[ 38.183626] audit: type=1400 audit(1578903172.734:37): avc: denied { map } for pid=6752 comm="syz-fuzzer" path="/root/syzkaller-shm261090401" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 38.441112] IPVS: ftp: loaded support on port[0] = 21 [ 39.607989] can: request_module (can-proto-0) failed. [ 39.617962] can: request_module (can-proto-0) failed. [ 39.772030] audit: type=1400 audit(1578903174.324:38): avc: denied { create } for pid=6752 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 [ 39.796115] audit: type=1400 audit(1578903174.324:39): avc: denied { create } for pid=6752 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 39.819988] audit: type=1400 audit(1578903174.324:40): avc: denied { create } for pid=6752 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 39.977737] random: sshd: uninitialized urandom read (32 bytes read) [ 40.651208] random: sshd: uninitialized urandom read (32 bytes read) [ 40.860311] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.27' (ECDSA) to the list of known hosts. 2020/01/13 08:13:01 parsed 1 programs 2020/01/13 08:13:01 executed programs: 0 [ 47.080868] IPVS: ftp: loaded support on port[0] = 21 [ 47.944989] chnl_net:caif_netlink_parms(): no params data found [ 47.973180] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.979771] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.986804] device bridge_slave_0 entered promiscuous mode [ 47.993655] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.000202] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.007032] device bridge_slave_1 entered promiscuous mode [ 48.021339] IPVS: ftp: loaded support on port[0] = 21 [ 48.027191] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 48.037129] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 48.059743] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 48.066987] team0: Port device team_slave_0 added [ 48.072672] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 48.079781] team0: Port device team_slave_1 added [ 48.089053] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.098157] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.162049] device hsr_slave_0 entered promiscuous mode [ 48.200300] device hsr_slave_1 entered promiscuous mode [ 48.242317] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 48.253971] IPVS: ftp: loaded support on port[0] = 21 [ 48.262287] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 48.325555] chnl_net:caif_netlink_parms(): no params data found [ 48.342020] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.348415] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.355256] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.361617] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.390698] IPVS: ftp: loaded support on port[0] = 21 [ 48.403299] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.409696] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.417440] device bridge_slave_0 entered promiscuous mode [ 48.426676] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.433358] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.441614] device bridge_slave_1 entered promiscuous mode [ 48.473062] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 48.491719] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 48.509722] IPVS: ftp: loaded support on port[0] = 21 [ 48.563619] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 48.571045] team0: Port device team_slave_0 added [ 48.578246] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 48.586054] team0: Port device team_slave_1 added [ 48.591788] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.604333] chnl_net:caif_netlink_parms(): no params data found [ 48.615441] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.713097] device hsr_slave_0 entered promiscuous mode [ 48.770282] device hsr_slave_1 entered promiscuous mode [ 48.812409] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 48.819107] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.825748] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.832716] device bridge_slave_0 entered promiscuous mode [ 48.864495] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 48.873855] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.880706] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.887556] device bridge_slave_1 entered promiscuous mode [ 48.915498] IPVS: ftp: loaded support on port[0] = 21 [ 48.947080] chnl_net:caif_netlink_parms(): no params data found [ 48.956146] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 48.970403] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 48.978751] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.985939] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.042739] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 49.058235] chnl_net:caif_netlink_parms(): no params data found [ 49.077848] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 49.085466] team0: Port device team_slave_0 added [ 49.106228] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.119168] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 49.127062] team0: Port device team_slave_1 added [ 49.136678] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.143456] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.150660] device bridge_slave_0 entered promiscuous mode [ 49.158914] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.165452] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.172519] device bridge_slave_1 entered promiscuous mode [ 49.195110] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.201808] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.208644] device bridge_slave_0 entered promiscuous mode [ 49.215239] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 49.222599] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 49.282158] device hsr_slave_0 entered promiscuous mode [ 49.320302] device hsr_slave_1 entered promiscuous mode [ 49.392864] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 49.399227] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.406070] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.413099] device bridge_slave_1 entered promiscuous mode [ 49.424301] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 49.432945] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 49.441621] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 49.448716] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 49.471772] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 49.481596] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 49.488126] 8021q: adding VLAN 0 