[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[ 80.520586][ T27] audit: type=1800 audit(1584826945.531:25): pid=9396 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[ 80.551841][ T27] audit: type=1800 audit(1584826945.531:26): pid=9396 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[ 80.595827][ T27] audit: type=1800 audit(1584826945.531:27): pid=9396 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.0.24' (ECDSA) to the list of known hosts.
2020/03/21 21:42:35 parsed 1 programs
2020/03/21 21:42:37 executed programs: 0
syzkaller login: [ 92.676404][ T9566] IPVS: ftp: loaded support on port[0] = 21
[ 92.740356][ T9566] chnl_net:caif_netlink_parms(): no params data found
[ 92.783683][ T9566] bridge0: port 1(bridge_slave_0) entered blocking state
[ 92.791177][ T9566] bridge0: port 1(bridge_slave_0) entered disabled state
[ 92.799296][ T9566] device bridge_slave_0 entered promiscuous mode
[ 92.807706][ T9566] bridge0: port 2(bridge_slave_1) entered blocking state
[ 92.815079][ T9566] bridge0: port 2(bridge_slave_1) entered disabled state
[ 92.822948][ T9566] device bridge_slave_1 entered promiscuous mode
[ 92.842135][ T9566] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 92.854680][ T9566] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 92.875701][ T9566] team0: Port device team_slave_0 added
[ 92.883503][ T9566] team0: Port device team_slave_1 added
[ 92.899258][ T9566] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 92.906251][ T9566] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 92.932304][ T9566] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 92.944603][ T9566] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 92.951547][ T9566] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 92.977605][ T9566] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 93.035032][ T9566] device hsr_slave_0 entered promiscuous mode
[ 93.072247][ T9566] device hsr_slave_1 entered promiscuous mode
[ 93.180018][ T9566] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 93.235172][ T9566] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 93.295103][ T9566] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 93.354601][ T9566] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 93.407359][ T9566] bridge0: port 2(bridge_slave_1) entered blocking state
[ 93.414701][ T9566] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 93.422729][ T9566] bridge0: port 1(bridge_slave_0) entered blocking state
[ 93.429836][ T9566] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 93.475432][ T9566] 8021q: adding VLAN 0 to HW filter on device bond0
[ 93.488536][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 93.498747][ T3224] bridge0: port 1(bridge_slave_0) entered disabled state
[ 93.507178][ T3224] bridge0: port 2(bridge_slave_1) entered disabled state
[ 93.515685][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 93.529280][ T9566] 8021q: adding VLAN 0 to HW filter on device team0
[ 93.540412][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 93.549202][ T2941] bridge0: port 1(bridge_slave_0) entered blocking state
[ 93.556281][ T2941] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 93.568151][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 93.577974][ T3224] bridge0: port 2(bridge_slave_1) entered blocking state
[ 93.585138][ T3224] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 93.605294][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 93.615055][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 93.633780][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 93.643192][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 93.651557][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 93.664408][ T9566] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 93.683535][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 93.691110][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 93.707620][ T9566] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 93.727995][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 93.747187][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 93.756000][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 93.766623][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 93.774623][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 93.786109][ T9566] device veth0_vlan entered promiscuous mode
[ 93.798379][ T9566] device veth1_vlan entered promiscuous mode
[ 93.819672][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 93.828588][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 93.837272][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 93.846782][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 93.858869][ T9566] device veth0_macvtap entered promiscuous mode
[ 93.871876][ T9566] device veth1_macvtap entered promiscuous mode
[ 93.888843][ T9566] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 93.896523][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 93.904781][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 93.913219][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 93.921658][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 93.934384][ T9566] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 93.941881][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 93.950473][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 94.393172][ T9598] ==================================================================
