Warning: Permanently added '10.128.0.178' (ECDSA) to the list of known hosts. 2019/03/29 14:32:53 parsed 1 programs 2019/03/29 14:32:54 executed programs: 0 [ 95.756297] IPv6: ADDRCONF(NETDEV_CHANGE): nr0: link becomes ready [ 95.766784] IPv6: ADDRCONF(NETDEV_CHANGE): nr3: link becomes ready [ 95.776800] IPv6: ADDRCONF(NETDEV_CHANGE): nr5: link becomes ready [ 95.784114] IPv6: ADDRCONF(NETDEV_CHANGE): nr1: link becomes ready [ 95.792491] IPv6: ADDRCONF(NETDEV_CHANGE): nr2: link becomes ready [ 95.794528] IPVS: ftp: loaded support on port[0] = 21 [ 95.806440] IPv6: ADDRCONF(NETDEV_CHANGE): nr4: link becomes ready [ 95.832849] IPVS: ftp: loaded support on port[0] = 21 [ 95.876883] chnl_net:caif_netlink_parms(): no params data found [ 95.892461] IPVS: ftp: loaded support on port[0] = 21 [ 95.949842] chnl_net:caif_netlink_parms(): no params data found [ 95.968558] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.975534] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.983001] device bridge_slave_0 entered promiscuous mode [ 95.993920] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.000581] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.008302] device bridge_slave_1 entered promiscuous mode [ 96.025609] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 96.041026] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 96.055954] IPVS: ftp: loaded support on port[0] = 21 [ 96.058869] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 96.059229] team0: Port device team_slave_0 added [ 96.059707] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 96.059926] team0: Port device team_slave_1 added [ 96.060278] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 96.060560] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 96.123459] device hsr_slave_0 entered promiscuous mode [ 96.191575] device hsr_slave_1 entered promiscuous mode [ 96.231654] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.238093] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.245546] device bridge_slave_0 entered promiscuous mode [ 96.273100] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 96.280448] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 96.288137] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.295045] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.302518] device bridge_slave_1 entered promiscuous mode [ 96.322437] chnl_net:caif_netlink_parms(): no params data found [ 96.335747] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 96.346181] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 96.384298] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 96.391884] team0: Port device team_slave_0 added [ 96.407498] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.413955] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.420961] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.427430] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.435661] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 96.443534] team0: Port device team_slave_1 added [ 96.465863] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 96.465901] IPVS: ftp: loaded support on port[0] = 21 [ 96.481867] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 96.503851] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.510284] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.517496] device bridge_slave_0 entered promiscuous mode [ 96.524864] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.531319] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.538451] device bridge_slave_1 entered promiscuous mode [ 96.634363] device hsr_slave_0 entered promiscuous mode [ 96.671555] device hsr_slave_1 entered promiscuous mode [ 96.712487] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 96.721688] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 96.735987] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 96.744056] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 96.764710] IPVS: ftp: loaded support on port[0] = 21 [ 96.791714] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 96.798871] team0: Port device team_slave_0 added [ 96.807884] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 96.816060] team0: Port device team_slave_1 added [ 96.841046] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.847510] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.854307] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.860930] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.872423] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.882967] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.890598] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.897896] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.906804] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 96.915035] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 97.003370] device hsr_slave_0 entered promiscuous mode [ 97.042303] device hsr_slave_1 entered promiscuous mode [ 97.082526] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 97.089880] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 97.120014] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.173234] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 97.204113] chnl_net:caif_netlink_parms(): no params data found [ 97.227843] chnl_net:caif_netlink_parms(): no params data found [ 97.257419] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 97.263858] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.287244] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 97.298355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 97.335410] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 97.346824] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.353363] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.368067] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 97.375822] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.382241] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.389583] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 