Warning: Permanently added '10.128.0.37' (ECDSA) to the list of known hosts.
2020/03/28 04:19:45 parsed 1 programs
2020/03/28 04:19:47 executed programs: 0
syzkaller login: [   62.844080][ T7037] IPVS: ftp: loaded support on port[0] = 21
[   62.944494][ T7037] chnl_net:caif_netlink_parms(): no params data found
[   63.001148][ T7037] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.009035][ T7037] bridge0: port 1(bridge_slave_0) entered disabled state
[   63.017806][ T7037] device bridge_slave_0 entered promiscuous mode
[   63.027211][ T7037] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.035660][ T7037] bridge0: port 2(bridge_slave_1) entered disabled state
[   63.044060][ T7037] device bridge_slave_1 entered promiscuous mode
[   63.066771][ T7037] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   63.077913][ T7037] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   63.104880][ T7037] team0: Port device team_slave_0 added
[   63.113416][ T7037] team0: Port device team_slave_1 added
[   63.134491][ T7037] batman_adv: batadv0: Adding interface: batadv_slave_0
[   63.141661][ T7037] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   63.167687][ T7037] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   63.181375][ T7037] batman_adv: batadv0: Adding interface: batadv_slave_1
[   63.188371][ T7037] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   63.214527][ T7037] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   63.283759][ T7037] device hsr_slave_0 entered promiscuous mode
[   63.350727][ T7037] device hsr_slave_1 entered promiscuous mode
[   63.531284][ T7037] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   63.573994][ T7037] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   63.633433][ T7037] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   63.703415][ T7037] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   63.789474][ T7037] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.796951][ T7037] bridge0: port 2(bridge_slave_1) entered forwarding state
[   63.805480][ T7037] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.812798][ T7037] bridge0: port 1(bridge_slave_0) entered forwarding state
[   63.867043][ T7037] 8021q: adding VLAN 0 to HW filter on device bond0
[   63.882491][ T2687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   63.894017][ T2687] bridge0: port 1(bridge_slave_0) entered disabled state
[   63.903498][ T2687] bridge0: port 2(bridge_slave_1) entered disabled state
[   63.912268][ T2687] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   63.927886][ T7037] 8021q: adding VLAN 0 to HW filter on device team0
[   63.938408][ T3209] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   63.948611][ T3209] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   63.958350][ T3209] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.965688][ T3209] bridge0: port 1(bridge_slave_0) entered forwarding state
[   63.979474][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   63.988608][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   63.998550][ T2692] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.005753][ T2692] bridge0: port 2(bridge_slave_1) entered forwarding state
[   64.019265][ T3209] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   64.040532][ T3209] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   64.049291][ T3209] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   64.059043][ T3209] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   64.068338][ T3209] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   64.077776][ T3209] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   64.088085][ T3209] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   64.104373][ T7037] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   64.117088][ T7037] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   64.131764][ T3208] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   64.140774][ T3208] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   64.150464][ T3208] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   64.159141][ T3208] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   64.171221][ T3208] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   64.191466][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   64.199008][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   64.216208][ T7037] 8021q: adding VLAN 0 to HW filter on device batadv0
[   64.241343][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   64.251778][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   64.274061][ T3208] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   64.283347][ T3208] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   64.293670][ T3208] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   64.302046][ T3208] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   64.313852][ T7037] device veth0_vlan entered promiscuous mode
[   64.327800][ T7037] device veth1_vlan entered promiscuous mode
[   64.353571][ T3208] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   64.362407][ T3208] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   64.372293][ T3208] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   64.381521][ T3208] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   64.394684][ T7037] device veth0_macvtap entered promiscuous mode
[   64.405209][ T7037] device veth1_macvtap entered promiscuous mode
[   64.425289][ T7037] batman_adv: batadv0: Interface activated: batadv_slave_0
[   64.433171][ T3208] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   64.442419][ T3208] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   64.451465][ T3208] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   64.460842][ T3208] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   64.475641][ T7037] batman_adv: batadv0: Interface activated: batadv_slave_1
