[ 37.994517][ T26] audit: type=1800 audit(1553851985.425:27): pid=7611 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[ 38.021419][ T26] audit: type=1800 audit(1553851985.425:28): pid=7611 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[ 38.750015][ T26] audit: type=1800 audit(1553851986.235:29): pid=7611 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[ 38.775028][ T26] audit: type=1800 audit(1553851986.245:30): pid=7611 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.15.204' (ECDSA) to the list of known hosts.
2019/03/29 09:33:16 fuzzer started
2019/03/29 09:33:19 dialing manager at 10.128.0.26:43143
2019/03/29 09:33:19 syscalls: 1
2019/03/29 09:33:19 code coverage: enabled
2019/03/29 09:33:19 comparison tracing: enabled
2019/03/29 09:33:19 extra coverage: extra coverage is not supported by the kernel
2019/03/29 09:33:19 setuid sandbox: enabled
2019/03/29 09:33:19 namespace sandbox: enabled
2019/03/29 09:33:19 Android sandbox: /sys/fs/selinux/policy does not exist
2019/03/29 09:33:19 fault injection: enabled
2019/03/29 09:33:19 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/03/29 09:33:19 net packet injection: enabled
2019/03/29 09:33:19 net device setup: enabled
09:36:02 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000000)={0x0, 0x0, 0x80003ff, 0x0, 0x1b, 0x20040, 0x0, 0x1000000004})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
syz_execute_func(&(0x7f00000000c0)="c4827d5a6e0df3e1005e57c3c3e2c9b7d991734e424a2664f0ff064a460f3038082e67660f50e900004681e400000100440fe531feabc4aba39d6c450754e50c420fae9972b571112d02")
syzkaller login: [ 215.358372][ T7776] IPVS: ftp: loaded support on port[0] = 21
09:36:02 executing program 1:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff})
ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000000)={0x0, 0x0, 0x98e9, 0x0, 0x5, 0x0, 0xffffffffffffffff, 0x0, 0x3437f0dd})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_execute_func(&(0x7f00000000c0)="c4827d5a6e0d5e57c3c3b7d95a914e424a2664f0ff065b460f343030082e67660f50e900004681e400000100440fe531feabc4aba39d6c450754ddea420fae9972b571112d02")
[ 215.469845][ T7776] chnl_net:caif_netlink_parms(): no params data found
[ 215.557920][ T7776] bridge0: port 1(bridge_slave_0) entered blocking state
[ 215.582821][ T7776] bridge0: port 1(bridge_slave_0) entered disabled state
[ 215.590901][ T7776] device bridge_slave_0 entered promiscuous mode
[ 215.600241][ T7776] bridge0: port 2(bridge_slave_1) entered blocking state
[ 215.607654][ T7776] bridge0: port 2(bridge_slave_1) entered disabled state
[ 215.615547][ T7776] device bridge_slave_1 entered promiscuous mode
[ 215.638510][ T7776] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 215.649133][ T7776] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 215.651498][ T7779] IPVS: ftp: loaded support on port[0] = 21
09:36:03 executing program 2:
socketpair$unix(0x1, 0x20000000000002, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000000)={0x0, 0x0, 0x3, 0x0, 0x7, 0x2, 0xe2})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_execute_func(&(0x7f00000000c0)="c4827d5a6e0d5e57c3c3b7d95a91914e424a2664f0ff065b460f343030082e67660f50e900004681e400000100440fe531feabc4aba39d6c450754ddea420fae9972b571112d02")
[ 215.679123][ T7776] team0: Port device team_slave_0 added
[ 215.687079][ T7776] team0: Port device team_slave_1 added
[ 215.775448][ T7776] device hsr_slave_0 entered promiscuous mode
[ 215.813088][ T7776] device hsr_slave_1 entered promiscuous mode
09:36:03 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000000)={0x0, 0x0, 0x7, 0x0, 0x14, 0x0, 0x0, 0xffffffffffffffff, 0x80000000})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
syz_execute_func(&(0x7f00000000c0)="c4827d5a6e0df3e1005e57c3c3e2c9b7d991734e424a2664f0ff064a460f3038082e67660f50e900004681e400000100440fe531feabc4aba39d6c450754e50c420fae9972b571112d02")
[ 215.967764][ T7781] IPVS: ftp: loaded support on port[0] = 21
[ 216.029969][ T7776] bridge0: port 2(bridge_slave_1) entered blocking state
[ 216.037223][ T7776] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 216.044969][ T7776] bridge0: port 1(bridge_slave_0) entered blocking state
[ 216.052061][ T7776] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 216.078126][ T7783] IPVS: ftp: loaded support on port[0] = 21
09:36:03 executing program 4:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff}, 0x13f}}, 0xffaf)
write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f00000000c0)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000040)=0x1, r1, 0x0, 0x2, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000200)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21}, {0xa, 0x0, 0x0, @mcast1}, r1}}, 0x48)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f00000003c0)={0x3, 0x8, 0xfa00, {{0xa, 0x4e21, 0x0, @ipv4}, {}, r2}}, 0x48)
