[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 29.392352] kauditd_printk_skb: 7 callbacks suppressed [ 29.392364] audit: type=1800 audit(1544359213.134:29): pid=5872 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 29.425284] audit: type=1800 audit(1544359213.134:30): pid=5872 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.112' (ECDSA) to the list of known hosts. 2018/12/09 12:43:03 parsed 1 programs 2018/12/09 12:43:05 executed programs: 0 syzkaller login: [ 201.637985] IPVS: ftp: loaded support on port[0] = 21 [ 201.649785] IPVS: ftp: loaded support on port[0] = 21 [ 201.654717] IPVS: ftp: loaded support on port[0] = 21 [ 201.669857] IPVS: ftp: loaded support on port[0] = 21 [ 201.700077] IPVS: ftp: loaded support on port[0] = 21 [ 201.701975] IPVS: ftp: loaded support on port[0] = 21 [ 203.026959] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.035467] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.047080] device bridge_slave_0 entered promiscuous mode [ 203.066706] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.077191] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.085801] device bridge_slave_0 entered promiscuous mode [ 203.095549] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.103083] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.110420] device bridge_slave_0 entered promiscuous mode [ 203.119848] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.126880] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.134648] device bridge_slave_0 entered promiscuous mode [ 203.166484] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.176947] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.184992] device bridge_slave_1 entered promiscuous mode [ 203.195038] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.204019] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.211738] device bridge_slave_1 entered promiscuous mode [ 203.220361] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.232276] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.239627] device bridge_slave_1 entered promiscuous mode [ 203.249808] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.256327] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.263837] device bridge_slave_0 entered promiscuous mode [ 203.270764] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.278334] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.286112] device bridge_slave_1 entered promiscuous mode [ 203.295664] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.302152] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.309620] device bridge_slave_0 entered promiscuous mode [ 203.318269] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 203.329675] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 203.338333] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 203.349753] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.362944] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.378492] device bridge_slave_1 entered promiscuous mode [ 203.386716] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 203.396616] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.405542] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.413741] device bridge_slave_1 entered promiscuous mode [ 203.422461] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 203.433595] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 203.442597] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 203.451617] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 203.458805] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 203.482156] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 203.519636] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 203.567273] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 203.684625] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 203.719301] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 203.732479] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 203.767242] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 203.786769] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 203.808004] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 203.820768] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 203.834036] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 203.849376] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 203.861465] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 203.870813] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 203.886497] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 