[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 28.773777] kauditd_printk_skb: 7 callbacks suppressed [ 28.773790] audit: type=1800 audit(1544384386.229:29): pid=5885 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 28.803233] audit: type=1800 audit(1544384386.229:30): pid=5885 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 31.820176] sshd (6025) used greatest stack depth: 15744 bytes left Warning: Permanently added '10.128.0.94' (ECDSA) to the list of known hosts. 2018/12/09 19:39:55 fuzzer started 2018/12/09 19:39:58 dialing manager at 10.128.0.26:38851 2018/12/09 19:39:58 syscalls: 1 2018/12/09 19:39:58 code coverage: enabled 2018/12/09 19:39:58 comparison tracing: enabled 2018/12/09 19:39:58 setuid sandbox: enabled 2018/12/09 19:39:58 namespace sandbox: enabled 2018/12/09 19:39:58 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/09 19:39:58 fault injection: enabled 2018/12/09 19:39:58 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/09 19:39:58 net packet injection: enabled 2018/12/09 19:39:58 net device setup: enabled 19:41:17 executing program 0: r0 = socket$inet6(0xa, 0x4000000000000002, 0x0) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg(r0, &(0x7f0000000140)={&(0x7f0000000080)=@in6={0xa, 0x4e24, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x21}}}, 0x80, 0x0}, 0x0) [ 120.049449] IPVS: ftp: loaded support on port[0] = 21 19:41:17 executing program 1: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000180)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x4, [{{0xa, 0x4e21, 0x200, @dev={0xfe, 0x80, [], 0x21}, 0x3}}, {{0xa, 0x4e22, 0x2, @mcast1, 0x3}}, {{0xa, 0x4e22}}, {{0xa, 0x0, 0x0, @loopback}}]}, 0x290) [ 120.291474] IPVS: ftp: loaded support on port[0] = 21 19:41:17 executing program 2: r0 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_ifreq(r0, 0x89f0, &(0x7f0000000040)={'ip6tnl0\x00', @ifru_flags}) [ 120.691270] IPVS: ftp: loaded support on port[0] = 21 19:41:18 executing program 3: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f00000000c0)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c001d001fc400080000bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 121.051882] IPVS: ftp: loaded support on port[0] = 21 19:41:18 executing program 4: pipe(&(0x7f0000000300)) [ 121.757083] IPVS: ftp: loaded support on port[0] = 21 [ 121.832030] bridge0: port 1(bridge_slave_0) entered blocking state [ 121.838481] bridge0: port 1(bridge_slave_0) entered disabled state [ 121.859768] device bridge_slave_0 entered promiscuous mode [ 122.045077] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.059433] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.092686] device bridge_slave_1 entered promiscuous mode 19:41:19 executing program 5: r0 = socket$inet6(0xa, 0x802, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2, 0x3}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote}, 0x1c) [ 122.256431] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 122.317606] bridge0: port 1(bridge_slave_0) entered blocking state [ 122.340624] bridge0: port 1(bridge_slave_0) entered disabled state [ 122.349008] device bridge_slave_0 entered promiscuous mode [ 122.383411] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 122.470930] IPVS: ftp: loaded support on port[0] = 21 [ 122.516282] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.526961] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.534842] device bridge_slave_1 entered promiscuous mode [ 122.655097] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 122.738541] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 122.779232] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 122.825246] bridge0: port 1(bridge_slave_0) entered blocking state [ 122.841063] bridge0: port 1(bridge_slave_0) entered disabled state [ 122.848435] device bridge_slave_0 entered promiscuous mode [ 122.907535] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 123.005459] bridge0: port 2(bridge_slave_1) entered blocking state [ 123.020726] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.028019] device bridge_slave_1 entered promiscuous mode [ 123.078857] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 123.212139] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 123.238030] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 123.356919] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 123.365076] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 123.379556] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 123.389510] bridge0: port 1(bridge_slave_0) entered blocking state [ 123.403751] bridge0: port 1(bridge_slave_0) entered disabled state [ 123.411671] device bridge_slave_0 entered promiscuous mode [ 123.487687] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 123.508266] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 123.544937] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 123.565973] team0: Port device team_slave_0 added [ 123.586234] bridge0: port 2(bridge_slave_1) entered blocking state [ 123.595598] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.606507] device bridge_slave_1 entered promiscuous mode [ 123.690900] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 123.720218] team0: Port device team_slave_1 added [ 123.728718] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 123.789185] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 123.817156] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 123.908445] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 123.926768] team0: Port device team_slave_0 added [ 123.933362] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 123.951714] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 123.991842] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 124.078942] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 124.111189] team0: Port device team_slave_1 added [ 124.126678] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 124.140146] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 124.151151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 124.223783] bridge0: port 1(bridge_slave_0) entered blocking state [ 124.230207] bridge0: port 1(bridge_slave_0) entered disabled state [ 124.250807] device bridge_slave_0 entered promiscuous mode [ 124.271715] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 124.287418] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 124.323352] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 124.340711] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 124.380325] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 124.392783] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 124.400823] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 124.408761] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 124.422329] bridge0: port 2(bridge_slave_1) entered blocking state [ 124.428684] bridge0: port 2(bridge_slave_1) entered disabled state [ 124.436888] device bridge_slave_1 entered promiscuous mode [ 124.532762] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 124.550034] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 124.573686] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 124.586156] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 124.611177] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 124.641751] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 124.661132] team0: Port device team_slave_0 added [ 124.668141] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 124.681216] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 124.690117] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 124.711301] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 124.744498] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 124.770604] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 124.804020] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 124.824185] team0: Port device team_slave_1 added [ 124.843657] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 124.870990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 124.889878] bridge0: port 1(bridge_slave_0) entered blocking state [ 124.922066] bridge0: port 1(bridge_slave_0) entered disabled state [ 124.929498] device bridge_slave_0 entered promiscuous mode [ 124.986331] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 125.038665] bridge0: port 2(bridge_slave_1) entered blocking state [ 125.060743] bridge0: port 2(bridge_slave_1) entered disabled state [ 125.081005] device bridge_slave_1 entered promiscuous mode [ 125.125523] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 125.152333] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 125.190688] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 125.251438] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 125.271582] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 125.291071] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 125.311189] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 125.318524] team0: Port device team_slave_0 added [ 125.326202] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 125.345978] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 125.361885] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 125.372282] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 125.380199] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 125.428566] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 