write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000001c0)={0x7, 0x8, 0xfa00, {r2}}, 0x10)
[ 216.295728][ T7779] chnl_net:caif_netlink_parms(): no params data found
[ 216.310669][ T7781] chnl_net:caif_netlink_parms(): no params data found
[ 216.348666][ T7776] 8021q: adding VLAN 0 to HW filter on device bond0
[ 216.394573][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 216.408695][ T17] bridge0: port 1(bridge_slave_0) entered disabled state
[ 216.427146][ T17] bridge0: port 2(bridge_slave_1) entered disabled state
[ 216.436137][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
09:36:04 executing program 5:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000ac0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(aes-aesni)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r1 = accept$alg(r0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000001380)={0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0)
recvmmsg(r1, &(0x7f0000004ec0)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=""/84, 0x54}], 0x1}}], 0x1, 0x0, 0x0)
[ 216.452546][ T7776] 8021q: adding VLAN 0 to HW filter on device team0
[ 216.481843][ T7788] IPVS: ftp: loaded support on port[0] = 21
[ 216.586701][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 216.595706][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 216.606866][ T17] bridge0: port 1(bridge_slave_0) entered blocking state
[ 216.613988][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 216.621785][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 216.632481][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 216.640841][ T17] bridge0: port 2(bridge_slave_1) entered blocking state
[ 216.647893][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 216.655555][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 216.663987][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 216.672332][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 216.680822][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 216.689026][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 216.697475][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 216.706104][ T7779] bridge0: port 1(bridge_slave_0) entered blocking state
[ 216.713818][ T7779] bridge0: port 1(bridge_slave_0) entered disabled state
[ 216.721357][ T7779] device bridge_slave_0 entered promiscuous mode
[ 216.731641][ T7779] bridge0: port 2(bridge_slave_1) entered blocking state
[ 216.738764][ T7779] bridge0: port 2(bridge_slave_1) entered disabled state
[ 216.746599][ T7779] device bridge_slave_1 entered promiscuous mode
[ 216.760013][ T7781] bridge0: port 1(bridge_slave_0) entered blocking state
[ 216.767563][ T7781] bridge0: port 1(bridge_slave_0) entered disabled state
[ 216.775517][ T7781] device bridge_slave_0 entered promiscuous mode
[ 216.782992][ T7781] bridge0: port 2(bridge_slave_1) entered blocking state
[ 216.790042][ T7781] bridge0: port 2(bridge_slave_1) entered disabled state
[ 216.797825][ T7781] device bridge_slave_1 entered promiscuous mode
[ 216.809975][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 216.836135][ T7779] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 216.857322][ T7781] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 216.866447][ T7783] chnl_net:caif_netlink_parms(): no params data found
[ 216.881880][ T7779] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 216.900624][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 216.909033][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 216.920918][ T7776] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 216.932891][ T7776] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 216.941903][ T7781] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 216.980848][ T7792] IPVS: ftp: loaded support on port[0] = 21
[ 216.990033][ T3739] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 216.998540][ T3739] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 217.016493][ T7779] team0: Port device team_slave_0 added
[ 217.036257][ T7781] team0: Port device team_slave_0 added
[ 217.043664][ T7779] team0: Port device team_slave_1 added
[ 217.064321][ T7783] bridge0: port 1(bridge_slave_0) entered blocking state
[ 217.071422][ T7783] bridge0: port 1(bridge_slave_0) entered disabled state
[ 217.079142][ T7783] device bridge_slave_0 entered promiscuous mode
[ 217.087449][ T7781] team0: Port device team_slave_1 added
[ 217.155845][ T7779] device hsr_slave_0 entered promiscuous mode
[ 217.193040][ T7779] device hsr_slave_1 entered promiscuous mode
[ 217.236167][ T7783] bridge0: port 2(bridge_slave_1) entered blocking state
[ 217.243445][ T7783] bridge0: port 2(bridge_slave_1) entered disabled state
[ 217.251025][ T7783] device bridge_slave_1 entered promiscuous mode