[ 94.401398][ T9598] BUG: KASAN: use-after-free in __list_add_valid+0x93/0xa0
[ 94.408591][ T9598] Read of size 8 at addr ffff88808cb9f1e0 by task syz-executor.0/9598
[ 94.416715][ T9598]
[ 94.419027][ T9598] CPU: 1 PID: 9598 Comm: syz-executor.0 Not tainted 5.6.0-rc6-syzkaller #0
[ 94.427585][ T9598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 94.437830][ T9598] Call Trace:
[ 94.441115][ T9598] dump_stack+0x188/0x20d
[ 94.445506][ T9598] ? __list_add_valid+0x93/0xa0
[ 94.450354][ T9598] ? __list_add_valid+0x93/0xa0
[ 94.455304][ T9598] print_address_description.constprop.0.cold+0xd3/0x315
[ 94.463121][ T9598] ? __list_add_valid+0x93/0xa0
[ 94.467995][ T9598] ? __list_add_valid+0x93/0xa0
[ 94.473331][ T9598] __kasan_report.cold+0x1a/0x32
[ 94.478320][ T9598] ? __list_add_valid+0x93/0xa0
[ 94.483159][ T9598] kasan_report+0xe/0x20
[ 94.487436][ T9598] __list_add_valid+0x93/0xa0
[ 94.492103][ T9598] rdma_listen+0x681/0x910
[ 94.496505][ T9598] ucma_listen+0x14d/0x1c0
[ 94.500914][ T9598] ? ucma_notify+0x190/0x190
[ 94.505546][ T9598] ? __might_fault+0x190/0x1d0
[ 94.510312][ T9598] ? _copy_from_user+0x123/0x190
[ 94.515519][ T9598] ? ucma_notify+0x190/0x190
[ 94.520099][ T9598] ucma_write+0x285/0x350
[ 94.524495][ T9598] ? ucma_open+0x270/0x270
[ 94.528914][ T9598] ? security_file_permission+0x8a/0x370
[ 94.534657][ T9598] ? ucma_open+0x270/0x270
[ 94.539077][ T9598] __vfs_write+0x76/0x100
[ 94.543399][ T9598] vfs_write+0x262/0x5c0
[ 94.547652][ T9598] ksys_write+0x1e8/0x250
[ 94.551979][ T9598] ? __ia32_sys_read+0xb0/0xb0
[ 94.556735][ T9598] ? __ia32_sys_clock_settime+0x260/0x260
[ 94.562454][ T9598] ? trace_hardirqs_off_caller+0x55/0x230
[ 94.568175][ T9598] do_syscall_64+0xf6/0x7d0
[ 94.572673][ T9598] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 94.579402][ T9598] RIP: 0033:0x45c849
[ 94.583281][ T9598] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 94.602927][ T9598] RSP: 002b:00007fa3abca9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 94.611713][ T9598] RAX: ffffffffffffffda RBX: 00007fa3abcaa6d4 RCX: 000000000045c849
[ 94.619684][ T9598] RDX: 0000000000000010 RSI: 0000000020000040 RDI: 0000000000000003
[ 94.627652][ T9598] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
[ 94.635797][ T9598] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 94.643766][ T9598] R13: 0000000000000cc0 R14: 00000000004cee66 R15: 000000000076bf0c
[ 94.652787][ T9598]
[ 94.655106][ T9598] Allocated by task 9592:
[ 94.659507][ T9598] save_stack+0x1b/0x80
[ 94.663658][ T9598] __kasan_kmalloc.constprop.0+0xbf/0xd0
[ 94.669268][ T9598] kmem_cache_alloc_trace+0x153/0x7d0
[ 94.674626][ T9598] __rdma_create_id+0x5b/0x850
[ 94.679460][ T9598] ucma_create_id+0x1cb/0x580
[ 94.684121][ T9598] ucma_write+0x285/0x350
[ 94.688446][ T9598] __vfs_write+0x76/0x100
[ 94.692770][ T9598] vfs_write+0x262/0x5c0
[ 94.696992][ T9598] ksys_write+0x1e8/0x250
[ 94.701305][ T9598] do_syscall_64+0xf6/0x7d0
[ 94.705963][ T9598] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 94.711917][ T9598]
[ 94.714240][ T9598] Freed by task 9592:
[ 94.718393][ T9598] save_stack+0x1b/0x80
[ 94.722620][ T9598] __kasan_slab_free+0xf7/0x140
[ 94.729243][ T9598] kfree+0x109/0x2b0
[ 94.733129][ T9598] ucma_close+0x10b/0x300
[ 94.737555][ T9598] __fput+0x2da/0x850
[ 94.741523][ T9598] task_work_run+0x13f/0x1b0
[ 94.746094][ T9598] exit_to_usermode_loop+0x2fa/0x360
[ 94.751362][ T9598] do_syscall_64+0x6b1/0x7d0
[ 94.755937][ T9598] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 94.762016][ T9598]
[ 94.764404][ T9598] The buggy address belongs to the object at ffff88808cb9f000
[ 94.764404][ T9598] which belongs to the cache kmalloc-2k of size 2048
[ 94.778502][ T9598] The buggy address is located 480 bytes inside of
[ 94.778502][ T9598] 2048-byte region [ffff88808cb9f000, ffff88808cb9f800)
[ 94.792146][ T9598] The buggy address belongs to the page:
[ 94.797783][ T9598] page:ffffea000232e7c0 refcount:1 mapcount:0 mapping:ffff8880aa000e00 index:0x0
[ 94.806905][ T9598] flags: 0xfffe0000000200(slab)
[ 94.811776][ T9598] raw: 00fffe0000000200 ffffea0002629088 ffffea0002368388 ffff8880aa000e00
[ 94.820366][ T9598] raw: 0000000000000000 ffff88808cb9f000 0000000100000001 0000000000000000
[ 94.829002][ T9598] page dumped because: kasan: bad access detected
[ 94.835408][ T9598]
[ 94.837848][ T9598] Memory state around the buggy address:
[ 94.843471][ T9598] ffff88808cb9f080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 94.851520][ T9598] ffff88808cb9f100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 94.859832][ T9598] >ffff88808cb9f180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 94.867885][ T9598] ^
[ 94.875112][ T9598] ffff88808cb9f200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 94.883214][ T9598] ffff88808cb9f280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 94.891259][ T9598] ==================================================================
[ 94.899306][ T9598] Disabling lock debugging due to kernel taint
[ 94.913393][ T9598] Kernel panic - not syncing: panic_on_warn set ...
