[ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 31.598382] audit: type=1400 audit(1591868857.138:8): avc: denied { execmem } for pid=5975 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 31.884502] IPVS: ftp: loaded support on port[0] = 21 [ 33.059896] can: request_module (can-proto-0) failed. [ 33.068451] can: request_module (can-proto-0) failed. [ 33.094757] audit: type=1400 audit(1591868858.639:9): avc: denied { create } for pid=5956 comm="syz-fuzzer" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dccp_socket permissive=1 Warning: Permanently added '10.128.1.32' (ECDSA) to the list of known hosts. 2020/06/11 09:47:46 parsed 1 programs 2020/06/11 09:47:46 executed programs: 0 [ 41.403370] audit: type=1400 audit(1591868866.943:10): avc: denied { execmem } for pid=6091 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 41.489836] IPVS: ftp: loaded support on port[0] = 21 [ 42.290222] IPVS: ftp: loaded support on port[0] = 21 [ 42.296702] chnl_net:caif_netlink_parms(): no params data found [ 42.350129] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.357125] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.364980] device bridge_slave_0 entered promiscuous mode [ 42.365476] IPVS: ftp: loaded support on port[0] = 21 [ 42.373228] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.383210] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.391428] device bridge_slave_1 entered promiscuous mode [ 42.424410] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 42.436722] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 42.494863] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 42.502305] team0: Port device team_slave_0 added [ 42.523625] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 42.531957] team0: Port device team_slave_1 added [ 42.537527] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 42.545555] IPVS: ftp: loaded support on port[0] = 21 [ 42.554647] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 42.600130] device hsr_slave_0 entered promiscuous mode [ 42.628134] device hsr_slave_1 entered promiscuous mode [ 42.671657] chnl_net:caif_netlink_parms(): no params data found [ 42.682779] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 42.689889] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 42.773979] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.780474] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.787328] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.793729] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.813814] chnl_net:caif_netlink_parms(): no params data found [ 42.849156] IPVS: ftp: loaded support on port[0] = 21 [ 42.850709] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.864496] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.871726] device bridge_slave_0 entered promiscuous mode [ 42.906789] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.913642] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.921040] device bridge_slave_1 entered promiscuous mode [ 42.958592] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.964978] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.972505] device bridge_slave_0 entered promiscuous mode [ 42.980997] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.987395] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.995328] device bridge_slave_1 entered promiscuous mode [ 43.029676] chnl_net:caif_netlink_parms(): no params data found [ 43.052342] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 43.076982] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 43.095821] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 43.113171] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 43.122590] team0: Port device team_slave_0 added [ 43.129135] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 43.136149] team0: Port device team_slave_1 added [ 43.150449] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 43.172113] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 43.181502] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 43.201952] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 43.210081] IPVS: ftp: loaded support on port[0] = 21 [ 43.210642] team0: Port device team_slave_0 added [ 43.245141] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.251974] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.259522] device bridge_slave_0 entered promiscuous mode [ 43.267715] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.274056] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.281935] device bridge_slave_1 entered promiscuous mode [ 43.289454] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 43.296558] team0: Port device team_slave_1 added [ 43.303147] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 43.360932] device hsr_slave_0 entered promiscuous mode [ 43.407865] device hsr_slave_1 entered promiscuous mode [ 43.450011] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 43.461810] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 43.468145] 8021q: adding VLAN 0 to HW filter on device bond0 [ 43.486481] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 43.494531] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 43.502954] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.510303] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.517053] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 43.530937] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 43.549666] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 43.574546] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 43.589474] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 43.604191] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 43.611747] team0: Port device team_slave_0 added [ 43.651271] device hsr_slave_0 entered promiscuous mode [ 43.688515] device hsr_slave_1 entered promiscuous mode [ 43.729309] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 43.738468] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 43.744645] 8021q: adding VLAN 0 to HW filter on device team0 [ 43.789513] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 43.797242] team0: Port device team_slave_1 added [ 43.804755] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 43.812387] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 43.819960] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 43.828449] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 43.856592] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 43.865071] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 43.873642] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 43.882566] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 43.890299] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.897652] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.912959] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 