Warning: Permanently added '10.128.0.249' (ECDSA) to the list of known hosts.
[   28.430928] IPVS: ftp: loaded support on port[0] = 21
[   28.496017] chnl_net:caif_netlink_parms(): no params data found
[   28.573435] bridge0: port 1(bridge_slave_0) entered blocking state
[   28.580616] bridge0: port 1(bridge_slave_0) entered disabled state
[   28.587487] device bridge_slave_0 entered promiscuous mode
[   28.594595] bridge0: port 2(bridge_slave_1) entered blocking state
[   28.601238] bridge0: port 2(bridge_slave_1) entered disabled state
[   28.608776] device bridge_slave_1 entered promiscuous mode
[   28.624386] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   28.632894] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   28.650642] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   28.658344] team0: Port device team_slave_0 added
[   28.663619] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   28.671165] team0: Port device team_slave_1 added
[   28.685616] batman_adv: batadv0: Adding interface: batadv_slave_0
[   28.691875] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   28.717670] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   28.729676] batman_adv: batadv0: Adding interface: batadv_slave_1
[   28.735896] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   28.762026] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   28.773018] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   28.781291] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   28.799376] device hsr_slave_0 entered promiscuous mode
[   28.805046] device hsr_slave_1 entered promiscuous mode
[   28.811603] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   28.818993] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   28.876816] bridge0: port 2(bridge_slave_1) entered blocking state
[   28.883219] bridge0: port 2(bridge_slave_1) entered forwarding state
[   28.890016] bridge0: port 1(bridge_slave_0) entered blocking state
[   28.896357] bridge0: port 1(bridge_slave_0) entered forwarding state
[   28.923568] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   28.930496] 8021q: adding VLAN 0 to HW filter on device bond0
[   28.938062] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   28.946619] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   28.956504] bridge0: port 1(bridge_slave_0) entered disabled state
[   28.963610] bridge0: port 2(bridge_slave_1) entered disabled state
[   28.972969] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   28.979485] 8021q: adding VLAN 0 to HW filter on device team0
[   28.987285] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   28.994966] bridge0: port 1(bridge_slave_0) entered blocking state
[   29.001347] bridge0: port 1(bridge_slave_0) entered forwarding state
[   29.018815] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   29.026443] bridge0: port 2(bridge_slave_1) entered blocking state
[   29.032838] bridge0: port 2(bridge_slave_1) entered forwarding state
[   29.040321] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   29.048361] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   29.055753] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   29.063319] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   29.072760] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   29.083264] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[   29.089295] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   29.096093] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   29.109687] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready
[   29.117518] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   29.124151] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   29.134497] 8021q: adding VLAN 0 to HW filter on device batadv0
[   29.181099] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready
[   29.190655] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   29.219526] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready
[   29.226352] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready
[   29.234065] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready
[   29.242721] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   29.250704] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   29.259094] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   29.267621] device veth0_vlan entered promiscuous mode
[   29.275463] device veth1_vlan entered promiscuous mode
[   29.281404] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready
[   29.290000] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready
[   29.300355] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready
[   29.309631] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   29.316713] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   29.324312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   29.333047] device veth0_macvtap entered promiscuous mode
[   29.339194] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready
[   29.346623] device veth1_macvtap entered promiscuous mode
[   29.354978] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready
[   29.363790] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready
[   29.373195] batman_adv: batadv0: Interface activated: batadv_slave_0
[   29.380769] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   29.389553] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   29.398896] batman_adv: batadv0: Interface activated: batadv_slave_1
[   29.408283] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
executing program
[   29.481324] netlink: 4 bytes leftover after parsing attributes in process `syz-executor130'.
