[   52.763619] audit: type=1800 audit(1560714904.204:28): pid=6706 uid=0 auid=4294967295 ses=4294967295 subj=_ op="collect_data" cause="failed(directio)" comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   53.202718] audit: type=1800 audit(1560714904.644:29): pid=6706 uid=0 auid=4294967295 ses=4294967295 subj=_ op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   53.226119] audit: type=1800 audit(1560714904.664:30): pid=6706 uid=0 auid=4294967295 ses=4294967295 subj=_ op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   63.442088] IPVS: Creating netns size=2720 id=1
[   63.447015] IPVS: ftp: loaded support on port[0] = 21
Warning: Permanently added '10.128.10.55' (ECDSA) to the list of known hosts.
2019/06/16 19:55:23 parsed 1 programs
2019/06/16 19:55:23 executed programs: 0
[   72.195652] IPv6: ADDRCONF(NETDEV_CHANGE): nr2: link becomes ready
[   72.205879] IPv6: ADDRCONF(NETDEV_CHANGE): nr3: link becomes ready
[   72.214792] IPv6: ADDRCONF(NETDEV_CHANGE): nr1: link becomes ready
[   72.222912] IPv6: ADDRCONF(NETDEV_CHANGE): nr4: link becomes ready
[   72.231161] IPv6: ADDRCONF(NETDEV_CHANGE): nr5: link becomes ready
[   72.238865] IPv6: ADDRCONF(NETDEV_CHANGE): nr0: link becomes ready
[   72.256286] IPVS: Creating netns size=2720 id=2
[   72.261164] IPVS: ftp: loaded support on port[0] = 21
[   72.385343] IPVS: Creating netns size=2720 id=3
[   72.390216] IPVS: ftp: loaded support on port[0] = 21
[   72.482860] chnl_net:caif_netlink_parms(): no params data found
[   72.585797] IPVS: Creating netns size=2720 id=4
[   72.591830] IPVS: ftp: loaded support on port[0] = 21
[   72.628071] bridge0: port 1(bridge_slave_0) entered blocking state
[   72.634882] bridge0: port 1(bridge_slave_0) entered disabled state
[   72.643845] device bridge_slave_0 entered promiscuous mode
[   72.653133] bridge0: port 2(bridge_slave_1) entered blocking state
[   72.659518] bridge0: port 2(bridge_slave_1) entered disabled state
[   72.668479] device bridge_slave_1 entered promiscuous mode
[   72.738091] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   72.773491] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   72.910184] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   72.933705] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   72.943168] IPVS: Creating netns size=2720 id=5
[   72.948515] IPVS: ftp: loaded support on port[0] = 21
[   72.967716] chnl_net:caif_netlink_parms(): no params data found
[   73.023070] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   73.031324] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   73.149726] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.156337] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.165514] device bridge_slave_0 entered promiscuous mode
[   73.220637] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.228547] bridge0: port 2(bridge_slave_1) entered forwarding state
[   73.239602] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.246008] bridge0: port 1(bridge_slave_0) entered forwarding state
[   73.255843] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.262364] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.272610] device bridge_slave_1 entered promiscuous mode
[   73.346738] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   73.368307] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   73.375158] IPVS: Creating netns size=2720 id=6
[   73.375275] IPVS: ftp: loaded support on port[0] = 21
[   73.386465] chnl_net:caif_netlink_parms(): no params data found
[   73.605293] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   73.618677] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.626521] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.702843] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   73.716926] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.723668] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.732824] device bridge_slave_0 entered promiscuous mode
[   73.740161] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.747070] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.756203] device bridge_slave_1 entered promiscuous mode
[   73.843328] 8021q: adding VLAN 0 to HW filter on device bond0
[   73.846718] IPVS: Creating netns size=2720 id=7
[   73.846835] IPVS: ftp: loaded support on port[0] = 21
[   73.899343] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   73.906117] chnl_net:caif_netlink_parms(): no params data found
[   73.925417] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   73.935521] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   73.942774] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   73.964739] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   74.114659] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   74.253462] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   74.261816] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.268240] bridge0: port 1(bridge_slave_0) entered disabled state
[   74.277338] device bridge_slave_0 entered promiscuous mode
[   74.308409] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   74.316935] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.323460] bridge0: port 1(bridge_slave_0) entered forwarding state
[   74.330588] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   74.338430] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.344845] bridge0: port 2(bridge_slave_1) entered forwarding state
[   74.353149] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   74.362145] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   74.368860] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.378569] bridge0: port 2(bridge_slave_1) entered disabled state
[   74.387714] device bridge_slave_1 entered promiscuous mode
[   74.395247] chnl_net:caif_netlink_parms(): no params data found
[   74.497843] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   74.510159] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   74.589845] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   74.615195] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   74.631444] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   74.672566] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   74.691105] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   74.759932] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   74.812914] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.819396] bridge0: port 1(bridge_slave_0) entered disabled state
[   74.828836] device bridge_slave_0 entered promiscuous mode
[   74.864908] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.871790] bridge0: port 2(bridge_slave_1) entered disabled state
[   74.880637] device bridge_slave_1 entered promiscuous mode
[   74.907007] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   74.915508] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   74.944843] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   74.953311] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   74.961524] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   75.005527] chnl_net:caif_netlink_parms(): no params data found
[   75.023046] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   75.060169] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   75.083832] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   75.188001] 8021q: adding VLAN 0 to HW filter on device bond0
[   75.228509] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   75.259017] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   75.295375] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.302324] bridge0: port 1(bridge_slave_0) entered disabled state
[   75.312120] device bridge_slave_0 entered promiscuous mode
[   75.341292] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   75.352670] 8021q: adding VLAN 0 to HW filter on device batadv0
[   75.371169] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.377619] bridge0: port 2(bridge_slave_1) entered disabled state
[   75.388636] device bridge_slave_1 entered promiscuous mode
[   75.428860] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   75.475208] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   75.666791] 8021q: adding VLAN 0 to HW filter on device bond0
[   75.677917] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   75.695398] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   75.712317] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   75.732119] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   75.740887] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.748866] bridge0: port 1(bridge_slave_0) entered forwarding state
[   75.756240] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   75.764291] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.770684] bridge0: port 2(bridge_slave_1) entered forwarding state
[   75.795865] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   75.829367] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   75.838789] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   75.847563] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   75.945346] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   75.959628] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   75.971191] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.977582] bridge0: port 1(bridge_slave_0) entered forwarding state
[   75.984774] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   75.992793] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.999252] bridge0: port 2(bridge_slave_1) entered forwarding state
[   76.017395] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   76.025075] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   76.033431] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   76.063342] 8021q: adding VLAN 0 to HW filter on device bond0
[   76.077816] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   76.092247] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   76.099683] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   76.108252] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   76.122968] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   76.182438] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   76.220934] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   76.228979] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   76.236984] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   76.246789] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   76.262698] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   76.298475] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   76.312603] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.319050] bridge0: port 1(bridge_slave_0) entered forwarding state
[   76.349182] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   76.391713] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   76.399563] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.405966] bridge0: port 2(bridge_slave_1) entered forwarding state
[   76.427870] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   76.455271] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   76.476306] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   76.496833] 8021q: adding VLAN 0 to HW filter on device bond0
[   76.526040] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   76.553015] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   76.559723] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   76.596867] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   76.763896] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   76.772050] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.778576] bridge0: port 1(bridge_slave_0) entered forwarding state
[   76.798098] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   76.806362] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   76.814848] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.821517] bridge0: port 2(bridge_slave_1) entered forwarding state
[   76.894060] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   76.931700] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   76.975176] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   77.006000] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   77.035837] 8021q: adding VLAN 0 to HW filter on device bond0
[   77.074971] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
2019/06/16 19:55:28 executed programs: 10
[   77.124924] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   77.242596] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   77.251513] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.258217] bridge0: port 1(bridge_slave_0) entered forwarding state
[   77.279188] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   77.308205] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   77.317143] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.324175] bridge0: port 2(bridge_slave_1) entered forwarding state
