[ 42.604295] bond0 (unregistering): Released all slaves Warning: Permanently added '10.128.0.201' (ECDSA) to the list of known hosts. 2020/01/12 22:04:32 parsed 1 programs 2020/01/12 22:04:32 executed programs: 0 [ 47.609476] IPVS: ftp: loaded support on port[0] = 21 [ 47.632678] IPVS: ftp: loaded support on port[0] = 21 [ 47.649004] IPVS: ftp: loaded support on port[0] = 21 [ 47.652848] IPVS: ftp: loaded support on port[0] = 21 [ 47.655696] IPVS: ftp: loaded support on port[0] = 21 [ 47.673876] IPVS: ftp: loaded support on port[0] = 21 [ 48.133581] ================================================================== [ 48.141059] BUG: KASAN: use-after-free in __list_del_entry_valid+0xe7/0xf3 [ 48.148063] Read of size 8 at addr ffff8881d55ae1e8 by task syz-executor/4291 [ 48.155336] [ 48.156959] CPU: 0 PID: 4291 Comm: syz-executor Not tainted 5.5.0-rc5-syzkaller #0 [ 48.164644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.173979] Call Trace: [ 48.176549] dump_stack+0x12f/0x187 [ 48.180161] ? __list_del_entry_valid+0xe7/0xf3 [ 48.184814] print_address_description.constprop.8+0x3b/0x60 [ 48.190617] ? __list_del_entry_valid+0xe7/0xf3 [ 48.195273] ? __list_del_entry_valid+0xe7/0xf3 [ 48.199952] __kasan_report.cold.11+0x1b/0x39 [ 48.204442] ? __list_del_entry_valid+0xe7/0xf3 [ 48.209101] kasan_report+0x12/0x20 [ 48.212726] __asan_report_load8_noabort+0x14/0x20 [ 48.217638] __list_del_entry_valid+0xe7/0xf3 [ 48.222119] cma_cancel_operation+0x2f7/0x9c0 [ 48.226614] rdma_destroy_id+0x8d/0x9f0 [ 48.230578] ? complete+0x62/0x80 [ 48.234019] ucma_close+0x101/0x2d0 [ 48.237669] __fput+0x25a/0x780 [ 48.240944] ____fput+0x9/0x10 [ 48.244119] task_work_run+0x10e/0x190 [ 48.247998] do_exit+0x9ed/0x2e30 [ 48.251445] ? mm_update_next_owner+0x710/0x710 [ 48.256096] ? get_signal+0x2c4/0x1d00 [ 48.259970] ? lock_downgrade+0x900/0x900 [ 48.264104] ? _raw_spin_unlock_irq+0x22/0x70 [ 48.268596] ? get_signal+0x2c4/0x1d00 [ 48.272470] do_group_exit+0xf4/0x2e0 [ 48.276703] get_signal+0x368/0x1d00 [ 48.280412] ? _raw_spin_unlock_irq+0x22/0x70 [ 48.285255] ? finish_task_switch+0x12a/0x630 [ 48.289735] ? lockdep_hardirqs_on+0x42d/0x5d0 [ 48.294320] do_signal+0x87/0x16c0 [ 48.297844] ? finish_task_switch+0x12a/0x630 [ 48.302318] ? finish_task_switch+0xf3/0x630 [ 48.306724] ? rcu_is_watching+0x31/0x80 [ 48.310780] ? setup_sigcontext+0x7d0/0x7d0 [ 48.315094] ? __x64_sys_futex+0x1cb/0x38e [ 48.319321] ? rcu_read_lock_any_held.part.8+0x50/0x50 [ 48.324584] ? __sched_text_start+0x8/0x8 [ 48.328720] ? exit_to_usermode_loop+0x3a/0x210 [ 48.333384] ? do_syscall_64+0x50b/0x600 [ 48.337435] ? lockdep_hardirqs_on+0x42d/0x5d0 [ 48.342000] ? exit_to_usermode_loop+0x3a/0x210 [ 48.346927] ? trace_hardirqs_on+0x28/0x180 [ 48.351233] exit_to_usermode_loop+0x114/0x210 [ 48.355819] do_syscall_64+0x50b/0x600 [ 48.359709] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.364879] RIP: 0033:0x4549c9 [ 48.368063] Code: e8 6c b8 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 