[ 217.315474][ T7781] device hsr_slave_0 entered promiscuous mode
[ 217.373222][ T7781] device hsr_slave_1 entered promiscuous mode
[ 217.465025][ T7783] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 217.475315][ T7783] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 217.486553][ T7776] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 217.605091][ T7788] chnl_net:caif_netlink_parms(): no params data found
[ 217.619772][ T7783] team0: Port device team_slave_0 added
[ 217.628308][ T7783] team0: Port device team_slave_1 added
[ 217.735277][ T7783] device hsr_slave_0 entered promiscuous mode
[ 217.793095][ T7783] device hsr_slave_1 entered promiscuous mode
09:36:05 executing program 0:
syz_emit_ethernet(0xffffffffffffffea, &(0x7f0000000000)={@local, @dev, [], {@ipv4={0x800, {{0x9, 0x4, 0x13, 0x0, 0x2ce, 0x0, 0x0, 0x0, 0x29, 0x0, @rand_addr, @multicast1}, @icmp=@address_reply={0x8, 0x10}}}}}, &(0x7f0000000040)={0x0, 0x3, [0x0, 0x2d9, 0x3]})
[ 217.906815][ T7792] chnl_net:caif_netlink_parms(): no params data found
[ 217.913695][ T7802] sit: non-ECT from 0.0.0.0 with TOS=0x3
[ 217.914425][ T7802] sit: non-ECT from 0.0.0.0 with TOS=0x3
[ 217.942652][ T7788] bridge0: port 1(bridge_slave_0) entered blocking state
09:36:05 executing program 0:
syz_emit_ethernet(0xffffffffffffffea, &(0x7f0000000000)={@local, @dev, [], {@ipv4={0x800, {{0x9, 0x4, 0x13, 0x0, 0x2ce, 0x0, 0x0, 0x0, 0x29, 0x0, @rand_addr, @multicast1}, @icmp=@address_reply={0x8, 0x10}}}}}, &(0x7f0000000040)={0x0, 0x3, [0x0, 0x2d9, 0x3]})
09:36:05 executing program 0:
syz_emit_ethernet(0xffffffffffffffea, &(0x7f0000000000)={@local, @dev, [], {@ipv4={0x800, {{0x9, 0x4, 0x13, 0x0, 0x2ce, 0x0, 0x0, 0x0, 0x29, 0x0, @rand_addr, @multicast1}, @icmp=@address_reply={0x8, 0x10}}}}}, &(0x7f0000000040)={0x0, 0x3, [0x0, 0x2d9, 0x3]})
[ 217.959385][ T7788] bridge0: port 1(bridge_slave_0) entered disabled state
[ 217.975222][ T7788] device bridge_slave_0 entered promiscuous mode
[ 217.995750][ T7805] sit: non-ECT from 0.0.0.0 with TOS=0x3
[ 217.996851][ T7781] 8021q: adding VLAN 0 to HW filter on device bond0
[ 218.037889][ T7788] bridge0: port 2(bridge_slave_1) entered blocking state
[ 218.050337][ T7788] bridge0: port 2(bridge_slave_1) entered disabled state
[ 218.060001][ T7788] device bridge_slave_1 entered promiscuous mode
[ 218.074816][ T7808] sit: non-ECT from 0.0.0.0 with TOS=0x3
09:36:05 executing program 0:
syz_emit_ethernet(0xffffffffffffffea, &(0x7f0000000000)={@local, @dev, [], {@ipv4={0x800, {{0x9, 0x4, 0x13, 0x0, 0x2ce, 0x0, 0x0, 0x0, 0x29, 0x0, @rand_addr, @multicast1}, @icmp=@address_reply={0x8, 0x10}}}}}, &(0x7f0000000040)={0x0, 0x3, [0x0, 0x2d9, 0x3]})
[ 218.091824][ T7779] 8021q: adding VLAN 0 to HW filter on device bond0
[ 218.147561][ T7811] sit: non-ECT from 0.0.0.0 with TOS=0x3
[ 218.161140][ T7788] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 218.188077][ T7792] bridge0: port 1(bridge_slave_0) entered blocking state
[ 218.195302][ T7792] bridge0: port 1(bridge_slave_0) entered disabled state
[ 218.211565][ T7792] device bridge_slave_0 entered promiscuous mode
[ 218.221522][ T7792] bridge0: port 2(bridge_slave_1) entered blocking state
09:36:05 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000000)={0x0, 0x0, 0x3, 0x0, 0xc, 0x0, 0x0, 0xeb})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
syz_execute_func(&(0x7f00000000c0)="c4827d5a6e0d5e57c3c3b7d95a91914e424a2664f0ff065b460f343030082e67660f50e900004681e400000100440fe531feabc4aba39d6c450754ddea420fae9972b571112d02")
[ 218.236430][ T7792] bridge0: port 2(bridge_slave_1) entered disabled state
[ 218.251485][ T7792] device bridge_slave_1 entered promiscuous mode
[ 218.261948][ T7784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 218.269982][ T7784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 218.279374][ T7788] bond0: Enslaving bond_slave_1 as an active interface with an up link
09:36:05 executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
syz_execute_func(&(0x7f00000000c0)="c4827d5a6e0df3e1005e57c3c3e2c9b7d991734e424a2664f0ff064a460f3038082e67660f50e900004681e400000100440fe531feabc4aba39d6c450754e50c420fae9972b571112d02")
ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000000)={0x0, 0x0, 0x4000009, 0x0, 0x0, 0x0, 0x2, 0xffffffffffffffdc, 0x8})
[ 218.314970][ T7792] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 218.325782][ T7781] 8021q: adding VLAN 0 to HW filter on device team0
[ 218.333948][ T7788] team0: Port device team_slave_0 added
[ 218.341256][ T7792] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 218.391107][ T7792] team0: Port device team_slave_0 added
[ 218.399183][ T7788] team0: Port device team_slave_1 added
