[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 19.503572] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 23.764711] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 24.132435] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 24.998427] random: sshd: uninitialized urandom read (32 bytes read, 74 bits of entropy available) Warning: Permanently added '10.128.0.60' (ECDSA) to the list of known hosts. [ 30.560749] random: sshd: uninitialized urandom read (32 bytes read, 81 bits of entropy available) 2018/08/26 17:59:48 fuzzer started [ 32.013961] random: cc1: uninitialized urandom read (8 bytes read, 83 bits of entropy available) 2018/08/26 17:59:50 dialing manager at 10.128.0.26:34351 2018/08/26 17:59:52 syscalls: 1 2018/08/26 17:59:52 code coverage: enabled 2018/08/26 17:59:52 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/08/26 17:59:52 setuid sandbox: enabled 2018/08/26 17:59:52 namespace sandbox: enabled 2018/08/26 17:59:52 fault injection: CONFIG_FAULT_INJECTION is not enabled 2018/08/26 17:59:52 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/08/26 17:59:52 net packed injection: enabled 2018/08/26 17:59:52 net device setup: enabled [ 36.143257] random: nonblocking pool is initialized 18:00:41 executing program 0: 18:00:41 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) sendmmsg(r0, &(0x7f00000019c0)=[{{&(0x7f0000000dc0)=@in={0x2, 0x4e24, @remote}, 0x80, &(0x7f0000001140), 0x0, &(0x7f0000007e80)=[{0x10, 0x1}], 0x10}}], 0x1, 0x4) 18:00:41 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000001c0)="0a5cc80700315f85715070") r1 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r1, 0x208200) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, &(0x7f0000d83ff8), 0x8000fffffffe) 18:00:41 executing program 2: unshare(0x8000000) r0 = mq_open(&(0x7f000084dff0)='!selinuxselinux\x00', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000000040)={0x0, 0x1, 0x5}) mq_timedsend(r0, &(0x7f0000000040), 0x0, 0x0, &(0x7f00000000c0)={0x77359400}) mq_timedsend(r0, &(0x7f0000000080), 0x0, 0x0, &(0x7f0000000140)={0x77359400}) mq_timedreceive(r0, &(0x7f0000000100)=""/24, 0x18, 0x0, 0x0) 18:00:41 executing program 3: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) 18:00:41 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x1b, &(0x7f0000000040)={@dev}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f0000000200)={@remote={0xfe, 0x80, [], 0xffffffffffffffff}, 0x7}, 0x20) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='net/anycast6\x00') perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x856, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) readv(r2, &(0x7f0000000100)=[{&(0x7f0000000080)=""/94, 0x43}], 0x1) 18:00:41 executing program 5: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000fb6000)=""/28, 0x3f0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r0, 0xc0bc5351, &(0x7f0000000240)={0x0, 0x0, 'client0\x00', 0x0, "4156456adbeae00c", "22ea2f2c8ebd71143e81ff729b39403460264b9429ffd750366ef38c127d0885"}) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x9}}, &(0x7f0000040000)) tkill(r1, 0x1000000000014) 18:00:41 executing program 6: syz_emit_ethernet(0x1, &(0x7f0000000100)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaaaa86dd60c8bb8500200000fe8008000000000000bbfe8000000000000000000000000000bb1301000000000000c204000000000100000000ffffffff7800df9b5100e5749f83e4006146a350173562b3a216c8d5cfe5bd368506a831272aa3084e3c70e4018e25957b35c472dd96ee0063814f99c4412ea4b08bea3193e59e9b01f535966fa4a8a014897b983f153f23bc606d2055d06a11ea4a56fa97a514559b50be9d14"], &(0x7f0000000000)) [ 84.066590] IPVS: Creating netns size=2552 id=1 [ 84.146591] IPVS: Creating netns size=2552 id=2 [ 84.208009] IPVS: Creating netns size=2552 id=3 [ 84.298413] IPVS: Creating netns size=2552 id=4 [ 84.400467] IPVS: Creating netns size=2552 id=5 [ 84.567073] IPVS: Creating netns size=2552 id=6 [ 84.721356] IPVS: Creating netns size=2552 id=7 [ 84.966974] IPVS: Creating netns size=2552 id=8 [ 85.045666] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 85.150588] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 85.340633] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 85.446936] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 85.580822] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 