[   77.388431] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   77.425689] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   77.472455] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   77.505394] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
2019/06/16 19:55:33 executed programs: 114
2019/06/16 19:55:38 executed programs: 223
2019/06/16 19:55:43 executed programs: 334
2019/06/16 19:55:48 executed programs: 451
2019/06/16 19:55:53 executed programs: 558
2019/06/16 19:55:58 executed programs: 676
2019/06/16 19:56:03 executed programs: 779
2019/06/16 19:56:08 executed programs: 899
2019/06/16 19:56:13 executed programs: 1015
2019/06/16 19:56:18 executed programs: 1125
2019/06/16 19:56:24 executed programs: 1241
2019/06/16 19:56:29 executed programs: 1357
2019/06/16 19:56:34 executed programs: 1466
2019/06/16 19:56:39 executed programs: 1581
2019/06/16 19:56:44 executed programs: 1686
2019/06/16 19:56:49 executed programs: 1796
2019/06/16 19:56:54 executed programs: 1911
2019/06/16 19:56:59 executed programs: 2026
2019/06/16 19:57:04 executed programs: 2141
2019/06/16 19:57:09 executed programs: 2254
2019/06/16 19:57:14 executed programs: 2367
2019/06/16 19:57:19 executed programs: 2476
2019/06/16 19:57:24 executed programs: 2592
2019/06/16 19:57:29 executed programs: 2703
2019/06/16 19:57:34 executed programs: 2814
2019/06/16 19:57:39 executed programs: 2935
2019/06/16 19:57:44 executed programs: 3051
2019/06/16 19:57:49 executed programs: 3164
2019/06/16 19:57:54 executed programs: 3280
2019/06/16 19:57:59 executed programs: 3393
2019/06/16 19:58:04 executed programs: 3508
2019/06/16 19:58:09 executed programs: 3618
2019/06/16 19:58:14 executed programs: 3736
2019/06/16 19:58:20 executed programs: 3848
2019/06/16 19:58:25 executed programs: 3960
2019/06/16 19:58:30 executed programs: 4069
2019/06/16 19:58:35 executed programs: 4184
2019/06/16 19:58:40 executed programs: 4298
2019/06/16 19:58:45 executed programs: 4409
2019/06/16 19:58:50 executed programs: 4518
2019/06/16 19:58:55 executed programs: 4630
2019/06/16 19:59:00 executed programs: 4744
2019/06/16 19:59:05 executed programs: 4859
2019/06/16 19:59:10 executed programs: 4974
2019/06/16 19:59:15 executed programs: 5080
2019/06/16 19:59:20 executed programs: 5193
2019/06/16 19:59:25 executed programs: 5306
2019/06/16 19:59:30 executed programs: 5414
2019/06/16 19:59:35 executed programs: 5530
2019/06/16 19:59:40 executed programs: 5645
2019/06/16 19:59:45 executed programs: 5762
2019/06/16 19:59:50 executed programs: 5873
2019/06/16 19:59:55 executed programs: 5985
2019/06/16 20:00:00 executed programs: 6101
2019/06/16 20:00:05 executed programs: 6211
2019/06/16 20:00:10 executed programs: 6315
2019/06/16 20:00:15 executed programs: 6433
2019/06/16 20:00:20 executed programs: 6546
2019/06/16 20:00:26 executed programs: 6658
2019/06/16 20:00:31 executed programs: 6768
2019/06/16 20:00:36 executed programs: 6882
2019/06/16 20:00:41 executed programs: 6996
2019/06/16 20:00:46 executed programs: 7111
2019/06/16 20:00:51 executed programs: 7220
2019/06/16 20:00:56 executed programs: 7338
2019/06/16 20:01:01 executed programs: 7449
2019/06/16 20:01:06 executed programs: 7565
2019/06/16 20:01:11 executed programs: 7680
2019/06/16 20:01:16 executed programs: 7794
2019/06/16 20:01:21 executed programs: 7904
2019/06/16 20:01:26 executed programs: 8020
2019/06/16 20:01:31 executed programs: 8125
2019/06/16 20:01:36 executed programs: 8242
2019/06/16 20:01:41 executed programs: 8357
2019/06/16 20:01:46 executed programs: 8472
2019/06/16 20:01:51 executed programs: 8587
[  461.104529] ==================================================================
[  461.113039] BUG: KASAN: use-after-free in pneigh_get_next.isra.18+0x214/0x320 at addr ffff8800a21d7180
[  461.126430] Read of size 8 by task syz-executor.3/15217
[  461.135466] CPU: 0 PID: 15217 Comm: syz-executor.3 Not tainted 4.7.0-rc3+ #1
[  461.145953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  461.155782]  1ffffffff0d55dda ffff8800b829f1c0 ffffffff829ccc36 ffff8800a21d7180
[  461.163998]  ffff8800b829f250 ffff8800a21d7180 ffff88012bc00200 ffff8800b829f240
[  461.172407]  ffffffff81746e17 ffff8800b829f268 ffff8800b829f310 0000000000000282
[  461.180448] Call Trace:
[  461.183074]  [<ffffffff829ccc36>] dump_stack+0xe6/0x120
[  461.188460]  [<ffffffff81746e17>] kasan_report_error+0x1e7/0x5b0
[  461.194592]  [<ffffffff817472de>] __asan_report_load8_noabort+0x3e/0x40
[  461.202653]  [<ffffffff8464add4>] ? pneigh_get_next.isra.18+0x214/0x320
[  461.209505]  [<ffffffff8464add4>] pneigh_get_next.isra.18+0x214/0x320
[  461.216082]  [<ffffffff846522f0>] ? neigh_table_clear+0x2b0/0x2b0
[  461.222386]  [<ffffffff8586c290>] ? mutex_trylock+0x570/0x570
[  461.228796]  [<ffffffff8464bc51>] neigh_seq_next+0x91/0x1c0
[  461.234531]  [<ffffffff818096a4>] seq_read+0x9e4/0x11a0
[  461.239883]  [<ffffffff81808cc0>] ? seq_hlist_next_rcu+0x130/0x130
[  461.246253]  [<ffffffff8148677e>] ? rcu_read_lock_sched_held+0x9e/0x120
[  461.253669]  [<ffffffff818f7b9c>] proc_reg_read+0xbc/0x180
[  461.259335]  [<ffffffff82a0a667>] ? import_iovec+0x97/0x420
[  461.265293]  [<ffffffff814865b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[  461.272083]  [<ffffffff81797944>] do_loop_readv_writev+0x134/0x210
[  461.278413]  [<ffffffff826f1938>] ? security_file_permission+0x148/0x1a0
[  461.285248]  [<ffffffff818f7ae0>] ? proc_reg_write+0x180/0x180
[  461.291197]  [<ffffffff818f7ae0>] ? proc_reg_write+0x180/0x180
[  461.297147]  [<ffffffff8179c235>] do_readv_writev+0x565/0x660
[  461.303039]  [<ffffffff8179bcd0>] ? vfs_write+0x4a0/0x4a0
[  461.308712]  [<ffffffff816127b0>] ? perf_event_fork+0x20/0x20
[  461.314597]  [<ffffffff814865b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[  461.322021]  [<ffffffff8172b910>] ? alloc_pages_current+0x1b0/0x490
[  461.328415]  [<ffffffff8179c397>] vfs_readv+0x67/0xa0
[  461.333602]  [<ffffffff8183748d>] default_file_splice_read+0x42d/0x800
[  461.340372]  [<ffffffff81837060>] ? __generic_file_splice_read+0xef0/0xef0
[  461.347434]  [<ffffffff8143d9b8>] ? mark_held_locks+0xc8/0x120
[  461.353392]  [<ffffffff82a3230f>] ? debug_check_no_obj_freed+0x15f/0x760
[  461.360839]  [<ffffffff8587773a>] ? _raw_spin_unlock_irqrestore+0x6a/0xd0
[  461.368743]  [<ffffffff81835ab0>] ? page_cache_pipe_buf_release+0x120/0x120
[  461.375825]  [<ffffffff85877776>] ? _raw_spin_unlock_irqrestore+0xa6/0xd0
[  461.382746]  [<ffffffff8143d9b8>] ? mark_held_locks+0xc8/0x120
[  461.388745]  [<ffffffff816415f1>] ? free_hot_cold_page+0x501/0xa70
[  461.395132]  [<ffffffff8143de5c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  461.401978]  [<ffffffff8143dffd>] ? trace_hardirqs_on+0xd/0x10
[  461.408042]  [<ffffffff8165e5b7>] ? __put_page+0x67/0x80
[  461.414878]  [<ffffffff8179b368>] ? rw_verify_area+0xb8/0x2b0
[  461.420743]  [<ffffffff81832e43>] do_splice_to+0xe3/0x140
[  461.426260]  [<ffffffff818330d5>] splice_direct_to_actor+0x235/0x7c0
[  461.432739]  [<ffffffff81831b50>] ? generic_pipe_buf_nosteal+0x10/0x10
[  461.439470]  [<ffffffff81832ea0>] ? do_splice_to+0x140/0x140
[  461.445402]  [<ffffffff8179b368>] ? rw_verify_area+0xb8/0x2b0
[  461.451270]  [<ffffffff818337ae>] do_splice_direct+0x14e/0x260
[  461.457223]  [<ffffffff81833660>] ? splice_direct_to_actor+0x7c0/0x7c0
[  461.464115]  [<ffffffff81432452>] ? percpu_down_read+0x52/0x90
[  461.470094]  [<ffffffff817a3132>] ? __sb_start_write+0xb2/0xf0
[  461.476050]  [<ffffffff817a3132>] ? __sb_start_write+0xb2/0xf0
[  461.482010]  [<ffffffff8179df00>] do_sendfile+0x4c0/0xe40
[  461.487872]  [<ffffffff8179da40>] ? do_compat_pwritev64.isra.24+0xc0/0xc0
[  461.494820]  [<ffffffff816ba611>] ? __might_fault+0xf1/0x1b0
[  461.500600]  [<ffffffff8179facd>] SyS_sendfile64+0x11d/0x120
[  461.506460]  [<ffffffff8179f9b0>] ? SyS_sendfile+0x110/0x110
[  461.512260]  [<ffffffff8143de5c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  461.519116]  [<ffffffff8100501a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
[  461.525766]  [<ffffffff85877900>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  461.532345] Object at ffff8800a21d7180, in cache kmalloc-64
[  461.538059] Object freed, allocated with size 36 bytes
[  461.543317] Allocation:
[  461.545879] PID = 15229
[  461.548447]  [<ffffffff8120b336>] save_stack_trace+0x26/0x50
[  461.554770]  [<ffffffff81746086>] save_stack+0x46/0xd0
[  461.560195]  [<ffffffff817462da>] kasan_kmalloc+0xda/0x100
[  461.566907]  [<ffffffff817411c9>] __kmalloc+0x169/0x7a0
[  461.572829]  [<ffffffff8464955e>] pneigh_lookup+0x15e/0x3b0
[  461.578672]  [<ffffffff84b83183>] arp_req_set+0x323/0x540
[  461.584900]  [<ffffffff84b88125>] arp_ioctl+0x1c5/0x5c0
[  461.591114]  [<ffffffff84b9ef2b>] inet_ioctl+0x6b/0x170
[  461.598343]  [<ffffffff845bd0e2>] sock_do_ioctl+0x62/0xa0
[  461.604259]  [<ffffffff845bd3c3>] sock_ioctl+0x2a3/0x390
[  461.609818]  [<ffffffff817d407f>] do_vfs_ioctl+0x17f/0xec0
[  461.615597]  [<ffffffff817d4e34>] SyS_ioctl+0x74/0x80
[  461.621012]  [<ffffffff85877900>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  461.627788] Deallocation:
[  461.630525] PID = 15216
[  461.633088]  [<ffffffff8120b336>] save_stack_trace+0x26/0x50
[  461.639025]  [<ffffffff81746086>] save_stack+0x46/0xd0
[  461.644414]  [<ffffffff8174686b>] kasan_slab_free+0x9b/0xd0
[  461.650252]  [<ffffffff817446be>] kfree+0xce/0x2c0
[  461.655288]  [<ffffffff84651f82>] neigh_ifdown+0x162/0x220
[  461.661111]  [<ffffffff84b88533>] arp_ifdown+0x13/0x20
[  461.666492]  [<ffffffff84b95673>] inetdev_event+0x573/0xf60
[  461.673136]  [<ffffffff813af26b>] notifier_call_chain+0x8b/0x170
[  461.679657]  [<ffffffff813af371>] raw_notifier_call_chain+0x11/0x20
[  461.686307]  [<ffffffff84613e77>] call_netdevice_notifiers_info+0x47/0x80
[  461.693740]  [<ffffffff84620aea>] rollback_registered_many+0x3fa/0x740
[  461.700516]  [<ffffffff84620e9f>] rollback_registered+0x6f/0x90
[  461.706874]  [<ffffffff84620f28>] unregister_netdevice_queue+0x68/0x120
[  461.715989]  [<ffffffff835b6644>] __tun_detach+0x764/0x9f0
[  461.721823]  [<ffffffff835b6910>] tun_chr_close+0x40/0x60
[  461.727484]  [<ffffffff817a052e>] __fput+0x20e/0x750
[  461.732719]  [<ffffffff817a0ad9>] ____fput+0x9/0x10
[  461.737852]  [<ffffffff813a74bc>] task_work_run+0xdc/0x150
[  461.743718]  [<ffffffff810066d3>] exit_to_usermode_loop+0x183/0x1c0
[  461.750241]  [<ffffffff81008815>] syscall_return_slowpath+0x275/0x2f0
[  461.757148]  [<ffffffff8587799c>] entry_SYSCALL_64_fastpath+0xbf/0xc1
[  461.764313] Memory state around the buggy address:
[  461.769488]  ffff8800a21d7080: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  461.777775]  ffff8800a21d7100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  461.785135] >ffff8800a21d7180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  461.792656]                    ^
[  461.796014]  ffff8800a21d7200: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  461.804860]  ffff8800a21d7280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  461.816359] ==================================================================
[  461.824177] Disabling lock debugging due to kernel taint
[  461.829695] ==================================================================
[  461.837529] BUG: KASAN: use-after-free in pneigh_get_next.isra.18+0x1f7/0x320 at addr ffff880129e6b008
[  461.849210] Read of size 8 by task syz-executor.3/15217
[  461.854850] CPU: 0 PID: 15217 Comm: syz-executor.3 Tainted: G    B           4.7.0-rc3+ #1
[  461.863335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  461.874000]  1ffffffff0d55dda ffff8800b829f1c0 ffffffff829ccc36 ffff880129e6b000
[  461.884051]  ffff8800b829f250 ffff880129e6b000 ffff88012bc00500 ffff8800b829f240
[  461.893447]  ffffffff81746e17 0000000000000010 ffff880000000000 0000000000000282
[  461.901514] Call Trace:
[  461.904109]  [<ffffffff829ccc36>] dump_stack+0xe6/0x120
[  461.909562]  [<ffffffff81746e17>] kasan_report_error+0x1e7/0x5b0
[  461.916223]  [<ffffffff817472de>] __asan_report_load8_noabort+0x3e/0x40
[  461.922968]  [<ffffffff8464adb7>] ? pneigh_get_next.isra.18+0x1f7/0x320
[  461.929807]  [<ffffffff8464adb7>] pneigh_get_next.isra.18+0x1f7/0x320
[  461.936729]  [<ffffffff846522f0>] ? neigh_table_clear+0x2b0/0x2b0
[  461.943314]  [<ffffffff8586c290>] ? mutex_trylock+0x570/0x570
[  461.949276]  [<ffffffff8464bc51>] neigh_seq_next+0x91/0x1c0
[  461.955946]  [<ffffffff818096a4>] seq_read+0x9e4/0x11a0
[  461.961388]  [<ffffffff81808cc0>] ? seq_hlist_next_rcu+0x130/0x130
[  461.967735]  [<ffffffff8148677e>] ? rcu_read_lock_sched_held+0x9e/0x120
[  461.974733]  [<ffffffff818f7b9c>] proc_reg_read+0xbc/0x180
[  461.980345]  [<ffffffff82a0a667>] ? import_iovec+0x97/0x420
[  461.987246]  [<ffffffff814865b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[  461.993992]  [<ffffffff81797944>] do_loop_readv_writev+0x134/0x210
[  462.000402]  [<ffffffff826f1938>] ? security_file_permission+0x148/0x1a0
[  462.007240]  [<ffffffff818f7ae0>] ? proc_reg_write+0x180/0x180
