Warning: Permanently added '10.128.0.71' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 34.051499] audit: type=1400 audit(1599724515.931:8): avc: denied { execmem } for pid=6371 comm="syz-executor301" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 34.074310] ================================================================== [ 34.082147] BUG: KASAN: use-after-free in __list_add_valid+0x93/0xa0 [ 34.089049] Read of size 8 at addr ffff8880a0eefd18 by task syz-executor301/6374 [ 34.097688] [ 34.099358] CPU: 1 PID: 6374 Comm: syz-executor301 Not tainted 4.14.197-syzkaller #0 [ 34.107450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.117027] Call Trace: [ 34.119862] dump_stack+0x1b2/0x283 [ 34.123762] print_address_description.cold+0x54/0x1d3 [ 34.129167] kasan_report_error.cold+0x8a/0x194 [ 34.134119] ? __list_add_valid+0x93/0xa0 [ 34.138534] __asan_report_load8_noabort+0x68/0x70 [ 34.143458] ? __list_add_valid+0x93/0xa0 [ 34.147734] __list_add_valid+0x93/0xa0 [ 34.151708] rdma_listen+0x656/0x9b0 [ 34.155506] ucma_listen+0x10b/0x170 [ 34.159340] ? ucma_bind_ip+0x150/0x150 [ 34.163434] ? _copy_from_user+0x96/0x100 [ 34.167572] ? ucma_bind_ip+0x150/0x150 [ 34.171651] ucma_write+0x206/0x2c0 [ 34.175274] ? ucma_set_ib_path+0x510/0x510 [ 34.179589] ? __switch_to_xtra+0x93/0x12f0 [ 34.183899] ? finish_task_switch+0x178/0x610 [ 34.188500] __vfs_write+0xe4/0x630 [ 34.192119] ? ucma_set_ib_path+0x510/0x510 [ 34.196556] ? kernel_read+0x110/0x110 [ 34.200697] ? avc_policy_seqno+0x5/0x10 [ 34.204746] ? selinux_file_permission+0x7e/0x530 [ 34.209713] ? security_file_permission+0x82/0x1e0 [ 34.214633] ? rw_verify_area+0xe1/0x2a0 [ 34.218774] vfs_write+0x17f/0x4d0 [ 34.222374] SyS_write+0xf2/0x210 [ 34.225874] ? SyS_read+0x210/0x210 [ 34.229505] ? do_syscall_64+0x4c/0x640 [ 34.233561] ? SyS_read+0x210/0x210 [ 34.237184] do_syscall_64+0x1d5/0x640 [ 34.241066] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 34.246244] RIP: 0033:0x4414b9 [ 34.249421] RSP: 002b:00007ffd6dec0138 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 34.257118] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004414b9 [ 34.264385] RDX: 0000000000000010 RSI: 0000000020000140 RDI: 0000000000000003 [ 34.271734] RBP: 0000000000008515 R08: 00000000004002c8 R09: 00000000004002c8 [ 34.279140] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000402260 [ 34.286402] R13: 00000000004022f0 R14: 0000000000000000 R15: 0000000000000000 [ 34.293803] [ 34.295641] Allocated by task 6372: [ 34.299332] kasan_kmalloc+0xeb/0x160 [ 34.303124] kmem_cache_alloc_trace+0x131/0x3d0 [ 34.307844] rdma_create_id+0x57/0x4c0 [ 34.311721] ucma_create_id+0x18b/0x500 [ 34.315698] ucma_write+0x206/0x2c0 [ 34.319318] __vfs_write+0xe4/0x630 [ 34.322944] vfs_write+0x17f/0x4d0 [ 34.326593] SyS_write+0xf2/0x210 [ 34.330042] do_syscall_64+0x1d5/0x640 [ 34.333926] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 34.339229] [ 34.340890] Freed by task 6372: [ 34.344161] kasan_slab_free+0xc3/0x1a0 [ 34.348337] kfree+0xc9/0x250 [ 34.351480] ucma_close+0x11a/0x340 [ 34.355106] __fput+0x25f/0x7a0 [ 34.358461] task_work_run+0x11f/0x190 [ 34.362407] do_exit+0xa08/0x27f0 [ 34.365851] do_group_exit+0x100/0x2e0 [ 34.369729] SyS_exit_group+0x19/0x20 [ 34.373711] do_syscall_64+0x1d5/0x640 [ 34.377685] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 34.382861] [ 34.384567] The buggy address belongs to the object at ffff8880a0eefb40 [ 34.384567] which