203.913936] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 203.924709] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 203.937749] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 203.949289] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 203.958614] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 203.976281] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 203.983469] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 203.993887] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 204.007467] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 204.018350] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 204.242769] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 204.250448] team0: Port device team_slave_0 added [ 204.260776] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 204.268906] team0: Port device team_slave_0 added [ 204.276083] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 204.289571] team0: Port device team_slave_0 added [ 204.311360] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 204.318849] team0: Port device team_slave_0 added [ 204.346328] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 204.363834] team0: Port device team_slave_1 added [ 204.369225] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 204.384298] team0: Port device team_slave_1 added [ 204.392802] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 204.400163] team0: Port device team_slave_1 added [ 204.409371] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 204.420285] team0: Port device team_slave_0 added [ 204.427549] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 204.438541] team0: Port device team_slave_0 added [ 204.444350] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 204.452931] team0: Port device team_slave_1 added [ 204.465967] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 204.488960] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 204.515156] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 204.545410] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 204.560324] team0: Port device team_slave_1 added [ 204.575151] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 204.583869] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 204.592235] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 204.603588] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 204.610938] team0: Port device team_slave_1 added [ 204.622135] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 204.638744] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 204.648885] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 204.664317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 204.677753] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 204.685902] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 204.695895] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 204.711125] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 204.720291] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 204.733076] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 204.740279] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 204.748802] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 204.771819] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 204.783963] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 204.791675] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 204.799327] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 204.807090] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 204.814959] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 204.822661] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 204.830380] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 204.842088] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 204.851064] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 204.858976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 204.873437] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 204.881168] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 204.895721] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 204.906758] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 204.920261] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 204.940670] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 204.949312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 204.958310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 204.966276] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 204.977040] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 