[  462.013197]  [<ffffffff818f7ae0>] ? proc_reg_write+0x180/0x180
[  462.019148]  [<ffffffff8179c235>] do_readv_writev+0x565/0x660
[  462.025115]  [<ffffffff8179bcd0>] ? vfs_write+0x4a0/0x4a0
[  462.030827]  [<ffffffff816127b0>] ? perf_event_fork+0x20/0x20
[  462.036804]  [<ffffffff814865b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[  462.044338]  [<ffffffff8172b910>] ? alloc_pages_current+0x1b0/0x490
[  462.050733]  [<ffffffff8179c397>] vfs_readv+0x67/0xa0
[  462.057207]  [<ffffffff8183748d>] default_file_splice_read+0x42d/0x800
[  462.063959]  [<ffffffff81837060>] ? __generic_file_splice_read+0xef0/0xef0
[  462.072385]  [<ffffffff8143d9b8>] ? mark_held_locks+0xc8/0x120
[  462.078524]  [<ffffffff82a3230f>] ? debug_check_no_obj_freed+0x15f/0x760
[  462.086353]  [<ffffffff8587773a>] ? _raw_spin_unlock_irqrestore+0x6a/0xd0
[  462.093613]  [<ffffffff81835ab0>] ? page_cache_pipe_buf_release+0x120/0x120
[  462.101752]  [<ffffffff85877776>] ? _raw_spin_unlock_irqrestore+0xa6/0xd0
[  462.108767]  [<ffffffff8143d9b8>] ? mark_held_locks+0xc8/0x120
[  462.114734]  [<ffffffff816415f1>] ? free_hot_cold_page+0x501/0xa70
[  462.121473]  [<ffffffff8143de5c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  462.128293]  [<ffffffff8143dffd>] ? trace_hardirqs_on+0xd/0x10
[  462.134445]  [<ffffffff8165e5b7>] ? __put_page+0x67/0x80
[  462.140329]  [<ffffffff8179b368>] ? rw_verify_area+0xb8/0x2b0
[  462.146323]  [<ffffffff81832e43>] do_splice_to+0xe3/0x140
[  462.152123]  [<ffffffff818330d5>] splice_direct_to_actor+0x235/0x7c0
[  462.158887]  [<ffffffff81831b50>] ? generic_pipe_buf_nosteal+0x10/0x10
[  462.165792]  [<ffffffff81832ea0>] ? do_splice_to+0x140/0x140
[  462.171584]  [<ffffffff8179b368>] ? rw_verify_area+0xb8/0x2b0
[  462.177624]  [<ffffffff818337ae>] do_splice_direct+0x14e/0x260
[  462.183705]  [<ffffffff81833660>] ? splice_direct_to_actor+0x7c0/0x7c0
[  462.190357]  [<ffffffff81432452>] ? percpu_down_read+0x52/0x90
[  462.196425]  [<ffffffff817a3132>] ? __sb_start_write+0xb2/0xf0
[  462.207679]  [<ffffffff817a3132>] ? __sb_start_write+0xb2/0xf0
[  462.213640]  [<ffffffff8179df00>] do_sendfile+0x4c0/0xe40
[  462.219330]  [<ffffffff8179da40>] ? do_compat_pwritev64.isra.24+0xc0/0xc0
[  462.226852]  [<ffffffff816ba611>] ? __might_fault+0xf1/0x1b0
[  462.232721]  [<ffffffff8179facd>] SyS_sendfile64+0x11d/0x120
[  462.238500]  [<ffffffff8179f9b0>] ? SyS_sendfile+0x110/0x110
[  462.246921]  [<ffffffff8143de5c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  462.256041]  [<ffffffff8100501a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
[  462.263058]  [<ffffffff85877900>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  462.269621] Object at ffff880129e6b000, in cache kmalloc-256
[  462.275568] Object freed, allocated with size 198 bytes
[  462.282521] Allocation:
[  462.286453] PID = 15217
[  462.289217]  [<ffffffff8120b336>] save_stack_trace+0x26/0x50
[  462.296588]  [<ffffffff81746086>] save_stack+0x46/0xd0
[  462.302314]  [<ffffffff817462da>] kasan_kmalloc+0xda/0x100
[  462.308574]  [<ffffffff817411c9>] __kmalloc+0x169/0x7a0
[  462.314242]  [<ffffffff81907716>] __proc_create+0x136/0x570
[  462.320107]  [<ffffffff819082c5>] proc_create_data+0x55/0x140
[  462.326483]  [<ffffffff84dcf5f0>] snmp6_register_dev+0xb0/0x130
[  462.335272]  [<ffffffff84d056ac>] ipv6_add_dev+0x55c/0xfd0
[  462.347305]  [<ffffffff84d18d44>] addrconf_notify+0x764/0x1cf0
[  462.359183]  [<ffffffff813af26b>] notifier_call_chain+0x8b/0x170
[  462.369733]  [<ffffffff813af371>] raw_notifier_call_chain+0x11/0x20
[  462.376475]  [<ffffffff84613e77>] call_netdevice_notifiers_info+0x47/0x80
[  462.383947]  [<ffffffff8463a147>] register_netdevice+0x907/0xd60
[  462.390353]  [<ffffffff835b8ac0>] __tun_chr_ioctl+0x13e0/0x3540
[  462.396620]  [<ffffffff835bac4e>] tun_chr_ioctl+0xe/0x10
[  462.402212]  [<ffffffff817d407f>] do_vfs_ioctl+0x17f/0xec0
[  462.407987]  [<ffffffff817d4e34>] SyS_ioctl+0x74/0x80
[  462.413582]  [<ffffffff85877900>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  462.420279] Deallocation:
[  462.423120] PID = 15216
[  462.425684]  [<ffffffff8120b336>] save_stack_trace+0x26/0x50
[  462.431958]  [<ffffffff81746086>] save_stack+0x46/0xd0
[  462.437343]  [<ffffffff8174686b>] kasan_slab_free+0x9b/0xd0
[  462.443601]  [<ffffffff817446be>] kfree+0xce/0x2c0
[  462.448762]  [<ffffffff81908743>] pde_put+0x73/0xc0
[  462.455588]  [<ffffffff8190923b>] remove_proc_subtree+0x1cb/0x240
[  462.462732]  [<ffffffff819092e8>] proc_remove+0x38/0x50
[  462.468207]  [<ffffffff84dcf71c>] snmp6_unregister_dev+0xac/0x120
[  462.474858]  [<ffffffff84d0e8c1>] addrconf_ifdown+0xa51/0xcd0
[  462.480884]  [<ffffffff84d18cf0>] addrconf_notify+0x710/0x1cf0
[  462.487059]  [<ffffffff813af26b>] notifier_call_chain+0x8b/0x170
[  462.494151]  [<ffffffff813af371>] raw_notifier_call_chain+0x11/0x20
[  462.500675]  [<ffffffff84613e77>] call_netdevice_notifiers_info+0x47/0x80
[  462.508503]  [<ffffffff84620aea>] rollback_registered_many+0x3fa/0x740
[  462.515712]  [<ffffffff84620e9f>] rollback_registered+0x6f/0x90
[  462.522796]  [<ffffffff84620f28>] unregister_netdevice_queue+0x68/0x120
[  462.531752]  [<ffffffff835b6644>] __tun_detach+0x764/0x9f0
[  462.537866]  [<ffffffff835b6910>] tun_chr_close+0x40/0x60
[  462.544727]  [<ffffffff817a052e>] __fput+0x20e/0x750
[  462.550113]  [<ffffffff817a0ad9>] ____fput+0x9/0x10
[  462.556557]  [<ffffffff813a74bc>] task_work_run+0xdc/0x150
[  462.564524]  [<ffffffff810066d3>] exit_to_usermode_loop+0x183/0x1c0
[  462.571092]  [<ffffffff81008815>] syscall_return_slowpath+0x275/0x2f0
[  462.580416]  [<ffffffff8587799c>] entry_SYSCALL_64_fastpath+0xbf/0xc1
[  462.593200] Memory state around the buggy address:
[  462.605058]  ffff880129e6af00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  462.617223]  ffff880129e6af80: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[  462.628336] >ffff880129e6b000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  462.638473]                       ^
[  462.645503]  ffff880129e6b080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  462.655661]  ffff880129e6b100: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[  462.663167] ==================================================================
[  462.671616] ==================================================================
[  462.679087] BUG: KASAN: use-after-free in pneigh_get_next.isra.18+0x214/0x320 at addr ffff880129e6b000
[  462.688714] Read of size 8 by task syz-executor.3/15217
[  462.694091] CPU: 0 PID: 15217 Comm: syz-executor.3 Tainted: G    B           4.7.0-rc3+ #1
[  462.702751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  462.713606]  1ffffffff0d55dda ffff8800b829f1c0 ffffffff829ccc36 ffff880129e6b000
[  462.721780]  ffff8800b829f250 ffff880129e6b000 ffff88012bc00500 ffff8800b829f240
[  462.730780]  ffffffff81746e17 0000000000000010 ffff880000000000 0000000000000282
[  462.740137] Call Trace:
[  462.747596]  [<ffffffff829ccc36>] dump_stack+0xe6/0x120
[  462.755857]  [<ffffffff81746e17>] kasan_report_error+0x1e7/0x5b0
[  462.762986]  [<ffffffff817472de>] __asan_report_load8_noabort+0x3e/0x40
[  462.770075]  [<ffffffff8464add4>] ? pneigh_get_next.isra.18+0x214/0x320
[  462.778132]  [<ffffffff8464add4>] pneigh_get_next.isra.18+0x214/0x320
[  462.785518]  [<ffffffff846522f0>] ? neigh_table_clear+0x2b0/0x2b0
[  462.794461]  [<ffffffff8586c290>] ? mutex_trylock+0x570/0x570
[  462.801029]  [<ffffffff8464bc51>] neigh_seq_next+0x91/0x1c0
[  462.806726]  [<ffffffff818096a4>] seq_read+0x9e4/0x11a0
[  462.815173]  [<ffffffff81808cc0>] ? seq_hlist_next_rcu+0x130/0x130
[  462.821845]  [<ffffffff8148677e>] ? rcu_read_lock_sched_held+0x9e/0x120
[  462.829799]  [<ffffffff818f7b9c>] proc_reg_read+0xbc/0x180
[  462.842064]  [<ffffffff82a0a667>] ? import_iovec+0x97/0x420
[  462.851322]  [<ffffffff814865b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[  462.860254]  [<ffffffff81797944>] do_loop_readv_writev+0x134/0x210
[  462.870418]  [<ffffffff826f1938>] ? security_file_permission+0x148/0x1a0
[  462.888154]  [<ffffffff818f7ae0>] ? proc_reg_write+0x180/0x180
[  462.903058]  [<ffffffff818f7ae0>] ? proc_reg_write+0x180/0x180
[  462.910610]  [<ffffffff8179c235>] do_readv_writev+0x565/0x660
[  462.918338]  [<ffffffff8179bcd0>] ? vfs_write+0x4a0/0x4a0
[  462.927644]  [<ffffffff816127b0>] ? perf_event_fork+0x20/0x20
[  462.934039]  [<ffffffff814865b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[  462.943347]  [<ffffffff8172b910>] ? alloc_pages_current+0x1b0/0x490
[  462.956812]  [<ffffffff8179c397>] vfs_readv+0x67/0xa0
[  462.962141]  [<ffffffff8183748d>] default_file_splice_read+0x42d/0x800
[  462.969051]  [<ffffffff81837060>] ? __generic_file_splice_read+0xef0/0xef0
[  462.977974]  [<ffffffff8143d9b8>] ? mark_held_locks+0xc8/0x120
[  462.987530]  [<ffffffff82a3230f>] ? debug_check_no_obj_freed+0x15f/0x760
[  462.995610]  [<ffffffff8587773a>] ? _raw_spin_unlock_irqrestore+0x6a/0xd0
[  463.002895]  [<ffffffff81835ab0>] ? page_cache_pipe_buf_release+0x120/0x120
[  463.010507]  [<ffffffff85877776>] ? _raw_spin_unlock_irqrestore+0xa6/0xd0
[  463.019373]  [<ffffffff8143d9b8>] ? mark_held_locks+0xc8/0x120
[  463.025520]  [<ffffffff816415f1>] ? free_hot_cold_page+0x501/0xa70
[  463.035474]  [<ffffffff8143de5c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  463.046703]  [<ffffffff8143dffd>] ? trace_hardirqs_on+0xd/0x10
[  463.065278]  [<ffffffff8165e5b7>] ? __put_page+0x67/0x80
[  463.071002]  [<ffffffff8179b368>] ? rw_verify_area+0xb8/0x2b0
[  463.077486]  [<ffffffff81832e43>] do_splice_to+0xe3/0x140
[  463.084060]  [<ffffffff818330d5>] splice_direct_to_actor+0x235/0x7c0
[  463.090735]  [<ffffffff81831b50>] ? generic_pipe_buf_nosteal+0x10/0x10
[  463.098351]  [<ffffffff81832ea0>] ? do_splice_to+0x140/0x140
[  463.104150]  [<ffffffff8179b368>] ? rw_verify_area+0xb8/0x2b0
[  463.113963]  [<ffffffff818337ae>] do_splice_direct+0x14e/0x260
[  463.122737]  [<ffffffff81833660>] ? splice_direct_to_actor+0x7c0/0x7c0
[  463.129417]  [<ffffffff81432452>] ? percpu_down_read+0x52/0x90
[  463.135895]  [<ffffffff817a3132>] ? __sb_start_write+0xb2/0xf0
[  463.142758]  [<ffffffff817a3132>] ? __sb_start_write+0xb2/0xf0
[  463.149874]  [<ffffffff8179df00>] do_sendfile+0x4c0/0xe40
[  463.157062]  [<ffffffff8179da40>] ? do_compat_pwritev64.isra.24+0xc0/0xc0
[  463.165189]  [<ffffffff816ba611>] ? __might_fault+0xf1/0x1b0
[  463.170996]  [<ffffffff8179facd>] SyS_sendfile64+0x11d/0x120
[  463.176810]  [<ffffffff8179f9b0>] ? SyS_sendfile+0x110/0x110
[  463.182596]  [<ffffffff8143de5c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  463.190919]  [<ffffffff8100501a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
[  463.198093]  [<ffffffff85877900>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  463.205627] Object at ffff880129e6b000, in cache kmalloc-256
[  463.212424] Object freed, allocated with size 198 bytes
[  463.220229] Allocation:
[  463.223407] PID = 15217
[  463.226256]  [<ffffffff8120b336>] save_stack_trace+0x26/0x50
[  463.233249]  [<ffffffff81746086>] save_stack+0x46/0xd0
[  463.240068]  [<ffffffff817462da>] kasan_kmalloc+0xda/0x100
[  463.246507]  [<ffffffff817411c9>] __kmalloc+0x169/0x7a0
[  463.252217]  [<ffffffff81907716>] __proc_create+0x136/0x570
[  463.258053]  [<ffffffff819082c5>] proc_create_data+0x55/0x140
[  463.264859]  [<ffffffff84dcf5f0>] snmp6_register_dev+0xb0/0x130
[  463.272886]  [<ffffffff84d056ac>] ipv6_add_dev+0x55c/0xfd0
[  463.280856]  [<ffffffff84d18d44>] addrconf_notify+0x764/0x1cf0
[  463.287246]  [<ffffffff813af26b>] notifier_call_chain+0x8b/0x170
[  463.297758]  [<ffffffff813af371>] raw_notifier_call_chain+0x11/0x20
[  463.313592]  [<ffffffff84613e77>] call_netdevice_notifiers_info+0x47/0x80
[  463.342838]  [<ffffffff8463a147>] register_netdevice+0x907/0xd60
[  463.353501]  [<ffffffff835b8ac0>] __tun_chr_ioctl+0x13e0/0x3540
[  463.362661]  [<ffffffff835bac4e>] tun_chr_ioctl+0xe/0x10
[  463.368426]  [<ffffffff817d407f>] do_vfs_ioctl+0x17f/0xec0
[  463.376932]  [<ffffffff817d4e34>] SyS_ioctl+0x74/0x80
[  463.387628]  [<ffffffff85877900>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  463.398594] Deallocation:
[  463.402912] PID = 15216
[  463.405517]  [<ffffffff8120b336>] save_stack_trace+0x26/0x50
[  463.413012]  [<ffffffff81746086>] save_stack+0x46/0xd0
[  463.419840]  [<ffffffff8174686b>] kasan_slab_free+0x9b/0xd0
[  463.426037]  [<ffffffff817446be>] kfree+0xce/0x2c0
[  463.434478]  [<ffffffff81908743>] pde_put+0x73/0xc0
[  463.441622]  [<ffffffff8190923b>] remove_proc_subtree+0x1cb/0x240
[  463.455533]  [<ffffffff819092e8>] proc_remove+0x38/0x50
[  463.461203]  [<ffffffff84dcf71c>] snmp6_unregister_dev+0xac/0x120
[  463.467717]  [<ffffffff84d0e8c1>] addrconf_ifdown+0xa51/0xcd0
[  463.473929]  [<ffffffff84d18cf0>] addrconf_notify+0x710/0x1cf0
[  463.481593]  [<ffffffff813af26b>] notifier_call_chain+0x8b/0x170
[  463.489330]  [<ffffffff813af371>] raw_notifier_call_chain+0x11/0x20