[ 218.430747][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 218.438952][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 218.450184][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 218.460589][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 218.475099][ T17] bridge0: port 1(bridge_slave_0) entered blocking state
[ 218.482190][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 218.492445][ T7779] 8021q: adding VLAN 0 to HW filter on device team0
[ 218.501772][ T7792] team0: Port device team_slave_1 added
[ 218.575330][ T7792] device hsr_slave_0 entered promiscuous mode
[ 218.620437][ T7792] device hsr_slave_1 entered promiscuous mode
[ 218.715402][ T7788] device hsr_slave_0 entered promiscuous mode
[ 218.773082][ T7788] device hsr_slave_1 entered promiscuous mode
[ 218.825975][ T7784] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 218.871077][ T7783] 8021q: adding VLAN 0 to HW filter on device bond0
[ 218.892787][ T7784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 218.901388][ T7784] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 218.910867][ T7784] bridge0: port 1(bridge_slave_0) entered blocking state
[ 218.918017][ T7784] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 218.927695][ T7784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 218.936464][ T7784] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 218.945424][ T7784] bridge0: port 2(bridge_slave_1) entered blocking state
[ 218.952544][ T7784] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 218.960550][ T7784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 218.969832][ T7784] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 218.978514][ T7784] bridge0: port 2(bridge_slave_1) entered blocking state
[ 218.985647][ T7784] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 218.993580][ T7784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 219.002422][ T7784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 219.011432][ T7784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 219.020324][ T7784] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 219.029122][ T7784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 219.039985][ T7784] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 219.048748][ T7784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 219.057708][ T7784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 219.066600][ T7784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 219.075408][ T7784] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 219.084080][ T7784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 219.093126][ T7784] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 219.107562][ T7781] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 219.120874][ T7781] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 219.161421][ T7783] 8021q: adding VLAN 0 to HW filter on device team0
09:36:06 executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
syz_execute_func(&(0x7f00000000c0)="c4827d5a6e0df3e1005e57c3c3e2c9b7d991734e424a2664f0ff064a460f3038082e67660f50e900004681e400000100440fe531feabc4aba39d6c450754e50c420fae9972b571112d02")
ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000000)={0x0, 0x0, 0x4000009, 0x0, 0x0, 0x0, 0x2, 0xffffffffffffffdc, 0x8})
[ 219.175665][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 219.188920][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 219.199298][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 219.211015][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 219.226919][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 219.238126][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 219.250184][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 219.258421][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 219.268196][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 219.275969][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 219.284516][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 219.293241][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 219.301361][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 219.310129][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 219.325737][ T7779] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 219.344808][ T7781] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 219.393788][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 219.402357][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 219.417703][ T2988] bridge0: port 1(bridge_slave_0) entered blocking state
[ 219.424800][ T2988] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 219.432606][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 219.441167][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 219.449659][ T2988] bridge0: port 2(bridge_slave_1) entered blocking state
[ 219.456733][ T2988] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 219.486818][ T7792] 8021q: adding VLAN 0 to HW filter on device bond0
