Warning: Permanently added '10.128.1.30' (ECDSA) to the list of known hosts.
2019/09/04 10:38:20 parsed 1 programs
2019/09/04 10:38:21 executed programs: 0
syzkaller login: [  113.106650][ T9825] IPVS: ftp: loaded support on port[0] = 21
[  113.152933][ T9825] chnl_net:caif_netlink_parms(): no params data found
[  113.175220][ T9825] bridge0: port 1(bridge_slave_0) entered blocking state
[  113.182442][ T9825] bridge0: port 1(bridge_slave_0) entered disabled state
[  113.190059][ T9825] device bridge_slave_0 entered promiscuous mode
[  113.197478][ T9825] bridge0: port 2(bridge_slave_1) entered blocking state
[  113.204546][ T9825] bridge0: port 2(bridge_slave_1) entered disabled state
[  113.212149][ T9825] device bridge_slave_1 entered promiscuous mode
[  113.225921][ T9825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  113.236056][ T9825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  113.251238][ T9825] team0: Port device team_slave_0 added
[  113.258133][ T9825] team0: Port device team_slave_1 added
[  113.316403][ T9825] device hsr_slave_0 entered promiscuous mode
[  113.355279][ T9825] device hsr_slave_1 entered promiscuous mode
[  113.420037][ T9825] bridge0: port 2(bridge_slave_1) entered blocking state
[  113.427237][ T9825] bridge0: port 2(bridge_slave_1) entered forwarding state
[  113.434674][ T9825] bridge0: port 1(bridge_slave_0) entered blocking state
[  113.441735][ T9825] bridge0: port 1(bridge_slave_0) entered forwarding state
[  113.466598][ T9825] 8021q: adding VLAN 0 to HW filter on device bond0
[  113.477038][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  113.496477][   T17] bridge0: port 1(bridge_slave_0) entered disabled state
[  113.504064][   T17] bridge0: port 2(bridge_slave_1) entered disabled state
[  113.512457][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  113.522546][ T9825] 8021q: adding VLAN 0 to HW filter on device team0
[  113.531730][ T2978] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  113.540546][ T2978] bridge0: port 1(bridge_slave_0) entered blocking state
[  113.547634][ T2978] bridge0: port 1(bridge_slave_0) entered forwarding state
[  113.557637][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  113.566393][   T17] bridge0: port 2(bridge_slave_1) entered blocking state
[  113.573534][   T17] bridge0: port 2(bridge_slave_1) entered forwarding state
[  113.590918][ T9825] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  113.601675][ T9825] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  113.615200][ T3585] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  113.624300][ T3585] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  113.633376][ T3585] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  113.642480][ T3585] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  113.650599][ T3585] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  113.658122][ T3585] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  113.672751][ T9825] 8021q: adding VLAN 0 to HW filter on device batadv0
2019/09/04 10:38:26 executed programs: 255
2019/09/04 10:38:31 executed programs: 550
2019/09/04 10:38:36 executed programs: 848
2019/09/04 10:38:41 executed programs: 1145
[  135.054808][ T3585] ==================================================================
[  135.062945][ T3585] BUG: KASAN: use-after-free in rxrpc_send_keepalive+0x8a2/0x940
[  135.070767][ T3585] Read of size 8 at addr ffff8880a67a8958 by task kworker/1:2/3585
[  135.078652][ T3585] 
[  135.080989][ T3585] CPU: 1 PID: 3585 Comm: kworker/1:2 Not tainted 5.3.0-rc7 #0
[  135.088417][ T3585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  135.098479][ T3585] Workqueue: krxrpcd rxrpc_peer_keepalive_worker
[  135.104802][ T3585] Call Trace:
[  135.108076][ T3585]  dump_stack+0x172/0x1f0
[  135.112394][ T3585]  ? rxrpc_send_keepalive+0x8a2/0x940
[  135.118620][ T3585]  print_address_description.cold+0xd4/0x306
[  135.124580][ T3585]  ? rxrpc_send_keepalive+0x8a2/0x940
[  135.129932][ T3585]  ? rxrpc_send_keepalive+0x8a2/0x940
[  135.135282][ T3585]  __kasan_report.cold+0x1b/0x36
[  135.140234][ T3585]  ? rxrpc_send_keepalive+0x8a2/0x940
[  135.145775][ T3585]  kasan_report+0x12/0x17
[  135.150201][ T3585]  __asan_report_load8_noabort+0x14/0x20
[  135.155830][ T3585]  rxrpc_send_keepalive+0x8a2/0x940
[  135.161034][ T3585]  ? rxrpc_reject_packets+0xab0/0xab0
[  135.166652][ T3585]  ? cpuacct_charge+0x1db/0x360