[  463.496896]  [<ffffffff84613e77>] call_netdevice_notifiers_info+0x47/0x80
[  463.504395]  [<ffffffff84620aea>] rollback_registered_many+0x3fa/0x740
[  463.512660]  [<ffffffff84620e9f>] rollback_registered+0x6f/0x90
[  463.521512]  [<ffffffff84620f28>] unregister_netdevice_queue+0x68/0x120
[  463.528487]  [<ffffffff835b6644>] __tun_detach+0x764/0x9f0
[  463.534488]  [<ffffffff835b6910>] tun_chr_close+0x40/0x60
[  463.540657]  [<ffffffff817a052e>] __fput+0x20e/0x750
[  463.545959]  [<ffffffff817a0ad9>] ____fput+0x9/0x10
[  463.551111]  [<ffffffff813a74bc>] task_work_run+0xdc/0x150
[  463.557675]  [<ffffffff810066d3>] exit_to_usermode_loop+0x183/0x1c0
[  463.564222]  [<ffffffff81008815>] syscall_return_slowpath+0x275/0x2f0
[  463.571614]  [<ffffffff8587799c>] entry_SYSCALL_64_fastpath+0xbf/0xc1
[  463.579976] Memory state around the buggy address:
[  463.587613]  ffff880129e6af00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  463.596086]  ffff880129e6af80: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[  463.603628] >ffff880129e6b000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  463.611420]                    ^
[  463.615325]  ffff880129e6b080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  463.631918]  ffff880129e6b100: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[  463.642554] ==================================================================
[  463.649970] ==================================================================
[  463.659509] BUG: KASAN: use-after-free in pneigh_get_next.isra.18+0x1f7/0x320 at addr ffff880129e6b508
[  463.668937] Read of size 8 by task syz-executor.3/15217
[  463.674889] CPU: 0 PID: 15217 Comm: syz-executor.3 Tainted: G    B           4.7.0-rc3+ #1
[  463.684745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  463.694103]  1ffffffff0d55dda ffff8800b829f1c0 ffffffff829ccc36 ffff880129e6b500
[  463.702647]  ffff8800b829f250 ffff880129e6b500 ffff88012bc00500 ffff8800b829f240
[  463.713433]  ffffffff81746e17 0000000000000010 ffff880000000000 0000000000000282
[  463.722023] Call Trace:
[  463.725899]  [<ffffffff829ccc36>] dump_stack+0xe6/0x120
[  463.731242]  [<ffffffff81746e17>] kasan_report_error+0x1e7/0x5b0
[  463.738209]  [<ffffffff817472de>] __asan_report_load8_noabort+0x3e/0x40
[  463.745654]  [<ffffffff8464adb7>] ? pneigh_get_next.isra.18+0x1f7/0x320
[  463.752472]  [<ffffffff8464adb7>] pneigh_get_next.isra.18+0x1f7/0x320
[  463.761092]  [<ffffffff846522f0>] ? neigh_table_clear+0x2b0/0x2b0
[  463.767328]  [<ffffffff8586c290>] ? mutex_trylock+0x570/0x570
[  463.778165]  [<ffffffff8464bc51>] neigh_seq_next+0x91/0x1c0
[  463.784044]  [<ffffffff818096a4>] seq_read+0x9e4/0x11a0
[  463.790089]  [<ffffffff81808cc0>] ? seq_hlist_next_rcu+0x130/0x130
[  463.797412]  [<ffffffff8148677e>] ? rcu_read_lock_sched_held+0x9e/0x120
[  463.805719]  [<ffffffff818f7b9c>] proc_reg_read+0xbc/0x180
[  463.811323]  [<ffffffff82a0a667>] ? import_iovec+0x97/0x420
[  463.817356]  [<ffffffff814865b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[  463.824087]  [<ffffffff81797944>] do_loop_readv_writev+0x134/0x210
[  463.830739]  [<ffffffff826f1938>] ? security_file_permission+0x148/0x1a0
[  463.837658]  [<ffffffff818f7ae0>] ? proc_reg_write+0x180/0x180
[  463.843713]  [<ffffffff818f7ae0>] ? proc_reg_write+0x180/0x180
[  463.850734]  [<ffffffff8179c235>] do_readv_writev+0x565/0x660
[  463.857461]  [<ffffffff8179bcd0>] ? vfs_write+0x4a0/0x4a0
[  463.863676]  [<ffffffff816127b0>] ? perf_event_fork+0x20/0x20
[  463.869627]  [<ffffffff814865b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[  463.876874]  [<ffffffff8172b910>] ? alloc_pages_current+0x1b0/0x490
[  463.884583]  [<ffffffff8179c397>] vfs_readv+0x67/0xa0
[  463.889764]  [<ffffffff8183748d>] default_file_splice_read+0x42d/0x800
[  463.896405]  [<ffffffff81837060>] ? __generic_file_splice_read+0xef0/0xef0
[  463.905000]  [<ffffffff8143d9b8>] ? mark_held_locks+0xc8/0x120
[  463.911772]  [<ffffffff82a3230f>] ? debug_check_no_obj_freed+0x15f/0x760
[  463.918765]  [<ffffffff8587773a>] ? _raw_spin_unlock_irqrestore+0x6a/0xd0
[  463.927996]  [<ffffffff81835ab0>] ? page_cache_pipe_buf_release+0x120/0x120
[  463.937837]  [<ffffffff85877776>] ? _raw_spin_unlock_irqrestore+0xa6/0xd0
[  463.947990]  [<ffffffff8143d9b8>] ? mark_held_locks+0xc8/0x120
[  463.956820]  [<ffffffff816415f1>] ? free_hot_cold_page+0x501/0xa70
[  463.967560]  [<ffffffff8143de5c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  463.975246]  [<ffffffff8143dffd>] ? trace_hardirqs_on+0xd/0x10
[  463.982454]  [<ffffffff8165e5b7>] ? __put_page+0x67/0x80
[  463.988246]  [<ffffffff8179b368>] ? rw_verify_area+0xb8/0x2b0
[  463.996125]  [<ffffffff81832e43>] do_splice_to+0xe3/0x140
[  464.004022]  [<ffffffff818330d5>] splice_direct_to_actor+0x235/0x7c0
[  464.012737]  [<ffffffff81831b50>] ? generic_pipe_buf_nosteal+0x10/0x10
[  464.019641]  [<ffffffff81832ea0>] ? do_splice_to+0x140/0x140
[  464.026311]  [<ffffffff8179b368>] ? rw_verify_area+0xb8/0x2b0
[  464.035480]  [<ffffffff818337ae>] do_splice_direct+0x14e/0x260
[  464.041692]  [<ffffffff81833660>] ? splice_direct_to_actor+0x7c0/0x7c0
[  464.048973]  [<ffffffff81432452>] ? percpu_down_read+0x52/0x90
[  464.059957]  [<ffffffff817a3132>] ? __sb_start_write+0xb2/0xf0
[  464.066104]  [<ffffffff817a3132>] ? __sb_start_write+0xb2/0xf0
[  464.072786]  [<ffffffff8179df00>] do_sendfile+0x4c0/0xe40
[  464.078399]  [<ffffffff8179da40>] ? do_compat_pwritev64.isra.24+0xc0/0xc0
[  464.086357]  [<ffffffff816ba611>] ? __might_fault+0xf1/0x1b0
[  464.094493]  [<ffffffff8179facd>] SyS_sendfile64+0x11d/0x120
[  464.100987]  [<ffffffff8179f9b0>] ? SyS_sendfile+0x110/0x110
[  464.106763]  [<ffffffff8143de5c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  464.114944]  [<ffffffff8100501a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
[  464.122777]  [<ffffffff85877900>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  464.130568] Object at ffff880129e6b500, in cache kmalloc-256
[  464.137888] Object freed, allocated with size 240 bytes
[  464.144885] Allocation:
[  464.149720] PID = 15217
[  464.153194]  [<ffffffff8120b336>] save_stack_trace+0x26/0x50
[  464.159397]  [<ffffffff81746086>] save_stack+0x46/0xd0
[  464.165070]  [<ffffffff817462da>] kasan_kmalloc+0xda/0x100
[  464.170967]  [<ffffffff817426f2>] kmem_cache_alloc_trace+0x142/0x780
[  464.177670]  [<ffffffff84d79144>] ipv6_dev_mc_inc+0x294/0xde0
[  464.183835]  [<ffffffff84d05be6>] ipv6_add_dev+0xa96/0xfd0
[  464.190182]  [<ffffffff84d18d44>] addrconf_notify+0x764/0x1cf0
[  464.196803]  [<ffffffff813af26b>] notifier_call_chain+0x8b/0x170
[  464.203197]  [<ffffffff813af371>] raw_notifier_call_chain+0x11/0x20
[  464.210337]  [<ffffffff84613e77>] call_netdevice_notifiers_info+0x47/0x80
[  464.218363]  [<ffffffff8463a147>] register_netdevice+0x907/0xd60
[  464.224616]  [<ffffffff835b8ac0>] __tun_chr_ioctl+0x13e0/0x3540
[  464.231311]  [<ffffffff835bac4e>] tun_chr_ioctl+0xe/0x10
[  464.236950]  [<ffffffff817d407f>] do_vfs_ioctl+0x17f/0xec0
[  464.245045]  [<ffffffff817d4e34>] SyS_ioctl+0x74/0x80
[  464.252511]  [<ffffffff85877900>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  464.260509] Deallocation:
[  464.266476] PID = 15216
[  464.270079]  [<ffffffff8120b336>] save_stack_trace+0x26/0x50
[  464.276440]  [<ffffffff81746086>] save_stack+0x46/0xd0
[  464.282211]  [<ffffffff8174686b>] kasan_slab_free+0x9b/0xd0
[  464.288122]  [<ffffffff817446be>] kfree+0xce/0x2c0
[  464.293440]  [<ffffffff84d72ca2>] ma_put+0x42/0x60
[  464.298570]  [<ffffffff84d7a6e6>] __ipv6_dev_mc_dec+0x216/0x380
[  464.305201]  [<ffffffff84d7ff08>] ipv6_mc_destroy_dev+0x28/0x150
[  464.312954]  [<ffffffff84d0e668>] addrconf_ifdown+0x7f8/0xcd0
[  464.318940]  [<ffffffff84d18cf0>] addrconf_notify+0x710/0x1cf0
[  464.325112]  [<ffffffff813af26b>] notifier_call_chain+0x8b/0x170
[  464.331377]  [<ffffffff813af371>] raw_notifier_call_chain+0x11/0x20
[  464.337883]  [<ffffffff84613e77>] call_netdevice_notifiers_info+0x47/0x80
[  464.344924]  [<ffffffff84620aea>] rollback_registered_many+0x3fa/0x740
[  464.351692]  [<ffffffff84620e9f>] rollback_registered+0x6f/0x90
[  464.357882]  [<ffffffff84620f28>] unregister_netdevice_queue+0x68/0x120
[  464.364763]  [<ffffffff835b6644>] __tun_detach+0x764/0x9f0
[  464.370489]  [<ffffffff835b6910>] tun_chr_close+0x40/0x60
[  464.376218]  [<ffffffff817a052e>] __fput+0x20e/0x750
[  464.382295]  [<ffffffff817a0ad9>] ____fput+0x9/0x10
[  464.387413]  [<ffffffff813a74bc>] task_work_run+0xdc/0x150
[  464.393152]  [<ffffffff810066d3>] exit_to_usermode_loop+0x183/0x1c0
[  464.399683]  [<ffffffff81008815>] syscall_return_slowpath+0x275/0x2f0
[  464.406447]  [<ffffffff8587799c>] entry_SYSCALL_64_fastpath+0xbf/0xc1
[  464.413563] Memory state around the buggy address:
[  464.418471]  ffff880129e6b400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  464.426075]  ffff880129e6b480: 00 00 00 00 00 00 00 05 fc fc fc fc fc fc fc fc
[  464.433609] >ffff880129e6b500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  464.441204]                       ^
[  464.445001]  ffff880129e6b580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  464.452956]  ffff880129e6b600: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[  464.460289] ==================================================================
[  464.468260] ==================================================================
[  464.475631] BUG: KASAN: use-after-free in pneigh_get_next.isra.18+0x214/0x320 at addr ffff880129e6b500
[  464.486256] Read of size 8 by task syz-executor.3/15217
[  464.492062] CPU: 0 PID: 15217 Comm: syz-executor.3 Tainted: G    B           4.7.0-rc3+ #1
[  464.500456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  464.510233]  1ffffffff0d55dda ffff8800b829f1c0 ffffffff829ccc36 ffff880129e6b500
[  464.518826]  ffff8800b829f250 ffff880129e6b500 ffff88012bc00500 ffff8800b829f240
[  464.527925]  ffffffff81746e17 0000000000000010 ffff880000000000 0000000000000282
[  464.536599] Call Trace:
[  464.539199]  [<ffffffff829ccc36>] dump_stack+0xe6/0x120
[  464.544555]  [<ffffffff81746e17>] kasan_report_error+0x1e7/0x5b0
[  464.550686]  [<ffffffff817472de>] __asan_report_load8_noabort+0x3e/0x40
[  464.557441]  [<ffffffff8464add4>] ? pneigh_get_next.isra.18+0x214/0x320
[  464.564355]  [<ffffffff8464add4>] pneigh_get_next.isra.18+0x214/0x320
[  464.571095]  [<ffffffff846522f0>] ? neigh_table_clear+0x2b0/0x2b0
[  464.577401]  [<ffffffff8586c290>] ? mutex_trylock+0x570/0x570
[  464.583265]  [<ffffffff8464bc51>] neigh_seq_next+0x91/0x1c0
[  464.588954]  [<ffffffff818096a4>] seq_read+0x9e4/0x11a0
[  464.594298]  [<ffffffff81808cc0>] ? seq_hlist_next_rcu+0x130/0x130
[  464.600687]  [<ffffffff8148677e>] ? rcu_read_lock_sched_held+0x9e/0x120
[  464.607416]  [<ffffffff818f7b9c>] proc_reg_read+0xbc/0x180
[  464.613200]  [<ffffffff82a0a667>] ? import_iovec+0x97/0x420
[  464.618977]  [<ffffffff814865b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[  464.625722]  [<ffffffff81797944>] do_loop_readv_writev+0x134/0x210
[  464.632367]  [<ffffffff826f1938>] ? security_file_permission+0x148/0x1a0
[  464.640006]  [<ffffffff818f7ae0>] ? proc_reg_write+0x180/0x180
[  464.657568]  [<ffffffff818f7ae0>] ? proc_reg_write+0x180/0x180
[  464.663523]  [<ffffffff8179c235>] do_readv_writev+0x565/0x660
[  464.669496]  [<ffffffff8179bcd0>] ? vfs_write+0x4a0/0x4a0
[  464.675462]  [<ffffffff816127b0>] ? perf_event_fork+0x20/0x20
[  464.681347]  [<ffffffff814865b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[  464.688082]  [<ffffffff8172b910>] ? alloc_pages_current+0x1b0/0x490
[  464.694463]  [<ffffffff8179c397>] vfs_readv+0x67/0xa0
[  464.699900]  [<ffffffff8183748d>] default_file_splice_read+0x42d/0x800
[  464.706555]  [<ffffffff81837060>] ? __generic_file_splice_read+0xef0/0xef0
[  464.713548]  [<ffffffff8143d9b8>] ? mark_held_locks+0xc8/0x120
[  464.719497]  [<ffffffff82a3230f>] ? debug_check_no_obj_freed+0x15f/0x760
[  464.726314]  [<ffffffff8587773a>] ? _raw_spin_unlock_irqrestore+0x6a/0xd0
[  464.733214]  [<ffffffff81835ab0>] ? page_cache_pipe_buf_release+0x120/0x120
[  464.740287]  [<ffffffff85877776>] ? _raw_spin_unlock_irqrestore+0xa6/0xd0
[  464.747188]  [<ffffffff8143d9b8>] ? mark_held_locks+0xc8/0x120
[  464.753135]  [<ffffffff816415f1>] ? free_hot_cold_page+0x501/0xa70
[  464.759429]  [<ffffffff8143de5c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  464.766245]  [<ffffffff8143dffd>] ? trace_hardirqs_on+0xd/0x10
[  464.772546]  [<ffffffff8165e5b7>] ? __put_page+0x67/0x80
[  464.777978]  [<ffffffff8179b368>] ? rw_verify_area+0xb8/0x2b0
[  464.783862]  [<ffffffff81832e43>] do_splice_to+0xe3/0x140
[  464.789375]  [<ffffffff818330d5>] splice_direct_to_actor+0x235/0x7c0
[  464.795932]  [<ffffffff81831b50>] ? generic_pipe_buf_nosteal+0x10/0x10
[  464.802663]  [<ffffffff81832ea0>] ? do_splice_to+0x140/0x140
[  464.808452]  [<ffffffff8179b368>] ? rw_verify_area+0xb8/0x2b0
[  464.814320]  [<ffffffff818337ae>] do_splice_direct+0x14e/0x260