125.449225] team0: Port device team_slave_1 added [ 125.521175] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 125.528034] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 125.576184] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 125.591112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 125.606800] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 125.645851] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 125.662067] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 125.671328] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 125.700720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 125.708593] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 125.797160] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 125.812074] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 125.820094] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 125.830052] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 125.932593] bridge0: port 2(bridge_slave_1) entered blocking state [ 125.939105] bridge0: port 2(bridge_slave_1) entered forwarding state [ 125.946186] bridge0: port 1(bridge_slave_0) entered blocking state [ 125.952602] bridge0: port 1(bridge_slave_0) entered forwarding state [ 125.974024] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 125.983815] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 126.009014] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 126.024910] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 126.045839] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 126.110843] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 126.118297] team0: Port device team_slave_0 added [ 126.252008] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 126.271048] team0: Port device team_slave_1 added [ 126.280525] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 126.294364] bridge0: port 2(bridge_slave_1) entered blocking state [ 126.300782] bridge0: port 2(bridge_slave_1) entered forwarding state [ 126.307437] bridge0: port 1(bridge_slave_0) entered blocking state [ 126.313855] bridge0: port 1(bridge_slave_0) entered forwarding state [ 126.344901] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 126.381016] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 126.387856] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 126.396236] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 126.423281] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 126.441976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 126.515879] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 126.539516] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 126.557279] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 126.651462] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 126.658679] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 126.681150] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 126.823765] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 126.841416] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 126.851373] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 126.899379] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 126.914855] team0: Port device team_slave_0 added [ 126.997212] bridge0: port 2(bridge_slave_1) entered blocking state [ 127.003664] bridge0: port 2(bridge_slave_1) entered forwarding state [ 127.010354] bridge0: port 1(bridge_slave_0) entered blocking state [ 127.016780] bridge0: port 1(bridge_slave_0) entered forwarding state [ 127.025926] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 127.065452] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 127.093577] team0: Port device team_slave_1 added [ 127.238430] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 127.290552] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 127.297763] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 127.381509] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 127.388350] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 127.406119] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 127.515283] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 127.530802] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 127.540986] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 127.579995] bridge0: port 2(bridge_slave_1) entered blocking state [ 127.586391] bridge0: port 2(bridge_slave_1) entered forwarding state [ 127.593151] bridge0: port 1(bridge_slave_0) entered blocking state [ 127.599507] bridge0: port 1(bridge_slave_0) entered forwarding state [ 127.647189] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 127.681679] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 