[   64.483764][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   64.494754][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   67.221474][ T7560] ==================================================================
[   67.229946][ T7560] BUG: KASAN: use-after-free in __list_add_valid+0x93/0xa0
[   67.237127][ T7560] Read of size 8 at addr ffff8880983631e0 by task syz-executor.0/7560
[   67.245273][ T7560] 
[   67.247599][ T7560] CPU: 1 PID: 7560 Comm: syz-executor.0 Not tainted 5.6.0-rc7-syzkaller #0
[   67.256169][ T7560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   67.266202][ T7560] Call Trace:
[   67.270025][ T7560]  dump_stack+0x188/0x20d
[   67.274340][ T7560]  ? __list_add_valid+0x93/0xa0
[   67.279203][ T7560]  ? __list_add_valid+0x93/0xa0
[   67.284060][ T7560]  print_address_description.constprop.0.cold+0xd3/0x315
[   67.291075][ T7560]  ? __list_add_valid+0x93/0xa0
[   67.295925][ T7560]  ? __list_add_valid+0x93/0xa0
[   67.300801][ T7560]  __kasan_report.cold+0x1a/0x32
[   67.305746][ T7560]  ? __list_add_valid+0x93/0xa0
[   67.310785][ T7560]  kasan_report+0xe/0x20
[   67.315035][ T7560]  __list_add_valid+0x93/0xa0
[   67.319706][ T7560]  rdma_listen+0x681/0x910
[   67.324143][ T7560]  ucma_listen+0x14d/0x1c0
[   67.328571][ T7560]  ? ucma_notify+0x190/0x190
[   67.333190][ T7560]  ? __might_fault+0x190/0x1d0
[   67.337960][ T7560]  ? _copy_from_user+0x123/0x190
[   67.342900][ T7560]  ? ucma_notify+0x190/0x190
[   67.347494][ T7560]  ucma_write+0x285/0x350
[   67.351831][ T7560]  ? ucma_open+0x270/0x270
[   67.356268][ T7560]  ? security_file_permission+0x8a/0x370
[   67.361914][ T7560]  ? ucma_open+0x270/0x270
[   67.366330][ T7560]  __vfs_write+0x76/0x100
[   67.370663][ T7560]  vfs_write+0x262/0x5c0
[   67.374901][ T7560]  ksys_write+0x1e8/0x250
[   67.379241][ T7560]  ? __ia32_sys_read+0xb0/0xb0
[   67.384010][ T7560]  ? __ia32_sys_clock_settime+0x260/0x260
[   67.389742][ T7560]  ? trace_hardirqs_off_caller+0x55/0x230
[   67.395482][ T7560]  do_syscall_64+0xf6/0x7d0
[   67.399993][ T7560]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   67.405882][ T7560] RIP: 0033:0x45c849
[   67.409774][ T7560] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   67.429501][ T7560] RSP: 002b:00007f8a3f379c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   67.437992][ T7560] RAX: ffffffffffffffda RBX: 00007f8a3f37a6d4 RCX: 000000000045c849
[   67.445986][ T7560] RDX: 0000000000000010 RSI: 0000000020000040 RDI: 0000000000000007
[   67.454000][ T7560] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
[   67.462019][ T7560] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[   67.469975][ T7560] R13: 0000000000000cc0 R14: 00000000004cee4e R15: 000000000076bf0c
[   67.477946][ T7560] 
[   67.480264][ T7560] Allocated by task 7547:
[   67.484599][ T7560]  save_stack+0x1b/0x80
[   67.488739][ T7560]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   67.494376][ T7560]  kmem_cache_alloc_trace+0x153/0x7d0
[   67.499768][ T7560]  __rdma_create_id+0x5b/0x850
[   67.504545][ T7560]  ucma_create_id+0x1cb/0x580
[   67.509221][ T7560]  ucma_write+0x285/0x350
[   67.513960][ T7560]  __vfs_write+0x76/0x100
[   67.518443][ T7560]  vfs_write+0x262/0x5c0
[   67.522696][ T7560]  ksys_write+0x1e8/0x250
[   67.527016][ T7560]  do_syscall_64+0xf6/0x7d0
[   67.531831][ T7560]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   67.537968][ T7560] 
[   67.540278][ T7560] Freed by task 7546:
[   67.544247][ T7560]  save_stack+0x1b/0x80
[   67.548385][ T7560]  __kasan_slab_free+0xf7/0x140
[   67.553287][ T7560]  kfree+0x109/0x2b0
[   67.557172][ T7560]  ucma_close+0x10b/0x300
[   67.561499][ T7560]  __fput+0x2da/0x850
[   67.565465][ T7560]  task_work_run+0x13f/0x1b0
[   67.570159][ T7560]  exit_to_usermode_loop+0x2fa/0x360
[   67.575585][ T7560]  do_syscall_64+0x6b1/0x7d0
[   67.580171][ T7560]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   67.586053][ T7560] 
[   67.588390][ T7560] The buggy address belongs to the object at ffff888098363000
[   67.588390][ T7560]  which belongs to the cache kmalloc-2k of size 2048
[   67.602437][ T7560] The buggy address is located 480 bytes inside of
[   67.602437][ T7560]  2048-byte region [ffff888098363000, ffff888098363800)
[   67.615780][ T7560] The buggy address belongs to the page:
[   67.621437][ T7560] page:ffffea000260d8c0 refcount:1 mapcount:0 mapping:ffff8880aa000e00 index:0x0
[   67.631148][ T7560] flags: 0xfffe0000000200(slab)
[   67.636000][ T7560] raw: 00fffe0000000200 ffffea0002a2d808 ffffea00024d7b88 ffff8880aa000e00
[   67.644590][ T7560] raw: 0000000000000000 ffff888098363000 0000000100000001 0000000000000000
[   67.653161][ T7560] page dumped because: kasan: bad access detected
[   67.659565][ T7560] 
[   67.661877][ T7560] Memory state around the buggy address:
[   67.667495][ T7560]  ffff888098363080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   67.675538][ T7560]  ffff888098363100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   67.683598][ T7560] >ffff888098363180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   67.691809][ T7560]                                                        ^
[   67.699028][ T7560]  ffff888098363200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   67.707105][ T7560]  ffff888098363280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   67.715213][ T7560] ==================================================================
[   67.723258][ T7560] Disabling lock debugging due to kernel taint
[   67.739320][ T7560] Kernel panic - not syncing: panic_on_warn set ...