[   29.493784] ==================================================================
[   29.501226] BUG: KASAN: use-after-free in radix_tree_next_chunk+0x89f/0x8c0
[   29.508303] Read of size 8 at addr ffff88809ed90b48 by task syz-executor130/7979
[   29.515806] 
[   29.517412] CPU: 1 PID: 7979 Comm: syz-executor130 Not tainted 4.14.278-syzkaller #0
[   29.525264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   29.534593] Call Trace:
[   29.537171]  dump_stack+0x1b2/0x281
[   29.540790]  print_address_description.cold+0x54/0x1d3
[   29.546040]  kasan_report_error.cold+0x8a/0x191
[   29.550685]  ? radix_tree_next_chunk+0x89f/0x8c0
[   29.555417]  __asan_report_load8_noabort+0x68/0x70
[   29.560320]  ? radix_tree_next_chunk+0x89f/0x8c0
[   29.565050]  radix_tree_next_chunk+0x89f/0x8c0
[   29.569613]  ida_remove+0x9b/0x210
[   29.573130]  ? ida_destroy+0x1b0/0x1b0
[   29.576993]  ? lock_acquire+0x170/0x3f0
[   29.580945]  ida_simple_remove+0x31/0x50
[   29.584981]  ipvlan_link_new+0x50c/0xfa0
[   29.589019]  rtnl_newlink+0xf7c/0x1830
[   29.592885]  ? __lock_acquire+0x5fc/0x3f20
[   29.597097]  ? ipvlan_port_destroy+0x3f0/0x3f0
[   29.601690]  ? kasan_slab_free+0xc3/0x1a0
[   29.605819]  ? rtnl_dellink+0x6a0/0x6a0
[   29.609778]  ? trace_hardirqs_on+0x10/0x10
[   29.613995]  ? __dev_queue_xmit+0x1d7f/0x2480
[   29.618466]  ? netlink_deliver_tap+0x61b/0x860
[   29.623046]  ? netlink_unicast+0x485/0x610
[   29.627259]  ? sock_sendmsg+0x40/0x100
[   29.631123]  ? ___sys_sendmsg+0x6c8/0x800
[   29.635249]  ? __sys_sendmsg+0xa3/0x120
[   29.639216]  ? lock_acquire+0x170/0x3f0
[   29.643167]  ? lock_downgrade+0x740/0x740
[   29.647291]  ? rtnl_dellink+0x6a0/0x6a0
[   29.651241]  rtnetlink_rcv_msg+0x3be/0xb10
[   29.655453]  ? rtnl_calcit.isra.0+0x3a0/0x3a0
[   29.659923]  ? __netlink_lookup+0x345/0x5d0
[   29.664223]  ? netdev_pick_tx+0x2e0/0x2e0
[   29.668349]  netlink_rcv_skb+0x125/0x390
[   29.672384]  ? rtnl_calcit.isra.0+0x3a0/0x3a0
[   29.676857]  ? netlink_ack+0x9a0/0x9a0
[   29.680725]  netlink_unicast+0x437/0x610
[   29.684761]  ? netlink_sendskb+0xd0/0xd0
[   29.688796]  ? __check_object_size+0x179/0x230
[   29.693355]  netlink_sendmsg+0x648/0xbc0
[   29.697403]  ? nlmsg_notify+0x1b0/0x1b0
[   29.701359]  ? kernel_recvmsg+0x210/0x210
[   29.705487]  ? security_socket_sendmsg+0x83/0xb0
[   29.710222]  ? nlmsg_notify+0x1b0/0x1b0
[   29.714175]  sock_sendmsg+0xb5/0x100
[   29.717866]  ___sys_sendmsg+0x6c8/0x800
[   29.721818]  ? copy_msghdr_from_user+0x3b0/0x3b0
[   29.726552]  ? trace_hardirqs_on+0x10/0x10
[   29.730768]  ? lock_acquire+0x170/0x3f0
[   29.734718]  ? lock_downgrade+0x740/0x740
[   29.738843]  ? __might_fault+0x104/0x1b0
[   29.742887]  ? lock_acquire+0x170/0x3f0
[   29.746835]  ? lock_downgrade+0x740/0x740
[   29.750964]  ? __might_fault+0x177/0x1b0
[   29.755001]  ? _copy_to_user+0x82/0xd0
[   29.758868]  ? move_addr_to_user+0x13f/0x180
[   29.763249]  ? __fdget+0x167/0x1f0
[   29.766769]  ? sockfd_lookup_light+0xb2/0x160
[   29.771240]  __sys_sendmsg+0xa3/0x120
[   29.775018]  ? SyS_shutdown+0x160/0x160
[   29.778971]  ? move_addr_to_kernel+0x60/0x60
[   29.783357]  SyS_sendmsg+0x27/0x40
[   29.786870]  ? __sys_sendmsg+0x120/0x120
[   29.790905]  do_syscall_64+0x1d5/0x640
[   29.794773]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   29.799937] RIP: 0033:0x7f3f36316869
