[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 30.089581] kauditd_printk_skb: 7 callbacks suppressed [ 30.089595] audit: type=1800 audit(1544418153.847:29): pid=5979 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 30.120320] audit: type=1800 audit(1544418153.847:30): pid=5979 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 34.709181] sshd (6118) used greatest stack depth: 15744 bytes left Warning: Permanently added '10.128.0.142' (ECDSA) to the list of known hosts. 2018/12/10 05:02:45 parsed 1 programs 2018/12/10 05:02:48 executed programs: 0 [ 44.502545] IPVS: ftp: loaded support on port[0] = 21 [ 44.502564] IPVS: ftp: loaded support on port[0] = 21 [ 44.513560] IPVS: ftp: loaded support on port[0] = 21 [ 44.523517] IPVS: ftp: loaded support on port[0] = 21 [ 44.527690] IPVS: ftp: loaded support on port[0] = 21 [ 44.538828] IPVS: ftp: loaded support on port[0] = 21 [ 45.833363] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.844714] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.852319] device bridge_slave_0 entered promiscuous mode [ 45.922532] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.931086] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.945134] device bridge_slave_1 entered promiscuous mode [ 45.962908] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.973459] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.981297] device bridge_slave_0 entered promiscuous mode [ 45.988427] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.994786] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.003619] device bridge_slave_0 entered promiscuous mode [ 46.013014] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 46.027016] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.033431] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.046101] device bridge_slave_0 entered promiscuous mode [ 46.056410] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.062768] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.075667] device bridge_slave_0 entered promiscuous mode [ 46.082128] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.094594] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.101757] device bridge_slave_0 entered promiscuous mode [ 46.110335] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 46.120493] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.130490] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.144134] device bridge_slave_1 entered promiscuous mode [ 46.156805] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.163161] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.174057] device bridge_slave_1 entered promiscuous mode [ 46.180856] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.188772] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.196635] device bridge_slave_1 entered promiscuous mode [ 46.209439] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.216301] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.227364] device bridge_slave_1 entered promiscuous mode [ 46.239961] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.247995] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.255772] device bridge_slave_1 entered promiscuous mode [ 46.267500] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 46.276830] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 46.284428] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 46.296406] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 46.328344] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 46.360994] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 46.370923] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 46.382357] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 46.393525] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 46.403208] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 46.418921] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 46.503970] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 46.592693] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 46.599690] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 46.625730] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 46.637554] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 46.654861] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 46.669991] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 46.685519] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 