021q: adding VLAN 0 to HW filter on device batadv0
2019/03/03 15:26:57 executed programs: 42
[   55.817541] ==================================================================
[   55.825063] BUG: KASAN: use-after-free in __list_add_valid+0x9a/0xa0
[   55.825077] Read of size 8 at addr ffff8880a7bed7e0 by task syz-executor.5/8032
[   55.825081] 
[   55.825095] CPU: 1 PID: 8032 Comm: syz-executor.5 Not tainted 5.0.0-rc8+ #3
[   55.825103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   55.825108] Call Trace:
[   55.825127]  dump_stack+0x172/0x1f0
[   55.825142]  ? __list_add_valid+0x9a/0xa0
[   55.825161]  print_address_description.cold+0x7c/0x20d
[   55.825174]  ? __list_add_valid+0x9a/0xa0
[   55.825186]  ? __list_add_valid+0x9a/0xa0
[   55.825201]  kasan_report.cold+0x1b/0x40
[   55.825217]  ? __list_add_valid+0x9a/0xa0
[   55.825236]  __asan_report_load8_noabort+0x14/0x20
[   55.825249]  __list_add_valid+0x9a/0xa0
[   55.825266]  rdma_listen+0x63b/0x8e0
[   55.825285]  ucma_listen+0x14d/0x1c0
[   55.825300]  ? ucma_notify+0x190/0x190
[   55.825317]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   55.825332]  ? _copy_from_user+0xdd/0x150
[   55.825349]  ucma_write+0x2da/0x3c0
[   55.825363]  ? ucma_notify+0x190/0x190
[   55.825377]  ? ucma_open+0x290/0x290
[   55.825390]  ? __fget+0x340/0x540
[   55.825411]  __vfs_write+0x116/0x8e0
[   55.825425]  ? lock_downgrade+0x810/0x810
[   55.841063]  ? ucma_open+0x290/0x290
[   55.915229]  ? kernel_read+0x120/0x120
[   55.915246]  ? debug_lockdep_rcu_enabled+0x71/0xa0
[   55.915262]  ? common_file_perm+0x1d6/0x6f0
[   55.915282]  ? apparmor_file_permission+0x25/0x30
[   55.915297]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   55.915313]  ? security_file_permission+0x94/0x320
[   55.915331]  ? rw_verify_area+0x118/0x360
[   55.915348]  vfs_write+0x20c/0x580
[   55.915367]  ksys_write+0xea/0x1f0
[   55.915382]  ? __ia32_sys_read+0xb0/0xb0
[   55.930720]  ? do_fast_syscall_32+0xd1/0xc98
[   55.930736]  ? entry_SYSENTER_compat+0x70/0x7f
[   55.930751]  ? do_fast_syscall_32+0xd1/0xc98
[   55.930771]  __ia32_sys_write+0x71/0xb0
[   55.930788]  do_fast_syscall_32+0x281/0xc98
[   55.930806]  entry_SYSENTER_compat+0x70/0x7f
[   56.010963] RIP: 0023:0xf7ff9869
[   56.018711] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[   56.018720] RSP: 002b:00000000f7ff50cc EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[   56.018734] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000000
[   56.018743] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
[   56.018752] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   56.018760] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   56.018768] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   56.018786] 
[   56.081663] Allocated by task 8049:
[   56.081682]  save_stack+0x45/0xd0
[   56.081697]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   56.081710]  kasan_kmalloc+0x9/0x10
[   56.081723]  kmem_cache_alloc_trace+0x151/0x760
[   56.081736]  __rdma_create_id+0x5f/0x4e0
[   56.081750]  ucma_create_id+0x1de/0x640
[   56.081761]  ucma_write+0x2da/0x3c0
[   56.081774]  __vfs_write+0x116/0x8e0
[   56.081785]  vfs_write+0x20c/0x580
[   56.081796]  ksys_write+0xea/0x1f0
[   56.081807]  __ia32_sys_write+0x71/0xb0
[   56.081820]  do_fast_syscall_32+0x281/0xc98
[   56.081834]  entry_SYSENTER_compat+0x70/0x7f
[   56.081837] 
[   56.081843] Freed by task 8033:
[   56.081854]  save_stack+0x45/0xd0
[   56.081867]  __kasan_slab_free+0x102/0x150
[   56.081877]  kasan_slab_free+0xe/0x10
[   56.081887]  kfree+0xcf/0x230
[   56.081898]  rdma_destroy_id+0x723/0xab0
[   56.081908]  ucma_close+0x115/0x320
[   56.081920]  __fput+0x2df/0x8d0
[   56.081930]  ____fput+0x16/0x20
[   56.081941]  task_work_run+0x14a/0x1c0
[   56.081954]  exit_to_usermode_loop+0x273/0x2c0
[   56.081966]  do_fast_syscall_32+0xa9d/0xc98
[   56.081979]  entry_SYSENTER_compat+0x70/0x7f
[   56.081982] 
[   56.081992] The buggy address belongs to the object at ffff8880a7bed600
[   56.081992]  which belongs to the cache kmalloc-2k of size 2048
[   56.082005] The buggy address is located 480 bytes inside of
[   56.082005]  2048-byte region [ffff8880a7bed600, ffff8880a7bede00)
[   56.082009] The buggy address belongs to the page:
[   56.082024] page:ffffea00029efb00 count:1 mapcount:0 mapping:ffff88812c3f0c40 index:0x0 compound_mapcount: 0
[   56.082039] flags: 0x1fffc0000010200(slab|head)
[   56.082070] raw: 01fffc0000010200 ffffea0002a58108 ffffea0002347608 ffff88812c3f0c40
[   56.082085] raw: 0000000000000000 ffff8880a7bec500 0000000100000003 0000000000000000
[   56.082091] page dumped because: kasan: bad access detected
[   56.082094] 
[   56.082098] Memory state around the buggy address:
[   56.082110]  ffff8880a7bed680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   56.082120]  ffff8880a7bed700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   56.082130] >ffff8880a7bed780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   56.082136]                                                        ^
[   56.082149]  ffff8880a7bed800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   56.087097] kobject: 'loop3' (0000000089950cf8): fill_kobj_path: path = '/devices/virtual/block/loop3'
[   56.087393]  ffff8880a7bed880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   56.170805] kobject: 'loop4' (000000009742f17d): kobject_uevent_env
[   56.172719] ==================================================================
[   56.172725] Disabling lock debugging due to kernel taint
[   56.185825] Kernel panic - not syncing: panic_on_warn set ...