48.387048] RSP: 002b:00007fba27dc3ce8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 48.394752] RAX: fffffffffffffe00 RBX: 000000000072bf80 RCX: 00000000004549c9 [ 48.402006] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000072bf80 [ 48.409256] RBP: 000000000072bf80 R08: 0000000000000000 R09: 000000000072bf58 [ 48.416519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 48.423791] R13: 00007fffc7698f6f R14: 00007fba27dc49c0 R15: 0000000000000001 [ 48.431186] [ 48.432809] Allocated by task 4288: [ 48.436432] save_stack+0x21/0x90 [ 48.439868] __kasan_kmalloc.constprop.7+0xc1/0xd0 [ 48.444780] kasan_kmalloc+0x9/0x10 [ 48.448528] kmem_cache_alloc_trace+0x15b/0x760 [ 48.453196] __rdma_create_id+0x5d/0x510 [ 48.457281] ucma_create_id+0x199/0x550 [ 48.461256] ucma_write+0x206/0x2e0 [ 48.464864] __vfs_write+0x61/0x110 [ 48.469172] vfs_write+0x191/0x4c0 [ 48.472691] ksys_write+0x197/0x220 [ 48.476560] __x64_sys_write+0x6e/0xb0 [ 48.480427] do_syscall_64+0xd0/0x600 [ 48.484207] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.489374] [ 48.490985] Freed by task 4291: [ 48.494243] save_stack+0x21/0x90 [ 48.497676] __kasan_slab_free+0x11a/0x170 [ 48.501903] kasan_slab_free+0xe/0x10 [ 48.505687] kfree+0xfa/0x290 [ 48.508773] rdma_destroy_id+0x60e/0x9f0 [ 48.512829] ucma_close+0x101/0x2d0 [ 48.516439] __fput+0x25a/0x780 [ 48.519711] ____fput+0x9/0x10 [ 48.522882] task_work_run+0x10e/0x190 [ 48.526755] do_exit+0x9ed/0x2e30 [ 48.530203] do_group_exit+0xf4/0x2e0 [ 48.533983] get_signal+0x368/0x1d00 [ 48.537786] do_signal+0x87/0x16c0 [ 48.541833] exit_to_usermode_loop+0x114/0x210 [ 48.546393] do_syscall_64+0x50b/0x600 [ 48.550262] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.555461] [ 48.557076] The buggy address belongs to the object at ffff8881d55ae000 [ 48.557076] which belongs to the cache kmalloc-2k of size 2048 [ 48.569711] The buggy address is located 488 bytes inside of [ 48.569711] 2048-byte region [ffff8881d55ae000, ffff8881d55ae800) [ 48.581652] The buggy address belongs to the page: [ 48.586566] page:ffffea0007556b80 refcount:1 mapcount:0 mapping:ffff8881da000e00 index:0x0 [ 48.594948] raw: 02fffc0000000200 ffffea000738e988 ffffea00074c8188 ffff8881da000e00 [ 48.602908] raw: 0000000000000000 ffff8881d55ae000 0000000100000001 0000000000000000 [ 48.610768] page dumped because: kasan: bad access detected [ 48.616459] [ 48.618076] Memory state around the buggy address: [ 48.622998] ffff8881d55ae080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.630339] ffff8881d55ae100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.637677] >ffff8881d55ae180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.645103] ^ [ 48.651836] ffff8881d55ae200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.659175] ffff8881d55ae280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.666525] ================================================================== [ 48.673873] Disabling lock