46.698328] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 46.717645] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 46.741480] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 46.754520] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 46.768953] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 46.790564] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 46.804417] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 46.828025] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 46.836692] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 46.891604] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 46.905274] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 46.954243] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 46.971979] team0: Port device team_slave_0 added [ 47.044090] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 47.055855] team0: Port device team_slave_1 added [ 47.146279] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 47.163591] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 47.173013] team0: Port device team_slave_0 added [ 47.181740] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 47.190103] team0: Port device team_slave_0 added [ 47.195752] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 47.203112] team0: Port device team_slave_0 added [ 47.214793] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 47.225398] team0: Port device team_slave_0 added [ 47.240539] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 47.258286] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 47.266986] team0: Port device team_slave_1 added [ 47.276341] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 47.291511] team0: Port device team_slave_1 added [ 47.299006] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 47.317872] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 47.329176] team0: Port device team_slave_1 added [ 47.335602] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.348200] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 47.361087] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 47.375740] team0: Port device team_slave_1 added [ 47.384517] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 47.395910] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 47.407621] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 47.423295] team0: Port device team_slave_0 added [ 47.430302] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 47.438754] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 47.453963] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.462595] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 47.484131] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 47.507021] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 47.516220] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 47.533935] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.543283] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 47.552091] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 47.562412] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 47.575668] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 47.582792] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 47.594650] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 47.605431] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.616174] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 47.624838] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 47.632310] team0: Port device team_slave_1 added [ 47.637794] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 47.649683] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 47.665574] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.674377] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 47.698200] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 47.706501] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 47.718379] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 47.728420] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 47.744573] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 47.763051] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.772931] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 47.782237] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.791120] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 47.799980] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.808411] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 