[   29.803633] RSP: 002b:00007fffbaaca258 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   29.811316] RAX: ffffffffffffffda RBX: 00007fffbaaca268 RCX: 00007f3f36316869
[   29.818561] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000004
[   29.825806] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000
[   29.833051] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffbaaca270
[   29.840299] R13: 00007fffbaaca290 R14: 0000000000000000 R15: 0000000000000000
[   29.847548] 
[   29.849150] Allocated by task 7979:
[   29.852754]  kasan_kmalloc+0xeb/0x160
[   29.856531]  kmem_cache_alloc_trace+0x131/0x3d0
[   29.861175]  ipvlan_link_new+0x64f/0xfa0
[   29.865211]  rtnl_newlink+0xf7c/0x1830
[   29.869075]  rtnetlink_rcv_msg+0x3be/0xb10
[   29.873286]  netlink_rcv_skb+0x125/0x390
[   29.877321]  netlink_unicast+0x437/0x610
[   29.881356]  netlink_sendmsg+0x648/0xbc0
[   29.885392]  sock_sendmsg+0xb5/0x100
[   29.889080]  ___sys_sendmsg+0x6c8/0x800
[   29.893029]  __sys_sendmsg+0xa3/0x120
[   29.896804]  SyS_sendmsg+0x27/0x40
[   29.900320]  do_syscall_64+0x1d5/0x640
[   29.904185]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   29.909345] 
[   29.910947] Freed by task 7979:
[   29.914199]  kasan_slab_free+0xc3/0x1a0
[   29.918145]  kfree+0xc9/0x250
[   29.921223]  ipvlan_uninit+0xb6/0xe0
[   29.924913]  register_netdevice+0x7fd/0xe50
[   29.929212]  ipvlan_link_new+0x499/0xfa0
[   29.933264]  rtnl_newlink+0xf7c/0x1830
[   29.937127]  rtnetlink_rcv_msg+0x3be/0xb10
[   29.941334]  netlink_rcv_skb+0x125/0x390
[   29.945370]  netlink_unicast+0x437/0x610
[   29.949406]  netlink_sendmsg+0x648/0xbc0
[   29.953441]  sock_sendmsg+0xb5/0x100
[   29.957126]  ___sys_sendmsg+0x6c8/0x800
[   29.961075]  __sys_sendmsg+0xa3/0x120
[   29.964847]  SyS_sendmsg+0x27/0x40
[   29.968360]  do_syscall_64+0x1d5/0x640
[   29.972222]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   29.977381] 
[   29.978986] The buggy address belongs to the object at ffff88809ed90280
[   29.978986]  which belongs to the cache kmalloc-4096 of size 4096
[   29.991792] The buggy address is located 2248 bytes inside of
[   29.991792]  4096-byte region [ffff88809ed90280, ffff88809ed91280)
[   30.003812] The buggy address belongs to the page:
[   30.008716] page:ffffea00027b6400 count:1 mapcount:0 mapping:ffff88809ed90280 index:0x0 compound_mapcount: 0
[   30.018776] flags: 0xfff00000008100(slab|head)
[   30.023344] raw: 00fff00000008100 ffff88809ed90280 0000000000000000 0000000100000001
[   30.031200] raw: ffffea00027b63a0 ffff88813fe64a48 ffff88813fe74dc0 0000000000000000
[   30.039058] page dumped because: kasan: bad access detected
[   30.044742] 
[   30.046346] Memory state around the buggy address:
[   30.051251]  ffff88809ed90a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   30.058590]  ffff88809ed90a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   30.065931] >ffff88809ed90b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   30.073273]                                               ^
[   30.078964]  ffff88809ed90b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   30.086308]  ffff88809ed90c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   30.093640] ==================================================================
[   30.100975] Disabling lock debugging due to kernel taint
[   30.106398] Kernel panic - not syncing: panic_on_warn set ...