debugging due to kernel taint [ 48.679471] Kernel panic - not syncing: panic_on_warn set ... [ 48.685366] CPU: 0 PID: 4291 Comm: syz-executor Tainted: G B 5.5.0-rc5-syzkaller #0 [ 48.694615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.704209] Call Trace: [ 48.706800] dump_stack+0x12f/0x187 [ 48.710410] ? __list_del_entry_valid+0xb0/0xf3 [ 48.715061] panic+0x22a/0x4f5 [ 48.718252] ? add_taint.cold.7+0x11/0x11 [ 48.722395] ? do_raw_spin_unlock+0x54/0x260 [ 48.726795] ? do_raw_spin_unlock+0x54/0x260 [ 48.731190] ? __list_del_entry_valid+0xe7/0xf3 [ 48.736010] ? __list_del_entry_valid+0xe7/0xf3 [ 48.740666] end_report+0x47/0x4f [ 48.744121] __kasan_report.cold.11+0xe/0x39 [ 48.748538] ? __list_del_entry_valid+0xe7/0xf3 [ 48.753207] kasan_report+0x12/0x20 [ 48.756815] __asan_report_load8_noabort+0x14/0x20 [ 48.761724] __list_del_entry_valid+0xe7/0xf3 [ 48.766288] cma_cancel_operation+0x2f7/0x9c0 [ 48.770769] rdma_destroy_id+0x8d/0x9f0 [ 48.774741] ? complete+0x62/0x80 [ 48.778179] ucma_close+0x101/0x2d0 [ 48.781807] __fput+0x25a/0x780 [ 48.785088] ____fput+0x9/0x10 [ 48.788275] task_work_run+0x10e/0x190 [ 48.792164] do_exit+0x9ed/0x2e30 [ 48.795827] ? mm_update_next_owner+0x710/0x710 [ 48.800572] ? get_signal+0x2c4/0x1d00 [ 48.804458] ? lock_downgrade+0x900/0x900 [ 48.808680] ? _raw_spin_unlock_irq+0x22/0x70 [ 48.813157] ? get_signal+0x2c4/0x1d00 [ 48.817725] do_group_exit+0xf4/0x2e0 [ 48.821509] get_signal+0x368/0x1d00 [ 48.825208] ? _raw_spin_unlock_irq+0x22/0x70 [ 48.829703] ? finish_task_switch+0x12a/0x630 [ 48.834176] ? lockdep_hardirqs_on+0x42d/0x5d0 [ 48.838755] do_signal+0x87/0x16c0 [ 48.842274] ? finish_task_switch+0x12a/0x630 [ 48.846760] ? finish_task_switch+0xf3/0x630 [ 48.851147] ? rcu_is_watching+0x31/0x80 [ 48.855187] ? setup_sigcontext+0x7d0/0x7d0 [ 48.859492] ? __x64_sys_futex+0x1cb/0x38e [ 48.863706] ? rcu_read_lock_any_held.part.8+0x50/0x50 [ 48.868973] ? __sched_text_start+0x8/0x8 [ 48.873105] ? exit_to_usermode_loop+0x3a/0x210 [ 48.877855] ? do_syscall_64+0x50b/0x600 [ 48.881905] ? lockdep_hardirqs_on+0x42d/0x5d0 [ 48.886481] ? exit_to_usermode_loop+0x3a/0x210 [ 48.891152] ? trace_hardirqs_on+0x28/0x180 [ 48.895554] exit_to_usermode_loop+0x114/0x210 [ 48.900118] do_syscall_64+0x50b/0x600 [ 48.903995] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.909165] RIP: 0033:0x4549c9 [ 48.912336] Code: e8 6c b8 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 48.931217] RSP: 002b:00007fba27dc3ce8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 48.938916] RAX: fffffffffffffe00 RBX: 000000000072bf80 RCX: 00000000004549c9 [ 48.946179] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000072bf80 [ 48.953431] RBP: 000000000072bf80 R08: 0000000000000000 R09: 000000000072bf58 [ 48.960693] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 48.968032] R13: 00007fffc7698f6f R14: 00007fba27dc49c0 R15: 0000000000000001 [ 48.976271] Kernel Offset: disabled [ 48.979943] Rebooting in 86400 seconds..