47.817543] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 47.824502] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 47.833875] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 47.857089] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 47.865920] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 47.877468] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.897676] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 47.911486] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.920194] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 47.930957] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 47.955806] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 47.976080] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 48.009899] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.023108] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.032392] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.106082] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.119075] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.131105] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.313237] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.319837] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.326823] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.333192] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.357736] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.515748] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 48.614596] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.620990] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.627711] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.634079] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.656548] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.675457] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.681815] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.688522] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.694892] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.717454] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.730155] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.736570] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.743247] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.749700] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.759216] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.783056] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.789448] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.796157] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.802523] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.822946] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.982432] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.988830] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.995554] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.001944] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.016177] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 49.582645] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 49.595823] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 49.612366] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 49.620605] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 49.628670] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.176783] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.401412] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.430624] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 51.492144] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.567414] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.662021] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.680752] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 51.716268] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 51.736776] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.743855] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.760556] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.817286] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 51.847941] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 51.950730] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.976158] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 51.989757] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 52.002505] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.013043] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.038273] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 52.166211] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 52.172369] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.180177] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.197214] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 52.208961] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.226620] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.243243] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.270676] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 52.283119] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.291254] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.365140] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 52.373521] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.393151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.483631] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.504546] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.575524] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.639936] 8021q: adding VLAN 0 to HW filter on device team0 [ 53.222596] ================================================================== [ 53.230111] BUG: KASAN: use-after-free in __list_del_entry_valid+0xf1/0x100 [ 53.237207] Read of size 8 at addr ffff8881d1f48ff0 by task ip/7553 [ 53.243594] [ 53.245256] CPU: 0 PID: 7553 Comm: ip Not tainted 4.20.0-rc4+ #335 [ 53.251583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.260944] Call Trace: [ 53.263535] dump_stack+0x244/0x39d [ 53.267178] ? dump_stack_print_info.cold.1+0x20/0x20 [ 53.272362] ? printk+0xa7/0xcf [ 53.275643] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 53.280439] print_address_description.cold.7+0x9/0x1ff [ 53.285804] kasan_report.cold.8+0x242/0x309 [ 53.290212] ? __list_del_entry_valid+0xf1/0x100 [ 53.294971] __asan_report_load8_noabort+0x14/0x20 [ 53.299916] __list_del_entry_valid+0xf1/0x100 [ 53.304500] neigh_mark_dead+0x13b/0x410 [ 53.308568] ? neigh_change_state+0x680/0x680 [ 53.313068] ? kasan_check_read+0x11/0x20 [ 53.317214] ? do_raw_write_lock+0x14f/0x310 [ 53.321624] ? do_raw_read_unlock+0x70/0x70 [ 53.325945] ? __lock_is_held+0xb5/0x140 [ 53.330016] neigh_flush_dev+0x3a1/0x960 [ 53.334076] ? neigh_changeaddr+0x24/0x40 [ 53.338225] ? __neigh_for_each_release+0x4f0/0x4f0 [ 53.343266] ? do_raw_read_unlock+0x70/0x70 [ 53.347586] ? net_to_rxe+0xe1/0x110 [ 53.351307] neigh_changeaddr+0x31/0x40 [ 53.355280] ndisc_netdev_event+0xe6/0x5b0 [ 53.359516] ? ndisc_send_unsol_na+0x500/0x500 [ 53.364098] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 53.369632] ? netconsole_netdev_event+0x7d/0x280 [ 53.374476] notifier_call_chain+0x17e/0x380 [ 53.378883] ? unregister_die_notifier+0x20/0x20 [ 53.383648] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 53.389184] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 53.394713] ? rtnl_is_locked+0xb5/0xf0 [ 53.398711] ? rtnl_trylock+0x20/0x20 [ 53.402509] raw_notifier_call_chain+0x2d/0x40 [ 53.407090] call_netdevice_notifiers_info+0x3f/0x90 [ 53.412195] dev_set_mac_address+0x293/0x3b0 [ 53.416628] ? netdev_state_change+0x1a0/0x1a0 [ 53.421215] do_setlink+0x7c7/0x3f30 [ 53.424932] ? print_usage_bug+0xc0/0xc0 [ 53.429023] ? validate_linkmsg+0xa50/0xa50 [ 53.433349] ? wp_page_copy+0x187b/0x24f0 [ 53.437503] ? mark_held_locks+0x130/0x130 [ 53.441792] ? mark_held_locks+0x130/0x130 [ 53.446025] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 53.451232] ? validate_nla+0x29a/0x1650 [ 53.455314] ? nla_memcmp+0x90/0x90 [ 53.458960] ? mark_held_locks+0x130/0x130 [ 53.463209] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 53.468742] ? rtnl_is_locked+0xb5/0xf0 [ 53.472715] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 53.477728] ? validate_linkmsg+0x271/0xa50 [ 53.482055] ? rtnl_stats_dump+0xd70/0xd70 [ 53.486290] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 53.491829] ? netdev_master_upper_dev_get+0x173/0x250 [ 53.497148] ? __nla_parse+0x12c/0x3e0 [ 53.501037] ? netdev_has_any_upper_dev+0x170/0x170 [ 53.506063] __rtnl_newlink+0xcde/0x19e0 [ 53.510142] ? rtnl_link_unregister+0x390/0x390 [ 53.514807] ? rcu_softirq_qs+0x20/0x20 [ 53.518784] ? rcu_softirq_qs+0x20/0x20 [ 53.522754] ? unwind_dump+0x190/0x190 [ 53.526665] ? is_bpf_text_address+0xd3/0x170 [ 53.531161] ? kernel_text_address+0x79/0xf0 [ 53.535569] ? __kernel_text_address+0xd/0x40 [ 53.540111] ? unwind_get_return_address+0x61/0xa0 [ 53.545044] ? __save_stack_trace+0x8d/0xf0 [ 53.549379] ? save_stack+0xa9/0xd0 [ 53.553006] ? save_stack+0x43/0xd0 [ 53.556663] ? kasan_kmalloc+0xc7/0xe0 [ 53.560547] ? kmem_cache_alloc_trace+0x152/0x750 [ 53.565390] ? rtnl_newlink+0x4d/0xa0 [ 53.569200] ? rtnetlink_rcv_msg+0x46a/0xc20 [ 53.573656] ? netlink_rcv_skb+0x172/0x440 [ 53.577883] ? rtnetlink_rcv+0x1c/0x20 [ 53.581777] ? netlink_unicast+0x5a5/0x760 [ 53.586007] ? netlink_sendmsg+0xa18/0xfc0 [ 53.590289] ? rtnl_newlink+0x4d/0xa0 [ 53.594089] ? rcu_read_lock_sched_held+0x14f/0x180 [ 53.599109] ? kmem_cache_alloc_trace+0x353/0x750 [ 53.603994] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 53.609273] ? ns_capable_common+0x13f/0x170 [ 53.613677] ? rcu_softirq_qs+0x20/0x20 [ 53.617661] rtnl_newlink+0x6b/0xa0 [ 53.621287] ? __rtnl_newlink+0x19e0/0x19e0 [ 53.625613] rtnetlink_rcv_msg+0x46a/0xc20 [ 53.629856] ? rtnl_fdb_dump+0xd00/0xd00 [ 53.633988] netlink_rcv_skb+0x172/0x440 [ 53.638071] ? rtnl_fdb_dump+0xd00/0xd00 [ 53.642147] ? netlink_ack+0xb80/0xb80 [ 53.646052] rtnetlink_rcv+0x1c/0x20 [ 53.649766] netlink_unicast+0x5a5/0x760 [ 53.653847] ? netlink_attachskb+0x9a0/0x9a0 [ 53.658258] ? aa_sk_perm+0x22b/0x8e0 [ 53.662072] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 53.667095] netlink_sendmsg+0xa18/0xfc0 [ 53.671189] ? netlink_unicast+0x760/0x760 [ 53.675434] ? aa_sock_msg_perm.isra.14+0xba/0x160 [ 53.680385] ? apparmor_socket_sendmsg+0x29/0x30 [ 53.685140] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 53.690680] ? security_socket_sendmsg+0x94/0xc0 [ 53.695445] ? netlink_unicast+0x760/0x760 [ 53.699693] sock_sendmsg+0xd5/0x120 [ 53.703409] ___sys_sendmsg+0x7fd/0x930 [ 53.707391] ? copy_msghdr_from_user+0x580/0x580 [ 53.712178] ? zap_class+0x640/0x640 [ 53.715912] ? zap_class+0x640/0x640 [ 53.719630] ? zap_class+0x640/0x640 [ 53.723346] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 53.728912] ? __fget_light+0x2e9/0x430 [ 53.732902] ? fget_raw+0x20/0x20 [ 53.736380] ? __do_page_fault+0x620/0xe60 [ 53.740618] ? lock_downgrade+0x900/0x900 [ 53.744772] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 53.749704] ? kasan_check_read+0x11/0x20 [ 53.753858] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 53.759438] ? sockfd_lookup_light+0xc5/0x160 [ 53.763937] __sys_sendmsg+0x11d/0x280 [ 53.767832] ? __ia32_sys_shutdown+0x80/0x80 [ 53.772266] ? up_read_non_owner+0x100/0x100 [ 53.776678] ? do_syscall_64+0x9a/0x820 [ 53.780650] ? do_syscall_64+0x9a/0x820 [ 53.784629] ? trace_hardirqs_off_caller+0x310/0x310 [ 53.789736] __x64_sys_sendmsg+0x78/0xb0 [ 53.793798] do_syscall_64+0x1b9/0x820 [ 53.797684] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 53.803049] ? syscall_return_slowpath+0x5e0/0x5e0 [ 53.807977] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 53.813323] ? trace_hardirqs_on_caller+0x310/0x310 [ 53.818345] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 53.823360] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 53.828907] ? prepare_exit_to_usermode+0x291/0x3b0 [ 53.833936] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 53.838784] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.843992] RIP: 0033:0x7fb1f2ae8320 [ 53.847711] Code: 02 48 83 c8 ff eb 8d 48 8b 05 14 7b 2a 00 f7 da 64 89 10 48 83 c8 ff eb c9 90 83 3d d5 d2 2a 00 00 75 10 b8 2e 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e ba 00 00 48 89 04 24 [ 53.866609] RSP: 002b:00007ffc83bb54c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 53.874313] RAX: ffffffffffffffda RBX: 00007ffc83bb95c0 RCX: 00007fb1f2ae8320 [ 53.881577] RDX: 0000000000000000 RSI: 00007ffc83bb5500 RDI: 0000000000000003 [ 53.888842] RBP: 00007ffc83bb5500 R08: 0000000000000000 R09: 0000000000000000 [ 53.896110] R10: 0000000000000000 R11: 0000000000000246 R12: 000000005c0df382 [ 53.903377] R13: 0000000000000000 R14: 00000000006395c0 R15: 00007ffc83bb9da0 [ 53.910655] [ 53.912288] Allocated by task 6461: [ 53.915930] save_stack+0x43/0xd0 [ 53.919378] kasan_kmalloc+0xc7/0xe0 [ 53.923100] __kmalloc+0x15b/0x760 [ 53.926638] ___neigh_create+0x13fc/0x2600 [ 53.930866] __neigh_create+0x30/0x40 [ 53.934670] ip6_finish_output2+0xa59/0x27a0 [ 53.939073] ip6_finish_output+0x58c/0xc60 [ 53.943489] ip6_output+0x232/0x9d0 [ 53.947109] mld_sendpack+0xad5/0xfa0 [ 53.950930] mld_ifc_timer_expire+0x447/0x8a0 [ 