43.920999] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 43.937934] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 43.945624] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 43.953795] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.960192] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.029859] device hsr_slave_0 entered promiscuous mode [ 44.067714] device hsr_slave_1 entered promiscuous mode [ 44.108322] chnl_net:caif_netlink_parms(): no params data found [ 44.119321] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 44.126715] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 44.139271] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 44.149096] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 44.167402] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 44.176056] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 44.184437] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 44.198487] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 44.206138] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 44.215366] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 44.223497] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 44.232791] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 44.250892] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 44.260704] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 44.285677] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 44.311058] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 44.364671] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.371930] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.380808] device bridge_slave_0 entered promiscuous mode [ 44.388236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 44.395696] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.416646] 8021q: adding VLAN 0 to HW filter on device bond0 [ 44.424343] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.431906] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.439083] device bridge_slave_1 entered promiscuous mode [ 44.459477] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 44.474450] chnl_net:caif_netlink_parms(): no params data found [ 44.484312] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 44.493893] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 44.501657] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 44.511082] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.521397] 8021q: adding VLAN 0 to HW filter on device bond0 [ 44.529242] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 44.535243] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 44.548707] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 44.569379] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 44.576444] team0: Port device team_slave_0 added [ 44.588162] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 44.600051] 8021q: adding VLAN 0 to HW filter on device bond0 [ 44.606759] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 44.614566] team0: Port device team_slave_1 added [ 44.620141] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 44.627995] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 44.641520] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 44.649608] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.661404] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 44.669561] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 44.682251] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 44.689282] 8021q: adding VLAN 0 to HW filter on device team0 [ 44.706756] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 44.718216] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 44.759813] device hsr_slave_0 entered promiscuous mode [ 44.797420] device hsr_slave_1 entered promiscuous mode [ 44.857316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 44.864160] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.877126] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 44.888130] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 44.896252] 8021q: adding VLAN 0 to HW filter on device team0 [ 44.905554] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 44.914299] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 44.923498] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.930626] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.938503] device bridge_slave_0 entered promiscuous mode [ 44.944809] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 44.952907] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.960610] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.966930] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.974057] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 44.982219] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.989897] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.996284] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.003410] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 45.010629] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 45.020981] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 45.029904] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 45.036609] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 45.045150] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.054941] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.062114] device bridge_slave_1 entered promiscuous mode [ 45.074915] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 45.082784] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 45.091346] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.097735] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.104550] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 45.111481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 45.120146] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 45.127972] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 45.137690] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 45.149960] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 45.156042] 8021q: adding VLAN 0 to HW filter on device team0 [ 45.163337] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 45.175679] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 45.186591] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 45.194906] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.201300] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.209022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 45.216557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 45.225288] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 45.238523] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 45.247930] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 45.256058] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 45.265692] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 