204.994035] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 205.005968] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 205.020324] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 205.032943] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 205.040893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 205.057549] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 205.074544] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 205.085019] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 205.094165] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 205.110821] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 205.119522] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 205.139589] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 205.149771] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 205.166746] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 205.182476] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 205.191785] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 205.207600] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 205.694932] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.701509] bridge0: port 2(bridge_slave_1) entered forwarding state [ 205.708533] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.714984] bridge0: port 1(bridge_slave_0) entered forwarding state [ 205.737444] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 205.765966] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.772423] bridge0: port 2(bridge_slave_1) entered forwarding state [ 205.779122] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.785599] bridge0: port 1(bridge_slave_0) entered forwarding state [ 205.794137] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 205.817540] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.823988] bridge0: port 2(bridge_slave_1) entered forwarding state [ 205.830670] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.837110] bridge0: port 1(bridge_slave_0) entered forwarding state [ 205.848599] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 205.905268] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.911744] bridge0: port 2(bridge_slave_1) entered forwarding state [ 205.918442] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.924871] bridge0: port 1(bridge_slave_0) entered forwarding state [ 205.934856] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 206.016319] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.022807] bridge0: port 2(bridge_slave_1) entered forwarding state [ 206.029483] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.035923] bridge0: port 1(bridge_slave_0) entered forwarding state [ 206.055132] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 206.134165] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.140587] bridge0: port 2(bridge_slave_1) entered forwarding state [ 206.147329] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.153762] bridge0: port 1(bridge_slave_0) entered forwarding state [ 206.162500] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 206.712082] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 206.719889] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 206.753979] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 206.761720] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 206.768820] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 206.776328] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 208.575779] 8021q: adding VLAN 0 to HW filter on device bond0 [ 208.690229] 8021q: adding VLAN 0 to HW filter on device bond0 [ 208.705169] 8021q: adding VLAN 0 to HW filter on device bond0 [ 208.771375] 8021q: adding VLAN 0 to HW filter on device bond0 [ 208.845818] 8021q: adding VLAN 0 to HW filter on device bond0 [ 208.877334] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 208.954208] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 208.978059] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 209.055587] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 209.127009] 8021q: adding VLAN 0 to HW filter on device bond0 [ 209.137846] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 209.216464] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 209.232838] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 209.239948] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 209.257638] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 209.269291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 209.285670] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 