IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready ================================================================== BUG: KASAN: use-after-free in tick_sched_handle+0x16c/0x180 kernel/time/tick-sched.c:164 IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready Read of size 8 at addr ffff880071eba620 by task syz-executor4/7068 CPU: 0 PID: 7068 Comm: syz-executor4 Not tainted 4.20.0-rc1+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x244/0x39d lib/dump_stack.c:113 hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network print_address_description.cold.7+0x9/0x1ff mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report.cold.8+0x242/0x309 mm/kasan/report.c:412 __asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:433 tick_sched_handle+0x16c/0x180 kernel/time/tick-sched.c:164 tick_sched_timer+0x45/0x130 kernel/time/tick-sched.c:1274 __run_hrtimer kernel/time/hrtimer.c:1398 [inline] __hrtimer_run_queues+0x41c/0x10d0 kernel/time/hrtimer.c:1460 hrtimer_interrupt+0x313/0x780 kernel/time/hrtimer.c:1518 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1034 [inline] smp_apic_timer_interrupt+0x1a1/0x760 arch/x86/kernel/apic/apic.c:1059 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:804 The buggy address belongs to the page: page:ffffea0001c7ae80 count:0 mapcount:0 mapping:0000000000000000 index:0x0 flags: 0x5fffc0000000000() raw: 05fffc0000000000 dead000000000100 dead000000000200 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff880071eba500: ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 00 BUG: unable to handle kernel paging request at ffffc900004c2668 usercopy: Kernel memory overwrite attempt detected to SLAB object 'kmalloc-64' (offset 120, size 8)! ffff880071eba580: 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ------------[ cut here ]------------ >ffff880071eba600: ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 00 kernel BUG at mm/usercopy.c:102! ^ invalid opcode: 0000 [#1] PREEMPT SMP KASAN ffff880071eba680: 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f2 f2 CPU: 1 PID: 7069 Comm: syz-executor2 Not tainted 4.20.0-rc1+ #1 ffff880071eba700: f2 f2 f2 f2 f2 f8 f2 f2 f2 00 00 ff 00 00 00 00 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 ==================================================================