45.274569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 45.282570] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 45.290459] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 45.298902] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 45.306347] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 45.315768] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 45.327115] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.335993] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 45.344503] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 45.353535] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 45.361581] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 45.370448] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.376977] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.384684] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 45.393705] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 45.418995] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 45.426544] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 45.440442] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 45.462046] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 45.469967] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 45.483750] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 45.488686] ================================================================== [ 45.492110] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 45.498397] BUG: KASAN: use-after-free in padata_parallel_worker+0x377/0x420 [ 45.498402] Write of size 8 at addr ffff888096e675d8 by task kworker/0:2/3147 [ 45.498404] [ 45.498409] CPU: 0 PID: 3147 Comm: kworker/0:2 Not tainted 4.14.184-syzkaller #0 [ 45.498412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.498419] Workqueue: pencrypt padata_parallel_worker [ 45.498423] Call Trace: [ 45.498432] dump_stack+0xf7/0x13b [ 45.498438] ? padata_parallel_worker+0x377/0x420 [ 45.498445] print_address_description.cold.7+0x9/0x1c9 [ 45.498450] ? padata_parallel_worker+0x377/0x420 [ 45.498455] kasan_report.cold.8+0x11a/0x2d3 [ 45.498462] __asan_report_store8_noabort+0x17/0x20 [ 45.498467] padata_parallel_worker+0x377/0x420 [ 45.498474] ? invoke_padata_reorder+0x40/0x40 [ 45.498486] process_one_work+0x79e/0x16c0 [ 45.498497] ? pwq_dec_nr_in_flight+0x2b0/0x2b0 [ 45.498507] worker_thread+0xcc/0xee0 [ 45.498520] kthread+0x338/0x400 [ 45.511701] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 45.513040] ? process_one_work+0x16c0/0x16c0 [ 45.523405] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.529870] ? kthread_create_on_node+0xa0/0xa0 [ 45.529878] ret_from_fork+0x24/0x30 [ 45.529889] [ 45.529893] Allocated by task 6959: [ 45.529899] save_stack_trace+0x16/0x20 [ 45.529903] save_stack+0x43/0xd0 [ 45.529906] kasan_kmalloc+0xc7/0xe0 [ 45.529911] __kmalloc+0x15b/0x7b0 [ 45.529917] tls_push_record+0xf6/0x14c0 [ 45.529922] tls_sw_sendmsg+0x90b/0x10a0 [ 45.539314] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.544522] inet_sendmsg+0x108/0x440 [ 45.551373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 45.555439] sock_sendmsg+0xb5/0xf0 [ 45.562099] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 45.566666] SYSC_sendto+0x1e3/0x2c0 [ 45.577967] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 45.580821] SyS_sendto+0x9/0x10 [ 45.697500] do_syscall_64+0x1c7/0x5b0 [ 45.701903] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 45.707107] [ 45.708728] Freed by task 6959: [ 45.711983] save_stack_trace+0x16/0x20 [ 45.715936] save_stack+0x43/0xd0 [ 45.719365] kasan_slab_free+0x71/0xc0 [ 45.724181] kfree+0xcc/0x270 [ 45.727264] tls_push_record+0xd32/0x14c0 [ 45.731386] tls_sw_sendmsg+0x90b/0x10a0 [ 45.735422] inet_sendmsg+0x108/0x440 [ 45.739198] sock_sendmsg+0xb5/0xf0 [ 45.742821] SYSC_sendto+0x1e3/0x2c0 [ 45.746512] SyS_sendto+0x9/0x10 [ 45.749852] do_syscall_64+0x1c7/0x5b0 [ 45.753716] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 45.758896] [ 45.760501] The buggy address belongs to the object at ffff888096e67580 [ 45.760501] which belongs to the cache kmalloc-256 of size 256 [ 45.773162] The buggy address is located 88 bytes inside of [ 45.773162] 256-byte region [ffff888096e67580, ffff888096e67680) [ 45.785620] The buggy address belongs to the page: [ 45.790544] page:ffffea00025b99c0 count:1 mapcount:0 mapping:ffff888096e67080 index:0x0 [ 45.798682] flags: 0x1fffc0000000100(slab) [ 45.802896] raw: 01fffc0000000100 ffff888096e67080 0000000000000000 000000010000000c [ 45.810752] raw: ffffea00025b4120 ffffea00025c8920 ffff8880aa8007c0 0000000000000000 [ 45.818623] page dumped because: kasan: bad access detected [ 45.824314] [ 45.825934] Memory state around the buggy address: [ 45.830839] ffff888096e67480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.838181] ffff888096e67500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 45.845620] >ffff888096e67580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 45.852970] ^ [ 45.859522] ffff888096e67600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 45.866872] ffff888096e67680: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 45.874211] ================================================================== [ 45.881632] Disabling lock debugging due to kernel taint [ 45.887115] Kernel panic - not syncing: panic_on_warn set ... [ 45.887115] [ 45.890154] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 45.895091] CPU: 0 PID: 3147 Comm: kworker/0:2 Tainted: G B 4.14.184-syzkaller #0 [ 45.895094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.895107] Workqueue: pencrypt padata_parallel_worker [ 45.895113] Call Trace: [ 45.907338] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 45.910590] dump_stack+0xf7/0x13b [ 45.922791] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 45.925738] ? padata_parallel_worker+0x377/0x420 [ 45.925745] panic+0x1b0/0x358 [ 45.928975] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 45.934981] ? add_taint.cold.5+0x11/0x11 [ 45.934992] ? padata_parallel_worker+0x377/0x420 [ 45.934999] kasan_end_report+0x47/0x4f [ 45.940025] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 45.948116] kasan_report.cold.8+0x76/0x2d3 [ 45.948121] __asan_report_store8_noabort+0x17/0x20 [ 45.948127] padata_parallel_worker+0x377/0x420 [ 45.948132] ? invoke_padata_reorder+0x40/0x40 [ 45.948139] process_one_work+0x79e/0x16c0 [ 45.948145] ? pwq_dec_nr_in_flight+0x2b0/0x2b0 [ 45.958990] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 45.962111] worker_thread+0xcc/0xee0 [ 45.962121] kthread+0x338/0x400 [ 45.969484] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 45.971107] ? process_one_work+0x16c0/0x16c0 [ 45.971115] ? kthread_create_on_node+0xa0/0xa0 [ 46.037952] ret_from_fork+0x24/0x30 [ 46.042965] Kernel Offset: disabled [ 46.046581] Rebooting in 86400 seconds..