to HW filter on device team0 [ 49.495003] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 49.502346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 49.509823] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 49.527139] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 49.545963] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 49.553504] team0: Port device team_slave_0 added [ 49.565587] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 49.573640] team0: Port device team_slave_0 added [ 49.581150] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 49.588163] team0: Port device team_slave_1 added [ 49.593739] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 49.601168] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 49.608764] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 49.616353] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 49.623664] team0: Port device team_slave_1 added [ 49.629045] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 49.636945] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 49.654973] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 49.664693] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.672638] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.678972] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.687601] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 49.699957] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 49.758682] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 49.768219] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.776142] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.782536] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.791241] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 49.799423] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 49.862099] device hsr_slave_0 entered promiscuous mode [ 49.890361] device hsr_slave_1 entered promiscuous mode [ 49.941115] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 49.950963] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 49.958542] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 50.003432] device hsr_slave_0 entered promiscuous mode [ 50.040364] device hsr_slave_1 entered promiscuous mode [ 50.090983] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 50.098550] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 50.107443] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 50.115037] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 50.125061] chnl_net:caif_netlink_parms(): no params data found [ 50.134967] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 50.143145] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 50.150792] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 50.164781] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.173066] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 50.183955] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 50.212301] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 50.220502] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 50.227977] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 50.235825] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 50.244548] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 50.252651] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 50.260385] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 50.268293] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 50.279154] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 50.285236] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 50.294601] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 50.302101] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 50.322322] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 50.329920] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 50.348688] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 50.356728] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 50.363788] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 50.375390] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 50.381737] 8021q: adding VLAN 0 to HW filter on device team0 [ 50.388905] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.396283] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.403526] device bridge_slave_0 entered promiscuous mode [ 50.411050] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.417416] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.424368] device bridge_slave_1 entered promiscuous mode [ 50.436244] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.446075] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 50.464538] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 50.477824] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 50.484556] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 50.494730] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.502415] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.508742] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.518326] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 50.527878] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 50.535201] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 50.556560] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 50.564308] team0: Port device team_slave_0 added [ 50.569982] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 50.577530] team0: Port device team_slave_1 added [ 50.583892] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 50.595071] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 50.605117] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 50.616003] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 50.624458] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.632104] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.638447] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.645690] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 50.655688] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 50.663283] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 50.674591] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 50.683465] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 50.690587] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 50.697354] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 50.706908] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 50.714719] 8021q: adding VLAN 0 to HW filter on device team0 [ 50.722779] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 50.744865] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 