==================================================================
BUG: KASAN: use-after-free in read_pnet include/net/net_namespace.h:330 [inline]
BUG: KASAN: use-after-free in dev_net include/linux/netdevice.h:2283 [inline]
BUG: KASAN: use-after-free in neigh_get_first.isra.0+0x4f9/0x5a0 net/core/neighbour.c:3045
Read of size 8 at addr ffff888000777c98 by task syz-executor.5/1034
CPU: 1 PID: 1034 Comm: syz-executor.5 Not tainted 5.9.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x198/0x1fd lib/dump_stack.c:118
print_address_description.constprop.0.cold+0xae/0x497 mm/kasan/report.c:383
__kasan_report mm/kasan/report.c:513 [inline]
kasan_report.cold+0x1f/0x37 mm/kasan/report.c:530
read_pnet include/net/net_namespace.h:330 [inline]
dev_net include/linux/netdevice.h:2283 [inline]
neigh_get_first.isra.0+0x4f9/0x5a0 net/core/neighbour.c:3045
neigh_seq_next+0x1b0/0x210 net/core/neighbour.c:3235
traverse.part.0+0x19b/0x590 fs/seq_file.c:116
traverse fs/seq_file.c:97 [inline]
seq_read+0x824/0x1070 fs/seq_file.c:168
pde_read fs/proc/inode.c:306 [inline]
proc_reg_read+0x221/0x300 fs/proc/inode.c:318
do_loop_readv_writev fs/read_write.c:734 [inline]
do_loop_readv_writev fs/read_write.c:721 [inline]
do_iter_read+0x48e/0x6e0 fs/read_write.c:955
vfs_readv+0xe5/0x150 fs/read_write.c:1073
do_preadv fs/read_write.c:1165 [inline]
__do_sys_preadv fs/read_write.c:1215 [inline]
__se_sys_preadv fs/read_write.c:1210 [inline]
__x64_sys_preadv+0x231/0x310 fs/read_write.c:1210
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45e179
Code: 3d b2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b b2 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f3627197c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
RAX: ffffffffffffffda RBX: 0000000000025940 RCX: 000000000045e179
RDX: 000000000000010b RSI: 00000000200017c0 RDI: 0000000000000005
RBP: 000000000118cf90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000800002 R11: 0000000000000246 R12: 000000000118cf4c
R13: 000000000169fb6f R14: 00007f36271989c0 R15: 000000000118cf4c
The buggy address belongs to the page:
page:000000006a728b36 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x777
flags: 0x7ffe0000000000()
raw: 007ffe0000000000 ffffea000001ddc8 ffffea000001ddc8 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff888000777b80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ffff888000777c00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
>ffff888000777c80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
^
ffff888000777d00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ffff888000777d80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
==================================================================