[ 40.525292] audit: type=1400 audit(1583681471.895:37): avc: denied { map } for pid=6854 comm="syz-fuzzer" path="/root/syzkaller-shm310197466" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 40.791364] IPVS: ftp: loaded support on port[0] = 21 [ 41.898399] can: request_module (can-proto-0) failed. [ 41.907597] can: request_module (can-proto-0) failed. [ 42.082438] audit: type=1400 audit(1583681473.455:38): avc: denied { create } for pid=6854 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 [ 42.107501] audit: type=1400 audit(1583681473.455:39): avc: denied { create } for pid=6854 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 42.131856] audit: type=1400 audit(1583681473.455:40): avc: denied { create } for pid=6854 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 42.264309] random: sshd: uninitialized urandom read (32 bytes read) [ 43.037295] random: sshd: uninitialized urandom read (32 bytes read) [ 43.232465] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.1.51' (ECDSA) to the list of known hosts. 2020/03/08 15:31:20 parsed 1 programs 2020/03/08 15:31:20 executed programs: 0 [ 49.146007] IPVS: ftp: loaded support on port[0] = 21 [ 49.645552] IPVS: ftp: loaded support on port[0] = 21 [ 49.686859] chnl_net:caif_netlink_parms(): no params data found [ 49.713356] IPVS: ftp: loaded support on port[0] = 21 [ 49.766619] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.773709] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.780795] device bridge_slave_0 entered promiscuous mode [ 49.789180] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.795623] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.802578] device bridge_slave_1 entered promiscuous mode [ 49.813365] chnl_net:caif_netlink_parms(): no params data found [ 49.841831] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 49.853288] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 49.881851] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 49.889085] team0: Port device team_slave_0 added [ 49.898743] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 49.905869] team0: Port device team_slave_1 added [ 49.915665] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.922189] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.929128] device bridge_slave_0 entered promiscuous mode [ 49.936873] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.943321] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.951829] IPVS: ftp: loaded support on port[0] = 21 [ 49.951911] device bridge_slave_1 entered promiscuous mode [ 49.964689] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 49.978951] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 50.002542] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 50.011821] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 50.081952] device hsr_slave_0 entered promiscuous mode [ 50.140431] device hsr_slave_1 entered promiscuous mode [ 50.202577] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 50.229530] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 50.236627] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 50.243755] team0: Port device team_slave_0 added [ 50.262987] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 50.271253] team0: Port device team_slave_1 added [ 50.278869] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 50.287967] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 50.361838] device hsr_slave_0 entered promiscuous mode [ 50.400287] device hsr_slave_1 entered promiscuous mode [ 50.480353] chnl_net:caif_netlink_parms(): no params data found [ 50.488479] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 50.502278] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 50.512876] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.519377] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.526325] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.532693] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.544185] IPVS: ftp: loaded support on port[0] = 21 [ 50.573759] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.580251] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.586926] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.593341] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.636845] chnl_net:caif_netlink_parms(): no params data found [ 50.665803] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.674541] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.681849] device bridge_slave_0 entered promiscuous mode [ 50.695787] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.702430] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.709366] device bridge_slave_1 entered promiscuous mode [ 50.733749] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 50.748776] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 50.758521] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.776160] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.783999] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.790939] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.826100] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.839037] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.846220] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.853126] device bridge_slave_0 entered promiscuous mode [ 50.871142] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.877599] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.886031] device bridge_slave_1 entered promiscuous mode [ 50.892754] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 50.899825] team0: Port device team_slave_0 added [ 50.906445] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 50.915083] team0: Port device team_slave_1 added [ 50.925704] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.939196] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 50.947520] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 50.947904] IPVS: ftp: loaded support on port[0] = 21 [ 50.955618] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 50.980601] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 50.989764] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 51.024067] device hsr_slave_0 entered promiscuous mode [ 51.060391] device hsr_slave_1 entered promiscuous mode [ 51.100757] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 51.108485] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 51.117368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.125433] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.144170] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 