belongs to the cache kmalloc-1024 of size 1024 [ 34.397474] The buggy address is located 472 bytes inside of [ 34.397474] 1024-byte region [ffff8880a0eefb40, ffff8880a0eeff40) [ 34.409688] The buggy address belongs to the page: [ 34.414705] page:ffffea000283bb80 count:1 mapcount:0 mapping:ffff8880a0eee040 index:0xffff8880a0eee040 compound_mapcount: 0 [ 34.426854] flags: 0xfffe0000008100(slab|head) [ 34.431436] raw: 00fffe0000008100 ffff8880a0eee040 ffff8880a0eee040 0000000100000006 [ 34.439309] raw: ffffea00022960a0 ffffea00027e22a0 ffff88812fe50ac0 0000000000000000 [ 34.447226] page dumped because: kasan: bad access detected [ 34.452971] [ 34.454586] Memory state around the buggy address: [ 34.459498] ffff8880a0eefc00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.467228] ffff8880a0eefc80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.474661] >ffff8880a0eefd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.482064] ^ [ 34.486196] ffff8880a0eefd80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.493551] ffff8880a0eefe00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.500893] ================================================================== [ 34.508234] Disabling lock debugging due to kernel taint [ 34.516496] Kernel panic - not syncing: panic_on_warn set ... [ 34.516496] [ 34.523882] CPU: 0 PID: 6374 Comm: syz-executor301 Tainted: G B 4.14.197-syzkaller #0 [ 34.532968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.542348] Call Trace: [ 34.544927] dump_stack+0x1b2/0x283 [ 34.548551] panic+0x1f9/0x42d [ 34.551729] ? add_taint.cold+0x16/0x16 [ 34.555680] ? ___preempt_schedule+0x16/0x18 [ 34.560120] kasan_end_report+0x43/0x49 [ 34.564120] kasan_report_error.cold+0xa7/0x194 [ 34.568768] ? __list_add_valid+0x93/0xa0 [ 34.572912] __asan_report_load8_noabort+0x68/0x70 [ 34.577837] ? __list_add_valid+0x93/0xa0 [ 34.581960] __list_add_valid+0x93/0xa0 [ 34.585919] rdma_listen+0x656/0x9b0 [ 34.589626] ucma_listen+0x10b/0x170 [ 34.593333] ? ucma_bind_ip+0x150/0x150 [ 34.597291] ? _copy_from_user+0x96/0x100 [ 34.601424] ? ucma_bind_ip+0x150/0x150 [ 34.605396] ucma_write+0x206/0x2c0 [ 34.609016] ? ucma_set_ib_path+0x510/0x510 [ 34.613318] ? __switch_to_xtra+0x93/0x12f0 [ 34.617639] ? finish_task_switch+0x178/0x610 [ 34.622123] __vfs_write+0xe4/0x630 [ 34.625728] ? ucma_set_ib_path+0x510/0x510 [ 34.630022] ? kernel_read+0x110/0x110 [ 34.633893] ? avc_policy_seqno+0x5/0x10 [ 34.637939] ? selinux_file_permission+0x7e/0x530 [ 34.642756] ? security_file_permission+0x82/0x1e0 [ 34.647661] ? rw_verify_area+0xe1/0x2a0 [ 34.651694] vfs_write+0x17f/0x4d0 [ 34.655205] SyS_write+0xf2/0x210 [ 34.658670] ? SyS_read+0x210/0x210 [ 34.662273] ? do_syscall_64+0x4c/0x640 [ 34.666237] ? SyS_read+0x210/0x210 [ 34.669840] do_syscall_64+0x1d5/0x640 [ 34.673703] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 34.678865] RIP: 0033:0x4414b9 [ 34.682038] RSP: 002b:00007ffd6dec0138 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 34.689715] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004414b9 [ 34.696970] RDX: 0000000000000010 RSI: 0000000020000140 RDI: 0000000000000003 [ 34.704215] RBP: 0000000000008515 R08: 00000000004002c8 R09: 00000000004002c8 [ 34.711456] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000402260 [ 34.718701] R13: 00000000004022f0 R14: 0000000000000000 R15: 0000000000000000 [ 34.727144] Kernel Offset: disabled [ 34.730764] Rebooting in 86400 seconds..