[  464.821250]  [<ffffffff81833660>] ? splice_direct_to_actor+0x7c0/0x7c0
[  464.829019]  [<ffffffff81432452>] ? percpu_down_read+0x52/0x90
[  464.834966]  [<ffffffff817a3132>] ? __sb_start_write+0xb2/0xf0
[  464.841023]  [<ffffffff817a3132>] ? __sb_start_write+0xb2/0xf0
[  464.847071]  [<ffffffff8179df00>] do_sendfile+0x4c0/0xe40
[  464.852706]  [<ffffffff8179da40>] ? do_compat_pwritev64.isra.24+0xc0/0xc0
[  464.859702]  [<ffffffff816ba611>] ? __might_fault+0xf1/0x1b0
[  464.865489]  [<ffffffff8179facd>] SyS_sendfile64+0x11d/0x120
[  464.871359]  [<ffffffff8179f9b0>] ? SyS_sendfile+0x110/0x110
[  464.877131]  [<ffffffff8143de5c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  464.883951]  [<ffffffff8100501a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
[  464.890523]  [<ffffffff85877900>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  464.897077] Object at ffff880129e6b500, in cache kmalloc-256
[  464.902861] Object freed, allocated with size 240 bytes
[  464.908285] Allocation:
[  464.910844] PID = 15217
[  464.913493]  [<ffffffff8120b336>] save_stack_trace+0x26/0x50
[  464.919392]  [<ffffffff81746086>] save_stack+0x46/0xd0
[  464.924792]  [<ffffffff817462da>] kasan_kmalloc+0xda/0x100
[  464.930525]  [<ffffffff817426f2>] kmem_cache_alloc_trace+0x142/0x780
[  464.937131]  [<ffffffff84d79144>] ipv6_dev_mc_inc+0x294/0xde0
[  464.943136]  [<ffffffff84d05be6>] ipv6_add_dev+0xa96/0xfd0
[  464.948861]  [<ffffffff84d18d44>] addrconf_notify+0x764/0x1cf0
[  464.954932]  [<ffffffff813af26b>] notifier_call_chain+0x8b/0x170
[  464.961267]  [<ffffffff813af371>] raw_notifier_call_chain+0x11/0x20
[  464.967788]  [<ffffffff84613e77>] call_netdevice_notifiers_info+0x47/0x80
[  464.975427]  [<ffffffff8463a147>] register_netdevice+0x907/0xd60
[  464.981670]  [<ffffffff835b8ac0>] __tun_chr_ioctl+0x13e0/0x3540
[  464.987829]  [<ffffffff835bac4e>] tun_chr_ioctl+0xe/0x10
[  464.993390]  [<ffffffff817d407f>] do_vfs_ioctl+0x17f/0xec0
[  464.999205]  [<ffffffff817d4e34>] SyS_ioctl+0x74/0x80
[  465.004585]  [<ffffffff85877900>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  465.011472] Deallocation:
[  465.014224] PID = 15216
[  465.016780]  [<ffffffff8120b336>] save_stack_trace+0x26/0x50
[  465.022681]  [<ffffffff81746086>] save_stack+0x46/0xd0
[  465.028501]  [<ffffffff8174686b>] kasan_slab_free+0x9b/0xd0
[  465.034335]  [<ffffffff817446be>] kfree+0xce/0x2c0
[  465.039361]  [<ffffffff84d72ca2>] ma_put+0x42/0x60
[  465.044756]  [<ffffffff84d7a6e6>] __ipv6_dev_mc_dec+0x216/0x380
[  465.050912]  [<ffffffff84d7ff08>] ipv6_mc_destroy_dev+0x28/0x150
[  465.057242]  [<ffffffff84d0e668>] addrconf_ifdown+0x7f8/0xcd0
[  465.063316]  [<ffffffff84d18cf0>] addrconf_notify+0x710/0x1cf0
[  465.069384]  [<ffffffff813af26b>] notifier_call_chain+0x8b/0x170
[  465.075631]  [<ffffffff813af371>] raw_notifier_call_chain+0x11/0x20
[  465.083099]  [<ffffffff84613e77>] call_netdevice_notifiers_info+0x47/0x80
[  465.091195]  [<ffffffff84620aea>] rollback_registered_many+0x3fa/0x740
[  465.097970]  [<ffffffff84620e9f>] rollback_registered+0x6f/0x90
[  465.104138]  [<ffffffff84620f28>] unregister_netdevice_queue+0x68/0x120
[  465.110992]  [<ffffffff835b6644>] __tun_detach+0x764/0x9f0
[  465.116713]  [<ffffffff835b6910>] tun_chr_close+0x40/0x60
[  465.122351]  [<ffffffff817a052e>] __fput+0x20e/0x750
[  465.127568]  [<ffffffff817a0ad9>] ____fput+0x9/0x10
[  465.132696]  [<ffffffff813a74bc>] task_work_run+0xdc/0x150
[  465.139472]  [<ffffffff810066d3>] exit_to_usermode_loop+0x183/0x1c0
[  465.146074]  [<ffffffff81008815>] syscall_return_slowpath+0x275/0x2f0
[  465.152853]  [<ffffffff8587799c>] entry_SYSCALL_64_fastpath+0xbf/0xc1
[  465.159592] Memory state around the buggy address:
[  465.164500]  ffff880129e6b400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  465.171922]  ffff880129e6b480: 00 00 00 00 00 00 00 05 fc fc fc fc fc fc fc fc
[  465.179604] >ffff880129e6b500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  465.186967]                    ^
[  465.190322]  ffff880129e6b580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  465.197669]  ffff880129e6b600: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[  465.205005] ==================================================================
[  465.213284] ==================================================================
[  465.220837] BUG: KASAN: use-after-free in pneigh_get_next.isra.18+0x1f7/0x320 at addr ffff880129e6b648
[  465.230261] Read of size 8 by task syz-executor.3/15217
[  465.235617] CPU: 0 PID: 15217 Comm: syz-executor.3 Tainted: G    B           4.7.0-rc3+ #1
[  465.243995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  465.253771]  1ffffffff0d55dda ffff8800b829f1c0 ffffffff829ccc36 ffff880129e6b640
[  465.261789]  ffff8800b829f250 ffff880129e6b640 ffff88012bc00500 ffff8800b829f240
[  465.269925]  ffffffff81746e17 0000000000000010 ffff880000000000 0000000000000282
[  465.277972] Call Trace:
[  465.280976]  [<ffffffff829ccc36>] dump_stack+0xe6/0x120
[  465.286585]  [<ffffffff81746e17>] kasan_report_error+0x1e7/0x5b0
[  465.293161]  [<ffffffff817472de>] __asan_report_load8_noabort+0x3e/0x40
[  465.300178]  [<ffffffff8464adb7>] ? pneigh_get_next.isra.18+0x1f7/0x320
[  465.306920]  [<ffffffff8464adb7>] pneigh_get_next.isra.18+0x1f7/0x320
[  465.313485]  [<ffffffff846522f0>] ? neigh_table_clear+0x2b0/0x2b0
[  465.320536]  [<ffffffff8586c290>] ? mutex_trylock+0x570/0x570
[  465.326406]  [<ffffffff8464bc51>] neigh_seq_next+0x91/0x1c0
[  465.332093]  [<ffffffff818096a4>] seq_read+0x9e4/0x11a0
[  465.337433]  [<ffffffff81808cc0>] ? seq_hlist_next_rcu+0x130/0x130
[  465.344077]  [<ffffffff8148677e>] ? rcu_read_lock_sched_held+0x9e/0x120
[  465.351242]  [<ffffffff818f7b9c>] proc_reg_read+0xbc/0x180
[  465.356845]  [<ffffffff82a0a667>] ? import_iovec+0x97/0x420
[  465.363269]  [<ffffffff814865b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[  465.370701]  [<ffffffff81797944>] do_loop_readv_writev+0x134/0x210
[  465.377432]  [<ffffffff826f1938>] ? security_file_permission+0x148/0x1a0
[  465.384336]  [<ffffffff818f7ae0>] ? proc_reg_write+0x180/0x180
[  465.390661]  [<ffffffff818f7ae0>] ? proc_reg_write+0x180/0x180
[  465.396613]  [<ffffffff8179c235>] do_readv_writev+0x565/0x660
[  465.402579]  [<ffffffff8179bcd0>] ? vfs_write+0x4a0/0x4a0
[  465.408215]  [<ffffffff816127b0>] ? perf_event_fork+0x20/0x20
[  465.415317]  [<ffffffff814865b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[  465.422226]  [<ffffffff8172b910>] ? alloc_pages_current+0x1b0/0x490
[  465.428613]  [<ffffffff8179c397>] vfs_readv+0x67/0xa0
[  465.433786]  [<ffffffff8183748d>] default_file_splice_read+0x42d/0x800
[  465.440963]  [<ffffffff81837060>] ? __generic_file_splice_read+0xef0/0xef0
[  465.447959]  [<ffffffff8143d9b8>] ? mark_held_locks+0xc8/0x120
[  465.453909]  [<ffffffff82a3230f>] ? debug_check_no_obj_freed+0x15f/0x760
[  465.460732]  [<ffffffff8587773a>] ? _raw_spin_unlock_irqrestore+0x6a/0xd0
[  465.469505]  [<ffffffff81835ab0>] ? page_cache_pipe_buf_release+0x120/0x120
[  465.477488]  [<ffffffff85877776>] ? _raw_spin_unlock_irqrestore+0xa6/0xd0
[  465.484522]  [<ffffffff8143d9b8>] ? mark_held_locks+0xc8/0x120
[  465.490482]  [<ffffffff816415f1>] ? free_hot_cold_page+0x501/0xa70
[  465.496876]  [<ffffffff8143de5c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  465.503704]  [<ffffffff8143dffd>] ? trace_hardirqs_on+0xd/0x10
[  465.509652]  [<ffffffff8165e5b7>] ? __put_page+0x67/0x80
[  465.516273]  [<ffffffff8179b368>] ? rw_verify_area+0xb8/0x2b0
[  465.522137]  [<ffffffff81832e43>] do_splice_to+0xe3/0x140
[  465.527654]  [<ffffffff818330d5>] splice_direct_to_actor+0x235/0x7c0
[  465.534124]  [<ffffffff81831b50>] ? generic_pipe_buf_nosteal+0x10/0x10
[  465.540870]  [<ffffffff81832ea0>] ? do_splice_to+0x140/0x140
[  465.547438]  [<ffffffff8179b368>] ? rw_verify_area+0xb8/0x2b0
[  465.554268]  [<ffffffff818337ae>] do_splice_direct+0x14e/0x260
[  465.560843]  [<ffffffff81833660>] ? splice_direct_to_actor+0x7c0/0x7c0
[  465.567592]  [<ffffffff81432452>] ? percpu_down_read+0x52/0x90
[  465.573542]  [<ffffffff817a3132>] ? __sb_start_write+0xb2/0xf0
[  465.579838]  [<ffffffff817a3132>] ? __sb_start_write+0xb2/0xf0
[  465.585819]  [<ffffffff8179df00>] do_sendfile+0x4c0/0xe40
[  465.591600]  [<ffffffff8179da40>] ? do_compat_pwritev64.isra.24+0xc0/0xc0
[  465.598787]  [<ffffffff816ba611>] ? __might_fault+0xf1/0x1b0
[  465.604565]  [<ffffffff8179facd>] SyS_sendfile64+0x11d/0x120
[  465.610346]  [<ffffffff8179f9b0>] ? SyS_sendfile+0x110/0x110
[  465.616118]  [<ffffffff8143de5c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  465.622938]  [<ffffffff8100501a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
[  465.629618]  [<ffffffff85877900>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  465.636281] Object at ffff880129e6b640, in cache kmalloc-256
[  465.642608] Object freed, allocated with size 240 bytes
[  465.648208] Allocation:
[  465.650770] PID = 15217
[  465.653330]  [<ffffffff8120b336>] save_stack_trace+0x26/0x50
[  465.659503]  [<ffffffff81746086>] save_stack+0x46/0xd0
[  465.665679]  [<ffffffff817462da>] kasan_kmalloc+0xda/0x100
[  465.672387]  [<ffffffff817426f2>] kmem_cache_alloc_trace+0x142/0x780
[  465.680151]  [<ffffffff84d79144>] ipv6_dev_mc_inc+0x294/0xde0
[  465.686637]  [<ffffffff84d05bd7>] ipv6_add_dev+0xa87/0xfd0
[  465.692372]  [<ffffffff84d18d44>] addrconf_notify+0x764/0x1cf0
[  465.699334]  [<ffffffff813af26b>] notifier_call_chain+0x8b/0x170
[  465.705588]  [<ffffffff813af371>] raw_notifier_call_chain+0x11/0x20
[  465.712094]  [<ffffffff84613e77>] call_netdevice_notifiers_info+0x47/0x80
[  465.719319]  [<ffffffff8463a147>] register_netdevice+0x907/0xd60
[  465.727672]  [<ffffffff835b8ac0>] __tun_chr_ioctl+0x13e0/0x3540
[  465.734518]  [<ffffffff835bac4e>] tun_chr_ioctl+0xe/0x10
[  465.740372]  [<ffffffff817d407f>] do_vfs_ioctl+0x17f/0xec0
[  465.746505]  [<ffffffff817d4e34>] SyS_ioctl+0x74/0x80
[  465.752525]  [<ffffffff85877900>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  465.761818] Deallocation:
[  465.765785] PID = 15216
[  465.768436]  [<ffffffff8120b336>] save_stack_trace+0x26/0x50
[  465.776307]  [<ffffffff81746086>] save_stack+0x46/0xd0
[  465.785732]  [<ffffffff8174686b>] kasan_slab_free+0x9b/0xd0
[  465.799715]  [<ffffffff817446be>] kfree+0xce/0x2c0
[  465.804955]  [<ffffffff84d72ca2>] ma_put+0x42/0x60
[  465.811115]  [<ffffffff84d7ffc1>] ipv6_mc_destroy_dev+0xe1/0x150
[  465.821330]  [<ffffffff84d0e668>] addrconf_ifdown+0x7f8/0xcd0
[  465.827512]  [<ffffffff84d18cf0>] addrconf_notify+0x710/0x1cf0
[  465.836204]  [<ffffffff813af26b>] notifier_call_chain+0x8b/0x170
[  465.843088]  [<ffffffff813af371>] raw_notifier_call_chain+0x11/0x20
[  465.851627]  [<ffffffff84613e77>] call_netdevice_notifiers_info+0x47/0x80
[  465.859514]  [<ffffffff84620aea>] rollback_registered_many+0x3fa/0x740
[  465.866309]  [<ffffffff84620e9f>] rollback_registered+0x6f/0x90
[  465.872573]  [<ffffffff84620f28>] unregister_netdevice_queue+0x68/0x120
[  465.881342]  [<ffffffff835b6644>] __tun_detach+0x764/0x9f0
[  465.887435]  [<ffffffff835b6910>] tun_chr_close+0x40/0x60
[  465.893929]  [<ffffffff817a052e>] __fput+0x20e/0x750
[  465.899193]  [<ffffffff817a0ad9>] ____fput+0x9/0x10
[  465.904319]  [<ffffffff813a74bc>] task_work_run+0xdc/0x150
[  465.910240]  [<ffffffff810066d3>] exit_to_usermode_loop+0x183/0x1c0
[  465.916771]  [<ffffffff81008815>] syscall_return_slowpath+0x275/0x2f0
[  465.925333]  [<ffffffff8587799c>] entry_SYSCALL_64_fastpath+0xbf/0xc1
[  465.932721] Memory state around the buggy address:
[  465.938776]  ffff880129e6b500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  465.948147]  ffff880129e6b580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  465.956620] >ffff880129e6b600: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[  465.964915]                                               ^
[  465.971991]  ffff880129e6b680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  465.984018]  ffff880129e6b700: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  465.998669] ==================================================================
[  466.011815] ==================================================================
[  466.024411] BUG: KASAN: use-after-free in pneigh_get_next.isra.18+0x214/0x320 at addr ffff880129e6b640
[  466.035431] Read of size 8 by task syz-executor.3/15217
[  466.040777] CPU: 0 PID: 15217 Comm: syz-executor.3 Tainted: G    B           4.7.0-rc3+ #1
[  466.049428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  466.064284]  1ffffffff0d55dda ffff8800b829f1c0 ffffffff829ccc36 ffff880129e6b640
[  466.075901]  ffff8800b829f250 ffff880129e6b640 ffff88012bc00500 ffff8800b829f240
[  466.087922]  ffffffff81746e17 0000000000000010 ffff880000000000 0000000000000282
[  466.097367] Call Trace:
[  466.101437]  [<ffffffff829ccc36>] dump_stack+0xe6/0x120
[  466.107043]  [<ffffffff81746e17>] kasan_report_error+0x1e7/0x5b0
[  466.114419]  [<ffffffff817472de>] __asan_report_load8_noabort+0x3e/0x40