97.400886] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 97.417310] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 97.428328] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 97.438881] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 97.446311] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.453121] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.460928] device bridge_slave_0 entered promiscuous mode [ 97.484946] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 97.493423] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 97.501791] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 97.509965] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 97.519374] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.526455] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.533644] device bridge_slave_1 entered promiscuous mode [ 97.596714] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.609356] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.616170] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.623400] device bridge_slave_0 entered promiscuous mode [ 97.630020] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.636505] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.643839] device bridge_slave_1 entered promiscuous mode [ 97.668781] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 97.679050] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 97.690803] chnl_net:caif_netlink_parms(): no params data found [ 97.701794] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 97.711027] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 97.739041] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 97.747429] team0: Port device team_slave_0 added [ 97.753446] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 97.760500] team0: Port device team_slave_1 added [ 97.766926] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 97.778411] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 97.794889] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 97.810611] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 97.820801] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.830874] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.855973] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 97.864445] team0: Port device team_slave_0 added [ 97.872624] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 97.900220] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 97.912409] team0: Port device team_slave_1 added [ 97.919997] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 97.928786] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.935309] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.943541] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 97.951036] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.957443] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.965101] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 97.976771] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 97.983940] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 98.053354] device hsr_slave_0 entered promiscuous mode [ 98.091489] device hsr_slave_1 entered promiscuous mode [ 98.152090] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 98.159478] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 98.166749] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 98.180750] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 98.191925] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 98.203108] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 98.217339] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.224201] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.231846] device bridge_slave_0 entered promiscuous mode [ 98.240215] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 98.256338] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 98.265018] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 98.272630] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 98.282240] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.290801] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.297410] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.317187] device bridge_slave_1 entered promiscuous mode [ 98.383503] device hsr_slave_0 entered promiscuous mode [ 98.421619] device hsr_slave_1 entered promiscuous mode [ 98.464143] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 98.489420] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 98.497885] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 98.519160] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 98.534681] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 98.546932] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 98.556840] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 98.581558] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 98.587668] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.597198] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.632339] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 98.641118] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.647555] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.655193] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 98.663029] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.669525] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.676907] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 98.691047] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 98.705663] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 98.725049] team0: Port device team_slave_0 added [ 98.731059] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 98.738826] team0: Port device team_slave_1 added [ 98.745199] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 98.777430] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 98.786656] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 