209.306831] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 209.324161] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 209.336335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 209.360295] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 209.376930] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 209.398240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 209.458551] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 209.472747] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 209.479911] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 209.497235] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 209.558059] 8021q: adding VLAN 0 to HW filter on device team0 [ 209.573939] 8021q: adding VLAN 0 to HW filter on device team0 [ 209.596494] 8021q: adding VLAN 0 to HW filter on device team0 [ 209.637432] 8021q: adding VLAN 0 to HW filter on device team0 [ 209.739022] 8021q: adding VLAN 0 to HW filter on device team0 [ 209.814402] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 209.820609] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 209.828465] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 210.044261] 8021q: adding VLAN 0 to HW filter on device team0 [ 210.707718] ================================================================== [ 210.715377] BUG: KASAN: use-after-free in __list_del_entry_valid+0xf1/0x100 [ 210.722481] Read of size 8 at addr ffff8881bf09fdb0 by task ip/7471 [ 210.728920] [ 210.730553] CPU: 0 PID: 7471 Comm: ip Not tainted 4.20.0-rc4+ #335 [ 210.736863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 210.746241] Call Trace: [ 210.748849] dump_stack+0x244/0x39d [ 210.752496] ? dump_stack_print_info.cold.1+0x20/0x20 [ 210.757685] ? printk+0xa7/0xcf [ 210.760964] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 210.765733] print_address_description.cold.7+0x9/0x1ff [ 210.771095] kasan_report.cold.8+0x242/0x309 [ 210.775523] ? __list_del_entry_valid+0xf1/0x100 [ 210.780289] __asan_report_load8_noabort+0x14/0x20 [ 210.785227] __list_del_entry_valid+0xf1/0x100 [ 210.789818] neigh_mark_dead+0x13b/0x410 [ 210.793879] ? zap_class+0x640/0x640 [ 210.797601] ? neigh_change_state+0x680/0x680 [ 210.802169] ? kasan_check_read+0x11/0x20 [ 210.806380] ? do_raw_write_lock+0x14f/0x310 [ 210.810794] ? do_raw_read_unlock+0x70/0x70 [ 210.815132] ? __lock_is_held+0xb5/0x140 [ 210.819214] neigh_flush_dev+0x3a1/0x960 [ 210.823280] ? neigh_changeaddr+0x24/0x40 [ 210.827437] ? __neigh_for_each_release+0x4f0/0x4f0 [ 210.832453] ? do_raw_read_unlock+0x70/0x70 [ 210.836791] ? net_to_rxe+0xe1/0x110 [ 210.840537] neigh_changeaddr+0x31/0x40 [ 210.844550] ndisc_netdev_event+0xe6/0x5b0 [ 210.848792] ? ndisc_send_unsol_na+0x500/0x500 [ 210.853386] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 210.858919] ? netconsole_netdev_event+0x7d/0x280 [ 210.863779] notifier_call_chain+0x17e/0x380 [ 210.868215] ? unregister_die_notifier+0x20/0x20 [ 210.872980] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 210.878531] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 210.884068] ? rtnl_is_locked+0xb5/0xf0 [ 210.888041] ? rtnl_trylock+0x20/0x20 [ 210.891853] raw_notifier_call_chain+0x2d/0x40 [ 210.896562] call_netdevice_notifiers_info+0x3f/0x90 [ 210.901664] dev_set_mac_address+0x293/0x3b0 [ 210.906080] ? netdev_state_change+0x1a0/0x1a0 [ 210.910677] ? lru_cache_add+0xa50/0xa50 [ 210.914746] do_setlink+0x7c7/0x3f30 [ 210.918491] ? print_usage_bug+0xc0/0xc0 [ 210.922576] ? validate_linkmsg+0xa50/0xa50 [ 210.926909] ? wp_page_copy+0x187b/0x24f0 [ 210.931073] ? mark_held_locks+0x130/0x130 [ 210.935321] ? mark_held_locks+0x130/0x130 [ 210.939581] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 210.944805] ? validate_nla+0x29a/0x1650 [ 210.948877] ? nla_memcmp+0x90/0x90 [ 210.952504] ? mark_held_locks+0x130/0x130 [ 210.956736] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 210.962289] ? rtnl_is_locked+0xb5/0xf0 [ 210.966260] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 210.971274] ? validate_linkmsg+0x271/0xa50 [ 210.975664] ? rtnl_stats_dump+0xd70/0xd70 [ 210.979897] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 210.985484] ? netdev_master_upper_dev_get+0x173/0x250 [ 210.990789] ? __nla_parse+0x12c/0x3e0 [ 210.994684] ? netdev_has_any_upper_dev+0x170/0x170 [ 210.999710] __rtnl_newlink+0xcde/0x19e0 [ 211.003783] ? rtnl_link_unregister+0x390/0x390 [ 211.008452] ? rcu_softirq_qs+0x20/0x20 [ 211.012427] ? rcu_softirq_qs+0x20/0x20 [ 211.016402] ? unwind_dump+0x190/0x190 [ 211.020295] ? is_bpf_text_address+0xd3/0x170 [ 