127.688833] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 127.697349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 128.249319] bridge0: port 2(bridge_slave_1) entered blocking state [ 128.255758] bridge0: port 2(bridge_slave_1) entered forwarding state [ 128.262477] bridge0: port 1(bridge_slave_0) entered blocking state [ 128.268883] bridge0: port 1(bridge_slave_0) entered forwarding state [ 128.293971] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 128.301004] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 128.311305] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 129.133223] bridge0: port 2(bridge_slave_1) entered blocking state [ 129.139670] bridge0: port 2(bridge_slave_1) entered forwarding state [ 129.146453] bridge0: port 1(bridge_slave_0) entered blocking state [ 129.152874] bridge0: port 1(bridge_slave_0) entered forwarding state [ 129.181599] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 129.319637] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 129.949224] ================================================================== [ 129.956760] BUG: KASAN: use-after-free in __list_add_valid+0x8f/0xac [ 129.963261] Read of size 8 at addr ffff8881d36d9930 by task kworker/1:1/22 [ 129.970271] [ 129.971910] CPU: 1 PID: 22 Comm: kworker/1:1 Not tainted 4.20.0-rc4+ #335 [ 129.978830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 129.988722] Workqueue: ipv6_addrconf addrconf_dad_work [ 129.993992] Call Trace: [ 129.996598] dump_stack+0x244/0x39d [ 130.000252] ? dump_stack_print_info.cold.1+0x20/0x20 [ 130.005445] ? printk+0xa7/0xcf [ 130.008731] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 130.013497] print_address_description.cold.7+0x9/0x1ff [ 130.018869] kasan_report.cold.8+0x242/0x309 [ 130.023282] ? __list_add_valid+0x8f/0xac [ 130.027440] __asan_report_load8_noabort+0x14/0x20 [ 130.032373] __list_add_valid+0x8f/0xac [ 130.036352] ___neigh_create+0x14b7/0x2600 [ 130.040591] ? print_usage_bug+0xc0/0xc0 [ 130.044681] ? rtnl_notify+0xce/0xf0 [ 130.048397] ? print_usage_bug+0xc0/0xc0 [ 130.052467] ? neigh_remove_one+0x5a0/0x5a0 [ 130.056797] ? __lock_acquire+0x62f/0x4c20 [ 130.061063] ? mark_held_locks+0x130/0x130 [ 130.065302] ? __lock_acquire+0x62f/0x4c20 [ 130.069535] ? ip_vs_in+0x2a8/0x29e0 [ 130.073255] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 130.078791] ? ip_vs_out+0x2a0/0x1d70 [ 130.082605] ? lock_acquire+0x1ed/0x520 [ 130.086592] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 130.092149] ? check_preemption_disabled+0x48/0x280 [ 130.097189] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 130.102733] ? rcu_pm_notify+0xc0/0xc0 [ 130.106649] ? zap_class+0x640/0x640 [ 130.110369] __neigh_create+0x30/0x40 [ 130.114218] ip6_finish_output2+0xa59/0x27a0 [ 130.118669] ? ip6_forward_finish+0x560/0x560 [ 130.123168] ? ip6_mtu+0x39c/0x520 [ 130.126708] ? lock_downgrade+0x900/0x900 [ 130.130889] ? check_preemption_disabled+0x48/0x280 [ 130.135926] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 130.140857] ? kasan_check_read+0x11/0x20 [ 130.145003] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 130.150307] ? rcu_softirq_qs+0x20/0x20 [ 130.154294] ? ip6_mtu+0x160/0x520 [ 130.157833] ? find_match+0x10a0/0x10a0 [ 130.161809] ? kasan_check_read+0x11/0x20 [ 130.165960] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 130.171242] ip6_finish_output+0x58c/0xc60 [ 130.175473] ? ip6_finish_output+0x58c/0xc60 [ 130.179888] ip6_output+0x232/0x9d0 [ 130.183517] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 130.189060] ? ip6_finish_output+0xc60/0xc60 [ 130.193476] ? ip6_fragment+0x38b0/0x38b0 [ 130.197635] ? __lock_is_held+0xb5/0x140 [ 130.201724] ndisc_send_skb+0x1005/0x1560 [ 130.205889] ? nf_hook.constprop.33+0x860/0x860 [ 130.210569] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 130.216114] ? refcount_sub_and_test_checked+0x203/0x310 [ 130.221582] ? refcount_inc_not_zero_checked+0x2f0/0x2f0 [ 130.227057] ? memset+0x31/0x40 [ 130.230352] ndisc_send_rs+0x134/0x6e0 [ 130.234253] addrconf_dad_completed+0x331/0xbf0 [ 130.238930] ? _raw_read_unlock_bh+0x30/0x40 [ 130.243353] ? addrconf_verify_work+0x20/0x20 [ 130.247857] ? addrconf_dad_work+0x866/0x1310 [ 130.252371] addrconf_dad_work+0x876/0x1310 [ 130.256697] ? addrconf_dad_work+0x876/0x1310 [ 130.261203] ? addrconf_ifdown+0x1650/0x1650 [ 130.265628] ? __lock_is_held+0xb5/0x140 [ 130.269724] process_one_work+0xc90/0x1c40 [ 130.273971] ? mark_held_locks+0x130/0x130 [ 130.278224] ? pwq_dec_nr_in_flight+0x4a0/0x4a0 [ 130.282900] ? __switch_to_asm+0x40/0x70 [ 130.286967] ? __switch_to_asm+0x34/0x70 [ 130.291037] ? __switch_to_asm+0x40/0x70 [ 130.295104] ? __switch_to_asm+0x34/0x70 [ 