[   67.745939][ T7560] CPU: 1 PID: 7560 Comm: syz-executor.0 Tainted: G    B             5.6.0-rc7-syzkaller #0
[   67.755918][ T7560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   67.765963][ T7560] Call Trace:
[   67.769245][ T7560]  dump_stack+0x188/0x20d
[   67.773586][ T7560]  panic+0x2e3/0x75c
[   67.777475][ T7560]  ? add_taint.cold+0x16/0x16
[   67.782143][ T7560]  ? preempt_schedule_common+0x5e/0xc0
[   67.787588][ T7560]  ? __list_add_valid+0x93/0xa0
[   67.792425][ T7560]  ? ___preempt_schedule+0x16/0x18
[   67.797536][ T7560]  ? trace_hardirqs_on+0x55/0x220
[   67.802554][ T7560]  ? __list_add_valid+0x93/0xa0
[   67.807411][ T7560]  end_report+0x43/0x49
[   67.811553][ T7560]  ? __list_add_valid+0x93/0xa0
[   67.816414][ T7560]  __kasan_report.cold+0xd/0x32
[   67.821251][ T7560]  ? __list_add_valid+0x93/0xa0
[   67.826110][ T7560]  kasan_report+0xe/0x20
[   67.830336][ T7560]  __list_add_valid+0x93/0xa0
[   67.834996][ T7560]  rdma_listen+0x681/0x910
[   67.839403][ T7560]  ucma_listen+0x14d/0x1c0
[   67.843806][ T7560]  ? ucma_notify+0x190/0x190
[   67.848503][ T7560]  ? __might_fault+0x190/0x1d0
[   67.853276][ T7560]  ? _copy_from_user+0x123/0x190
[   67.858217][ T7560]  ? ucma_notify+0x190/0x190
[   67.862901][ T7560]  ucma_write+0x285/0x350
[   67.867344][ T7560]  ? ucma_open+0x270/0x270
[   67.871806][ T7560]  ? security_file_permission+0x8a/0x370
[   67.877841][ T7560]  ? ucma_open+0x270/0x270
[   67.882553][ T7560]  __vfs_write+0x76/0x100
[   67.887198][ T7560]  vfs_write+0x262/0x5c0
[   67.891459][ T7560]  ksys_write+0x1e8/0x250
[   67.895790][ T7560]  ? __ia32_sys_read+0xb0/0xb0
[   67.900544][ T7560]  ? __ia32_sys_clock_settime+0x260/0x260
[   67.906269][ T7560]  ? trace_hardirqs_off_caller+0x55/0x230
[   67.912055][ T7560]  do_syscall_64+0xf6/0x7d0
[   67.916621][ T7560]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   67.922517][ T7560] RIP: 0033:0x45c849
[   67.926439][ T7560] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   67.946283][ T7560] RSP: 002b:00007f8a3f379c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   67.954813][ T7560] RAX: ffffffffffffffda RBX: 00007f8a3f37a6d4 RCX: 000000000045c849
[   67.962809][ T7560] RDX: 0000000000000010 RSI: 0000000020000040 RDI: 0000000000000007
[   67.970906][ T7560] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
[   67.979014][ T7560] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[   67.986993][ T7560] R13: 0000000000000cc0 R14: 00000000004cee4e R15: 000000000076bf0c
[   67.996590][ T7560] Kernel Offset: disabled
[   68.001001][ T7560] Rebooting in 86400 seconds..