211.024804] ? kernel_text_address+0x79/0xf0 [ 211.029244] ? __kernel_text_address+0xd/0x40 [ 211.033750] ? unwind_get_return_address+0x61/0xa0 [ 211.038713] ? __save_stack_trace+0x8d/0xf0 [ 211.043062] ? save_stack+0xa9/0xd0 [ 211.046702] ? save_stack+0x43/0xd0 [ 211.050326] ? kasan_kmalloc+0xc7/0xe0 [ 211.054231] ? kmem_cache_alloc_trace+0x152/0x750 [ 211.059069] ? rtnl_newlink+0x4d/0xa0 [ 211.062886] ? rtnetlink_rcv_msg+0x46a/0xc20 [ 211.067312] ? netlink_rcv_skb+0x172/0x440 [ 211.071541] ? rtnetlink_rcv+0x1c/0x20 [ 211.075436] ? netlink_unicast+0x5a5/0x760 [ 211.079680] ? netlink_sendmsg+0xa18/0xfc0 [ 211.083952] ? rtnl_newlink+0x4d/0xa0 [ 211.087751] ? rcu_read_lock_sched_held+0x14f/0x180 [ 211.092783] ? kmem_cache_alloc_trace+0x353/0x750 [ 211.097622] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 211.102908] ? ns_capable_common+0x13f/0x170 [ 211.107311] ? rcu_softirq_qs+0x20/0x20 [ 211.111285] rtnl_newlink+0x6b/0xa0 [ 211.114925] ? __rtnl_newlink+0x19e0/0x19e0 [ 211.119249] rtnetlink_rcv_msg+0x46a/0xc20 [ 211.123490] ? rtnl_fdb_dump+0xd00/0xd00 [ 211.127564] netlink_rcv_skb+0x172/0x440 [ 211.131642] ? rtnl_fdb_dump+0xd00/0xd00 [ 211.135718] ? netlink_ack+0xb80/0xb80 [ 211.139626] rtnetlink_rcv+0x1c/0x20 [ 211.143359] netlink_unicast+0x5a5/0x760 [ 211.147447] ? netlink_attachskb+0x9a0/0x9a0 [ 211.151868] ? aa_sk_perm+0x22b/0x8e0 [ 211.155666] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 211.160709] netlink_sendmsg+0xa18/0xfc0 [ 211.164790] ? netlink_unicast+0x760/0x760 [ 211.169025] ? aa_sock_msg_perm.isra.14+0xba/0x160 [ 211.173954] ? apparmor_socket_sendmsg+0x29/0x30 [ 211.178717] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 211.184263] ? security_socket_sendmsg+0x94/0xc0 [ 211.189029] ? netlink_unicast+0x760/0x760 [ 211.193293] sock_sendmsg+0xd5/0x120 [ 211.197022] ___sys_sendmsg+0x7fd/0x930 [ 211.201021] ? copy_msghdr_from_user+0x580/0x580 [ 211.205786] ? zap_class+0x640/0x640 [ 211.209502] ? zap_class+0x640/0x640 [ 211.213233] ? zap_class+0x640/0x640 [ 211.216953] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 211.222508] ? __fget_light+0x2e9/0x430 [ 211.226493] ? fget_raw+0x20/0x20 [ 211.229951] ? __do_page_fault+0x620/0xe60 [ 211.234206] ? lock_downgrade+0x900/0x900 [ 211.238363] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 211.243322] ? kasan_check_read+0x11/0x20 [ 211.247502] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 211.253050] ? sockfd_lookup_light+0xc5/0x160 [ 211.257549] __sys_sendmsg+0x11d/0x280 [ 211.261435] ? __ia32_sys_shutdown+0x80/0x80 [ 211.265848] ? up_read_non_owner+0x100/0x100 [ 211.270263] ? do_syscall_64+0x9a/0x820 [ 211.274236] ? do_syscall_64+0x9a/0x820 [ 211.278243] ? trace_hardirqs_off_caller+0x310/0x310 [ 211.283348] __x64_sys_sendmsg+0x78/0xb0 [ 211.287423] do_syscall_64+0x1b9/0x820 [ 211.291326] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 211.296705] ? syscall_return_slowpath+0x5e0/0x5e0 [ 211.301633] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 211.306501] ? trace_hardirqs_on_caller+0x310/0x310 [ 211.311520] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 211.316546] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 211.322100] ? prepare_exit_to_usermode+0x291/0x3b0 [ 211.327136] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 211.331989] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 211.337213] RIP: 0033:0x7f1f3e6bb320 [ 211.340947] Code: 02 48 83 c8 ff eb 8d 48 8b 05 14 7b 2a 00 f7 da 64 89 10 48 83 c8 ff eb c9 90 83 3d d5 d2 2a 00 00 75 10 b8 2e 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e ba 00 00 48 89 04 24 [ 211.359845] RSP: 002b:00007ffdc7b16eb8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 211.367579] RAX: ffffffffffffffda RBX: 00007ffdc7b1afb0 RCX: 00007f1f3e6bb320 [ 211.374873] RDX: 0000000000000000 RSI: 00007ffdc7b16ef0 RDI: 0000000000000003 [ 211.382164] RBP: 00007ffdc7b16ef0 R08: 0000000000000000 R09: 0000000000000000 [ 211.389558] R10: 0000000000000000 R11: 0000000000000246 R12: 000000005c0d0de4 [ 211.396845] R13: 0000000000000000 R14: 00000000006395c0 R15: 00007ffdc7b1b790 [ 211.404126] [ 211.405745] Allocated by task 6377: [ 211.409403] save_stack+0x43/0xd0 [ 211.412856] kasan_kmalloc+0xc7/0xe0 [ 211.416560] __kmalloc+0x15b/0x760 [ 211.420092] ___neigh_create+0x13fc/0x2600 [ 211.424331] __neigh_create+0x30/0x40 [ 211.428157] ip6_finish_output2+0xa59/0x27a0 [ 211.432593] ip6_finish_output+0x58c/0xc60 [ 211.436819] ip6_output+0x232/0x9d0 [ 211.440443] mld_sendpack+0xad5/0xfa0 [ 211.444240] mld_ifc_timer_expire+0x447/0x8a0 [ 