[   30.106398] 
[   30.113747] CPU: 1 PID: 7979 Comm: syz-executor130 Tainted: G    B           4.14.278-syzkaller #0
[   30.122818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   30.132239] Call Trace:
[   30.134807]  dump_stack+0x1b2/0x281
[   30.138413]  panic+0x1f9/0x42d
[   30.141584]  ? add_taint.cold+0x16/0x16
[   30.145534]  ? lock_downgrade+0x740/0x740
[   30.149665]  kasan_end_report+0x43/0x49
[   30.153622]  kasan_report_error.cold+0xa7/0x191
[   30.158262]  ? radix_tree_next_chunk+0x89f/0x8c0
[   30.162997]  __asan_report_load8_noabort+0x68/0x70
[   30.167902]  ? radix_tree_next_chunk+0x89f/0x8c0
[   30.172633]  radix_tree_next_chunk+0x89f/0x8c0
[   30.177192]  ida_remove+0x9b/0x210
[   30.180706]  ? ida_destroy+0x1b0/0x1b0
[   30.184566]  ? lock_acquire+0x170/0x3f0
[   30.188517]  ida_simple_remove+0x31/0x50
[   30.192556]  ipvlan_link_new+0x50c/0xfa0
[   30.196595]  rtnl_newlink+0xf7c/0x1830
[   30.200455]  ? __lock_acquire+0x5fc/0x3f20
[   30.204666]  ? ipvlan_port_destroy+0x3f0/0x3f0
[   30.209223]  ? kasan_slab_free+0xc3/0x1a0
[   30.213349]  ? rtnl_dellink+0x6a0/0x6a0
[   30.217296]  ? trace_hardirqs_on+0x10/0x10
[   30.221511]  ? __dev_queue_xmit+0x1d7f/0x2480
[   30.225979]  ? netlink_deliver_tap+0x61b/0x860
[   30.230531]  ? netlink_unicast+0x485/0x610
[   30.234740]  ? sock_sendmsg+0x40/0x100
[   30.238602]  ? ___sys_sendmsg+0x6c8/0x800
[   30.242722]  ? __sys_sendmsg+0xa3/0x120
[   30.246679]  ? lock_acquire+0x170/0x3f0
[   30.250627]  ? lock_downgrade+0x740/0x740
[   30.254751]  ? rtnl_dellink+0x6a0/0x6a0
[   30.258699]  rtnetlink_rcv_msg+0x3be/0xb10
[   30.262906]  ? rtnl_calcit.isra.0+0x3a0/0x3a0
[   30.267372]  ? __netlink_lookup+0x345/0x5d0
[   30.271683]  ? netdev_pick_tx+0x2e0/0x2e0
[   30.275804]  netlink_rcv_skb+0x125/0x390
[   30.279841]  ? rtnl_calcit.isra.0+0x3a0/0x3a0
[   30.284310]  ? netlink_ack+0x9a0/0x9a0
[   30.288175]  netlink_unicast+0x437/0x610
[   30.292209]  ? netlink_sendskb+0xd0/0xd0
[   30.296248]  ? __check_object_size+0x179/0x230
[   30.300802]  netlink_sendmsg+0x648/0xbc0
[   30.304841]  ? nlmsg_notify+0x1b0/0x1b0
[   30.308788]  ? kernel_recvmsg+0x210/0x210
[   30.312920]  ? security_socket_sendmsg+0x83/0xb0
[   30.317646]  ? nlmsg_notify+0x1b0/0x1b0
[   30.321594]  sock_sendmsg+0xb5/0x100
[   30.325282]  ___sys_sendmsg+0x6c8/0x800
[   30.329231]  ? copy_msghdr_from_user+0x3b0/0x3b0
[   30.333959]  ? trace_hardirqs_on+0x10/0x10
[   30.338167]  ? lock_acquire+0x170/0x3f0
[   30.342112]  ? lock_downgrade+0x740/0x740
[   30.346233]  ? __might_fault+0x104/0x1b0
[   30.350268]  ? lock_acquire+0x170/0x3f0
[   30.354214]  ? lock_downgrade+0x740/0x740
[   30.358340]  ? __might_fault+0x177/0x1b0
[   30.362378]  ? _copy_to_user+0x82/0xd0
[   30.366239]  ? move_addr_to_user+0x13f/0x180
[   30.370620]  ? __fdget+0x167/0x1f0
[   30.374143]  ? sockfd_lookup_light+0xb2/0x160
[   30.378612]  __sys_sendmsg+0xa3/0x120
[   30.382386]  ? SyS_shutdown+0x160/0x160
[   30.386335]  ? move_addr_to_kernel+0x60/0x60
[   30.390733]  SyS_sendmsg+0x27/0x40
[   30.394244]  ? __sys_sendmsg+0x120/0x120
[   30.398280]  do_syscall_64+0x1d5/0x640
[   30.402143]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   30.407306] RIP: 0033:0x7f3f36316869
[   30.410990] RSP: 002b:00007fffbaaca258 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   30.418670] RAX: ffffffffffffffda RBX: 00007fffbaaca268 RCX: 00007f3f36316869
[   30.425914] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000004
[   30.433157] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000
[   30.440398] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffbaaca270
[   30.447639] R13: 00007fffbaaca290 R14: 0000000000000000 R15: 0000000000000000
[   30.455054] Kernel Offset: disabled
[   30.458658] Rebooting in 86400 seconds..