[  466.122745]  [<ffffffff8464add4>] ? pneigh_get_next.isra.18+0x214/0x320
[  466.132779]  [<ffffffff8464add4>] pneigh_get_next.isra.18+0x214/0x320
[  466.145043]  [<ffffffff846522f0>] ? neigh_table_clear+0x2b0/0x2b0
[  466.157404]  [<ffffffff8586c290>] ? mutex_trylock+0x570/0x570
[  466.165740]  [<ffffffff8464bc51>] neigh_seq_next+0x91/0x1c0
[  466.179341]  [<ffffffff818096a4>] seq_read+0x9e4/0x11a0
[  466.191506]  [<ffffffff81808cc0>] ? seq_hlist_next_rcu+0x130/0x130
[  466.200187]  [<ffffffff8148677e>] ? rcu_read_lock_sched_held+0x9e/0x120
[  466.209116]  [<ffffffff818f7b9c>] proc_reg_read+0xbc/0x180
[  466.217981]  [<ffffffff82a0a667>] ? import_iovec+0x97/0x420
[  466.234603]  [<ffffffff814865b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[  466.248728]  [<ffffffff81797944>] do_loop_readv_writev+0x134/0x210
[  466.264292]  [<ffffffff826f1938>] ? security_file_permission+0x148/0x1a0
[  466.279615]  [<ffffffff818f7ae0>] ? proc_reg_write+0x180/0x180
[  466.291030]  [<ffffffff818f7ae0>] ? proc_reg_write+0x180/0x180
[  466.297018]  [<ffffffff8179c235>] do_readv_writev+0x565/0x660
[  466.303794]  [<ffffffff8179bcd0>] ? vfs_write+0x4a0/0x4a0
[  466.313992]  [<ffffffff816127b0>] ? perf_event_fork+0x20/0x20
[  466.333420]  [<ffffffff814865b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[  466.341335]  [<ffffffff8172b910>] ? alloc_pages_current+0x1b0/0x490
[  466.356007]  [<ffffffff8179c397>] vfs_readv+0x67/0xa0
[  466.367544]  [<ffffffff8183748d>] default_file_splice_read+0x42d/0x800
[  466.375726]  [<ffffffff81837060>] ? __generic_file_splice_read+0xef0/0xef0
[  466.393310]  [<ffffffff8143d9b8>] ? mark_held_locks+0xc8/0x120
[  466.404175]  [<ffffffff82a3230f>] ? debug_check_no_obj_freed+0x15f/0x760
[  466.425186]  [<ffffffff8587773a>] ? _raw_spin_unlock_irqrestore+0x6a/0xd0
[  466.432111]  [<ffffffff81835ab0>] ? page_cache_pipe_buf_release+0x120/0x120
[  466.439308]  [<ffffffff85877776>] ? _raw_spin_unlock_irqrestore+0xa6/0xd0
[  466.446209]  [<ffffffff8143d9b8>] ? mark_held_locks+0xc8/0x120
[  466.452158]  [<ffffffff816415f1>] ? free_hot_cold_page+0x501/0xa70
[  466.458449]  [<ffffffff8143de5c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  466.465268]  [<ffffffff8143dffd>] ? trace_hardirqs_on+0xd/0x10
[  466.471216]  [<ffffffff8165e5b7>] ? __put_page+0x67/0x80
[  466.476649]  [<ffffffff8179b368>] ? rw_verify_area+0xb8/0x2b0
[  466.482534]  [<ffffffff81832e43>] do_splice_to+0xe3/0x140
[  466.488043]  [<ffffffff818330d5>] splice_direct_to_actor+0x235/0x7c0
[  466.494515]  [<ffffffff81831b50>] ? generic_pipe_buf_nosteal+0x10/0x10
[  466.501164]  [<ffffffff81832ea0>] ? do_splice_to+0x140/0x140
[  466.506942]  [<ffffffff8179b368>] ? rw_verify_area+0xb8/0x2b0
[  466.512817]  [<ffffffff818337ae>] do_splice_direct+0x14e/0x260
[  466.518764]  [<ffffffff81833660>] ? splice_direct_to_actor+0x7c0/0x7c0
[  466.525754]  [<ffffffff81432452>] ? percpu_down_read+0x52/0x90
[  466.531701]  [<ffffffff817a3132>] ? __sb_start_write+0xb2/0xf0
[  466.537647]  [<ffffffff817a3132>] ? __sb_start_write+0xb2/0xf0
[  466.543605]  [<ffffffff8179df00>] do_sendfile+0x4c0/0xe40
[  466.549116]  [<ffffffff8179da40>] ? do_compat_pwritev64.isra.24+0xc0/0xc0
[  466.556167]  [<ffffffff816ba611>] ? __might_fault+0xf1/0x1b0
[  466.561959]  [<ffffffff8179facd>] SyS_sendfile64+0x11d/0x120
[  466.567754]  [<ffffffff8179f9b0>] ? SyS_sendfile+0x110/0x110
[  466.573529]  [<ffffffff8143de5c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  466.580344]  [<ffffffff8100501a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
[  466.586903]  [<ffffffff85877900>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  466.593469] Object at ffff880129e6b640, in cache kmalloc-256
[  466.599255] Object freed, allocated with size 240 bytes
[  466.604688] Allocation:
[  466.607250] PID = 15217
[  466.609807]  [<ffffffff8120b336>] save_stack_trace+0x26/0x50
[  466.615824]  [<ffffffff81746086>] save_stack+0x46/0xd0
[  466.621223]  [<ffffffff817462da>] kasan_kmalloc+0xda/0x100
[  466.626969]  [<ffffffff817426f2>] kmem_cache_alloc_trace+0x142/0x780
[  466.633582]  [<ffffffff84d79144>] ipv6_dev_mc_inc+0x294/0xde0
[  466.639783]  [<ffffffff84d05bd7>] ipv6_add_dev+0xa87/0xfd0
[  466.645537]  [<ffffffff84d18d44>] addrconf_notify+0x764/0x1cf0
[  466.651628]  [<ffffffff813af26b>] notifier_call_chain+0x8b/0x170
[  466.657873]  [<ffffffff813af371>] raw_notifier_call_chain+0x11/0x20
[  466.664373]  [<ffffffff84613e77>] call_netdevice_notifiers_info+0x47/0x80
[  466.671573]  [<ffffffff8463a147>] register_netdevice+0x907/0xd60
[  466.677823]  [<ffffffff835b8ac0>] __tun_chr_ioctl+0x13e0/0x3540
[  466.684011]  [<ffffffff835bac4e>] tun_chr_ioctl+0xe/0x10
[  466.689559]  [<ffffffff817d407f>] do_vfs_ioctl+0x17f/0xec0
[  466.695290]  [<ffffffff817d4e34>] SyS_ioctl+0x74/0x80
[  466.700598]  [<ffffffff85877900>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  466.707283] Deallocation:
[  466.710013] PID = 15216
[  466.712566]  [<ffffffff8120b336>] save_stack_trace+0x26/0x50
[  466.718461]  [<ffffffff81746086>] save_stack+0x46/0xd0
[  466.723846]  [<ffffffff8174686b>] kasan_slab_free+0x9b/0xd0
[  466.729644]  [<ffffffff817446be>] kfree+0xce/0x2c0
[  466.734687]  [<ffffffff84d72ca2>] ma_put+0x42/0x60
[  466.739712]  [<ffffffff84d7ffc1>] ipv6_mc_destroy_dev+0xe1/0x150
[  466.745964]  [<ffffffff84d0e668>] addrconf_ifdown+0x7f8/0xcd0
[  466.751956]  [<ffffffff84d18cf0>] addrconf_notify+0x710/0x1cf0
[  466.758040]  [<ffffffff813af26b>] notifier_call_chain+0x8b/0x170
[  466.764309]  [<ffffffff813af371>] raw_notifier_call_chain+0x11/0x20
[  466.770807]  [<ffffffff84613e77>] call_netdevice_notifiers_info+0x47/0x80
[  466.777833]  [<ffffffff84620aea>] rollback_registered_many+0x3fa/0x740
[  466.784595]  [<ffffffff84620e9f>] rollback_registered+0x6f/0x90
[  466.790773]  [<ffffffff84620f28>] unregister_netdevice_queue+0x68/0x120
[  466.797663]  [<ffffffff835b6644>] __tun_detach+0x764/0x9f0
[  466.803411]  [<ffffffff835b6910>] tun_chr_close+0x40/0x60
[  466.809052]  [<ffffffff817a052e>] __fput+0x20e/0x750
[  466.814275]  [<ffffffff817a0ad9>] ____fput+0x9/0x10
[  466.819397]  [<ffffffff813a74bc>] task_work_run+0xdc/0x150
[  466.825129]  [<ffffffff810066d3>] exit_to_usermode_loop+0x183/0x1c0
[  466.831652]  [<ffffffff81008815>] syscall_return_slowpath+0x275/0x2f0
[  466.838362]  [<ffffffff8587799c>] entry_SYSCALL_64_fastpath+0xbf/0xc1
[  466.845091] Memory state around the buggy address:
[  466.850000]  ffff880129e6b500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  466.857349]  ffff880129e6b580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  466.864682] >ffff880129e6b600: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[  466.872012]                                            ^
[  466.877444]  ffff880129e6b680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  466.884776]  ffff880129e6b700: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  466.892108] ==================================================================
[  466.899511] ==================================================================
[  466.906887] BUG: KASAN: use-after-free in pneigh_get_next.isra.18+0x1f7/0x320 at addr ffff8800ae1028c8
[  466.916426] Read of size 8 by task syz-executor.3/15217
[  466.921797] CPU: 0 PID: 15217 Comm: syz-executor.3 Tainted: G    B           4.7.0-rc3+ #1
[  466.930180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  466.939516]  1ffffffff0d55dda ffff8800b829f1c0 ffffffff829ccc36 ffff8800ae1028c0
[  466.947507]  ffff8800b829f250 ffff8800ae1028c0 ffff88012bc00900 ffff8800b829f240
[  466.955539]  ffffffff81746e17 0000000000000010 ffff880000000000 0000000000000282
[  466.963526] Call Trace:
[  466.966098]  [<ffffffff829ccc36>] dump_stack+0xe6/0x120
[  466.971452]  [<ffffffff81746e17>] kasan_report_error+0x1e7/0x5b0
[  466.977586]  [<ffffffff817472de>] __asan_report_load8_noabort+0x3e/0x40
[  466.984336]  [<ffffffff8464adb7>] ? pneigh_get_next.isra.18+0x1f7/0x320
[  466.991237]  [<ffffffff8464adb7>] pneigh_get_next.isra.18+0x1f7/0x320
[  466.997805]  [<ffffffff846522f0>] ? neigh_table_clear+0x2b0/0x2b0
[  467.004022]  [<ffffffff8586c290>] ? mutex_trylock+0x570/0x570
[  467.009879]  [<ffffffff8464bc51>] neigh_seq_next+0x91/0x1c0
[  467.015561]  [<ffffffff818096a4>] seq_read+0x9e4/0x11a0
[  467.020897]  [<ffffffff81808cc0>] ? seq_hlist_next_rcu+0x130/0x130
[  467.027188]  [<ffffffff8148677e>] ? rcu_read_lock_sched_held+0x9e/0x120
[  467.033917]  [<ffffffff818f7b9c>] proc_reg_read+0xbc/0x180
[  467.039685]  [<ffffffff82a0a667>] ? import_iovec+0x97/0x420
[  467.045368]  [<ffffffff814865b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[  467.052115]  [<ffffffff81797944>] do_loop_readv_writev+0x134/0x210
[  467.058408]  [<ffffffff826f1938>] ? security_file_permission+0x148/0x1a0
[  467.065220]  [<ffffffff818f7ae0>] ? proc_reg_write+0x180/0x180
[  467.071164]  [<ffffffff818f7ae0>] ? proc_reg_write+0x180/0x180
[  467.077107]  [<ffffffff8179c235>] do_readv_writev+0x565/0x660
[  467.082965]  [<ffffffff8179bcd0>] ? vfs_write+0x4a0/0x4a0
[  467.088473]  [<ffffffff816127b0>] ? perf_event_fork+0x20/0x20
[  467.094343]  [<ffffffff814865b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[  467.101075]  [<ffffffff8172b910>] ? alloc_pages_current+0x1b0/0x490
[  467.107456]  [<ffffffff8179c397>] vfs_readv+0x67/0xa0
[  467.112638]  [<ffffffff8183748d>] default_file_splice_read+0x42d/0x800
[  467.119298]  [<ffffffff81837060>] ? __generic_file_splice_read+0xef0/0xef0
[  467.126304]  [<ffffffff8143d9b8>] ? mark_held_locks+0xc8/0x120
[  467.132255]  [<ffffffff82a3230f>] ? debug_check_no_obj_freed+0x15f/0x760
[  467.139067]  [<ffffffff8587773a>] ? _raw_spin_unlock_irqrestore+0x6a/0xd0
[  467.145969]  [<ffffffff81835ab0>] ? page_cache_pipe_buf_release+0x120/0x120
[  467.153054]  [<ffffffff85877776>] ? _raw_spin_unlock_irqrestore+0xa6/0xd0
[  467.159953]  [<ffffffff8143d9b8>] ? mark_held_locks+0xc8/0x120
[  467.165897]  [<ffffffff816415f1>] ? free_hot_cold_page+0x501/0xa70
[  467.172200]  [<ffffffff8143de5c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  467.179028]  [<ffffffff8143dffd>] ? trace_hardirqs_on+0xd/0x10
[  467.184975]  [<ffffffff8165e5b7>] ? __put_page+0x67/0x80
[  467.190397]  [<ffffffff8179b368>] ? rw_verify_area+0xb8/0x2b0
[  467.196436]  [<ffffffff81832e43>] do_splice_to+0xe3/0x140
[  467.201957]  [<ffffffff818330d5>] splice_direct_to_actor+0x235/0x7c0
[  467.208459]  [<ffffffff81831b50>] ? generic_pipe_buf_nosteal+0x10/0x10
[  467.215101]  [<ffffffff81832ea0>] ? do_splice_to+0x140/0x140
[  467.220874]  [<ffffffff8179b368>] ? rw_verify_area+0xb8/0x2b0
[  467.226831]  [<ffffffff818337ae>] do_splice_direct+0x14e/0x260
[  467.232779]  [<ffffffff81833660>] ? splice_direct_to_actor+0x7c0/0x7c0
[  467.239424]  [<ffffffff81432452>] ? percpu_down_read+0x52/0x90
[  467.245394]  [<ffffffff817a3132>] ? __sb_start_write+0xb2/0xf0
[  467.251359]  [<ffffffff817a3132>] ? __sb_start_write+0xb2/0xf0
[  467.257307]  [<ffffffff8179df00>] do_sendfile+0x4c0/0xe40
[  467.262818]  [<ffffffff8179da40>] ? do_compat_pwritev64.isra.24+0xc0/0xc0
[  467.269718]  [<ffffffff816ba611>] ? __might_fault+0xf1/0x1b0
[  467.275503]  [<ffffffff8179facd>] SyS_sendfile64+0x11d/0x120
[  467.281280]  [<ffffffff8179f9b0>] ? SyS_sendfile+0x110/0x110
[  467.287051]  [<ffffffff8143de5c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  467.293902]  [<ffffffff8100501a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
[  467.300462]  [<ffffffff85877900>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  467.307013] Object at ffff8800ae1028c0, in cache kmalloc-4096
[  467.312886] Object freed, allocated with size 2816 bytes
[  467.318335] Allocation:
[  467.320893] PID = 15217
[  467.323450]  [<ffffffff8120b336>] save_stack_trace+0x26/0x50
[  467.329376]  [<ffffffff81746086>] save_stack+0x46/0xd0
[  467.334846]  [<ffffffff817462da>] kasan_kmalloc+0xda/0x100
[  467.340577]  [<ffffffff81740a35>] __kmalloc_track_caller+0x165/0x790
[  467.347164]  [<ffffffff8168b28b>] kmemdup+0x1b/0x40
[  467.352344]  [<ffffffff84cfdf76>] __addrconf_sysctl_register+0x86/0x340
[  467.359207]  [<ffffffff84cff1f4>] addrconf_sysctl_register+0x104/0x1a0
[  467.365968]  [<ffffffff84d05ac8>] ipv6_add_dev+0x978/0xfd0
[  467.371771]  [<ffffffff84d18d44>] addrconf_notify+0x764/0x1cf0
[  467.377838]  [<ffffffff813af26b>] notifier_call_chain+0x8b/0x170
[  467.384077]  [<ffffffff813af371>] raw_notifier_call_chain+0x11/0x20
[  467.390587]  [<ffffffff84613e77>] call_netdevice_notifiers_info+0x47/0x80
[  467.397608]  [<ffffffff8463a147>] register_netdevice+0x907/0xd60
[  467.403843]  [<ffffffff835b8ac0>] __tun_chr_ioctl+0x13e0/0x3540
[  467.409992]  [<ffffffff835bac4e>] tun_chr_ioctl+0xe/0x10
[  467.415545]  [<ffffffff817d407f>] do_vfs_ioctl+0x17f/0xec0
[  467.421266]  [<ffffffff817d4e34>] SyS_ioctl+0x74/0x80
[  467.426575]  [<ffffffff85877900>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  467.433246] Deallocation:
[  467.435976] PID = 15216