211.448743] call_timer_fn+0x272/0x920 [ 211.452627] __run_timers+0x7e5/0xc70 [ 211.456450] run_timer_softirq+0x52/0xb0 [ 211.460531] __do_softirq+0x308/0xb7e [ 211.464320] [ 211.465949] Freed by task 7429: [ 211.469241] save_stack+0x43/0xd0 [ 211.472692] __kasan_slab_free+0x102/0x150 [ 211.476920] kasan_slab_free+0xe/0x10 [ 211.480714] kfree+0xcf/0x230 [ 211.483823] rcu_process_callbacks+0x1140/0x1ac0 [ 211.488579] __do_softirq+0x308/0xb7e [ 211.492364] [ 211.493983] The buggy address belongs to the object at ffff8881bf09fb40 [ 211.493983] which belongs to the cache kmalloc-1k of size 1024 [ 211.506637] The buggy address is located 624 bytes inside of [ 211.506637] 1024-byte region [ffff8881bf09fb40, ffff8881bf09ff40) [ 211.518597] The buggy address belongs to the page: [ 211.524032] page:ffffea0006fc2780 count:1 mapcount:0 mapping:ffff8881da800ac0 index:0x0 compound_mapcount: 0 [ 211.534170] flags: 0x2fffc0000010200(slab|head) [ 211.538871] raw: 02fffc0000010200 ffffea0006fd5008 ffffea0006fc2e08 ffff8881da800ac0 [ 211.546752] raw: 0000000000000000 ffff8881bf09e040 0000000100000007 0000000000000000 [ 211.554630] page dumped because: kasan: bad access detected [ 211.560331] [ 211.561950] Memory state around the buggy address: [ 211.566878] ffff8881bf09fc80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 211.574236] ffff8881bf09fd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 211.581589] >ffff8881bf09fd80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 211.588936] ^ [ 211.593872] ffff8881bf09fe00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 211.601238] ffff8881bf09fe80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 211.608586] ================================================================== [ 211.615951] Disabling lock debugging due to kernel taint [ 211.621473] Kernel panic - not syncing: panic_on_warn set ... [ 211.627383] CPU: 0 PID: 7471 Comm: ip Tainted: G B 4.20.0-rc4+ #335 [ 211.635081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 211.644425] Call Trace: [ 211.647038] dump_stack+0x244/0x39d [ 211.650877] ? dump_stack_print_info.cold.1+0x20/0x20 [ 211.656071] panic+0x2ad/0x55c [ 211.659260] ? add_taint.cold.5+0x16/0x16 [ 211.663458] ? trace_hardirqs_on+0xb4/0x310 [ 211.667781] kasan_end_report+0x47/0x4f [ 211.671759] kasan_report.cold.8+0x76/0x309 [ 211.676104] ? __list_del_entry_valid+0xf1/0x100 [ 211.680853] __asan_report_load8_noabort+0x14/0x20 [ 211.685792] __list_del_entry_valid+0xf1/0x100 [ 211.690387] neigh_mark_dead+0x13b/0x410 [ 211.694465] ? zap_class+0x640/0x640 [ 211.698203] ? neigh_change_state+0x680/0x680 [ 211.702701] ? kasan_check_read+0x11/0x20 [ 211.706843] ? do_raw_write_lock+0x14f/0x310 [ 211.711250] ? do_raw_read_unlock+0x70/0x70 [ 211.715564] ? __lock_is_held+0xb5/0x140 [ 211.719643] neigh_flush_dev+0x3a1/0x960 [ 211.723712] ? neigh_changeaddr+0x24/0x40 [ 211.727873] ? __neigh_for_each_release+0x4f0/0x4f0 [ 211.732899] ? do_raw_read_unlock+0x70/0x70 [ 211.737233] ? net_to_rxe+0xe1/0x110 [ 211.740942] neigh_changeaddr+0x31/0x40 [ 211.744914] ndisc_netdev_event+0xe6/0x5b0 [ 211.749147] ? ndisc_send_unsol_na+0x500/0x500 [ 211.753756] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 211.759294] ? netconsole_netdev_event+0x7d/0x280 [ 211.764142] notifier_call_chain+0x17e/0x380 [ 211.768566] ? unregister_die_notifier+0x20/0x20 [ 211.773316] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 211.778860] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 211.784391] ? rtnl_is_locked+0xb5/0xf0 [ 211.788377] ? rtnl_trylock+0x20/0x20 [ 211.792183] raw_notifier_call_chain+0x2d/0x40 [ 211.796779] call_netdevice_notifiers_info+0x3f/0x90 [ 211.801904] dev_set_mac_address+0x293/0x3b0 [ 211.806389] ? netdev_state_change+0x1a0/0x1a0 [ 211.810970] ? lru_cache_add+0xa50/0xa50 [ 211.815030] do_setlink+0x7c7/0x3f30 [ 211.818739] ? print_usage_bug+0xc0/0xc0 [ 211.822801] ? validate_linkmsg+0xa50/0xa50 [ 211.827126] ? wp_page_copy+0x187b/0x24f0 [ 211.831273] ? mark_held_locks+0x130/0x130 [ 211.835514] ? mark_held_locks+0x130/0x130 [ 211.839750] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 211.844937] ? validate_nla+0x29a/0x1650 [ 211.848996] ? nla_memcmp+0x90/0x90 [ 211.852623] ? mark_held_locks+0x130/0x130 [ 211.856851] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 211.862398] ? rtnl_is_locked+0xb5/0xf0 [ 211.866386] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 211.871415] ? validate_linkmsg+0x271/0xa50 [ 211.875742] ? rtnl_stats_dump+0xd70/0xd70 [ 211.879977] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 