Warning: Permanently added '10.128.0.125' (ECDSA) to the list of known hosts.
[ 215.946061] audit: type=1400 audit(1595552509.500:8): avc: denied { execmem } for pid=6333 comm="syz-executor014" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[ 216.183349] IPVS: ftp: loaded support on port[0] = 21
[ 216.979888] chnl_net:caif_netlink_parms(): no params data found
[ 217.121898] bridge0: port 1(bridge_slave_0) entered blocking state
[ 217.128736] bridge0: port 1(bridge_slave_0) entered disabled state
[ 217.136430] device bridge_slave_0 entered promiscuous mode
[ 217.145119] bridge0: port 2(bridge_slave_1) entered blocking state
[ 217.151509] bridge0: port 2(bridge_slave_1) entered disabled state
[ 217.158960] device bridge_slave_1 entered promiscuous mode
[ 217.175505] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 217.184271] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 217.202037] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[ 217.209275] team0: Port device team_slave_0 added
[ 217.215277] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[ 217.222505] team0: Port device team_slave_1 added
[ 217.236973] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 217.243285] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 217.268630] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 217.282155] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 217.288516] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 217.313785] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 217.324590] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[ 217.331871] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[ 217.385195] device hsr_slave_0 entered promiscuous mode
[ 217.422778] device hsr_slave_1 entered promiscuous mode
[ 217.463214] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[ 217.470319] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[ 217.536540] bridge0: port 2(bridge_slave_1) entered blocking state
[ 217.542991] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 217.549831] bridge0: port 1(bridge_slave_0) entered blocking state
[ 217.556258] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 217.584854] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[ 217.590932] 8021q: adding VLAN 0 to HW filter on device bond0
[ 217.600183] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 217.608857] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 217.628181] bridge0: port 1(bridge_slave_0) entered disabled state
[ 217.635549] bridge0: port 2(bridge_slave_1) entered disabled state
[ 217.646832] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[ 217.653102] 8021q: adding VLAN 0 to HW filter on device team0
[ 217.661593] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 217.669678] bridge0: port 1(bridge_slave_0) entered blocking state
[ 217.676091] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 217.686081] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 217.693969] bridge0: port 2(bridge_slave_1) entered blocking state
[ 217.700328] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 217.714909] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 217.723448] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 217.734290] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 217.748182] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 217.758594] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 217.770303] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[ 217.777211] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 217.785708] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 217.793646] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 217.807068] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready
[ 217.814368] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 217.820998] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 217.831738] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 217.883787] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready
[ 217.893411] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 217.920132] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready
[ 217.927474] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready
[ 217.934804] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready
[ 217.943699] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 217.951123] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 217.958323] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 217.965559] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 217.975275] device veth0_vlan entered promiscuous mode
[ 217.984153] device veth1_vlan entered promiscuous mode
[ 217.997290] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready
[ 218.006124] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready
[ 218.014420] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 218.022077] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 218.033959] device veth0_macvtap entered promiscuous mode
[ 218.039939] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready
[ 218.048928] device veth1_macvtap entered promiscuous mode
[ 218.055390] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready
[ 218.064462] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready
[ 218.073796] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready
[ 218.083093] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready
[ 218.090175] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 218.097206] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 218.104923] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 218.111982] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 218.119753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 218.129972] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready
[ 218.137033] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 218.143684] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 218.151386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
executing program
[ 218.233494] batman_adv: batadv0: Adding interface: vlan0
[ 218.238978] batman_adv: batadv0: The MTU of interface vlan0 is too small (6) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 218.264635] batman_adv: batadv0: Interface activated: vlan0
[ 218.271226] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-224)
[ 218.282053] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-224)
[ 218.292649] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-224)
[ 218.303000] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-224)
[ 218.313559] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-224)
[ 218.324130] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-224)
[ 218.334702] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-224)
[ 218.345218] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-224)
[ 218.355895] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-224)
[ 218.366420] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-224)
[ 218.682608] ==================================================================
[ 218.690148] BUG: KASAN: use-after-free in __alloc_skb+0x2e0/0x510
[ 218.696381] Write of size 36 at addr ffff88819ff98300 by task swapper/0/0
[ 218.703289]
[ 218.704911] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.14.189-syzkaller #0
[ 218.711998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 218.721334] Call Trace:
[ 218.723904]
[ 218.726049] dump_stack+0x1b2/0x283
[ 218.729671] print_address_description.cold+0x54/0x1d3
[ 218.734939] kasan_report_error.cold+0x8a/0x194
[ 218.739597] ? __alloc_skb+0x2e0/0x510
[ 218.743472] kasan_report+0x6f/0x7b
[ 218.747089] ? __alloc_skb+0x2e0/0x510
[ 218.750965] memset+0x20/0x40
[ 218.754085] __alloc_skb+0x2e0/0x510
[ 218.757790] alloc_skb_with_frags+0x85/0x500
[ 218.762207] sock_alloc_send_pskb+0x577/0x6d0
[ 218.766693] ? _find_next_bit+0xdb/0x100
[ 218.770744] ? sock_kzfree_s+0x50/0x50
[ 218.774620] ? find_busiest_group+0x2f1/0x2730
[ 218.779198] mld_newpack+0x1cb/0x720
[ 218.782902] ? ip6_mc_hdr.constprop.0+0x580/0x580
[ 218.787750] ? trace_hardirqs_on+0x10/0x10
[ 218.791979] add_grhead+0x265/0x330
[ 218.795595] add_grec+0xc40/0xed0
[ 218.799054] ? mld_ifc_timer_expire+0xa6c/0xcd0
[ 218.803716] ? add_grhead+0x330/0x330
[ 218.807509] mld_ifc_timer_expire+0x508/0xcd0
[ 218.812000] ? rcu_lockdep_current_cpu_online+0xed/0x140
[ 218.817464] call_timer_fn+0x14a/0x650
[ 218.821338] ? igmp6_group_added+0x4c0/0x4c0
[ 218.825736] ? collect_expired_timers+0x250/0x250
[ 218.830570] ? _raw_spin_unlock_irq+0x24/0x80
[ 218.835055] ? igmp6_group_added+0x4c0/0x4c0
[ 218.839449] expire_timers+0x232/0x4d0
[ 218.843336] run_timer_softirq+0x1d5/0x5a0
[ 218.847568] ? expire_timers+0x4d0/0x4d0
[ 218.851620] ? kvm_sched_clock_read+0x5/0x10
[ 218.856028] ? sched_clock+0x2a/0x40
[ 218.859738] ? rcu_lockdep_current_cpu_online+0xed/0x140
[ 218.865195] __do_softirq+0x254/0xa1d
[ 218.868988] ? check_preemption_disabled+0x35/0x240
[ 218.873997] irq_exit+0x193/0x240
[ 218.877443] smp_apic_timer_interrupt+0x141/0x5e0
[ 218.882293] apic_timer_interrupt+0x93/0xa0
[ 218.886607]
[ 218.888832] RIP: 0010:native_safe_halt+0xe/0x10
[ 218.893500] RSP: 0018:ffffffff87c07e78 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff10
[ 218.901196] RAX: 1ffffffff0fa2d24 RBX: dffffc0000000000 RCX: 0000000000000000
[ 218.908455] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffffffff87c76b44
[ 218.915712] RBP: ffffffff87d16910 R08: 0000000000000000 R09: 0000000000000000
[ 218.922991] R10: 0000000000000000 R11: 0000000000000000 R12: fffffbfff0f8ec58
[ 218.930248] R13: ffffffff87c762c0 R14: 0000000000000000 R15: 0000000000000000
[ 218.937526] default_idle+0x47/0x370
[ 218.941228] do_idle+0x250/0x3c0
[ 218.944587] ? trace_event_define_fields_x86_irq_vector+0x28/0x28
[ 218.950828] cpu_startup_entry+0x14/0x20
[ 218.955056] start_kernel+0x750/0x770
[ 218.958846] ? mem_encrypt_init+0x5/0x5
[ 218.962809] ? load_ucode_bsp+0x1ae/0x1e4
[ 218.966951] secondary_startup_64+0xa5/0xb0
[ 218.971262]
[ 218.972874] The buggy address belongs to the page:
[ 218.977789] page:ffffea00067fe600 count:0 mapcount:0 mapping: (null) index:0x0
[ 218.985915] flags: 0x57ffe0000000000()
[ 218.989789] raw: 057ffe0000000000 0000000000000000 0000000000000000 00000000ffffffff
[ 218.997744] raw: ffffea00067fe620 ffffea00067fe620 0000000000000000 0000000000000000
[ 219.005610] page dumped because: kasan: bad access detected
[ 219.011300]
[ 219.012913] Memory state around the buggy address:
[ 219.017828] ffff88819ff98200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 219.025175] ffff88819ff98280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 219.032520] >ffff88819ff98300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 219.039875] ^
[ 219.043226] ffff88819ff98380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 219.050574] ffff88819ff98400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 219.057927] ==================================================================
[ 219.065269] Disabling lock debugging due to kernel taint
[ 219.070741] Kernel panic - not syncing: panic_on_warn set ...