[ 219.498579][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 219.507099][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 219.527896][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 219.555124][ T7783] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 219.567155][ T7783] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 219.588558][ T7788] 8021q: adding VLAN 0 to HW filter on device bond0
[ 219.596102][ T7784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 219.604671][ T7784] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 219.613041][ T7784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 219.621405][ T7784] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 219.630888][ T7784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 219.639185][ T7784] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 219.647618][ T7784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 219.656363][ T7784] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 219.665080][ T7784] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 219.672937][ T7784] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 219.682114][ T7779] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 219.703371][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 219.711111][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 219.724160][ T7788] 8021q: adding VLAN 0 to HW filter on device team0
[ 219.733358][ T7792] 8021q: adding VLAN 0 to HW filter on device team0
[ 219.745984][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 219.759889][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 219.773586][ T7784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 219.782091][ T7784] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 219.790703][ T7784] bridge0: port 1(bridge_slave_0) entered blocking state
[ 219.797793][ T7784] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 219.805992][ T7784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 219.814966][ T7784] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 219.823375][ T7784] bridge0: port 2(bridge_slave_1) entered blocking state
[ 219.830411][ T7784] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 219.839774][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 219.847814][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 219.856504][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 219.865235][ T2988] bridge0: port 1(bridge_slave_0) entered blocking state
[ 219.872280][ T2988] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 219.880920][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 219.929563][ T7783] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 219.941822][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 219.952832][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 219.961190][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 219.969838][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 219.978394][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 219.987257][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 219.995983][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 220.004919][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 220.013140][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 220.021297][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 220.029723][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 220.038406][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 220.046736][ T17] bridge0: port 2(bridge_slave_1) entered blocking state
[ 220.053804][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 220.061223][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 220.069760][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 220.078132][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 220.087327][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 220.097120][ T7792] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
09:36:07 executing program 1:
socketpair$unix(0x1, 0x400000000005, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000000)={0x0, 0x0, 0x5bb, 0x0, 0xfffffffffffffffd, 0x0, 0x551, 0x0, 0x1})
syz_execute_func(&(0x7f00000000c0)="c4827d5a6e0df3e1005e57c3c3e2c9b7d991734e424a2664f0ff064a460f3038082e67660f50e900004681e400000100440fe531feabc4aba39d6c450754e50c420fae9972b571112d02")
09:36:07 executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
syz_execute_func(&(0x7f00000000c0)="c4827d5a6e0df3e1005e57c3c3e2c9b7d991734e424a2664f0ff064a460f3038082e67660f50e900004681e400000100440fe531feabc4aba39d6c450754e50c420fae9972b571112d02")
ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000000)={0x0, 0x0, 0x4000009, 0x0, 0x0, 0x0, 0x2, 0xffffffffffffffdc, 0x8})