98.819233] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 98.830377] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 98.842350] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 98.848894] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 98.856136] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 98.863897] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 98.871888] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 98.895551] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 98.954570] device hsr_slave_0 entered promiscuous mode [ 98.984654] device hsr_slave_1 entered promiscuous mode [ 99.042424] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 99.053601] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.062514] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 99.077131] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 99.096220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 99.108707] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.122046] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 99.128185] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.138280] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 99.155280] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 99.162395] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 99.170097] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.176628] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.185904] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.202542] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 99.209897] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 99.221009] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.227535] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.253182] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 99.260963] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 99.278900] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 99.289691] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 99.300418] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 99.316215] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 99.325651] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 99.335050] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 99.343311] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 99.357437] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 99.364004] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.389726] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 99.405540] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.413027] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 99.420744] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.427160] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.441125] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 99.468104] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 99.488615] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.495086] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.537585] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 99.546752] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 99.560890] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 99.573689] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.582830] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 99.602808] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 99.617214] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 99.625215] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 99.646391] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 99.656603] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 99.663134] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.679836] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 99.688078] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.694515] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.702738] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 99.710365] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.716815] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.724814] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 99.740325] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.750595] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 99.765009] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 99.782114] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 99.790201] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 99.798552] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 99.845878] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.919489] ================================================================== [ 99.927063] BUG: KASAN: use-after-free in __list_add_valid+0x8f/0xb0 [ 99.933563] Read of size 8 at addr ffff880106d43418 by task syz-executor.1/7183 [ 99.941107] [ 99.942723] CPU: 0 PID: 7183 Comm: syz-executor.1 Not tainted 4.12.0 #1 [ 99.949454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 99.958808] Call Trace: [ 99.961394] dump_stack+0x145/0x1f0 [ 99.965023] ? arch_local_irq_restore+0x43/0x43 [ 99.970021] ? printk+0x91/0xab [ 99.973299] ? snapshot_ioctl.cold.0+0x74/0x74 [ 99.977955] ? __mutex_unlock_slowpath+0xf0/0x9f0 [ 99.983062] ? __list_add_valid+0x8f/0xb0 [ 99.987548] print_address_description.cold.6+0x9/0x1c9 [ 99.992902] ? __list_add_valid+0x8f/0xb0 [ 99.997147] kasan_report.cold.7+0x121/0x2da [ 100.001557] __asan_report_load8_noabort+0x14/0x20 [ 100.006479] __list_add_valid+0x8f/0xb0 [ 100.010451] rdma_listen+0x5bc/0x9b0 [ 100.014251] ? rdma_resolve_addr+0x2b60/0x2b60 [ 100.018829] ucma_listen+0x168/0x1f0 [ 100.022527] ? ucma_accept+0xb60/0xb60 [ 100.026395] ? __might_sleep+0x93/0xb0 [ 100.030308] ucma_write+0x288/0x3f0 [ 100.033925] ? posix_ktime_get_ts+0xc/0x10 [ 100.038233] ? ucma_resolve_route+0x1a0/0x1a0 [ 100.042721] __vfs_write+0xdc/0xb60 [ 100.046364] ? __fget_light+0x2a5/0x3f0 [ 100.050323] ? fget_raw+0x10/0x10 [ 100.053879] ? __vfs_read+0xb50/0xb50 [ 