[  467.438556]  [<ffffffff8120b336>] save_stack_trace+0x26/0x50
[  467.444449]  [<ffffffff81746086>] save_stack+0x46/0xd0
[  467.449830]  [<ffffffff8174686b>] kasan_slab_free+0x9b/0xd0
[  467.455629]  [<ffffffff817446be>] kfree+0xce/0x2c0
[  467.460673]  [<ffffffff84cff30a>] __addrconf_sysctl_unregister.isra.42+0x7a/0xa0
[  467.468312]  [<ffffffff84d0e6c6>] addrconf_ifdown+0x856/0xcd0
[  467.474305]  [<ffffffff84d18cf0>] addrconf_notify+0x710/0x1cf0
[  467.480383]  [<ffffffff813af26b>] notifier_call_chain+0x8b/0x170
[  467.486679]  [<ffffffff813af371>] raw_notifier_call_chain+0x11/0x20
[  467.493192]  [<ffffffff84613e77>] call_netdevice_notifiers_info+0x47/0x80
[  467.500214]  [<ffffffff84620aea>] rollback_registered_many+0x3fa/0x740
[  467.506979]  [<ffffffff84620e9f>] rollback_registered+0x6f/0x90
[  467.513139]  [<ffffffff84620f28>] unregister_netdevice_queue+0x68/0x120
[  467.519993]  [<ffffffff835b6644>] __tun_detach+0x764/0x9f0
[  467.525733]  [<ffffffff835b6910>] tun_chr_close+0x40/0x60
[  467.531386]  [<ffffffff817a052e>] __fput+0x20e/0x750
[  467.536591]  [<ffffffff817a0ad9>] ____fput+0x9/0x10
[  467.541700]  [<ffffffff813a74bc>] task_work_run+0xdc/0x150
[  467.547428]  [<ffffffff810066d3>] exit_to_usermode_loop+0x183/0x1c0
[  467.553938]  [<ffffffff81008815>] syscall_return_slowpath+0x275/0x2f0
[  467.560611]  [<ffffffff8587799c>] entry_SYSCALL_64_fastpath+0xbf/0xc1
[  467.567287] Memory state around the buggy address:
[  467.572191]  ffff8800ae102780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  467.579533]  ffff8800ae102800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  467.587125] >ffff8800ae102880: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[  467.594464]                                               ^
[  467.600158]  ffff8800ae102900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  467.607505]  ffff8800ae102980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  467.614835] ==================================================================
[  467.622234] ==================================================================
[  467.629582] BUG: KASAN: use-after-free in pneigh_get_next.isra.18+0x214/0x320 at addr ffff8800ae1028c0
[  467.638999] Read of size 8 by task syz-executor.3/15217
[  467.644341] CPU: 0 PID: 15217 Comm: syz-executor.3 Tainted: G    B           4.7.0-rc3+ #1
[  467.652714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  467.662056]  1ffffffff0d55dda ffff8800b829f1c0 ffffffff829ccc36 ffff8800ae1028c0
[  467.670072]  ffff8800b829f250 ffff8800ae1028c0 ffff88012bc00900 ffff8800b829f240
[  467.678091]  ffffffff81746e17 0000000000000010 ffff880000000000 0000000000000282
[  467.686203] Call Trace:
[  467.688773]  [<ffffffff829ccc36>] dump_stack+0xe6/0x120
[  467.694112]  [<ffffffff81746e17>] kasan_report_error+0x1e7/0x5b0
[  467.700229]  [<ffffffff817472de>] __asan_report_load8_noabort+0x3e/0x40
[  467.706961]  [<ffffffff8464add4>] ? pneigh_get_next.isra.18+0x214/0x320
[  467.715172]  [<ffffffff8464add4>] pneigh_get_next.isra.18+0x214/0x320
[  467.721732]  [<ffffffff846522f0>] ? neigh_table_clear+0x2b0/0x2b0
[  467.727961]  [<ffffffff8586c290>] ? mutex_trylock+0x570/0x570
[  467.733820]  [<ffffffff8464bc51>] neigh_seq_next+0x91/0x1c0
[  467.739505]  [<ffffffff818096a4>] seq_read+0x9e4/0x11a0
[  467.744846]  [<ffffffff81808cc0>] ? seq_hlist_next_rcu+0x130/0x130
[  467.751166]  [<ffffffff8148677e>] ? rcu_read_lock_sched_held+0x9e/0x120
[  467.758068]  [<ffffffff818f7b9c>] proc_reg_read+0xbc/0x180
[  467.763686]  [<ffffffff82a0a667>] ? import_iovec+0x97/0x420
[  467.769372]  [<ffffffff814865b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[  467.776104]  [<ffffffff81797944>] do_loop_readv_writev+0x134/0x210
[  467.782434]  [<ffffffff826f1938>] ? security_file_permission+0x148/0x1a0
[  467.789245]  [<ffffffff818f7ae0>] ? proc_reg_write+0x180/0x180
[  467.795188]  [<ffffffff818f7ae0>] ? proc_reg_write+0x180/0x180
[  467.801134]  [<ffffffff8179c235>] do_readv_writev+0x565/0x660
[  467.806991]  [<ffffffff8179bcd0>] ? vfs_write+0x4a0/0x4a0
[  467.812507]  [<ffffffff816127b0>] ? perf_event_fork+0x20/0x20
[  467.818367]  [<ffffffff814865b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[  467.825099]  [<ffffffff8172b910>] ? alloc_pages_current+0x1b0/0x490
[  467.831481]  [<ffffffff8179c397>] vfs_readv+0x67/0xa0
[  467.836649]  [<ffffffff8183748d>] default_file_splice_read+0x42d/0x800
[  467.843289]  [<ffffffff81837060>] ? __generic_file_splice_read+0xef0/0xef0
[  467.850283]  [<ffffffff8143d9b8>] ? mark_held_locks+0xc8/0x120
[  467.856232]  [<ffffffff82a3230f>] ? debug_check_no_obj_freed+0x15f/0x760
[  467.863048]  [<ffffffff8587773a>] ? _raw_spin_unlock_irqrestore+0x6a/0xd0
[  467.870121]  [<ffffffff81835ab0>] ? page_cache_pipe_buf_release+0x120/0x120
[  467.879154]  [<ffffffff85877776>] ? _raw_spin_unlock_irqrestore+0xa6/0xd0
[  467.886074]  [<ffffffff8143d9b8>] ? mark_held_locks+0xc8/0x120
[  467.892024]  [<ffffffff816415f1>] ? free_hot_cold_page+0x501/0xa70
[  467.898314]  [<ffffffff8143de5c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  467.905129]  [<ffffffff8143dffd>] ? trace_hardirqs_on+0xd/0x10
[  467.911075]  [<ffffffff8165e5b7>] ? __put_page+0x67/0x80
[  467.916505]  [<ffffffff8179b368>] ? rw_verify_area+0xb8/0x2b0
[  467.922364]  [<ffffffff81832e43>] do_splice_to+0xe3/0x140
[  467.927880]  [<ffffffff818330d5>] splice_direct_to_actor+0x235/0x7c0
[  467.934345]  [<ffffffff81831b50>] ? generic_pipe_buf_nosteal+0x10/0x10
[  467.940982]  [<ffffffff81832ea0>] ? do_splice_to+0x140/0x140
[  467.946764]  [<ffffffff8179b368>] ? rw_verify_area+0xb8/0x2b0
[  467.952621]  [<ffffffff818337ae>] do_splice_direct+0x14e/0x260
[  467.958563]  [<ffffffff81833660>] ? splice_direct_to_actor+0x7c0/0x7c0
[  467.965202]  [<ffffffff81432452>] ? percpu_down_read+0x52/0x90
[  467.971239]  [<ffffffff817a3132>] ? __sb_start_write+0xb2/0xf0
[  467.977180]  [<ffffffff817a3132>] ? __sb_start_write+0xb2/0xf0
[  467.983175]  [<ffffffff8179df00>] do_sendfile+0x4c0/0xe40
[  467.989198]  [<ffffffff8179da40>] ? do_compat_pwritev64.isra.24+0xc0/0xc0
[  467.996094]  [<ffffffff816ba611>] ? __might_fault+0xf1/0x1b0
[  468.001877]  [<ffffffff8179facd>] SyS_sendfile64+0x11d/0x120
[  468.007650]  [<ffffffff8179f9b0>] ? SyS_sendfile+0x110/0x110
[  468.013422]  [<ffffffff8143de5c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  468.020234]  [<ffffffff8100501a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
[  468.026789]  [<ffffffff85877900>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  468.033365] Object at ffff8800ae1028c0, in cache kmalloc-4096
[  468.039226] Object freed, allocated with size 2816 bytes
[  468.044647] Allocation:
[  468.047225] PID = 15217
[  468.049780]  [<ffffffff8120b336>] save_stack_trace+0x26/0x50
[  468.055682]  [<ffffffff81746086>] save_stack+0x46/0xd0
[  468.061054]  [<ffffffff817462da>] kasan_kmalloc+0xda/0x100
[  468.066776]  [<ffffffff81740a35>] __kmalloc_track_caller+0x165/0x790
[  468.073376]  [<ffffffff8168b28b>] kmemdup+0x1b/0x40
[  468.078587]  [<ffffffff84cfdf76>] __addrconf_sysctl_register+0x86/0x340
[  468.085453]  [<ffffffff84cff1f4>] addrconf_sysctl_register+0x104/0x1a0
[  468.092211]  [<ffffffff84d05ac8>] ipv6_add_dev+0x978/0xfd0
[  468.097929]  [<ffffffff84d18d44>] addrconf_notify+0x764/0x1cf0
[  468.103996]  [<ffffffff813af26b>] notifier_call_chain+0x8b/0x170
[  468.110238]  [<ffffffff813af371>] raw_notifier_call_chain+0x11/0x20
[  468.116750]  [<ffffffff84613e77>] call_netdevice_notifiers_info+0x47/0x80
[  468.123774]  [<ffffffff8463a147>] register_netdevice+0x907/0xd60
[  468.130025]  [<ffffffff835b8ac0>] __tun_chr_ioctl+0x13e0/0x3540
[  468.136193]  [<ffffffff835bac4e>] tun_chr_ioctl+0xe/0x10
[  468.141754]  [<ffffffff817d407f>] do_vfs_ioctl+0x17f/0xec0
[  468.147488]  [<ffffffff817d4e34>] SyS_ioctl+0x74/0x80
[  468.152883]  [<ffffffff85877900>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  468.159580] Deallocation:
[  468.162310] PID = 15216
[  468.164869]  [<ffffffff8120b336>] save_stack_trace+0x26/0x50
[  468.170764]  [<ffffffff81746086>] save_stack+0x46/0xd0
[  468.176224]  [<ffffffff8174686b>] kasan_slab_free+0x9b/0xd0
[  468.182029]  [<ffffffff817446be>] kfree+0xce/0x2c0
[  468.187055]  [<ffffffff84cff30a>] __addrconf_sysctl_unregister.isra.42+0x7a/0xa0
[  468.194680]  [<ffffffff84d0e6c6>] addrconf_ifdown+0x856/0xcd0
[  468.200677]  [<ffffffff84d18cf0>] addrconf_notify+0x710/0x1cf0
[  468.206741]  [<ffffffff813af26b>] notifier_call_chain+0x8b/0x170
[  468.212984]  [<ffffffff813af371>] raw_notifier_call_chain+0x11/0x20
[  468.219505]  [<ffffffff84613e77>] call_netdevice_notifiers_info+0x47/0x80
[  468.226554]  [<ffffffff84620aea>] rollback_registered_many+0x3fa/0x740
[  468.233317]  [<ffffffff84620e9f>] rollback_registered+0x6f/0x90
[  468.239476]  [<ffffffff84620f28>] unregister_netdevice_queue+0x68/0x120
[  468.246325]  [<ffffffff835b6644>] __tun_detach+0x764/0x9f0
[  468.252042]  [<ffffffff835b6910>] tun_chr_close+0x40/0x60
[  468.257673]  [<ffffffff817a052e>] __fput+0x20e/0x750
[  468.262870]  [<ffffffff817a0ad9>] ____fput+0x9/0x10
[  468.267980]  [<ffffffff813a74bc>] task_work_run+0xdc/0x150
[  468.273704]  [<ffffffff810066d3>] exit_to_usermode_loop+0x183/0x1c0
[  468.280201]  [<ffffffff81008815>] syscall_return_slowpath+0x275/0x2f0
[  468.286871]  [<ffffffff8587799c>] entry_SYSCALL_64_fastpath+0xbf/0xc1
[  468.293549] Memory state around the buggy address:
[  468.298452]  ffff8800ae102780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  468.305784]  ffff8800ae102800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  468.313202] >ffff8800ae102880: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[  468.320535]                                            ^
[  468.325969]  ffff8800ae102900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  468.333302]  ffff8800ae102980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  468.340633] ==================================================================
[  468.348232] ==================================================================
[  468.355591] BUG: KASAN: use-after-free in pneigh_get_next.isra.18+0x1f7/0x320 at addr ffff880124f96948
[  468.365011] Read of size 8 by task syz-executor.3/15217
[  468.370353] CPU: 0 PID: 15217 Comm: syz-executor.3 Tainted: G    B           4.7.0-rc3+ #1
[  468.378726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  468.388068]  1ffffffff0d55dda ffff8800b829f1c0 ffffffff829ccc36 ffff880124f96940
[  468.396076]  ffff8800b829f250 ffff880124f96940 ffff88012bc00800 ffff8800b829f240
[  468.404105]  ffffffff81746e17 0000000000000010 ffff880000000000 0000000000000282
[  468.412177] Call Trace:
[  468.414746]  [<ffffffff829ccc36>] dump_stack+0xe6/0x120
[  468.420083]  [<ffffffff81746e17>] kasan_report_error+0x1e7/0x5b0
[  468.426202]  [<ffffffff817472de>] __asan_report_load8_noabort+0x3e/0x40
[  468.432930]  [<ffffffff8464adb7>] ? pneigh_get_next.isra.18+0x1f7/0x320
[  468.439655]  [<ffffffff8464adb7>] pneigh_get_next.isra.18+0x1f7/0x320
[  468.446206]  [<ffffffff846522f0>] ? neigh_table_clear+0x2b0/0x2b0
[  468.452414]  [<ffffffff8586c290>] ? mutex_trylock+0x570/0x570
[  468.458284]  [<ffffffff8464bc51>] neigh_seq_next+0x91/0x1c0
[  468.463971]  [<ffffffff818096a4>] seq_read+0x9e4/0x11a0
[  468.469310]  [<ffffffff81808cc0>] ? seq_hlist_next_rcu+0x130/0x130
[  468.475605]  [<ffffffff8148677e>] ? rcu_read_lock_sched_held+0x9e/0x120
[  468.482357]  [<ffffffff818f7b9c>] proc_reg_read+0xbc/0x180
[  468.488042]  [<ffffffff82a0a667>] ? import_iovec+0x97/0x420
[  468.493747]  [<ffffffff814865b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[  468.500511]  [<ffffffff81797944>] do_loop_readv_writev+0x134/0x210
[  468.506812]  [<ffffffff826f1938>] ? security_file_permission+0x148/0x1a0
[  468.513622]  [<ffffffff818f7ae0>] ? proc_reg_write+0x180/0x180
[  468.519563]  [<ffffffff818f7ae0>] ? proc_reg_write+0x180/0x180
[  468.525507]  [<ffffffff8179c235>] do_readv_writev+0x565/0x660
[  468.531364]  [<ffffffff8179bcd0>] ? vfs_write+0x4a0/0x4a0
[  468.536889]  [<ffffffff816127b0>] ? perf_event_fork+0x20/0x20
[  468.542759]  [<ffffffff814865b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[  468.549482]  [<ffffffff8172b910>] ? alloc_pages_current+0x1b0/0x490
[  468.555858]  [<ffffffff8179c397>] vfs_readv+0x67/0xa0
[  468.561020]  [<ffffffff8183748d>] default_file_splice_read+0x42d/0x800
[  468.567671]  [<ffffffff81837060>] ? __generic_file_splice_read+0xef0/0xef0
[  468.574662]  [<ffffffff8143d9b8>] ? mark_held_locks+0xc8/0x120
[  468.580620]  [<ffffffff82a3230f>] ? debug_check_no_obj_freed+0x15f/0x760
[  468.587439]  [<ffffffff8587773a>] ? _raw_spin_unlock_irqrestore+0x6a/0xd0
[  468.594343]  [<ffffffff81835ab0>] ? page_cache_pipe_buf_release+0x120/0x120
[  468.601415]  [<ffffffff85877776>] ? _raw_spin_unlock_irqrestore+0xa6/0xd0
[  468.608311]  [<ffffffff8143d9b8>] ? mark_held_locks+0xc8/0x120
[  468.614273]  [<ffffffff816415f1>] ? free_hot_cold_page+0x501/0xa70