[ 220.121428][ T7788] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 220.139681][ T7788] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 220.151895][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 220.174053][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 220.184273][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 220.193201][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 220.201745][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 220.213358][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 220.221592][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 220.230599][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 220.240098][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 220.261974][ T7788] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 220.381668][ T7792] 8021q: adding VLAN 0 to HW filter on device batadv0
09:36:07 executing program 3:
r0 = socket$inet(0x2, 0x80001, 0x84)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10)
sendmsg(r0, &(0x7f000001afc8)={&(0x7f0000006000)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)='*', 0x1}], 0x1}, 0x0)
write$binfmt_elf32(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="ee"], 0x1)
shutdown(r0, 0x1)
close(r0)
09:36:08 executing program 2:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff})
ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000000)={0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1f, 0x9, 0x2000004000ce95})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_execute_func(&(0x7f00000000c0)="c4827d5a6e0d5e57c3c7b7d95a91914e424a2664f0ff065b460f343030082e67660f50e9000046a1e400000100440fe531feabc4aba39d6c450754ddea420fae9972b571112d02")
09:36:08 executing program 5:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000ac0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(aes-aesni)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r1 = accept$alg(r0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000001380)={0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0)
recvmmsg(r1, &(0x7f0000004ec0)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=""/84, 0x54}], 0x1}}], 0x1, 0x0, 0x0)
09:36:08 executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
syz_execute_func(&(0x7f00000000c0)="c4827d5a6e0df3e1005e57c3c3e2c9b7d991734e424a2664f0ff064a460f3038082e67660f50e900004681e400000100440fe531feabc4aba39d6c450754e50c420fae9972b571112d02")
ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000000)={0x0, 0x0, 0x4000009, 0x0, 0x0, 0x0, 0x2, 0xffffffffffffffdc, 0x8})
09:36:08 executing program 1:
socketpair$unix(0x1, 0x200000000000005, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000000)={0x0, 0x0, 0x400000000000007, 0x0, 0x0, 0xa, 0x0, 0x1, 0x40})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
syz_execute_func(&(0x7f00000000c0)="c4827d5a6e0d5e57c3c3b7d95a91914e424a2664f0ff065b460f343030082e67660f50e900004681e400000100440fe531feabc4aba39d6c450754ddea420fae9972b571112d02")
09:36:08 executing program 4:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff}, 0x13f}}, 0xffaf)
write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f00000000c0)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000040)=0x1, r1, 0x0, 0x2, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000200)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21}, {0xa, 0x0, 0x0, @mcast1}, r1}}, 0x48)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f00000003c0)={0x3, 0x8, 0xfa00, {{0xa, 0x4e21, 0x0, @ipv4}, {}, r2}}, 0x48)
write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000001c0)={0x7, 0x8, 0xfa00, {r2}}, 0x10)
[ 220.621185][ T7872] ==================================================================
[ 220.629476][ T7872] BUG: KASAN: use-after-free in __list_add_valid+0x9a/0xa0
[ 220.636677][ T7872] Read of size 8 at addr ffff8880974b4f20 by task syz-executor.4/7872
[ 220.644818][ T7872]
[ 220.647161][ T7872] CPU: 1 PID: 7872 Comm: syz-executor.4 Not tainted 5.1.0-rc2+ #43
[ 220.655128][ T7872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 220.665179][ T7872] Call Trace:
[ 220.668481][ T7872] dump_stack+0x172/0x1f0
[ 220.672817][ T7872] ? __list_add_valid+0x9a/0xa0
[ 220.677677][ T7872] print_address_description.cold+0x7c/0x20d
[ 220.683652][ T7872] ? __list_add_valid+0x9a/0xa0
[ 220.688504][ T7872] ? __list_add_valid+0x9a/0xa0
[ 220.693364][ T7872] kasan_report.cold+0x1b/0x40
[ 220.698126][ T7872] ? __list_add_valid+0x9a/0xa0
[ 220.702992][ T7872] __asan_report_load8_noabort+0x14/0x20
[ 220.708630][ T7872] __list_add_valid+0x9a/0xa0
[ 220.713314][ T7872] rdma_listen+0x6b7/0x970
[ 220.717734][ T7872] ucma_listen+0x14d/0x1c0
[ 220.722149][ T7872] ? ucma_notify+0x190/0x190
[ 220.726745][ T7872] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 220.732995][ T7872] ? _copy_from_user+0xdd/0x150