100.057788] ? __might_fault+0xf1/0x1b0 [ 100.061763] ? lock_downgrade+0x830/0x830 [ 100.066076] ? lock_release+0x9a0/0x9a0 [ 100.070046] ? check_same_owner+0x320/0x320 [ 100.074446] ? getrawmonotonic64+0x4d0/0x4d0 [ 100.078842] ? rcu_dynticks_eqs_exit+0x70/0x70 [ 100.083436] ? rw_verify_area+0xb8/0x2b0 [ 100.087598] ? __fdget_raw+0x10/0x10 [ 100.092223] vfs_write+0x150/0x4f0 [ 100.095773] SyS_write+0xef/0x240 [ 100.099307] ? SyS_read+0x240/0x240 [ 100.102940] ? trace_hardirqs_on_caller+0x40c/0x580 [ 100.108187] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 100.112966] entry_SYSCALL_64_fastpath+0x23/0xc2 [ 100.117727] RIP: 0033:0x458209 [ 100.121007] RSP: 002b:00007f3289963c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 100.128957] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458209 [ 100.136249] RDX: 0000000000000010 RSI: 00000000200001c0 RDI: 0000000000000003 [ 100.143582] RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000000 [ 100.150848] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000073bf0c [ 100.158114] R13: 00007ffd9b9269cf R14: 00007f32899649c0 R15: 000000000073bf0c [ 100.165390] [ 100.166998] Allocated by task 7178: [ 100.170628] save_stack_trace+0x16/0x20 [ 100.174590] save_stack+0x43/0xd0 [ 100.178031] kasan_kmalloc+0xc7/0xe0 [ 100.181733] kmem_cache_alloc_trace+0x14b/0x7a0 [ 100.186397] rdma_create_id+0xca/0x680 [ 100.190311] ucma_create_id+0x312/0x630 [ 100.194286] ucma_write+0x288/0x3f0 [ 100.197994] __vfs_write+0xdc/0xb60 [ 100.201699] vfs_write+0x150/0x4f0 [ 100.205261] SyS_write+0xef/0x240 [ 100.208714] entry_SYSCALL_64_fastpath+0x23/0xc2 [ 100.213459] [ 100.215082] Freed by task 7170: [ 100.218362] save_stack_trace+0x16/0x20 [ 100.222323] save_stack+0x43/0xd0 [ 100.225778] kasan_slab_free+0x71/0xc0 [ 100.229683] kfree+0xcc/0x270 [ 100.232777] rdma_destroy_id+0x773/0xd60 [ 100.236825] ucma_close+0xf0/0x2d0 [ 100.240344] __fput+0x2cf/0x900 [ 100.243603] ____fput+0x9/0x10 [ 100.246784] task_work_run+0x14e/0x230 [ 100.250749] exit_to_usermode_loop+0x216/0x280 [ 100.255322] syscall_return_slowpath+0x2cb/0x360 [ 100.260087] entry_SYSCALL_64_fastpath+0xc0/0xc2 [ 100.264836] [ 100.266447] The buggy address belongs to the object at ffff880106d43240 [ 100.266447] which belongs to the cache kmalloc-1024 of size 1024 [ 100.279528] The buggy address is located 472 bytes inside of [ 100.279528] 1024-byte region [ffff880106d43240, ffff880106d43640) [ 100.291485] The buggy address belongs to the page: [ 100.296430] page:ffffea00041b5080 count:1 mapcount:0 mapping:ffff880106d42040 index:0x0 compound_mapcount: 0 [ 100.306411] flags: 0x2fffc0000008100(slab|head) [ 100.311069] raw: 02fffc0000008100 ffff880106d42040 0000000000000000 0000000100000007 [ 100.318946] raw: ffffea000478e620 ffffea0004559120 ffff88012bc00ac0 0000000000000000 [ 100.326911] page dumped because: kasan: bad access detected [ 100.332618] [ 100.334241] Memory state around the buggy address: [ 100.339515] ffff880106d43300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 100.347761] ffff880106d43380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 100.355766] >ffff880106d43400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 100.363483] ^ [ 100.368234] ffff880106d43480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 100.375604] ffff880106d43500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 100.382958] ================================================================== [ 100.390326] Disabling lock debugging due to kernel taint [ 100.402215] Kernel panic - not syncing: panic_on_warn set ... [ 100.402215] [ 100.409710] CPU: 1 PID: 7183 Comm: syz-executor.1 Tainted: G B 4.12.0 #1 [ 100.418025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 100.427563] Call Trace: [ 100.430142] dump_stack+0x145/0x1f0 [ 100.433759] ? arch_local_irq_restore+0x43/0x43 [ 100.438441] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 100.443193] ? __list_add_valid+0x8f/0xb0 [ 100.447408] panic+0x1a9/0x349 [ 100.450590] ? add_taint.cold.5+0x11/0x11 [ 100.454743] ? ___preempt_schedule+0x16/0x18 [ 100.459151] ? __list_add_valid+0x8f/0xb0 [ 100.463292] kasan_end_report+0x47/0x4f [ 100.467275] kasan_report.cold.7+0x76/0x2da [ 100.471897] __asan_report_load8_noabort+0x14/0x20 [ 100.476844] __list_add_valid+0x8f/0xb0 [ 100.481081] rdma_listen+0x5bc/0x9b0 [ 100.484790] ? rdma_resolve_addr+0x2b60/0x2b60 [ 100.489382] ucma_listen+0x168/0x1f0 [ 100.493082] ? ucma_accept+0xb60/0xb60 [ 100.496954] ? __might_sleep+0x93/0xb0 [ 100.500821] ucma_write+0x288/0x3f0 [ 100.504426] ? posix_ktime_get_ts+0xc/0x10 [ 100.508645] ? ucma_resolve_route+0x1a0/0x1a0 [ 100.513237] __vfs_write+0xdc/0xb60 [ 100.516855] ? __fget_light+0x2a5/0x3f0 [ 100.520836] ? fget_raw+0x10/0x10 [ 100.524276] ? __vfs_read+0xb50/0xb50 [ 100.528069] ? __might_fault+0xf1/0x1b0 [ 100.532018] ? lock_downgrade+0x830/0x830 [ 100.536148] ? lock_release+0x9a0/0x9a0 [ 100.540103] ? check_same_owner+0x320/0x320 [ 100.544695] ? getrawmonotonic64+0x4d0/0x4d0 [ 100.549081] ? rcu_dynticks_eqs_exit+0x70/0x70 [ 100.553753] ? rw_verify_area+0xb8/0x2b0 [ 100.557819] ? __fdget_raw+0x10/0x10 [ 100.561519] vfs_write+0x150/0x4f0 [ 100.565042] SyS_write+0xef/0x240 [ 100.568498] ? SyS_read+0x240/0x240 [ 100.572129] ? trace_hardirqs_on_caller+0x40c/0x580 [ 100.577378] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 100.582144] entry_SYSCALL_64_fastpath+0x23/0xc2 [ 100.586980] RIP: 0033:0x458209 [ 100.590396] RSP: 002b:00007f3289963c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 100.598195] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458209 [ 100.605464] RDX: 0000000000000010 RSI: 00000000200001c0 RDI: 0000000000000003 [ 100.612798] RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000000 [ 100.620710] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000073bf0c [ 100.627965] R13: 00007ffd9b9269cf R14: 00007f32899649c0 R15: 000000000073bf0c [ 100.636401] Kernel Offset: disabled [ 100.640025] Rebooting in 86400 seconds..