130.299173] ? __switch_to_asm+0x40/0x70 [ 130.303237] ? __switch_to_asm+0x34/0x70 [ 130.307314] ? __switch_to_asm+0x40/0x70 [ 130.311374] ? __switch_to_asm+0x34/0x70 [ 130.315466] ? __switch_to_asm+0x40/0x70 [ 130.319567] ? __schedule+0x8d7/0x21d0 [ 130.323512] ? lock_downgrade+0x900/0x900 [ 130.327679] ? zap_class+0x640/0x640 [ 130.331398] ? find_held_lock+0x36/0x1c0 [ 130.335474] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 130.340076] ? lock_acquire+0x1ed/0x520 [ 130.344072] ? worker_thread+0x3e0/0x1390 [ 130.348252] ? kasan_check_read+0x11/0x20 [ 130.352416] ? do_raw_spin_lock+0x14f/0x350 [ 130.356738] ? kasan_check_read+0x11/0x20 [ 130.360890] ? rwlock_bug.part.2+0x90/0x90 [ 130.365135] ? trace_hardirqs_on+0x310/0x310 [ 130.369576] worker_thread+0x17f/0x1390 [ 130.373559] ? __switch_to_asm+0x34/0x70 [ 130.377641] ? process_one_work+0x1c40/0x1c40 [ 130.382157] ? zap_class+0x640/0x640 [ 130.385874] ? find_held_lock+0x36/0x1c0 [ 130.389963] ? __kthread_parkme+0xce/0x1a0 [ 130.394208] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 130.399357] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 130.404525] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 130.409135] ? trace_hardirqs_on+0xbd/0x310 [ 130.413460] ? kasan_check_read+0x11/0x20 [ 130.417613] ? __kthread_parkme+0xce/0x1a0 [ 130.421866] ? trace_hardirqs_off_caller+0x310/0x310 [ 130.426979] ? trace_hardirqs_off_caller+0x310/0x310 [ 130.432101] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 130.437215] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 130.442759] ? __kthread_parkme+0xfb/0x1a0 [ 130.447045] ? process_one_work+0x1c40/0x1c40 [ 130.451570] kthread+0x35a/0x440 [ 130.454953] ? kthread_stop+0x900/0x900 [ 130.458955] ret_from_fork+0x3a/0x50 [ 130.462680] [ 130.464349] Allocated by task 6875: [ 130.467981] save_stack+0x43/0xd0 [ 130.471449] kasan_kmalloc+0xc7/0xe0 [ 130.475161] __kmalloc+0x15b/0x760 [ 130.478722] ___neigh_create+0x13fc/0x2600 [ 130.482959] __neigh_create+0x30/0x40 [ 130.486763] ip6_finish_output2+0xa59/0x27a0 [ 130.491172] ip6_finish_output+0x58c/0xc60 [ 130.495403] ip6_output+0x232/0x9d0 [ 130.499031] ndisc_send_skb+0x1005/0x1560 [ 130.503178] ndisc_send_rs+0x134/0x6e0 [ 130.507079] addrconf_rs_timer+0x314/0x690 [ 130.511315] call_timer_fn+0x272/0x920 [ 130.515201] __run_timers+0x7e5/0xc70 [ 130.519000] run_timer_softirq+0x52/0xb0 [ 130.523078] __do_softirq+0x308/0xb7e [ 130.526871] [ 130.528491] Freed by task 6875: [ 130.531773] save_stack+0x43/0xd0 [ 130.535228] __kasan_slab_free+0x102/0x150 [ 130.539494] kasan_slab_free+0xe/0x10 [ 130.543307] kfree+0xcf/0x230 [ 130.546413] rcu_process_callbacks+0x1140/0x1ac0 [ 130.551187] __do_softirq+0x308/0xb7e [ 130.554979] [ 130.556607] The buggy address belongs to the object at ffff8881d36d96c0 [ 130.556607] which belongs to the cache kmalloc-1k of size 1024 [ 130.569328] The buggy address is located 624 bytes inside of [ 130.569328] 1024-byte region [ffff8881d36d96c0, ffff8881d36d9ac0) [ 130.581329] The buggy address belongs to the page: [ 130.586309] page:ffffea00074db600 count:1 mapcount:0 mapping:ffff8881da800ac0 index:0x0 compound_mapcount: 0 [ 130.596282] flags: 0x2fffc0000010200(slab|head) [ 130.600963] raw: 02fffc0000010200 ffffea000752d488 ffffea0007602d88 ffff8881da800ac0 [ 130.608852] raw: 0000000000000000 ffff8881d36d8040 0000000100000007 0000000000000000 [ 130.616738] page dumped because: kasan: bad access detected [ 130.622437] [ 130.624073] Memory state around the buggy address: [ 130.629091] ffff8881d36d9800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 130.636451] ffff8881d36d9880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 130.643807] >ffff8881d36d9900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 130.651161] ^ [ 130.656089] ffff8881d36d9980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 130.663445] ffff8881d36d9a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 130.670794] ================================================================== [ 130.678165] Disabling lock debugging due to kernel taint [ 130.683712] Kernel panic - not syncing: panic_on_warn set ... [ 130.689632] CPU: 1 PID: 22 Comm: kworker/1:1 Tainted: G B 4.20.0-rc4+ #335 [ 130.697957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 130.707335] Workqueue: ipv6_addrconf addrconf_dad_work [ 130.712602] Call Trace: [ 130.715196] dump_stack+0x244/0x39d [ 130.718831] ? dump_stack_print_info.cold.1+0x20/0x20 [ 130.724030] panic+0x2ad/0x55c [ 130.727224] ? add_taint.cold.5+0x16/0x16 [ 130.731372] ? trace_hardirqs_on+0xb4/0x310 [ 130.735694] kasan_end_report+0x47/0x4f [ 130.739668] kasan_report.cold.8+0x76/0x309 [ 130.743992] ? __list_add_valid+0x8f/0xac [ 