85.593844] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 85.601352] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 85.664892] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 85.687671] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 85.699879] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 85.819060] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 85.941096] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 86.156628] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 86.171279] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 86.207643] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 86.234949] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 86.242952] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 86.340579] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 86.349585] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 86.409984] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 86.422183] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 86.432282] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 86.469193] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 86.566720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 86.577869] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 86.666945] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 86.675156] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 86.687142] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 86.700158] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 86.718538] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 86.738555] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 86.759682] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 86.776245] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 86.799586] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 86.828148] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 86.871176] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 86.880159] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 86.898598] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 86.917064] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 87.009865] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 87.051683] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 87.166415] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 87.298684] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 87.311790] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 87.346829] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 87.379729] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 87.393094] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 87.420397] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 87.502796] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 87.587431] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 87.613616] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 87.667806] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 87.714687] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 87.750621] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 87.774282] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 87.791417] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 87.828826] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 87.857175] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 87.990188] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 88.097724] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 88.250109] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 88.377295] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 88.509258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 88.583207] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 90.949521] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 91.019537] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 91.238073] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 91.295526] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 91.308127] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 91.498174] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 91.613463] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 91.801649] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 92.024741] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 92.178521] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 92.284079] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 92.335507] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 92.440441] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 92.686448] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 92.830015] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 18:00:50 executing program 0: 18:00:50 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x2a, &(0x7f0000000080), 0x4) bind$inet(r0, &(0x7f00001edff0)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) recvmmsg(r0, &(0x7f00000038c0)=[{{&(0x7f0000001a80)=@nfc_llcp, 0x80, &(0x7f00000020c0), 0x0, &(0x7f0000002180)=""/164, 0xa4}}, {{&(0x7f0000002240)=@can, 0x80, &(0x7f0000002580), 0x0, &(0x7f0000002740)=""/246, 0xf6}}], 0x2, 0x40000002, 0x0) sendto$inet(r0, &(0x7f0000c95ffd), 0x0, 0x0, &(0x7f000057bff0)={0x2, 0x4e20, @multicast1}, 0x10) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_gettime(0x0, &(0x7f0000001700)={0x0, 0x0}) recvmmsg(r0, &(0x7f0000001680)=[{{&(0x7f0000000380)=@ethernet={0x0, @remote}, 0x80, &(0x7f00000015c0), 0x0, &(0x7f0000001640)=""/1, 0x1}}], 0x1, 0x100, &(0x7f0000001740)={r2, r3+30000000}) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, &(0x7f0000000000)) tkill(r1, 0x1004000000016) [ 93.141352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 18:00:50 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc80700315f85715070") r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x200000000082002, 0x0) ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f0000000040)=0x692) write$binfmt_aout(r1, &(0x7f0000000000), 0xff8f) 18:00:51 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000000000)={&(0x7f0000de2ff4), 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000000108ffff090000000000000000000000"], 0x14}}, 0x0) 18:00:51 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x2, 0x28001) write$evdev(r0, &(0x7f0000037fe8)=[{}], 0x10) 18:00:51 executing program 1: r0 = socket$inet6_udp(0xa, 0x2, 0x0) openat$uhid(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uhid\x00', 0x0, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x26) getsockname(0xffffffffffffffff, &(0x7f00000003c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast1}}}, &(0x7f0000000300)=0xffffffffffffffd6) recvfrom$unix(0xffffffffffffffff, &(0x7f00000001c0)=""/155, 0x9b, 0x0, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @multicast2}}, 0x1c) sendmmsg(r1, &(0x7f0000005fc0), 0x80000000000006a, 0x0) socket$packet(0x11, 0x0, 0x300) ioctl$PERF_EVENT_IOC_ID(0xffffffffffffffff, 0x80082407, &(0x7f0000000080)) [ 93.548947] ================================================================== [ 93.556385] BUG: KASAN: slab-out-of-bounds in ip6_xmit+0x177c/0x1a00 [ 93.562888] Read of size 8 at addr ffff8801d1e53f18 by task syz-executor1/5731 [ 93.570231] [ 93.571859] CPU: 0 PID: 5731 Comm: syz-executor1 Not tainted 4.4.152-ge5c5f1f #89 [ 93.579472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 93.588810] 0000000000000000 e8e4edaf9fa4ba28 ffff8800b99c75c8 ffffffff81e15fed [ 93.596877] ffffea00074794c0 ffff8801d1e53f18 0000000000000000 ffff8801d1e53f18 [ 93.604933] 0000000000001000 ffff8800b99c7600 ffffffff8151b489 ffff8801d1e53f18 [ 93.613044] Call Trace: [ 93.615622] [] dump_stack+0xc1/0x124 [ 93.620995] [] print_address_description+0x6c/0x216 [ 93.627652] [] kasan_report.cold.7+0x175/0x2f7 [ 93.633875] [] ? ip6_xmit+0x177c/0x1a00 [ 93.639496] [] __asan_report_load8_noabort+0x14/0x20 [ 93.646238] [] ip6_xmit+0x177c/0x1a00 [ 93.651692] [] ? kasan_slab_free+0x72/0xc0 [ 93.657571] [] ? kfree+0xf4/0x310 [ 93.662666] [] ? pskb_expand_head+0x683/0x970 [ 93.668811] [] ? ip6_finish_output2+0x1ca0/0x1ca0 [ 93.675294] [] ? __lock_is_held+0xa2/0xf0 [ 93.681083] [] ? ipv4_dst_check+0x111/0x160 [ 93.687049] [] ? __sk_dst_check+0x114/0x270 [ 93.693061] [] inet6_csk_xmit+0x245/0x490 [ 93.698849] [] ? inet6_csk_xmit+0xff/0x490 [ 93.704742] [] ? inet6_csk_update_pmtu+0x160/0x160 [ 93.711334] [] ? udp6_set_csum+0xd3/0xa70 [ 93.717124] [] l2tp_xmit_skb+0xb9c/0xe80 [ 93.722826] [] pppol2tp_sendmsg+0x4e0/0x7d0 [ 93.728795] [] ? selinux_socket_sendmsg+0x3f/0x50 [ 93.735278] [] ? pppol2tp_release+0x310/0x310 [ 93.741417] [] sock_sendmsg+0xcc/0x110 [ 93.746954] [] ___sys_sendmsg+0x441/0x880 [ 93.752759] [] ? copy_msghdr_from_user+0x550/0x550 [ 93.759343] [] ? __fget+0x148/0x3b0 [ 93.764613] [] ? __fget+0x16f/0x3b0 [ 93.769881] [] ? __fget+0x47/0x3b0 [ 93.775063] [] ? __fget_light+0x9f/0x1f0 [ 93.780787] [] ? __fdget+0x18/0x20 [ 93.785997] [] __sys_sendmmsg+0x12e/0x2e0 [ 93.791799] [] ? SyS_sendmsg+0x50/0x50 [ 93.797332] [] ? ip6_datagram_connect+0x3a/0x50 [ 93.803660] [] ? inet_dgram_connect+0x11e/0x200 [ 93.810012] [] ? fput+0x20/0x150 [ 93.815033] [] ? SYSC_connect+0x22a/0x300 [ 93.820821] [] ? SYSC_bind+0x280/0x280 [ 93.826351] [] ? SyS_futex+0x1f8/0x300 [ 93.831883] [] ? do_futex+0x17f0/0x17f0 [ 93.837500] [] ? SyS_socket+0x121/0x1b0 [ 93.843122] [] ? move_addr_to_kernel+0x50/0x50 [ 93.849346] [] SyS_sendmmsg+0x35/0x60 [ 93.854806] [] entry_SYSCALL_64_fastpath+0x22/0x9e [ 93.861368] [ 93.863003] Allocated by task 5731: [ 93.866615] [] save_stack_trace+0x26/0x50 [ 93.872564] [] save_stack+0x43/0xd0 [ 93.877986] [] kasan_kmalloc+0xc7/0xe0 [ 93.884108] [] kasan_slab_alloc+0x12/0x20 [ 93.890026] [] kmem_cache_alloc+0xbe/0x2a0 [ 93.896028] [] dst_alloc+0xb5/0x1a0 [ 93.901423] [] rt_dst_alloc+0x78/0x430 [ 93.907096] [] __ip_route_output_key_hash+0x9ac/0x2380 [ 93.914144] [] ip_route_output_flow+0x29/0xa0 [ 93.920408] [] __ip4_datagram_connect+0x663/0xfe0 [ 93.927024] [] __ip6_datagram_connect+0x1280/0x1960 [ 93.933816] [] ip6_datagram_connect+0x2f/0x50 [ 93.940082] [] inet_dgram_connect+0x117/0x200 [ 93.946349] [] SYSC_connect+0x1b8/0x300 [ 93.952122] [] SyS_connect+0x24/0x30 [ 93.957610] [] entry_SYSCALL_64_fastpath+0x22/0x9e [ 93.964322] [ 93.965936] Freed by task 0: [ 93.968937] (stack is not available) [ 93.972633] [ 93.974262] The buggy address belongs to the object at ffff8801d1e53dc0 [ 93.974262] which belongs to the cache ip_dst_cache of size 208 [ 93.986999] The buggy address is located 136 bytes to the right of [ 93.986999] 208-byte region [ffff8801d1e53dc0, ffff8801d1e53e90) [ 93.999525] The buggy address belongs to the page: [ 94.006795] kasan: CONFIG_KASAN_INLINE enabled [ 94.011220] kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] PREEMPT SMP KASAN [ 94.024177] Dumping ftrace buffer: [ 94.027733] (ftrace buffer empty) [ 94.031440] Modules linked in: [ 94.034763] CPU: 1 PID: 122131648 Comm: ip Not tainted 4.4.152-ge5c5f1f #89 [ 94.041848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 94.051208] task: ffff8800b3bab000 task.stack: (null) [ 94.057276] RIP: 0010:[] [] neigh_flush_dev+0x166/0x6d0 [ 94.066008] RSP: 0018:ffff8801bdaf6fc0 EFLAGS: 00010a06 [ 94.071456] RAX: 1000000000000065 RBX: 8000000000000080 RCX: ffff8800b6ac7240 [ 94.078717] RDX: 0000000000000000 RSI: ffffffff82fad778 RDI: 8000000000000328 [ 94.085985] RBP: ffff8801bdaf7050 R08: ffffffff85358450 R09: 0000000000000000 [ 94.093251] R10: 0000000000000001 R11: ffff8800b3bab000 R12: ffffffff849928a0 [ 94.100520] R13: ffff8801bcec4400 R14: ffffea00074794c0 R15: dffffc0000000000 [ 94.107787] FS: 00007fa68997b700(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000 [ 94.116003] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 94.121901] CR2: 0000000000000130 CR3: 00000001d3bf9000 CR4: 00000000001606f0 [ 94.129165] Stack: [ 94.131319] 0000000000000000 ffffffff82fadd14 ffffed0016d58e48 ffff8800b6ac7248 [ 94.139421] ffffffff849928a0 ffff8800b6ac7240 0000004c811caf0d ffffffff84992b48 [ 94.147481] 0000000000000246 ffffffff84992b30 ffffffff84992b30 ffffffff849928a0 [ 94.155541] Call Trace: [ 94.158113] [ 94.160193] Code: 85 db 0f 84 76 03 00 00 e8 d8 6d 3a fe 48 83 7d d0 00 0f 84 92 00 00 00 e8 c8 6d 3a fe 48 8d bb a8 02 00 00 48 89 f8 48 c1 e8 03 <42> 80 3c 38 00 0f 85 b6 04 00 00 48 8b 45 d0 48 39 83 a8 02 00 [ 94.188569] RIP [] neigh_flush_dev+0x166/0x6d0 [ 94.194936] RSP [ 94.198575] kasan: CONFIG_KASAN_INLINE enabled [ 94.202986] kasan: GPF could be caused by NULL-ptr deref or user memory access[ 94.210460] ------------[ cut here ]------------ [ 94.215215] WARNING: CPU: 1 PID: 122131648 at kernel/sched/core.c:7946 __might_sleep+0x138/0x1a0() [ 94.224308] do not call blocking ops when !TASK_RUNNING; state=ffffea00074794c0 set at [] dump_page_badflags+0x57/0x70 [ 94.236692] Kernel panic - not syncing: panic_on_warn set ... [ 94.236692] [ 95.417598] Shutting down cpus with NMI [ 95.422280] Dumping ftrace buffer: [ 95.425803] (ftrace buffer empty) [ 95.429484] Kernel Offset: disabled [ 95.433083] Rebooting in 86400 seconds..