[ 94.920196][ T9598] CPU: 1 PID: 9598 Comm: syz-executor.0 Tainted: G B 5.6.0-rc6-syzkaller #0
[ 94.930464][ T9598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 94.940681][ T9598] Call Trace:
[ 94.943995][ T9598] dump_stack+0x188/0x20d
[ 94.948317][ T9598] panic+0x2e3/0x75c
[ 94.952260][ T9598] ? add_taint.cold+0x16/0x16
[ 94.956938][ T9598] ? preempt_schedule_common+0x5e/0xc0
[ 94.962383][ T9598] ? __list_add_valid+0x93/0xa0
[ 94.967229][ T9598] ? ___preempt_schedule+0x16/0x18
[ 94.972328][ T9598] ? trace_hardirqs_on+0x55/0x220
[ 94.977350][ T9598] ? __list_add_valid+0x93/0xa0
[ 94.982184][ T9598] end_report+0x43/0x49
[ 94.986320][ T9598] ? __list_add_valid+0x93/0xa0
[ 94.991149][ T9598] __kasan_report.cold+0xd/0x32
[ 94.995980][ T9598] ? __list_add_valid+0x93/0xa0
[ 95.000825][ T9598] kasan_report+0xe/0x20
[ 95.005050][ T9598] __list_add_valid+0x93/0xa0
[ 95.009708][ T9598] rdma_listen+0x681/0x910
[ 95.014111][ T9598] ucma_listen+0x14d/0x1c0
[ 95.018523][ T9598] ? ucma_notify+0x190/0x190
[ 95.023109][ T9598] ? __might_fault+0x190/0x1d0
[ 95.027861][ T9598] ? _copy_from_user+0x123/0x190
[ 95.032832][ T9598] ? ucma_notify+0x190/0x190
[ 95.037452][ T9598] ucma_write+0x285/0x350
[ 95.041776][ T9598] ? ucma_open+0x270/0x270
[ 95.046196][ T9598] ? security_file_permission+0x8a/0x370
[ 95.051812][ T9598] ? ucma_open+0x270/0x270
[ 95.056221][ T9598] __vfs_write+0x76/0x100
[ 95.060535][ T9598] vfs_write+0x262/0x5c0
[ 95.064776][ T9598] ksys_write+0x1e8/0x250
[ 95.069099][ T9598] ? __ia32_sys_read+0xb0/0xb0
[ 95.073857][ T9598] ? __ia32_sys_clock_settime+0x260/0x260
[ 95.079564][ T9598] ? trace_hardirqs_off_caller+0x55/0x230
[ 95.085282][ T9598] do_syscall_64+0xf6/0x7d0
[ 95.089785][ T9598] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 95.095697][ T9598] RIP: 0033:0x45c849
[ 95.099579][ T9598] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 95.119171][ T9598] RSP: 002b:00007fa3abca9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 95.127597][ T9598] RAX: ffffffffffffffda RBX: 00007fa3abcaa6d4 RCX: 000000000045c849
[ 95.135682][ T9598] RDX: 0000000000000010 RSI: 0000000020000040 RDI: 0000000000000003
[ 95.143646][ T9598] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
[ 95.151596][ T9598] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 95.159568][ T9598] R13: 0000000000000cc0 R14: 00000000004cee66 R15: 000000000076bf0c
[ 95.169215][ T9598] Kernel Offset: disabled
[ 95.173554][ T9598] Rebooting in 86400 seconds..