[ 220.737845][ T7872] ucma_write+0x2da/0x3c0
[ 220.742173][ T7872] ? ucma_notify+0x190/0x190
[ 220.746758][ T7872] ? ucma_open+0x290/0x290
[ 220.751264][ T7872] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 220.757506][ T7872] ? security_file_permission+0x94/0x380
[ 220.763148][ T7872] __vfs_write+0x8d/0x110
[ 220.767481][ T7872] ? ucma_open+0x290/0x290
[ 220.771909][ T7872] vfs_write+0x20c/0x580
[ 220.776160][ T7872] ksys_write+0xea/0x1f0
[ 220.780401][ T7872] ? __ia32_sys_read+0xb0/0xb0
[ 220.785162][ T7872] ? do_syscall_64+0x26/0x610
[ 220.789838][ T7872] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 220.795910][ T7872] ? do_syscall_64+0x26/0x610
[ 220.800597][ T7872] __x64_sys_write+0x73/0xb0
[ 220.805187][ T7872] do_syscall_64+0x103/0x610
[ 220.809785][ T7872] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 220.815679][ T7872] RIP: 0033:0x458209
[ 220.819576][ T7872] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 220.839178][ T7872] RSP: 002b:00007f093d49fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 220.847591][ T7872] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458209
[ 220.855563][ T7872] RDX: 0000000000000010 RSI: 00000000200001c0 RDI: 0000000000000003
[ 220.863536][ T7872] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[ 220.871507][ T7872] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f093d4a06d4
[ 220.879485][ T7872] R13: 00000000004c77c2 R14: 00000000004dd780 R15: 00000000ffffffff
[ 220.887473][ T7872]
[ 220.889800][ T7872] Allocated by task 7860:
[ 220.894134][ T7872] save_stack+0x45/0xd0
[ 220.898299][ T7872] __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 220.903933][ T7872] kasan_kmalloc+0x9/0x10
[ 220.908306][ T7872] kmem_cache_alloc_trace+0x151/0x760
[ 220.913678][ T7872] __rdma_create_id+0x5f/0x4e0
[ 220.918440][ T7872] ucma_create_id+0x1de/0x640
[ 220.923122][ T7872] ucma_write+0x2da/0x3c0
[ 220.927450][ T7872] __vfs_write+0x8d/0x110
[ 220.931790][ T7872] vfs_write+0x20c/0x580
[ 220.936034][ T7872] ksys_write+0xea/0x1f0
[ 220.940281][ T7872] __x64_sys_write+0x73/0xb0
[ 220.944875][ T7872] do_syscall_64+0x103/0x610
[ 220.949476][ T7872] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 220.955358][ T7872]
[ 220.957683][ T7872] Freed by task 7849:
[ 220.961668][ T7872] save_stack+0x45/0xd0
[ 220.965825][ T7872] __kasan_slab_free+0x102/0x150
[ 220.970767][ T7872] kasan_slab_free+0xe/0x10
[ 220.975270][ T7872] kfree+0xcf/0x230
[ 220.979095][ T7872] rdma_destroy_id+0x719/0xaa0
[ 220.983859][ T7872] ucma_close+0x115/0x320
[ 220.988196][ T7872] __fput+0x2e5/0x8d0
[ 220.992179][ T7872] ____fput+0x16/0x20
[ 220.996160][ T7872] task_work_run+0x14a/0x1c0
[ 221.000753][ T7872] exit_to_usermode_loop+0x273/0x2c0
[ 221.006065][ T7872] do_syscall_64+0x52d/0x610
[ 221.010658][ T7872] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 221.016540][ T7872]
[ 221.018876][ T7872] The buggy address belongs to the object at ffff8880974b4d40
[ 221.018876][ T7872] which belongs to the cache kmalloc-2k of size 2048
[ 221.032925][ T7872] The buggy address is located 480 bytes inside of
[ 221.032925][ T7872] 2048-byte region [ffff8880974b4d40, ffff8880974b5540)
[ 221.046292][ T7872] The buggy address belongs to the page:
[ 221.051923][ T7872] page:ffffea00025d2d00 count:1 mapcount:0 mapping:ffff88812c3f0c40 index:0x0 compound_mapcount: 0
[ 221.062604][ T7872] flags: 0x1fffc0000010200(slab|head)
[ 221.067986][ T7872] raw: 01fffc0000010200 ffffea00028fc488 ffffea00025efe88 ffff88812c3f0c40
[ 221.076577][ T7872] raw: 0000000000000000 ffff8880974b44c0 0000000100000003 0000000000000000
[ 221.085153][ T7872] page dumped because: kasan: bad access detected
[ 221.091556][ T7872]
[ 221.093881][ T7872] Memory state around the buggy address:
[ 221.099562][ T7872] ffff8880974b4e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 221.107623][ T7872] ffff8880974b4e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 221.115686][ T7872] >ffff8880974b4f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
09:36:08 executing program 3:
r0 = socket$inet(0x2, 0x80001, 0x84)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10)
sendmsg(r0, &(0x7f000001afc8)={&(0x7f0000006000)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)='*', 0x1}], 0x1}, 0x0)
write$binfmt_elf32(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="ee"], 0x1)
shutdown(r0, 0x1)
close(r0)
[ 221.123741][ T7872] ^
[ 221.128852][ T7872] ffff8880974b4f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 221.136916][ T7872] ffff8880974b5000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 221.144991][ T7872] ==================================================================
[ 221.153077][ T7872] Disabling lock debugging due to kernel taint
[ 221.196552][ T7872] Kernel panic - not syncing: panic_on_warn set ...