[   56.202033] kobject: 'loop4' (000000009742f17d): fill_kobj_path: path = '/devices/virtual/block/loop4'
[   56.204416] CPU: 1 PID: 8032 Comm: syz-executor.5 Tainted: G    B             5.0.0-rc8+ #3
[   56.204424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   56.204429] Call Trace:
[   56.204449]  dump_stack+0x172/0x1f0
[   56.204468]  panic+0x2cb/0x65c
[   56.258874] kobject: 'loop0' (00000000f1ad591d): kobject_uevent_env
[   56.259561]  ? __warn_printk+0xf3/0xf3
[   56.268146] kobject: 'loop0' (00000000f1ad591d): fill_kobj_path: path = '/devices/virtual/block/loop0'
[   56.271838]  ? __list_add_valid+0x9a/0xa0
[   56.271855]  ? preempt_schedule+0x4b/0x60
[   56.271871]  ? ___preempt_schedule+0x16/0x18
[   56.271885]  ? trace_hardirqs_on+0x5e/0x230
[   56.271899]  ? __list_add_valid+0x9a/0xa0
[   56.271915]  end_report+0x47/0x4f
[   56.283420] kobject: 'loop1' (000000001b91af3f): kobject_uevent_env
[   56.286609]  ? __list_add_valid+0x9a/0xa0
[   56.286626]  kasan_report.cold+0xe/0x40
[   56.286640]  ? __list_add_valid+0x9a/0xa0
[   56.286657]  __asan_report_load8_noabort+0x14/0x20
[   56.294013] kobject: 'loop1' (000000001b91af3f): fill_kobj_path: path = '/devices/virtual/block/loop1'
[   56.300483]  __list_add_valid+0x9a/0xa0
[   56.300499]  rdma_listen+0x63b/0x8e0
[   56.300517]  ucma_listen+0x14d/0x1c0
[   56.300532]  ? ucma_notify+0x190/0x190
[   56.407733] kobject: 'loop2' (00000000fd5ccfae): kobject_uevent_env
[   56.408109]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   56.413762] kobject: 'loop2' (00000000fd5ccfae): fill_kobj_path: path = '/devices/virtual/block/loop2'
[   56.416839]  ? _copy_from_user+0xdd/0x150
[   56.416857]  ucma_write+0x2da/0x3c0
[   56.416872]  ? ucma_notify+0x190/0x190
[   56.440665] kobject: 'loop3' (0000000089950cf8): kobject_uevent_env
[   56.443093]  ? ucma_open+0x290/0x290
[   56.443116]  ? __fget+0x340/0x540
[   56.443142]  __vfs_write+0x116/0x8e0
[   56.443157]  ? lock_downgrade+0x810/0x810
[   56.448808] kobject: 'loop3' (0000000089950cf8): fill_kobj_path: path = '/devices/virtual/block/loop3'
[   56.457524]  ? ucma_open+0x290/0x290
[   56.457537]  ? kernel_read+0x120/0x120
[   56.457550]  ? debug_lockdep_rcu_enabled+0x71/0xa0
[   56.457563]  ? common_file_perm+0x1d6/0x6f0
[   56.457586]  ? apparmor_file_permission+0x25/0x30
[   56.481353] kobject: 'loop4' (000000009742f17d): kobject_uevent_env
[   56.484701]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   56.484716]  ? security_file_permission+0x94/0x320
[   56.484730]  ? rw_verify_area+0x118/0x360
[   56.484743]  vfs_write+0x20c/0x580
[   56.484758]  ksys_write+0xea/0x1f0
[   56.484770]  ? __ia32_sys_read+0xb0/0xb0
[   56.484785]  ? do_fast_syscall_32+0xd1/0xc98
[   56.484797]  ? entry_SYSENTER_compat+0x70/0x7f
[   56.484809]  ? do_fast_syscall_32+0xd1/0xc98
[   56.484823]  __ia32_sys_write+0x71/0xb0
[   56.484836]  do_fast_syscall_32+0x281/0xc98
[   56.484852]  entry_SYSENTER_compat+0x70/0x7f
[   56.484862] RIP: 0023:0xf7ff9869
[   56.484875] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[   56.484882] RSP: 002b:00000000f7ff50cc EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[   56.484894] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000000
[   56.484916] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
[   56.484923] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   56.484931] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   56.484937] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   56.485924] Kernel Offset: disabled
[   56.686833] Rebooting in 86400 seconds..