211.885508] ? netdev_master_upper_dev_get+0x173/0x250 [ 211.890793] ? __nla_parse+0x12c/0x3e0 [ 211.894695] ? netdev_has_any_upper_dev+0x170/0x170 [ 211.899725] __rtnl_newlink+0xcde/0x19e0 [ 211.903799] ? rtnl_link_unregister+0x390/0x390 [ 211.908490] ? rcu_softirq_qs+0x20/0x20 [ 211.912473] ? rcu_softirq_qs+0x20/0x20 [ 211.916438] ? unwind_dump+0x190/0x190 [ 211.920324] ? is_bpf_text_address+0xd3/0x170 [ 211.924815] ? kernel_text_address+0x79/0xf0 [ 211.929229] ? __kernel_text_address+0xd/0x40 [ 211.933720] ? unwind_get_return_address+0x61/0xa0 [ 211.938647] ? __save_stack_trace+0x8d/0xf0 [ 211.942972] ? save_stack+0xa9/0xd0 [ 211.946630] ? save_stack+0x43/0xd0 [ 211.950263] ? kasan_kmalloc+0xc7/0xe0 [ 211.954145] ? kmem_cache_alloc_trace+0x152/0x750 [ 211.959025] ? rtnl_newlink+0x4d/0xa0 [ 211.962849] ? rtnetlink_rcv_msg+0x46a/0xc20 [ 211.967303] ? netlink_rcv_skb+0x172/0x440 [ 211.971545] ? rtnetlink_rcv+0x1c/0x20 [ 211.975427] ? netlink_unicast+0x5a5/0x760 [ 211.979666] ? netlink_sendmsg+0xa18/0xfc0 [ 211.983994] ? rtnl_newlink+0x4d/0xa0 [ 211.987793] ? rcu_read_lock_sched_held+0x14f/0x180 [ 211.992802] ? kmem_cache_alloc_trace+0x353/0x750 [ 211.997649] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 212.002927] ? ns_capable_common+0x13f/0x170 [ 212.007330] ? rcu_softirq_qs+0x20/0x20 [ 212.011329] rtnl_newlink+0x6b/0xa0 [ 212.014965] ? __rtnl_newlink+0x19e0/0x19e0 [ 212.019283] rtnetlink_rcv_msg+0x46a/0xc20 [ 212.023522] ? rtnl_fdb_dump+0xd00/0xd00 [ 212.027591] netlink_rcv_skb+0x172/0x440 [ 212.031664] ? rtnl_fdb_dump+0xd00/0xd00 [ 212.035719] ? netlink_ack+0xb80/0xb80 [ 212.039609] rtnetlink_rcv+0x1c/0x20 [ 212.043324] netlink_unicast+0x5a5/0x760 [ 212.047407] ? netlink_attachskb+0x9a0/0x9a0 [ 212.051853] ? aa_sk_perm+0x22b/0x8e0 [ 212.055647] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 212.060671] netlink_sendmsg+0xa18/0xfc0 [ 212.064730] ? netlink_unicast+0x760/0x760 [ 212.068978] ? aa_sock_msg_perm.isra.14+0xba/0x160 [ 212.073903] ? apparmor_socket_sendmsg+0x29/0x30 [ 212.078653] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 212.084215] ? security_socket_sendmsg+0x94/0xc0 [ 212.088973] ? netlink_unicast+0x760/0x760 [ 212.093225] sock_sendmsg+0xd5/0x120 [ 212.096943] ___sys_sendmsg+0x7fd/0x930 [ 212.100941] ? copy_msghdr_from_user+0x580/0x580 [ 212.105713] ? zap_class+0x640/0x640 [ 212.109427] ? zap_class+0x640/0x640 [ 212.113139] ? zap_class+0x640/0x640 [ 212.116855] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 212.122389] ? __fget_light+0x2e9/0x430 [ 212.126359] ? fget_raw+0x20/0x20 [ 212.129807] ? __do_page_fault+0x620/0xe60 [ 212.134047] ? lock_downgrade+0x900/0x900 [ 212.138203] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 212.143158] ? kasan_check_read+0x11/0x20 [ 212.147369] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 212.152905] ? sockfd_lookup_light+0xc5/0x160 [ 212.157400] __sys_sendmsg+0x11d/0x280 [ 212.161292] ? __ia32_sys_shutdown+0x80/0x80 [ 212.165709] ? up_read_non_owner+0x100/0x100 [ 212.170118] ? do_syscall_64+0x9a/0x820 [ 212.174087] ? do_syscall_64+0x9a/0x820 [ 212.178065] ? trace_hardirqs_off_caller+0x310/0x310 [ 212.183196] __x64_sys_sendmsg+0x78/0xb0 [ 212.187282] do_syscall_64+0x1b9/0x820 [ 212.191182] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 212.196552] ? syscall_return_slowpath+0x5e0/0x5e0 [ 212.201490] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 212.206351] ? trace_hardirqs_on_caller+0x310/0x310 [ 212.211364] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 212.216378] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 212.221913] ? prepare_exit_to_usermode+0x291/0x3b0 [ 212.226939] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 212.231797] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 212.236985] RIP: 0033:0x7f1f3e6bb320 [ 212.240694] Code: 02 48 83 c8 ff eb 8d 48 8b 05 14 7b 2a 00 f7 da 64 89 10 48 83 c8 ff eb c9 90 83 3d d5 d2 2a 00 00 75 10 b8 2e 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e ba 00 00 48 89 04 24 [ 212.259682] RSP: 002b:00007ffdc7b16eb8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 212.267417] RAX: ffffffffffffffda RBX: 00007ffdc7b1afb0 RCX: 00007f1f3e6bb320 [ 212.274676] RDX: 0000000000000000 RSI: 00007ffdc7b16ef0 RDI: 0000000000000003 [ 212.281977] RBP: 00007ffdc7b16ef0 R08: 0000000000000000 R09: 0000000000000000 [ 212.289264] R10: 0000000000000000 R11: 0000000000000246 R12: 000000005c0d0de4 [ 212.296532] R13: 0000000000000000 R14: 00000000006395c0 R15: 00007ffdc7b1b790 [ 212.304779] Kernel Offset: disabled [ 212.308412] Rebooting in 86400 seconds..