51.152441] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 51.160516] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 51.176467] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.184849] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.192970] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 51.199037] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.206313] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 51.213213] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.226039] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 51.264773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 51.273957] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.283464] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.290076] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.305858] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 51.312963] team0: Port device team_slave_0 added [ 51.318452] chnl_net:caif_netlink_parms(): no params data found [ 51.336633] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 51.346468] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 51.353940] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 51.361547] team0: Port device team_slave_1 added [ 51.366997] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 51.374591] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 51.382629] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.390384] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.397185] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.404105] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 51.412944] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.420640] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.426979] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.442532] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 51.450118] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 51.463031] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 51.474709] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 51.488991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 51.496970] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.506119] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.512575] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.554368] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 51.568138] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 51.581519] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.587969] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 51.596066] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 51.607231] chnl_net:caif_netlink_parms(): no params data found [ 51.617142] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 51.671995] device hsr_slave_0 entered promiscuous mode [ 51.710407] device hsr_slave_1 entered promiscuous mode [ 51.771340] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.777719] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.784743] device bridge_slave_0 entered promiscuous mode [ 51.795239] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 51.804846] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 51.812568] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 51.820985] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 51.828558] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 51.836450] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 51.844222] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 51.851840] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 51.858668] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 51.866200] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 51.874009] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.882304] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.889283] device bridge_slave_1 entered promiscuous mode [ 51.904012] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 51.912535] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 51.928752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 51.936402] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 51.945035] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 51.953030] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 51.963955] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 51.975231] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.993973] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.001823] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.009672] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.017534] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.025286] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.032970] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.052650] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 52.061376] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 52.071956] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 52.079618] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 52.093500] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.099951] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.107586] device bridge_slave_0 entered promiscuous mode [ 52.114574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.124214] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.132750] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.140554] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.149428] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 52.155867] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 52.178137] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 52.186567] team0: Port device team_slave_0 added [ 52.193324] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.199834] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.207417] device bridge_slave_1 entered promiscuous mode [ 52.217701] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 52.224684] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 52.233591] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 52.241100] team0: Port device team_slave_1 added [ 52.246495] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 52.267021] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 52.276230] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 52.294990] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 52.303188] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 52.382183] device hsr_slave_0 entered promiscuous mode [ 52.420386] device hsr_slave_1 entered promiscuous mode [ 