[  135.171496][ T3585]  ? __kasan_check_read+0x11/0x20
[  135.176529][ T3585]  ? rxrpc_peer_keepalive_worker+0x62e/0xd02
[  135.182497][ T3585]  ? lock_downgrade+0x920/0x920
[  135.187333][ T3585]  ? rxrpc_get_peer_maybe+0x2b0/0x4c0
[  135.192882][ T3585]  ? rxrpc_peer_keepalive_worker+0x62e/0xd02
[  135.198863][ T3585]  ? trace_hardirqs_on+0x67/0x240
[  135.203959][ T3585]  ? rxrpc_peer_keepalive_worker+0x62e/0xd02
[  135.210632][ T3585]  ? __local_bh_enable_ip+0x15a/0x270
[  135.216023][ T3585]  rxrpc_peer_keepalive_worker+0x7be/0xd02
[  135.221823][ T3585]  ? mark_held_locks+0xf0/0xf0
[  135.226580][ T3585]  ? rxrpc_peer_add_rtt+0x650/0x650
[  135.231769][ T3585]  ? trace_hardirqs_on+0x67/0x240
[  135.236776][ T3585]  process_one_work+0x9af/0x1740
[  135.241697][ T3585]  ? pwq_dec_nr_in_flight+0x320/0x320
[  135.247073][ T3585]  ? lock_acquire+0x190/0x410
[  135.251729][ T3585]  worker_thread+0x98/0xe40
[  135.256264][ T3585]  ? trace_hardirqs_on+0x67/0x240
[  135.261271][ T3585]  kthread+0x361/0x430
[  135.265364][ T3585]  ? process_one_work+0x1740/0x1740
[  135.270539][ T3585]  ? kthread_cancel_delayed_work_sync+0x20/0x20
[  135.276779][ T3585]  ret_from_fork+0x24/0x30
[  135.281185][ T3585] 
[  135.283506][ T3585] Allocated by task 3908:
[  135.287814][ T3585]  save_stack+0x23/0x90
[  135.291983][ T3585]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[  135.297599][ T3585]  kasan_kmalloc+0x9/0x10
[  135.301926][ T3585]  __kmalloc_node_track_caller+0x4e/0x70
[  135.307547][ T3585]  __kmalloc_reserve.isra.0+0x40/0xf0
[  135.312915][ T3585]  __alloc_skb+0x10b/0x5e0
[  135.317318][ T3585]  netlink_sendmsg+0x972/0xd60
[  135.322064][ T3585]  sock_sendmsg+0xd7/0x130
[  135.326456][ T3585]  ___sys_sendmsg+0x803/0x920
[  135.331111][ T3585]  __sys_sendmsg+0x105/0x1d0
[  135.335682][ T3585]  __x64_sys_sendmsg+0x78/0xb0
[  135.340438][ T3585]  do_syscall_64+0xfd/0x6a0
[  135.344934][ T3585]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  135.350797][ T3585] 
[  135.353100][ T3585] Freed by task 9794:
[  135.357061][ T3585]  save_stack+0x23/0x90
[  135.361195][ T3585]  __kasan_slab_free+0x102/0x150
[  135.366118][ T3585]  kasan_slab_free+0xe/0x10
[  135.370596][ T3585]  kfree+0x10a/0x2c0
[  135.374481][ T3585]  skb_free_head+0x93/0xb0
[  135.378878][ T3585]  skb_release_data+0x42d/0x7c0
[  135.383703][ T3585]  skb_release_all+0x4d/0x60
[  135.388287][ T3585]  consume_skb+0xfb/0x3b0
[  135.392619][ T3585]  skb_free_datagram+0x1b/0x100
[  135.397460][ T3585]  netlink_recvmsg+0x6c6/0xf50
[  135.402253][ T3585]  sock_recvmsg+0xce/0x110
[  135.406647][ T3585]  ___sys_recvmsg+0x271/0x5a0
[  135.411316][ T3585]  __sys_recvmsg+0x102/0x1d0
[  135.415906][ T3585]  __x64_sys_recvmsg+0x78/0xb0
[  135.420647][ T3585]  do_syscall_64+0xfd/0x6a0
[  135.425129][ T3585]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  135.430990][ T3585] 
[  135.433296][ T3585] The buggy address belongs to the object at ffff8880a67a8940
[  135.433296][ T3585]  which belongs to the cache kmalloc-1k of size 1024
[  135.447341][ T3585] The buggy address is located 24 bytes inside of
[  135.447341][ T3585]  1024-byte region [ffff8880a67a8940, ffff8880a67a8d40)
[  135.460598][ T3585] The buggy address belongs to the page:
[  135.466371][ T3585] page:ffffea000299ea00 refcount:1 mapcount:0 mapping:ffff8880aa400c40 index:0x0 compound_mapcount: 0
[  135.477293][ T3585] flags: 0x1fffc0000010200(slab|head)
[  135.482647][ T3585] raw: 01fffc0000010200 ffffea0002975488 ffff8880aa401848 ffff8880aa400c40
[  135.491273][ T3585] raw: 0000000000000000 ffff8880a67a8040 0000000100000007 0000000000000000
[  135.499858][ T3585] page dumped because: kasan: bad access detected
[  135.506458][ T3585] 
[  135.508765][ T3585] Memory state around the buggy address:
[  135.514380][ T3585]  ffff8880a67a8800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  135.522423][ T3585]  ffff8880a67a8880: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  135.530476][ T3585] >ffff8880a67a8900: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[  135.538786][ T3585]                                                     ^
[  135.545718][ T3585]  ffff8880a67a8980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  135.553757][ T3585]  ffff8880a67a8a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  135.561818][ T3585] ==================================================================
[  135.570860][ T3585] Kernel panic - not syncing: panic_on_warn set ...