50.754479] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 50.762250] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 50.769883] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 50.779293] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 50.833318] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 50.847212] device hsr_slave_0 entered promiscuous mode [ 50.858167] ================================================================== [ 50.859300] BUG: unable to handle kernel paging request [ 50.866080] BUG: KASAN: use-after-free in padata_parallel_worker+0x37a/0x420 [ 50.866086] Write of size 8 at addr ffff8880a0f42ad8 by task kworker/0:0/3 [ 50.871431] at ffffffffffffffc8 [ 50.878589] [ 50.885583] IP: pcrypt_aead_enc+0x7b/0xf0 [ 50.888922] CPU: 0 PID: 3 Comm: kworker/0:0 Not tainted 4.14.164-syzkaller #0 [ 50.890525] PGD 786d067 [ 50.894646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 50.901903] P4D 786d067 [ 50.904591] Workqueue: pencrypt padata_parallel_worker [ 50.913919] PUD 786f067 [ 50.921818] PMD 0 [ 50.924478] Call Trace: [ 50.924483] Oops: 0000 [#1] PREEMPT SMP KASAN [ 50.926613] dump_stack+0xf7/0x13b [ 50.929171] Modules linked in: [ 50.933645] ? padata_parallel_worker+0x37a/0x420 [ 50.940326] print_address_description.cold.7+0x9/0x1c9 [ 50.945140] CPU: 1 PID: 6862 Comm: kworker/1:3 Not tainted 4.14.164-syzkaller #0 [ 50.950480] ? padata_parallel_worker+0x37a/0x420 [ 50.957987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 50.962807] kasan_report.cold.8+0x11a/0x2d3 [ 50.972137] Workqueue: pencrypt padata_parallel_worker [ 50.976522] __asan_report_store8_noabort+0x17/0x20 [ 50.981781] task: ffff8880a09820c0 task.stack: ffff8880964e0000 [ 50.986774] padata_parallel_worker+0x37a/0x420 [ 50.992809] RIP: 0010:pcrypt_aead_enc+0x7b/0xf0 [ 50.997466] ? padata_sysfs_store+0xa0/0xa0 [ 51.002117] RSP: 0018:ffff8880964e7c90 EFLAGS: 00010246 [ 51.006427] process_one_work+0x79e/0x16c0 [ 51.011769] RAX: dffffc0000000000 RBX: ffff8880937d6550 RCX: ffffffff82b06dfe [ 51.015998] ? pwq_dec_nr_in_flight+0x2b0/0x2b0 [ 51.023246] RDX: 1ffffffffffffff9 RSI: 0000000000000008 RDI: ffff8880937d6588 [ 51.027896] worker_thread+0xcc/0xee0 [ 51.035137] RBP: ffff8880964e7cb0 R08: 0000000000000001 R09: 0000000000000000 [ 51.038918] kthread+0x338/0x400 [ 51.046161] R10: 0000000000000050 R11: ffff8880a09820c0 R12: 0000000000000000 [ 51.049505] ? process_one_work+0x16c0/0x16c0 [ 51.056750] R13: ffff8880937d6588 R14: ffff8880964e7cf8 R15: 1ffff11012c9cf9b [ 51.061222] ? kthread_create_on_node+0xa0/0xa0 [ 51.068485] FS: 0000000000000000(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000 [ 51.073131] ret_from_fork+0x24/0x30 [ 51.081330] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 51.085137] [ 51.091009] CR2: ffffffffffffffc8 CR3: 000000008955b000 CR4: 00000000001406e0 [ 51.092615] Allocated by task 6878: [ 51.099875] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 51.103496] save_stack_trace+0x16/0x20 [ 51.110738] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 51.114700] save_stack+0x43/0xd0 [ 51.121944] Call Trace: [ 51.125374] kasan_kmalloc+0xc7/0xe0 [ 51.127939] padata_parallel_worker+0x24e/0x420 [ 51.131624] __kmalloc+0x15b/0x7b0 [ 51.136267] ? padata_sysfs_store+0xa0/0xa0 [ 51.139795] tls_push_record+0xf6/0x14c0 [ 51.139799] tls_sw_sendmsg+0x90b/0x10a0 [ 51.144099] process_one_work+0x79e/0x16c0 [ 51.148133] inet_sendmsg+0x108/0x440 [ 51.152196] ? pwq_dec_nr_in_flight+0x2b0/0x2b0 [ 51.156417] sock_sendmsg+0xb5/0xf0 [ 51.160198] worker_thread+0xcc/0xee0 [ 51.164853] SYSC_sendto+0x1e3/0x2c0 [ 51.168475] kthread+0x338/0x400 [ 51.172244] SyS_sendto+0x9/0x10 [ 51.172251] do_syscall_64+0x1c7/0x5b0 [ 51.175944] ? process_one_work+0x16c0/0x16c0 [ 51.179289] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 51.182696] ? kthread_create_on_node+0xa0/0xa0 [ 51.186571] [ 51.191054] ret_from_fork+0x24/0x30 [ 51.196211] Freed by task 6878: [ 51.200870] Code: [ 51.202487] save_stack_trace+0x16/0x20 [ 51.206170] 00 [ 51.209448] save_stack+0x43/0xd0 [ 51.211582] 0f [ 51.215550] kasan_slab_free+0x71/0xc0 [ 51.217413] 85 [ 51.220846] kfree+0xcc/0x270 [ 51.222740] 82 [ 51.226650] tls_push_record+0xd32/0x14c0 [ 51.228528] 00 [ 51.231611] tls_sw_sendmsg+0x90b/0x10a0 [ 51.233484] 00 [ 51.237628] inet_sendmsg+0x108/0x440 [ 51.239490] 00 [ 51.243543] sock_sendmsg+0xb5/0xf0 [ 51.245408] 48 [ 51.249202] SYSC_sendto+0x1e3/0x2c0 [ 51.251070] b8 [ 51.254684] SyS_sendto+0x9/0x10 [ 51.256547] 00 [ 51.260246] do_syscall_64+0x1c7/0x5b0 [ 51.262108] 00 [ 51.265469] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 51.267331] 00 [ 51.271206] [ 51.273085] 00 [ 51.278273] The buggy address belongs to the object at ffff8880a0f42a80 [ 51.278273] which belongs to the cache kmalloc-256 of size 256 [ 51.280164] 00 [ 51.281782] The buggy address is located 88 bytes inside of [ 51.281782] 256-byte region [ffff8880a0f42a80, ffff8880a0f42b80) [ 51.283764] fc [ 51.296357] The buggy address belongs to the page: [ 51.298229] ff [ 51.310012] page:ffffea000283d080 count:1 mapcount:0 mapping:ffff8880a0f42080 index:0x0 [ 51.311884] df [ 51.318676] 4d [ 51.326823] flags: 0x1fffc0000000100(slab) [ 51.328691] 8b [ 51.330566] raw: 01fffc0000000100 ffff8880a0f42080 0000000000000000 000000010000000c [ 51.334780] 64 [ 51.336662] raw: ffffea0002213020 ffffea00028087a0 ffff8880aa8007c0 0000000000000000 [ 51.344643] 24 [ 51.346520] page dumped because: kasan: bad access detected [ 51.354386] 38 [ 51.356258] [ 51.361954] 49 [ 51.363921] Memory state around the buggy address: [ 51.365541] 8d [ 51.367416] ffff8880a0f42980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 51.372322] 7c [ 51.374218] ffff8880a0f42a00: 00 00 00 00 00 00 00 06 fc fc fc fc fc fc fc fc [ 51.381568] 24 [ 51.383448] >ffff8880a0f42a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 51.390783] c8 [ 51.392664] ^ [ 51.400008] 48 [ 51.401887] ffff8880a0f42b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 51.408104] 89 [ 51.409984] ffff8880a0f42b80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 51.417342] fa [ 51.419216] ================================================================== [ 51.426567] 48 [ 51.428497] Kernel panic - not syncing: panic_on_warn set ... [ 51.428497] [ 51.435772] c1 ea 03 80 3c 02 00 75 5a 4c 89 ef <41> ff 54 24 c8 48 8d 7b 1c 48 ba 00 00 00 00 00 fc ff df 48 89 [ 51.455453] RIP: pcrypt_aead_enc+0x7b/0xf0 RSP: ffff8880964e7c90 [ 51.461591] CR2: ffffffffffffffc8 [ 51.465043] ---[ end trace f03d87fb64f45ea5 ]--- [ 52.560490] Shutting down cpus with NMI [ 52.565621] Kernel Offset: disabled [ 52.569243] Rebooting in 86400 seconds..