130.748145] __asan_report_load8_noabort+0x14/0x20 [ 130.753075] __list_add_valid+0x8f/0xac [ 130.757047] ___neigh_create+0x14b7/0x2600 [ 130.761280] ? print_usage_bug+0xc0/0xc0 [ 130.765344] ? rtnl_notify+0xce/0xf0 [ 130.769055] ? print_usage_bug+0xc0/0xc0 [ 130.773121] ? neigh_remove_one+0x5a0/0x5a0 [ 130.777460] ? __lock_acquire+0x62f/0x4c20 [ 130.781703] ? mark_held_locks+0x130/0x130 [ 130.785938] ? __lock_acquire+0x62f/0x4c20 [ 130.790183] ? ip_vs_in+0x2a8/0x29e0 [ 130.793901] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 130.799434] ? ip_vs_out+0x2a0/0x1d70 [ 130.803252] ? lock_acquire+0x1ed/0x520 [ 130.807225] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 130.812788] ? check_preemption_disabled+0x48/0x280 [ 130.817812] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 130.823363] ? rcu_pm_notify+0xc0/0xc0 [ 130.827254] ? zap_class+0x640/0x640 [ 130.830971] __neigh_create+0x30/0x40 [ 130.834771] ip6_finish_output2+0xa59/0x27a0 [ 130.839184] ? ip6_forward_finish+0x560/0x560 [ 130.843685] ? ip6_mtu+0x39c/0x520 [ 130.847230] ? lock_downgrade+0x900/0x900 [ 130.851382] ? check_preemption_disabled+0x48/0x280 [ 130.856402] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 130.861337] ? kasan_check_read+0x11/0x20 [ 130.865489] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 130.870764] ? rcu_softirq_qs+0x20/0x20 [ 130.874744] ? ip6_mtu+0x160/0x520 [ 130.878280] ? find_match+0x10a0/0x10a0 [ 130.882255] ? kasan_check_read+0x11/0x20 [ 130.886402] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 130.891681] ip6_finish_output+0x58c/0xc60 [ 130.895918] ? ip6_finish_output+0x58c/0xc60 [ 130.900328] ip6_output+0x232/0x9d0 [ 130.903957] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 130.909495] ? ip6_finish_output+0xc60/0xc60 [ 130.913906] ? ip6_fragment+0x38b0/0x38b0 [ 130.918052] ? __lock_is_held+0xb5/0x140 [ 130.922118] ndisc_send_skb+0x1005/0x1560 [ 130.926287] ? nf_hook.constprop.33+0x860/0x860 [ 130.930957] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 130.936497] ? refcount_sub_and_test_checked+0x203/0x310 [ 130.941946] ? refcount_inc_not_zero_checked+0x2f0/0x2f0 [ 130.947421] ? memset+0x31/0x40 [ 130.950701] ndisc_send_rs+0x134/0x6e0 [ 130.954626] addrconf_dad_completed+0x331/0xbf0 [ 130.959297] ? _raw_read_unlock_bh+0x30/0x40 [ 130.963707] ? addrconf_verify_work+0x20/0x20 [ 130.968199] ? addrconf_dad_work+0x866/0x1310 [ 130.972697] addrconf_dad_work+0x876/0x1310 [ 130.977030] ? addrconf_dad_work+0x876/0x1310 [ 130.981538] ? addrconf_ifdown+0x1650/0x1650 [ 130.985947] ? __lock_is_held+0xb5/0x140 [ 130.990552] process_one_work+0xc90/0x1c40 [ 130.994784] ? mark_held_locks+0x130/0x130 [ 130.999036] ? pwq_dec_nr_in_flight+0x4a0/0x4a0 [ 131.003704] ? __switch_to_asm+0x40/0x70 [ 131.007760] ? __switch_to_asm+0x34/0x70 [ 131.011812] ? __switch_to_asm+0x40/0x70 [ 131.015866] ? __switch_to_asm+0x34/0x70 [ 131.019923] ? __switch_to_asm+0x40/0x70 [ 131.023995] ? __switch_to_asm+0x34/0x70 [ 131.028069] ? __switch_to_asm+0x40/0x70 [ 131.032124] ? __switch_to_asm+0x34/0x70 [ 131.036185] ? __switch_to_asm+0x40/0x70 [ 131.040246] ? __schedule+0x8d7/0x21d0 [ 131.044139] ? lock_downgrade+0x900/0x900 [ 131.048284] ? zap_class+0x640/0x640 [ 131.051996] ? find_held_lock+0x36/0x1c0 [ 131.056053] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 131.060649] ? lock_acquire+0x1ed/0x520 [ 131.064626] ? worker_thread+0x3e0/0x1390 [ 131.068782] ? kasan_check_read+0x11/0x20 [ 131.072944] ? do_raw_spin_lock+0x14f/0x350 [ 131.077264] ? kasan_check_read+0x11/0x20 [ 131.081407] ? rwlock_bug.part.2+0x90/0x90 [ 131.085642] ? trace_hardirqs_on+0x310/0x310 [ 131.090097] worker_thread+0x17f/0x1390 [ 131.094089] ? __switch_to_asm+0x34/0x70 [ 131.098158] ? process_one_work+0x1c40/0x1c40 [ 131.102669] ? zap_class+0x640/0x640 [ 131.106381] ? find_held_lock+0x36/0x1c0 [ 131.110452] ? __kthread_parkme+0xce/0x1a0 [ 131.114686] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 131.119783] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 131.124886] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 131.129477] ? trace_hardirqs_on+0xbd/0x310 [ 131.133800] ? kasan_check_read+0x11/0x20 [ 131.137945] ? __kthread_parkme+0xce/0x1a0 [ 131.142180] ? trace_hardirqs_off_caller+0x310/0x310 [ 131.147281] ? trace_hardirqs_off_caller+0x310/0x310 [ 131.152423] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 131.157527] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 131.163060] ? __kthread_parkme+0xfb/0x1a0 [ 131.167307] ? process_one_work+0x1c40/0x1c40 [ 131.171800] kthread+0x35a/0x440 [ 131.175164] ? kthread_stop+0x900/0x900 [ 131.179145] ret_from_fork+0x3a/0x50 [ 131.183833] Kernel Offset: disabled [ 131.187457] Rebooting in 86400 seconds..