[  135.577487][ T3585] CPU: 1 PID: 3585 Comm: kworker/1:2 Tainted: G    B             5.3.0-rc7 #0
[  135.586453][ T3585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  135.596520][ T3585] Workqueue: krxrpcd rxrpc_peer_keepalive_worker
[  135.602857][ T3585] Call Trace:
[  135.606132][ T3585]  dump_stack+0x172/0x1f0
[  135.610443][ T3585]  panic+0x2dc/0x755
[  135.614421][ T3585]  ? add_taint.cold+0x16/0x16
[  135.619086][ T3585]  ? rxrpc_send_keepalive+0x8a2/0x940
[  135.624439][ T3585]  ? preempt_schedule+0x4b/0x60
[  135.629288][ T3585]  ? ___preempt_schedule+0x16/0x20
[  135.634416][ T3585]  ? trace_hardirqs_on+0x5e/0x240
[  135.639633][ T3585]  ? rxrpc_send_keepalive+0x8a2/0x940
[  135.645003][ T3585]  end_report+0x47/0x4f
[  135.649401][ T3585]  ? rxrpc_send_keepalive+0x8a2/0x940
[  135.654765][ T3585]  __kasan_report.cold+0xe/0x36
[  135.659639][ T3585]  ? rxrpc_send_keepalive+0x8a2/0x940
[  135.665006][ T3585]  kasan_report+0x12/0x17
[  135.669320][ T3585]  __asan_report_load8_noabort+0x14/0x20
[  135.674945][ T3585]  rxrpc_send_keepalive+0x8a2/0x940
[  135.680240][ T3585]  ? rxrpc_reject_packets+0xab0/0xab0
[  135.685593][ T3585]  ? cpuacct_charge+0x1db/0x360
[  135.690425][ T3585]  ? __kasan_check_read+0x11/0x20
[  135.695446][ T3585]  ? rxrpc_peer_keepalive_worker+0x62e/0xd02
[  135.701421][ T3585]  ? lock_downgrade+0x920/0x920
[  135.706261][ T3585]  ? rxrpc_get_peer_maybe+0x2b0/0x4c0
[  135.711626][ T3585]  ? rxrpc_peer_keepalive_worker+0x62e/0xd02
[  135.717652][ T3585]  ? trace_hardirqs_on+0x67/0x240
[  135.722813][ T3585]  ? rxrpc_peer_keepalive_worker+0x62e/0xd02
[  135.728781][ T3585]  ? __local_bh_enable_ip+0x15a/0x270
[  135.734147][ T3585]  rxrpc_peer_keepalive_worker+0x7be/0xd02
[  135.739960][ T3585]  ? mark_held_locks+0xf0/0xf0
[  135.744714][ T3585]  ? rxrpc_peer_add_rtt+0x650/0x650
[  135.749990][ T3585]  ? trace_hardirqs_on+0x67/0x240
[  135.755028][ T3585]  process_one_work+0x9af/0x1740
[  135.760120][ T3585]  ? pwq_dec_nr_in_flight+0x320/0x320
[  135.765472][ T3585]  ? lock_acquire+0x190/0x410
[  135.770153][ T3585]  worker_thread+0x98/0xe40
[  135.774657][ T3585]  ? trace_hardirqs_on+0x67/0x240
[  135.779683][ T3585]  kthread+0x361/0x430
[  135.783751][ T3585]  ? process_one_work+0x1740/0x1740
[  135.788957][ T3585]  ? kthread_cancel_delayed_work_sync+0x20/0x20
[  135.795204][ T3585]  ret_from_fork+0x24/0x30
[  135.800975][ T3585] Kernel Offset: disabled
[  135.805311][ T3585] Rebooting in 86400 seconds..