Warning: Permanently added '10.128.0.126' (ECDSA) to the list of known hosts. 2020/03/25 00:36:37 parsed 1 programs 2020/03/25 00:36:39 executed programs: 0 [ 81.609785][ T9913] IPVS: ftp: loaded support on port[0] = 21 [ 81.670484][ T9913] chnl_net:caif_netlink_parms(): no params data found [ 81.710430][ T9913] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.717973][ T9913] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.726392][ T9913] device bridge_slave_0 entered promiscuous mode [ 81.734753][ T9913] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.742010][ T9913] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.749846][ T9913] device bridge_slave_1 entered promiscuous mode [ 81.768770][ T9913] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.780206][ T9913] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.800407][ T9913] team0: Port device team_slave_0 added [ 81.807974][ T9913] team0: Port device team_slave_1 added [ 81.823624][ T9913] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.830725][ T9913] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.856952][ T9913] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.869409][ T9913] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.876507][ T9913] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.902585][ T9913] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.977389][ T9913] device hsr_slave_0 entered promiscuous mode [ 82.015729][ T9913] device hsr_slave_1 entered promiscuous mode [ 82.127286][ T9913] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 82.178385][ T9913] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 82.237951][ T9913] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 82.278172][ T9913] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 82.332356][ T9913] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.339615][ T9913] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.347583][ T9913] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.354663][ T9913] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.400909][ T9913] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.414700][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 82.427347][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.435853][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.443708][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 82.457423][ T9913] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.468928][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 82.477623][ T3856] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.484713][ T3856] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.496633][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 82.506114][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.513173][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.536064][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 82.544663][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 82.554423][ T3852] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 82.566571][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 82.580315][ T9913] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 82.592099][ T9913] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 82.600548][ T2755] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 82.619502][ T3852] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 82.627355][ T3852] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 82.642550][ T9913] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.662869][ T2755] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 82.682816][ T3852] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 82.692446][ T3852] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 82.701369][ T3852] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 82.709087][ T3852] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 82.719815][ T9913] device veth0_vlan entered promiscuous mode [ 82.734302][ T9913] device veth1_vlan entered promiscuous mode [ 82.756765][ T2755] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 82.766584][ T2755] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 82.774616][ T2755] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 