[ 219.070741]
[ 219.078090] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 4.14.189-syzkaller #0
[ 219.086385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 219.095719] Call Trace:
[ 219.098285]
[ 219.100423] dump_stack+0x1b2/0x283
[ 219.104040] panic+0x1f9/0x42d
[ 219.107218] ? add_taint.cold+0x16/0x16
[ 219.111181] kasan_end_report+0x43/0x49
[ 219.115143] kasan_report_error.cold+0xa7/0x194
[ 219.119795] ? __alloc_skb+0x2e0/0x510
[ 219.123863] kasan_report+0x6f/0x7b
[ 219.127533] ? __alloc_skb+0x2e0/0x510
[ 219.131426] memset+0x20/0x40
[ 219.134544] __alloc_skb+0x2e0/0x510
[ 219.138254] alloc_skb_with_frags+0x85/0x500
[ 219.142654] sock_alloc_send_pskb+0x577/0x6d0
[ 219.147134] ? _find_next_bit+0xdb/0x100
[ 219.151181] ? sock_kzfree_s+0x50/0x50
[ 219.155053] ? find_busiest_group+0x2f1/0x2730
[ 219.159623] mld_newpack+0x1cb/0x720
[ 219.163332] ? ip6_mc_hdr.constprop.0+0x580/0x580
[ 219.168177] ? trace_hardirqs_on+0x10/0x10
[ 219.172396] add_grhead+0x265/0x330
[ 219.176010] add_grec+0xc40/0xed0
[ 219.179447] ? mld_ifc_timer_expire+0xa6c/0xcd0
[ 219.184106] ? add_grhead+0x330/0x330
[ 219.187894] mld_ifc_timer_expire+0x508/0xcd0
[ 219.192376] ? rcu_lockdep_current_cpu_online+0xed/0x140
[ 219.197811] call_timer_fn+0x14a/0x650
[ 219.201702] ? igmp6_group_added+0x4c0/0x4c0
[ 219.206095] ? collect_expired_timers+0x250/0x250
[ 219.210939] ? _raw_spin_unlock_irq+0x24/0x80
[ 219.215417] ? igmp6_group_added+0x4c0/0x4c0
[ 219.219808] expire_timers+0x232/0x4d0
[ 219.223684] run_timer_softirq+0x1d5/0x5a0
[ 219.227904] ? expire_timers+0x4d0/0x4d0
[ 219.231952] ? kvm_sched_clock_read+0x5/0x10
[ 219.236344] ? sched_clock+0x2a/0x40
[ 219.240046] ? rcu_lockdep_current_cpu_online+0xed/0x140
[ 219.245485] __do_softirq+0x254/0xa1d
[ 219.249272] ? check_preemption_disabled+0x35/0x240
[ 219.254274] irq_exit+0x193/0x240
[ 219.257712] smp_apic_timer_interrupt+0x141/0x5e0
[ 219.262549] apic_timer_interrupt+0x93/0xa0
[ 219.266855]
[ 219.269076] RIP: 0010:native_safe_halt+0xe/0x10
[ 219.273721] RSP: 0018:ffffffff87c07e78 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff10
[ 219.281412] RAX: 1ffffffff0fa2d24 RBX: dffffc0000000000 RCX: 0000000000000000
[ 219.288666] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffffffff87c76b44
[ 219.295918] RBP: ffffffff87d16910 R08: 0000000000000000 R09: 0000000000000000
[ 219.303170] R10: 0000000000000000 R11: 0000000000000000 R12: fffffbfff0f8ec58
[ 219.310423] R13: ffffffff87c762c0 R14: 0000000000000000 R15: 0000000000000000
[ 219.317694] default_idle+0x47/0x370
[ 219.321393] do_idle+0x250/0x3c0
[ 219.324748] ? trace_event_define_fields_x86_irq_vector+0x28/0x28
[ 219.330962] cpu_startup_entry+0x14/0x20
[ 219.335010] start_kernel+0x750/0x770
[ 219.338794] ? mem_encrypt_init+0x5/0x5
[ 219.342750] ? load_ucode_bsp+0x1ae/0x1e4
[ 219.346883] secondary_startup_64+0xa5/0xb0
[ 219.352171] Kernel Offset: disabled
[ 219.355796] Rebooting in 86400 seconds..