52.480586] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 52.487576] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 52.496408] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 52.507587] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 52.514905] team0: Port device team_slave_0 added [ 52.520824] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 52.527848] team0: Port device team_slave_1 added [ 52.533598] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 52.544133] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 52.553687] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 52.571958] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.586964] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 52.608516] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 52.652231] device hsr_slave_0 entered promiscuous mode [ 52.690509] device hsr_slave_1 entered promiscuous mode [ 52.734522] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 52.745614] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 52.760128] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 52.769117] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.776838] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.786570] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 52.793175] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.800424] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 52.817044] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 52.826855] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.844091] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 52.860209] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 52.890945] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.893503] ================================================================== [ 52.899273] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.905820] BUG: KASAN: use-after-free in padata_parallel_worker+0x37a/0x420 [ 52.905825] Write of size 8 at addr ffff888090b73b18 by task kworker/0:2/2776 [ 52.905827] [ 52.905833] CPU: 0 PID: 2776 Comm: kworker/0:2 Not tainted 4.14.172-syzkaller #0 [ 52.905836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.905843] Workqueue: pencrypt padata_parallel_worker [ 52.905847] Call Trace: [ 52.905856] dump_stack+0xf7/0x13b [ 52.905862] ? padata_parallel_worker+0x37a/0x420 [ 52.905869] print_address_description.cold.7+0x9/0x1c9 [ 52.905874] ? padata_parallel_worker+0x37a/0x420 [ 52.905879] kasan_report.cold.8+0x11a/0x2d3 [ 52.905885] __asan_report_store8_noabort+0x17/0x20 [ 52.905890] padata_parallel_worker+0x37a/0x420 [ 52.905895] ? padata_sysfs_store+0xa0/0xa0 [ 52.905908] process_one_work+0x79e/0x16c0 [ 52.905918] ? pwq_dec_nr_in_flight+0x2b0/0x2b0 [ 52.905928] worker_thread+0xcc/0xee0 [ 52.905941] kthread+0x338/0x400 [ 52.905946] ? process_one_work+0x16c0/0x16c0 [ 52.905949] ? kthread_create_on_node+0xa0/0xa0 [ 52.905955] ret_from_fork+0x24/0x30 [ 52.905966] [ 52.905969] Allocated by task 6988: [ 52.905975] save_stack_trace+0x16/0x20 [ 52.905979] save_stack+0x43/0xd0 [ 52.905982] kasan_kmalloc+0xc7/0xe0 [ 52.905988] __kmalloc+0x15b/0x7b0 [ 52.905994] tls_push_record+0xf6/0x14c0 [ 52.905998] tls_sw_sendmsg+0x90b/0x10a0 [ 52.906003] inet_sendmsg+0x108/0x440 [ 52.906008] sock_sendmsg+0xb5/0xf0 [ 52.906011] SYSC_sendto+0x1e3/0x2c0 [ 52.906015] SyS_sendto+0x9/0x10 [ 52.906021] do_syscall_64+0x1c7/0x5b0 [ 52.906025] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 52.906026] [ 52.906028] Freed by task 6988: [ 52.906031] save_stack_trace+0x16/0x20 [ 52.906033] save_stack+0x43/0xd0 [ 52.906036] kasan_slab_free+0x71/0xc0 [ 52.906039] kfree+0xcc/0x270 [ 52.906042] tls_push_record+0xd32/0x14c0 [ 52.906045] tls_sw_sendmsg+0x90b/0x10a0 [ 52.906048] inet_sendmsg+0x108/0x440 [ 52.906051] sock_sendmsg+0xb5/0xf0 [ 52.906054] SYSC_sendto+0x1e3/0x2c0 [ 52.906057] SyS_sendto+0x9/0x10 [ 52.906060] do_syscall_64+0x1c7/0x5b0 [ 52.906064] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 52.906065] [ 52.906069] The buggy address belongs to the object at ffff888090b73ac0 [ 52.906069] which belongs to the cache kmalloc-256 of size 256 [ 52.906073] The buggy address is located 88 bytes inside of [ 52.906073] 256-byte region [ffff888090b73ac0, ffff888090b73bc0) [ 52.906075] The buggy address belongs to the page: [ 52.906080] page:ffffea000242dcc0 count:1 mapcount:0 mapping:ffff888090b730c0 index:0x0 [ 52.906085] flags: 0x1fffc0000000100(slab) [ 52.906091] raw: 01fffc0000000100 ffff888090b730c0 0000000000000000 000000010000000c [ 52.906096] raw: ffffea000259eae0 ffffea00023f2220 ffff8880aa8007c0 0000000000000000 [ 52.906098] page dumped because: kasan: bad access detected [ 52.906099] [ 52.906101] Memory state around the buggy address: [ 52.906105] ffff888090b73a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 52.906108] ffff888090b73a80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 52.906112] >ffff888090b73b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 52.906114] ^ [ 52.906118] ffff888090b73b80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 52.906121] ffff888090b73c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 52.906123] ================================================================== [ 52.906127] Disabling lock debugging due to kernel taint [ 52.924331] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.928070] Kernel panic - not syncing: panic_on_warn set ... [ 52.928070] [ 52.929707] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.937226] CPU: 0 PID: 2776 Comm: kworker/0:2 Tainted: G B 4.14.172-syzkaller #0 [ 52.937229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.937242] Workqueue: pencrypt padata_parallel_worker [ 52.937244] Call Trace: [ 52.937254] dump_stack+0xf7/0x13b [ 52.937260] ? padata_parallel_worker+0x37a/0x420 [ 52.948972] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 52.952157] panic+0x1b0/0x358 [ 52.952162] ? add_taint.cold.5+0x11/0x11 [ 52.952170] ? padata_parallel_worker+0x37a/0x420 [ 52.952176] kasan_end_report+0x47/0x4f [ 52.952182] kasan_report.cold.8+0x76/0x2d3 [ 53.339420] __asan_report_store8_noabort+0x17/0x20 [ 53.344437] padata_parallel_worker+0x37a/0x420 [ 53.349094] ? padata_sysfs_store+0xa0/0xa0 [ 53.353393] process_one_work+0x79e/0x16c0 [ 53.357603] ? pwq_dec_nr_in_flight+0x2b0/0x2b0 [ 53.362277] worker_thread+0xcc/0xee0 [ 53.366063] kthread+0x338/0x400 [ 53.369418] ? process_one_work+0x16c0/0x16c0 [ 53.373905] ? kthread_create_on_node+0xa0/0xa0 [ 53.378563] ret_from_fork+0x24/0x30 [ 53.383528] Kernel Offset: disabled [ 53.387149] Rebooting in 86400 seconds..