53.955438] call_timer_fn+0x272/0x920 [ 53.959321] __run_timers+0x7e5/0xc70 [ 53.963117] run_timer_softirq+0x52/0xb0 [ 53.967187] __do_softirq+0x308/0xb7e [ 53.970998] [ 53.972615] Freed by task 9: [ 53.975627] save_stack+0x43/0xd0 [ 53.979074] __kasan_slab_free+0x102/0x150 [ 53.983302] kasan_slab_free+0xe/0x10 [ 53.987114] kfree+0xcf/0x230 [ 53.990230] rcu_process_callbacks+0x1140/0x1ac0 [ 53.994994] __do_softirq+0x308/0xb7e [ 53.998781] [ 54.000408] The buggy address belongs to the object at ffff8881d1f48d80 [ 54.000408] which belongs to the cache kmalloc-1k of size 1024 [ 54.013064] The buggy address is located 624 bytes inside of [ 54.013064] 1024-byte region [ffff8881d1f48d80, ffff8881d1f49180) [ 54.025035] The buggy address belongs to the page: [ 54.029964] page:ffffea000747d200 count:1 mapcount:0 mapping:ffff8881da800ac0 index:0x0 compound_mapcount: 0 [ 54.039930] flags: 0x2fffc0000010200(slab|head) [ 54.044601] raw: 02fffc0000010200 ffffea000747ff88 ffffea000747fc08 ffff8881da800ac0 [ 54.052480] raw: 0000000000000000 ffff8881d1f48000 0000000100000007 0000000000000000 [ 54.060353] page dumped because: kasan: bad access detected [ 54.066050] [ 54.067671] Memory state around the buggy address: [ 54.072596] ffff8881d1f48e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 54.079951] ffff8881d1f48f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 54.087306] >ffff8881d1f48f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 54.094660] ^ [ 54.101666] ffff8881d1f49000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 54.109020] ffff8881d1f49080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 54.116399] ================================================================== [ 54.123795] Disabling lock debugging due to kernel taint [ 54.129313] Kernel panic - not syncing: panic_on_warn set ... [ 54.135242] CPU: 0 PID: 7553 Comm: ip Tainted: G B 4.20.0-rc4+ #335 [ 54.142952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.152290] Call Trace: [ 54.154874] dump_stack+0x244/0x39d [ 54.158526] ? dump_stack_print_info.cold.1+0x20/0x20 [ 54.163713] panic+0x2ad/0x55c [ 54.166910] ? add_taint.cold.5+0x16/0x16 [ 54.171062] ? trace_hardirqs_on+0xb4/0x310 [ 54.175378] kasan_end_report+0x47/0x4f [ 54.179362] kasan_report.cold.8+0x76/0x309 [ 54.183694] ? __list_del_entry_valid+0xf1/0x100 [ 54.188442] __asan_report_load8_noabort+0x14/0x20 [ 54.193365] __list_del_entry_valid+0xf1/0x100 [ 54.197974] neigh_mark_dead+0x13b/0x410 [ 54.202033] ? neigh_change_state+0x680/0x680 [ 54.206520] ? kasan_check_read+0x11/0x20 [ 54.210661] ? do_raw_write_lock+0x14f/0x310 [ 54.215060] ? do_raw_read_unlock+0x70/0x70 [ 54.219388] ? __lock_is_held+0xb5/0x140 [ 54.223445] neigh_flush_dev+0x3a1/0x960 [ 54.227496] ? neigh_changeaddr+0x24/0x40 [ 54.231638] ? __neigh_for_each_release+0x4f0/0x4f0 [ 54.236646] ? do_raw_read_unlock+0x70/0x70 [ 54.240977] ? net_to_rxe+0xe1/0x110 [ 54.244688] neigh_changeaddr+0x31/0x40 [ 54.248654] ndisc_netdev_event+0xe6/0x5b0 [ 54.252879] ? ndisc_send_unsol_na+0x500/0x500 [ 54.257484] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 54.263016] ? netconsole_netdev_event+0x7d/0x280 [ 54.267854] notifier_call_chain+0x17e/0x380 [ 54.272255] ? unregister_die_notifier+0x20/0x20 [ 54.277005] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.282562] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 54.288104] ? rtnl_is_locked+0xb5/0xf0 [ 54.292088] ? rtnl_trylock+0x20/0x20 [ 54.295892] raw_notifier_call_chain+0x2d/0x40 [ 54.300474] call_netdevice_notifiers_info+0x3f/0x90 [ 54.305573] dev_set_mac_address+0x293/0x3b0 [ 54.309978] ? netdev_state_change+0x1a0/0x1a0 [ 54.314557] do_setlink+0x7c7/0x3f30 [ 54.318264] ? print_usage_bug+0xc0/0xc0 [ 54.322326] ? validate_linkmsg+0xa50/0xa50 [ 54.326644] ? wp_page_copy+0x187b/0x24f0 [ 54.330789] ? mark_held_locks+0x130/0x130 [ 54.335024] ? mark_held_locks+0x130/0x130 [ 54.339271] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 54.344456] ? validate_nla+0x29a/0x1650 [ 54.348514] ? nla_memcmp+0x90/0x90 [ 54.352137] ? mark_held_locks+0x130/0x130 [ 54.356380] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 54.361914] ? rtnl_is_locked+0xb5/0xf0 [ 54.365883] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 54.370918] ? validate_linkmsg+0x271/0xa50 [ 54.375234] ? rtnl_stats_dump+0xd70/0xd70 [ 54.379459] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.384987] ? netdev_master_upper_dev_get+0x173/0x250 [ 