[ 221.203177][ T7872] CPU: 1 PID: 7872 Comm: syz-executor.4 Tainted: G B 5.1.0-rc2+ #43
[ 221.212624][ T7872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 221.222675][ T7872] Call Trace:
[ 221.225983][ T7872] dump_stack+0x172/0x1f0
[ 221.230319][ T7872] panic+0x2cb/0x65c
[ 221.234215][ T7872] ? __warn_printk+0xf3/0xf3
[ 221.238809][ T7872] ? __list_add_valid+0x9a/0xa0
[ 221.243667][ T7872] ? preempt_schedule+0x4b/0x60
[ 221.248522][ T7872] ? ___preempt_schedule+0x16/0x18
[ 221.253668][ T7872] ? trace_hardirqs_on+0x5e/0x230
[ 221.258695][ T7872] ? __list_add_valid+0x9a/0xa0
[ 221.263545][ T7872] end_report+0x47/0x4f
[ 221.267698][ T7872] ? __list_add_valid+0x9a/0xa0
[ 221.272547][ T7872] kasan_report.cold+0xe/0x40
[ 221.277227][ T7872] ? __list_add_valid+0x9a/0xa0
[ 221.282082][ T7872] __asan_report_load8_noabort+0x14/0x20
[ 221.288234][ T7872] __list_add_valid+0x9a/0xa0
[ 221.292916][ T7872] rdma_listen+0x6b7/0x970
[ 221.297338][ T7872] ucma_listen+0x14d/0x1c0
[ 221.301752][ T7872] ? ucma_notify+0x190/0x190
[ 221.306347][ T7872] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 221.312588][ T7872] ? _copy_from_user+0xdd/0x150
[ 221.317439][ T7872] ucma_write+0x2da/0x3c0
[ 221.321769][ T7872] ? ucma_notify+0x190/0x190
[ 221.326362][ T7872] ? ucma_open+0x290/0x290
[ 221.330782][ T7872] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 221.337028][ T7872] ? security_file_permission+0x94/0x380
[ 221.342668][ T7872] __vfs_write+0x8d/0x110
[ 221.346997][ T7872] ? ucma_open+0x290/0x290
[ 221.351412][ T7872] vfs_write+0x20c/0x580
[ 221.355660][ T7872] ksys_write+0xea/0x1f0
[ 221.359909][ T7872] ? __ia32_sys_read+0xb0/0xb0
[ 221.364681][ T7872] ? do_syscall_64+0x26/0x610
[ 221.369383][ T7872] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 221.375454][ T7872] ? do_syscall_64+0x26/0x610
[ 221.380145][ T7872] __x64_sys_write+0x73/0xb0
[ 221.384749][ T7872] do_syscall_64+0x103/0x610
[ 221.389344][ T7872] entry_SYSCALL_64_after_hwframe+0x49/0xbe
09:36:08 executing program 5:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000ac0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(aes-aesni)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r1 = accept$alg(r0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000001380)={0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0)
recvmmsg(r1, &(0x7f0000004ec0)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=""/84, 0x54}], 0x1}}], 0x1, 0x0, 0x0)
09:36:08 executing program 1:
socketpair$unix(0x1, 0x200000000000005, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000000)={0x0, 0x0, 0x400000000000007, 0x0, 0x0, 0xa, 0x0, 0x1, 0x40})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
syz_execute_func(&(0x7f00000000c0)="c4827d5a6e0d5e57c3c3b7d95a91914e424a2664f0ff065b460f343030082e67660f50e900004681e400000100440fe531feabc4aba39d6c450754ddea420fae9972b571112d02")
[ 221.395231][ T7872] RIP: 0033:0x458209
[ 221.395326][ T3877] kobject: 'loop5' (00000000497c4ed4): kobject_uevent_env
[ 221.399132][ T7872] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 221.424434][ T3877] kobject: 'loop5' (00000000497c4ed4): fill_kobj_path: path = '/devices/virtual/block/loop5'
[ 221.425894][ T7872] RSP: 002b:00007f093d49fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 221.425908][ T7872] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458209
[ 221.425923][ T7872] RDX: 0000000000000010 RSI: 00000000200001c0 RDI: 0000000000000003
[ 221.460375][ T7872] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[ 221.467453][ T3877] kobject: 'loop1' (00000000cda7dbfc): kobject_uevent_env
[ 221.468343][ T7872] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f093d4a06d4
[ 221.468352][ T7872] R13: 00000000004c77c2 R14: 00000000004dd780 R15: 00000000ffffffff
[ 221.475910][ T7872] Kernel Offset: disabled
[ 221.496155][ T7872] Rebooting in 86400 seconds..