syzbot

list_del corruption. prev->next should be ffff8881cc2b4ff0, but was ffff8881cd58a730
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:53!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 22 Comm: kworker/1:1 Not tainted 4.20.0-rc6+ #337
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events_power_efficient neigh_periodic_work
RIP: 0010:__list_del_entry_valid.cold.1+0x48/0x4a lib/list_debug.c:51
Code: d9 60 88 e8 f2 6e d2 fd 0f 0b 48 89 de 48 c7 c7 80 da 60 88 e8 e1 6e d2 fd 0f 0b 48 89 de 48 c7 c7 20 da 60 88 e8 d0 6e d2 fd <0f> 0b 48 89 d9 48 c7 c7 e0 da 60 88 e8 bf 6e d2 fd 0f 0b 48 89 f1
RSP: 0018:ffff8881d945f440 EFLAGS: 00010282
RAX: 0000000000000054 RBX: ffff8881cc2b4ff0 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff8165e485 RDI: 0000000000000005
cgroup: fork rejected by pids controller in /syz0
RBP: ffff8881d945f458 R08: ffff8881d94505c0 R09: ffffed103b5e5020
R10: ffffed103b5e5020 R11: ffff8881daf28107 R12: ffff8881cc720730
R13: ffffffff89fd1320 R14: ffff8881d945f560 R15: 1ffff1103b28be94
FS:  0000000000000000(0000) GS:ffff8881daf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000004c4ed8 CR3: 00000001c30f5000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 __list_del_entry include/linux/list.h:117 [inline]
 list_del_init include/linux/list.h:159 [inline]
 neigh_mark_dead+0x13b/0x410 net/core/neighbour.c:125
 neigh_periodic_work+0x89a/0xc30 net/core/neighbour.c:905
 process_one_work+0xc90/0x1c40 kernel/workqueue.c:2153
cgroup: fork rejected by pids controller in /syz2
cgroup: fork rejected by pids controller in /syz4
 worker_thread+0x17f/0x1390 kernel/workqueue.c:2296
 kthread+0x35a/0x440 kernel/kthread.c:246
cgroup: fork rejected by pids controller in /syz1
 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352
Modules linked in:
cgroup: fork rejected by pids controller in /syz5
---[ end trace ebf74c0e943e2b32 ]---
RIP: 0010:__list_del_entry_valid.cold.1+0x48/0x4a lib/list_debug.c:51
Code: d9 60 88 e8 f2 6e d2 fd 0f 0b 48 89 de 48 c7 c7 80 da 60 88 e8 e1 6e d2 fd 0f 0b 48 89 de 48 c7 c7 20 da 60 88 e8 d0 6e d2 fd <0f> 0b 48 89 d9 48 c7 c7 e0 da 60 88 e8 bf 6e d2 fd 0f 0b 48 89 f1
RSP: 0018:ffff8881d945f440 EFLAGS: 00010282
RAX: 0000000000000054 RBX: ffff8881cc2b4ff0 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff8165e485 RDI: 0000000000000005
RBP: ffff8881d945f458 R08: ffff8881d94505c0 R09: ffffed103b5e5020
R10: ffffed103b5e5020 R11: ffff8881daf28107 R12: ffff8881cc720730
R13: ffffffff89fd1320 R14: ffff8881d945f560 R15: 1ffff1103b28be94
FS:  0000000000000000(0000) GS:ffff8881daf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000004c4ed8 CR3: 000000000946a000 CR4: 00000000001406e0
cgroup: fork rejected by pids controller in /syz3
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400