54.390254] ? __nla_parse+0x12c/0x3e0 [ 54.394135] ? netdev_has_any_upper_dev+0x170/0x170 [ 54.399152] __rtnl_newlink+0xcde/0x19e0 [ 54.403215] ? rtnl_link_unregister+0x390/0x390 [ 54.407878] ? rcu_softirq_qs+0x20/0x20 [ 54.411863] ? rcu_softirq_qs+0x20/0x20 [ 54.415842] ? unwind_dump+0x190/0x190 [ 54.419731] ? is_bpf_text_address+0xd3/0x170 [ 54.424222] ? kernel_text_address+0x79/0xf0 [ 54.428626] ? __kernel_text_address+0xd/0x40 [ 54.433131] ? unwind_get_return_address+0x61/0xa0 [ 54.438060] ? __save_stack_trace+0x8d/0xf0 [ 54.442380] ? save_stack+0xa9/0xd0 [ 54.446005] ? save_stack+0x43/0xd0 [ 54.449629] ? kasan_kmalloc+0xc7/0xe0 [ 54.453511] ? kmem_cache_alloc_trace+0x152/0x750 [ 54.458366] ? rtnl_newlink+0x4d/0xa0 [ 54.462156] ? rtnetlink_rcv_msg+0x46a/0xc20 [ 54.466557] ? netlink_rcv_skb+0x172/0x440 [ 54.470795] ? rtnetlink_rcv+0x1c/0x20 [ 54.474673] ? netlink_unicast+0x5a5/0x760 [ 54.478938] ? netlink_sendmsg+0xa18/0xfc0 [ 54.483215] ? rtnl_newlink+0x4d/0xa0 [ 54.487010] ? rcu_read_lock_sched_held+0x14f/0x180 [ 54.492037] ? kmem_cache_alloc_trace+0x353/0x750 [ 54.496870] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 54.502147] ? ns_capable_common+0x13f/0x170 [ 54.506545] ? rcu_softirq_qs+0x20/0x20 [ 54.510515] rtnl_newlink+0x6b/0xa0 [ 54.514135] ? __rtnl_newlink+0x19e0/0x19e0 [ 54.518449] rtnetlink_rcv_msg+0x46a/0xc20 [ 54.522676] ? rtnl_fdb_dump+0xd00/0xd00 [ 54.526739] netlink_rcv_skb+0x172/0x440 [ 54.530798] ? rtnl_fdb_dump+0xd00/0xd00 [ 54.534868] ? netlink_ack+0xb80/0xb80 [ 54.538771] rtnetlink_rcv+0x1c/0x20 [ 54.542478] netlink_unicast+0x5a5/0x760 [ 54.546535] ? netlink_attachskb+0x9a0/0x9a0 [ 54.550945] ? aa_sk_perm+0x22b/0x8e0 [ 54.554737] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 54.559747] netlink_sendmsg+0xa18/0xfc0 [ 54.563805] ? netlink_unicast+0x760/0x760 [ 54.568032] ? aa_sock_msg_perm.isra.14+0xba/0x160 [ 54.572971] ? apparmor_socket_sendmsg+0x29/0x30 [ 54.577725] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.583287] ? security_socket_sendmsg+0x94/0xc0 [ 54.588056] ? netlink_unicast+0x760/0x760 [ 54.592285] sock_sendmsg+0xd5/0x120 [ 54.595991] ___sys_sendmsg+0x7fd/0x930 [ 54.599966] ? copy_msghdr_from_user+0x580/0x580 [ 54.604713] ? zap_class+0x640/0x640 [ 54.608422] ? zap_class+0x640/0x640 [ 54.612133] ? zap_class+0x640/0x640 [ 54.615841] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.621368] ? __fget_light+0x2e9/0x430 [ 54.625335] ? fget_raw+0x20/0x20 [ 54.628786] ? __do_page_fault+0x620/0xe60 [ 54.633011] ? lock_downgrade+0x900/0x900 [ 54.637168] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 54.642432] ? kasan_check_read+0x11/0x20 [ 54.646572] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 54.652098] ? sockfd_lookup_light+0xc5/0x160 [ 54.656605] __sys_sendmsg+0x11d/0x280 [ 54.660485] ? __ia32_sys_shutdown+0x80/0x80 [ 54.664892] ? up_read_non_owner+0x100/0x100 [ 54.669342] ? do_syscall_64+0x9a/0x820 [ 54.673309] ? do_syscall_64+0x9a/0x820 [ 54.677284] ? trace_hardirqs_off_caller+0x310/0x310 [ 54.682382] __x64_sys_sendmsg+0x78/0xb0 [ 54.686451] do_syscall_64+0x1b9/0x820 [ 54.690328] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 54.695685] ? syscall_return_slowpath+0x5e0/0x5e0 [ 54.700607] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 54.705446] ? trace_hardirqs_on_caller+0x310/0x310 [ 54.710460] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 54.715468] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.721001] ? prepare_exit_to_usermode+0x291/0x3b0 [ 54.726014] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 54.730868] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.736058] RIP: 0033:0x7fb1f2ae8320 [ 54.739807] Code: 02 48 83 c8 ff eb 8d 48 8b 05 14 7b 2a 00 f7 da 64 89 10 48 83 c8 ff eb c9 90 83 3d d5 d2 2a 00 00 75 10 b8 2e 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e ba 00 00 48 89 04 24 [ 54.758697] RSP: 002b:00007ffc83bb54c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 54.766436] RAX: ffffffffffffffda RBX: 00007ffc83bb95c0 RCX: 00007fb1f2ae8320 [ 54.773701] RDX: 0000000000000000 RSI: 00007ffc83bb5500 RDI: 0000000000000003 [ 54.780961] RBP: 00007ffc83bb5500 R08: 0000000000000000 R09: 0000000000000000 [ 54.788216] R10: 0000000000000000 R11: 0000000000000246 R12: 000000005c0df382 [ 54.795486] R13: 0000000000000000 R14: 00000000006395c0 R15: 00007ffc83bb9da0 [ 54.803642] Kernel Offset: disabled [ 54.807261] Rebooting in 86400 seconds..