82.783614][ T2755] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 82.796688][ T9913] device veth0_macvtap entered promiscuous mode [ 82.807930][ T9913] device veth1_macvtap entered promiscuous mode [ 82.826358][ T9913] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.833877][ T2755] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 82.844389][ T2755] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 82.853130][ T2755] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 82.862072][ T2755] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 82.875350][ T9913] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.887191][ T3852] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 82.896956][ T3852] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 83.422961][ T9970] ================================================================== [ 83.431317][ T9970] BUG: KASAN: use-after-free in __list_add_valid+0x93/0xa0 [ 83.438533][ T9970] Read of size 8 at addr ffff8880a912f1e0 by task syz-executor.0/9970 [ 83.446665][ T9970] [ 83.449019][ T9970] CPU: 0 PID: 9970 Comm: syz-executor.0 Not tainted 5.6.0-rc7-syzkaller #0 [ 83.457621][ T9970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 83.467676][ T9970] Call Trace: [ 83.470960][ T9970] dump_stack+0x188/0x20d [ 83.475293][ T9970] ? __list_add_valid+0x93/0xa0 [ 83.480144][ T9970] ? __list_add_valid+0x93/0xa0 [ 83.485008][ T9970] print_address_description.constprop.0.cold+0xd3/0x315 [ 83.492070][ T9970] ? __list_add_valid+0x93/0xa0 [ 83.496915][ T9970] ? __list_add_valid+0x93/0xa0 [ 83.501747][ T9970] __kasan_report.cold+0x1a/0x32 [ 83.506673][ T9970] ? __list_add_valid+0x93/0xa0 [ 83.511512][ T9970] kasan_report+0xe/0x20 [ 83.515737][ T9970] __list_add_valid+0x93/0xa0 [ 83.520412][ T9970] rdma_listen+0x681/0x910 [ 83.524812][ T9970] ucma_listen+0x14d/0x1c0 [ 83.529214][ T9970] ? ucma_notify+0x190/0x190 [ 83.533856][ T9970] ? __might_fault+0x190/0x1d0 [ 83.538613][ T9970] ? _copy_from_user+0x123/0x190 [ 83.543549][ T9970] ? ucma_notify+0x190/0x190 [ 83.548137][ T9970] ucma_write+0x285/0x350 [ 83.552457][ T9970] ? ucma_open+0x270/0x270 [ 83.556867][ T9970] ? security_file_permission+0x8a/0x370 [ 83.562488][ T9970] ? ucma_open+0x270/0x270 [ 83.566888][ T9970] __vfs_write+0x76/0x100 [ 83.571223][ T9970] vfs_write+0x262/0x5c0 [ 83.575465][ T9970] ksys_write+0x1e8/0x250 [ 83.579810][ T9970] ? __ia32_sys_read+0xb0/0xb0 [ 83.584596][ T9970] ? __ia32_sys_clock_settime+0x260/0x260 [ 83.590311][ T9970] ? trace_hardirqs_off_caller+0x55/0x230 [ 83.596029][ T9970] do_syscall_64+0xf6/0x7d0 [ 83.600529][ T9970] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 83.606437][ T9970] RIP: 0033:0x45c849 [ 83.610319][ T9970] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 83.629922][ T9970] RSP: 002b:00007f4370357c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 83.638322][ T9970] RAX: ffffffffffffffda RBX: 00007f43703586d4 RCX: 000000000045c849 [ 83.646290][ T9970] RDX: 0000000000000010 RSI: 0000000020000040 RDI: 0000000000000003 [ 83.654256][ T9970] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 83.662229][ T9970] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 83.670187][ T9970] R13: 0000000000000cc0 R14: 00000000004cee4e R15: 000000000076bf0c [ 83.678158][ T9970] [ 83.680478][ T9970] Allocated by task 9964: [ 83.684806][ T9970] save_stack+0x1b/0x80 [ 83.688962][ T9970] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 83.694571][ T9970] kmem_cache_alloc_trace+0x153/0x7d0 [ 83.699920][ T9970] __rdma_create_id+0x5b/0x850 [ 83.704659][ T9970] ucma_create_id+0x1cb/0x580 [ 83.709320][ T9970] ucma_write+0x285/0x350 [ 83.713635][ T9970] __vfs_write+0x76/0x100 [ 83.717950][ T9970] vfs_write+0x262/0x5c0 [ 83.722204][ T9970] ksys_write+0x1e8/0x250 [ 83.726543][ T9970] do_syscall_64+0xf6/0x7d0 [ 83.731029][ T9970] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 83.736889][ T9970] [ 83.739196][ T9970] Freed by task 9964: [ 83.743154][ T9970] save_stack+0x1b/0x80 [ 83.747288][ T9970] __kasan_slab_free+0xf7/0x140 [ 83.752112][ T9970] kfree+0x109/0x2b0 [ 83.755981][ T9970] ucma_close+0x10b/0x300 [ 83.760286][ T9970] __fput+0x2da/0x850 [ 83.764242][ T9970] task_work_run+0x13f/0x1b0 [ 83.768807][ T9970] exit_to_usermode_loop+0x2fa/0x360 [ 83.774067][ T9970] do_syscall_64+0x6b1/0x7d0 [ 83.778647][ T9970] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 83.784520][ T9970] [ 83.786828][ T9970] The buggy address belongs to the object at ffff8880a912f000 [ 83.786828][ T9970] which belongs to the cache kmalloc-2k of size 2048 [ 83.800866][ T9970] The buggy address is located 480 bytes inside of [ 83.800866][ T9970] 2048-byte region [ffff8880a912f000, ffff8880a912f800) [ 83.814197][ T9970] The buggy address belongs to the page: [ 83.819817][ T9970] page:ffffea0002a44bc0 refcount:1 mapcount:0 mapping:ffff8880aa000e00 index:0x0 [ 83.828911][ T9970] flags: 0xfffe0000000200(slab) [ 83.833751][ T9970] raw: 00fffe0000000200 ffffea000290af48 ffffea00027e3888 ffff8880aa000e00 [ 83.842327][ T9970] raw: 0000000000000000 ffff8880a912f000 0000000100000001 0000000000000000 [ 83.850892][ T9970] page dumped because: kasan: bad access detected [ 83.857296][ T9970] [ 83.859598][ T9970] Memory state around the buggy address: [ 83.865204][ T9970] ffff8880a912f080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 83.873252][ T9970] ffff8880a912f100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 83.881346][ T9970] >ffff8880a912f180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 83.889387][ T9970] ^ [ 83.896597][ T9970] ffff8880a912f200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 83.904648][ T9970] ffff8880a912f280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 83.912689][ T9970] ================================================================== [ 83.920736][ T9970] Disabling lock debugging due to kernel taint [ 83.934165][ T9970] Kernel panic - not syncing: panic_on_warn set ... [ 83.940782][ T9970] CPU: 0 PID: 9970 Comm: syz-executor.0 Tainted: G B 5.6.0-rc7-syzkaller #0 [ 83.950750][ T9970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 83.960800][ T9970] Call Trace: [ 83.964078][ T9970] dump_stack+0x188/0x20d [ 83.968388][ T9970] panic+0x2e3/0x75c [ 83.972262][ T9970] ? add_taint.cold+0x16/0x16 [ 83.976920][ T9970] ? preempt_schedule_common+0x5e/0xc0 [ 83.982361][ T9970] ? __list_add_valid+0x93/0xa0 [ 83.987189][ T9970] ? ___preempt_schedule+0x16/0x18 [ 83.992285][ T9970] ? trace_hardirqs_on+0x55/0x220 [ 83.997294][ T9970] ? __list_add_valid+0x93/0xa0 [ 84.002125][ T9970] end_report+0x43/0x49 [ 84.006266][ T9970] ? __list_add_valid+0x93/0xa0 [ 84.011097][ T9970] __kasan_report.cold+0xd/0x32 [ 84.017054][ T9970] ? __list_add_valid+0x93/0xa0 [ 84.021882][ T9970] kasan_report+0xe/0x20 [ 84.026104][ T9970] __list_add_valid+0x93/0xa0 [ 84.030774][ T9970] rdma_listen+0x681/0x910 [ 84.035171][ T9970] ucma_listen+0x14d/0x1c0 [ 84.039564][ T9970] ? ucma_notify+0x190/0x190 [ 84.044133][ T9970] ? __might_fault+0x190/0x1d0 [ 84.048875][ T9970] ? _copy_from_user+0x123/0x190 [ 84.053792][ T9970] ? ucma_notify+0x190/0x190 [ 84.058358][ T9970] ucma_write+0x285/0x350 [ 84.062698][ T9970] ? ucma_open+0x270/0x270 [ 84.067095][ T9970] ? security_file_permission+0x8a/0x370 [ 84.072710][ T9970] ? ucma_open+0x270/0x270 [ 84.077105][ T9970] __vfs_write+0x76/0x100 [ 84.081426][ T9970] vfs_write+0x262/0x5c0 [ 84.085655][ T9970] ksys_write+0x1e8/0x250 [ 84.089970][ T9970] ? __ia32_sys_read+0xb0/0xb0 [ 84.094744][ T9970] ? __ia32_sys_clock_settime+0x260/0x260 [ 84.100454][ T9970] ? trace_hardirqs_off_caller+0x55/0x230 [ 84.106202][ T9970] do_syscall_64+0xf6/0x7d0 [ 84.110706][ T9970] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 84.116584][ T9970] RIP: 0033:0x45c849 [ 84.120465][ T9970] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 84.140056][ T9970] RSP: 002b:00007f4370357c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 84.148490][ T9970] RAX: ffffffffffffffda RBX: 00007f43703586d4 RCX: 000000000045c849 [ 84.156448][ T9970] RDX: 0000000000000010 RSI: 0000000020000040 RDI: 0000000000000003 [ 84.164403][ T9970] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 84.172405][ T9970] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 84.180395][ T9970] R13: 0000000000000cc0 R14: 00000000004cee4e R15: 000000000076bf0c [ 84.189826][ T9970] Kernel Offset: disabled [ 84.194148][ T9970] Rebooting in 86400 seconds..