[  468.620569]  [<ffffffff8143de5c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  468.627381]  [<ffffffff8143dffd>] ? trace_hardirqs_on+0xd/0x10
[  468.633333]  [<ffffffff8165e5b7>] ? __put_page+0x67/0x80
[  468.638776]  [<ffffffff8179b368>] ? rw_verify_area+0xb8/0x2b0
[  468.644657]  [<ffffffff81832e43>] do_splice_to+0xe3/0x140
[  468.650166]  [<ffffffff818330d5>] splice_direct_to_actor+0x235/0x7c0
[  468.656635]  [<ffffffff81831b50>] ? generic_pipe_buf_nosteal+0x10/0x10
[  468.663706]  [<ffffffff81832ea0>] ? do_splice_to+0x140/0x140
[  468.669477]  [<ffffffff8179b368>] ? rw_verify_area+0xb8/0x2b0
[  468.675335]  [<ffffffff818337ae>] do_splice_direct+0x14e/0x260
[  468.681373]  [<ffffffff81833660>] ? splice_direct_to_actor+0x7c0/0x7c0
[  468.688012]  [<ffffffff81432452>] ? percpu_down_read+0x52/0x90
[  468.693956]  [<ffffffff817a3132>] ? __sb_start_write+0xb2/0xf0
[  468.699902]  [<ffffffff817a3132>] ? __sb_start_write+0xb2/0xf0
[  468.705860]  [<ffffffff8179df00>] do_sendfile+0x4c0/0xe40
[  468.711375]  [<ffffffff8179da40>] ? do_compat_pwritev64.isra.24+0xc0/0xc0
[  468.718275]  [<ffffffff816ba611>] ? __might_fault+0xf1/0x1b0
[  468.724046]  [<ffffffff8179facd>] SyS_sendfile64+0x11d/0x120
[  468.730090]  [<ffffffff8179f9b0>] ? SyS_sendfile+0x110/0x110
[  468.735996]  [<ffffffff8143de5c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  468.742924]  [<ffffffff8100501a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
[  468.749477]  [<ffffffff85877900>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  468.756040] Object at ffff880124f96940, in cache kmalloc-2048
[  468.761897] Object freed, allocated with size 1352 bytes
[  468.767329] Allocation:
[  468.769884] PID = 15217
[  468.772439]  [<ffffffff8120b336>] save_stack_trace+0x26/0x50
[  468.778347]  [<ffffffff81746086>] save_stack+0x46/0xd0
[  468.783732]  [<ffffffff817462da>] kasan_kmalloc+0xda/0x100
[  468.789460]  [<ffffffff81740a35>] __kmalloc_track_caller+0x165/0x790
[  468.796052]  [<ffffffff8168b28b>] kmemdup+0x1b/0x40
[  468.801161]  [<ffffffff8464a219>] neigh_sysctl_register+0x89/0x7c0
[  468.807683]  [<ffffffff84cff194>] addrconf_sysctl_register+0xa4/0x1a0
[  468.814361]  [<ffffffff84d05ac8>] ipv6_add_dev+0x978/0xfd0
[  468.820106]  [<ffffffff84d18d44>] addrconf_notify+0x764/0x1cf0
[  468.826258]  [<ffffffff813af26b>] notifier_call_chain+0x8b/0x170
[  468.832509]  [<ffffffff813af371>] raw_notifier_call_chain+0x11/0x20
[  468.839018]  [<ffffffff84613e77>] call_netdevice_notifiers_info+0x47/0x80
[  468.846051]  [<ffffffff8463a147>] register_netdevice+0x907/0xd60
[  468.852555]  [<ffffffff835b8ac0>] __tun_chr_ioctl+0x13e0/0x3540
[  468.858709]  [<ffffffff835bac4e>] tun_chr_ioctl+0xe/0x10
[  468.864267]  [<ffffffff817d407f>] do_vfs_ioctl+0x17f/0xec0
[  468.869991]  [<ffffffff817d4e34>] SyS_ioctl+0x74/0x80
[  468.875272]  [<ffffffff85877900>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  468.882047] Deallocation:
[  468.884778] PID = 15216
[  468.887349]  [<ffffffff8120b336>] save_stack_trace+0x26/0x50
[  468.893247]  [<ffffffff81746086>] save_stack+0x46/0xd0
[  468.898617]  [<ffffffff8174686b>] kasan_slab_free+0x9b/0xd0
[  468.904508]  [<ffffffff817446be>] kfree+0xce/0x2c0
[  468.909529]  [<ffffffff8464a9af>] neigh_sysctl_unregister+0x5f/0x80
[  468.917170]  [<ffffffff84d0e6f4>] addrconf_ifdown+0x884/0xcd0
[  468.923170]  [<ffffffff84d18cf0>] addrconf_notify+0x710/0x1cf0
[  468.929234]  [<ffffffff813af26b>] notifier_call_chain+0x8b/0x170
[  468.935470]  [<ffffffff813af371>] raw_notifier_call_chain+0x11/0x20
[  468.941975]  [<ffffffff84613e77>] call_netdevice_notifiers_info+0x47/0x80
[  468.949011]  [<ffffffff84620aea>] rollback_registered_many+0x3fa/0x740
[  468.955782]  [<ffffffff84620e9f>] rollback_registered+0x6f/0x90
[  468.961938]  [<ffffffff84620f28>] unregister_netdevice_queue+0x68/0x120
[  468.968790]  [<ffffffff835b6644>] __tun_detach+0x764/0x9f0
[  468.974510]  [<ffffffff835b6910>] tun_chr_close+0x40/0x60
[  468.980141]  [<ffffffff817a052e>] __fput+0x20e/0x750
[  468.985359]  [<ffffffff817a0ad9>] ____fput+0x9/0x10
[  468.990472]  [<ffffffff813a74bc>] task_work_run+0xdc/0x150
[  468.996194]  [<ffffffff810066d3>] exit_to_usermode_loop+0x183/0x1c0
[  469.002717]  [<ffffffff81008815>] syscall_return_slowpath+0x275/0x2f0
[  469.009395]  [<ffffffff8587799c>] entry_SYSCALL_64_fastpath+0xbf/0xc1
[  469.016069] Memory state around the buggy address:
[  469.020974]  ffff880124f96800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  469.028318]  ffff880124f96880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  469.035652] >ffff880124f96900: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[  469.042994]                                               ^
[  469.048765]  ffff880124f96980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  469.056094]  ffff880124f96a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  469.063524] ==================================================================
[  469.070914] ==================================================================
[  469.078272] BUG: KASAN: use-after-free in pneigh_get_next.isra.18+0x214/0x320 at addr ffff880124f96940
[  469.087694] Read of size 8 by task syz-executor.3/15217
[  469.093042] CPU: 0 PID: 15217 Comm: syz-executor.3 Tainted: G    B           4.7.0-rc3+ #1
[  469.101412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  469.110762]  1ffffffff0d55dda ffff8800b829f1c0 ffffffff829ccc36 ffff880124f96940
[  469.118776]  ffff8800b829f250 ffff880124f96940 ffff88012bc00800 ffff8800b829f240
[  469.126784]  ffffffff81746e17 0000000000000010 ffff880000000000 0000000000000282
[  469.134799] Call Trace:
[  469.137373]  [<ffffffff829ccc36>] dump_stack+0xe6/0x120
[  469.142711]  [<ffffffff81746e17>] kasan_report_error+0x1e7/0x5b0
[  469.148846]  [<ffffffff817472de>] __asan_report_load8_noabort+0x3e/0x40
[  469.155573]  [<ffffffff8464add4>] ? pneigh_get_next.isra.18+0x214/0x320
[  469.162321]  [<ffffffff8464add4>] pneigh_get_next.isra.18+0x214/0x320
[  469.168894]  [<ffffffff846522f0>] ? neigh_table_clear+0x2b0/0x2b0
[  469.175120]  [<ffffffff8586c290>] ? mutex_trylock+0x570/0x570
[  469.180981]  [<ffffffff8464bc51>] neigh_seq_next+0x91/0x1c0
[  469.186666]  [<ffffffff818096a4>] seq_read+0x9e4/0x11a0
[  469.192005]  [<ffffffff81808cc0>] ? seq_hlist_next_rcu+0x130/0x130
[  469.198299]  [<ffffffff8148677e>] ? rcu_read_lock_sched_held+0x9e/0x120
[  469.205024]  [<ffffffff818f7b9c>] proc_reg_read+0xbc/0x180
[  469.210623]  [<ffffffff82a0a667>] ? import_iovec+0x97/0x420
[  469.216318]  [<ffffffff814865b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[  469.223172]  [<ffffffff81797944>] do_loop_readv_writev+0x134/0x210
[  469.229480]  [<ffffffff826f1938>] ? security_file_permission+0x148/0x1a0
[  469.236295]  [<ffffffff818f7ae0>] ? proc_reg_write+0x180/0x180
[  469.242237]  [<ffffffff818f7ae0>] ? proc_reg_write+0x180/0x180
[  469.248196]  [<ffffffff8179c235>] do_readv_writev+0x565/0x660
[  469.254052]  [<ffffffff8179bcd0>] ? vfs_write+0x4a0/0x4a0
[  469.259563]  [<ffffffff816127b0>] ? perf_event_fork+0x20/0x20
[  469.265451]  [<ffffffff814865b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[  469.272178]  [<ffffffff8172b910>] ? alloc_pages_current+0x1b0/0x490
[  469.278556]  [<ffffffff8179c397>] vfs_readv+0x67/0xa0
[  469.283804]  [<ffffffff8183748d>] default_file_splice_read+0x42d/0x800
[  469.290441]  [<ffffffff81837060>] ? __generic_file_splice_read+0xef0/0xef0
[  469.297438]  [<ffffffff8143d9b8>] ? mark_held_locks+0xc8/0x120
[  469.303389]  [<ffffffff82a3230f>] ? debug_check_no_obj_freed+0x15f/0x760
[  469.310408]  [<ffffffff8587773a>] ? _raw_spin_unlock_irqrestore+0x6a/0xd0
[  469.317320]  [<ffffffff81835ab0>] ? page_cache_pipe_buf_release+0x120/0x120
[  469.324401]  [<ffffffff85877776>] ? _raw_spin_unlock_irqrestore+0xa6/0xd0
[  469.331303]  [<ffffffff8143d9b8>] ? mark_held_locks+0xc8/0x120
[  469.337249]  [<ffffffff816415f1>] ? free_hot_cold_page+0x501/0xa70
[  469.343662]  [<ffffffff8143de5c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  469.350914]  [<ffffffff8143dffd>] ? trace_hardirqs_on+0xd/0x10
[  469.357062]  [<ffffffff8165e5b7>] ? __put_page+0x67/0x80
[  469.362499]  [<ffffffff8179b368>] ? rw_verify_area+0xb8/0x2b0
[  469.368364]  [<ffffffff81832e43>] do_splice_to+0xe3/0x140
[  469.373875]  [<ffffffff818330d5>] splice_direct_to_actor+0x235/0x7c0
[  469.380354]  [<ffffffff81831b50>] ? generic_pipe_buf_nosteal+0x10/0x10
[  469.387001]  [<ffffffff81832ea0>] ? do_splice_to+0x140/0x140
[  469.392780]  [<ffffffff8179b368>] ? rw_verify_area+0xb8/0x2b0
[  469.398635]  [<ffffffff818337ae>] do_splice_direct+0x14e/0x260
[  469.404576]  [<ffffffff81833660>] ? splice_direct_to_actor+0x7c0/0x7c0
[  469.411212]  [<ffffffff81432452>] ? percpu_down_read+0x52/0x90
[  469.417170]  [<ffffffff817a3132>] ? __sb_start_write+0xb2/0xf0
[  469.423117]  [<ffffffff817a3132>] ? __sb_start_write+0xb2/0xf0
[  469.429058]  [<ffffffff8179df00>] do_sendfile+0x4c0/0xe40
[  469.434590]  [<ffffffff8179da40>] ? do_compat_pwritev64.isra.24+0xc0/0xc0
[  469.441491]  [<ffffffff816ba611>] ? __might_fault+0xf1/0x1b0
[  469.447261]  [<ffffffff8179facd>] SyS_sendfile64+0x11d/0x120
[  469.453042]  [<ffffffff8179f9b0>] ? SyS_sendfile+0x110/0x110
[  469.458814]  [<ffffffff8143de5c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  469.465630]  [<ffffffff8100501a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
[  469.472189]  [<ffffffff85877900>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  469.478742] Object at ffff880124f96940, in cache kmalloc-2048
[  469.484597] Object freed, allocated with size 1352 bytes
[  469.490025] Allocation:
[  469.492579] PID = 15217
[  469.495134]  [<ffffffff8120b336>] save_stack_trace+0x26/0x50
[  469.501046]  [<ffffffff81746086>] save_stack+0x46/0xd0
[  469.506425]  [<ffffffff817462da>] kasan_kmalloc+0xda/0x100
[  469.512141]  [<ffffffff81740a35>] __kmalloc_track_caller+0x165/0x790
[  469.518727]  [<ffffffff8168b28b>] kmemdup+0x1b/0x40
[  469.523930]  [<ffffffff8464a219>] neigh_sysctl_register+0x89/0x7c0
[  469.530346]  [<ffffffff84cff194>] addrconf_sysctl_register+0xa4/0x1a0
[  469.537023]  [<ffffffff84d05ac8>] ipv6_add_dev+0x978/0xfd0
[  469.542761]  [<ffffffff84d18d44>] addrconf_notify+0x764/0x1cf0
[  469.548828]  [<ffffffff813af26b>] notifier_call_chain+0x8b/0x170
[  469.555067]  [<ffffffff813af371>] raw_notifier_call_chain+0x11/0x20
[  469.561586]  [<ffffffff84613e77>] call_netdevice_notifiers_info+0x47/0x80
[  469.568881]  [<ffffffff8463a147>] register_netdevice+0x907/0xd60
[  469.575244]  [<ffffffff835b8ac0>] __tun_chr_ioctl+0x13e0/0x3540
[  469.581397]  [<ffffffff835bac4e>] tun_chr_ioctl+0xe/0x10
[  469.586959]  [<ffffffff817d407f>] do_vfs_ioctl+0x17f/0xec0
[  469.592768]  [<ffffffff817d4e34>] SyS_ioctl+0x74/0x80
[  469.598050]  [<ffffffff85877900>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  469.604979] Deallocation:
[  469.607708] PID = 15216
[  469.610262]  [<ffffffff8120b336>] save_stack_trace+0x26/0x50
[  469.616158]  [<ffffffff81746086>] save_stack+0x46/0xd0
[  469.621552]  [<ffffffff8174686b>] kasan_slab_free+0x9b/0xd0
[  469.627461]  [<ffffffff817446be>] kfree+0xce/0x2c0
[  469.632483]  [<ffffffff8464a9af>] neigh_sysctl_unregister+0x5f/0x80
[  469.638983]  [<ffffffff84d0e6f4>] addrconf_ifdown+0x884/0xcd0
[  469.644970]  [<ffffffff84d18cf0>] addrconf_notify+0x710/0x1cf0
[  469.651034]  [<ffffffff813af26b>] notifier_call_chain+0x8b/0x170
[  469.657729]  [<ffffffff813af371>] raw_notifier_call_chain+0x11/0x20
[  469.664244]  [<ffffffff84613e77>] call_netdevice_notifiers_info+0x47/0x80
[  469.678620]  [<ffffffff84620aea>] rollback_registered_many+0x3fa/0x740
[  469.686179]  [<ffffffff84620e9f>] rollback_registered+0x6f/0x90
[  469.692341]  [<ffffffff84620f28>] unregister_netdevice_queue+0x68/0x120
[  469.699463]  [<ffffffff835b6644>] __tun_detach+0x764/0x9f0
[  469.705208]  [<ffffffff835b6910>] tun_chr_close+0x40/0x60
[  469.710973]  [<ffffffff817a052e>] __fput+0x20e/0x750
[  469.718133]  [<ffffffff817a0ad9>] ____fput+0x9/0x10
[  469.723273]  [<ffffffff813a74bc>] task_work_run+0xdc/0x150
[  469.728996]  [<ffffffff810066d3>] exit_to_usermode_loop+0x183/0x1c0
[  469.735507]  [<ffffffff81008815>] syscall_return_slowpath+0x275/0x2f0
[  469.742286]  [<ffffffff8587799c>] entry_SYSCALL_64_fastpath+0xbf/0xc1
[  469.748959] Memory state around the buggy address:
[  469.753864]  ffff880124f96800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  469.761196]  ffff880124f96880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  469.768540] >ffff880124f96900: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[  469.775878]                                            ^
[  469.788186]  ffff880124f96980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  469.796286]  ffff880124f96a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  469.803625] ==================================================================
[  469.811105] ==================================================================
[  469.818479] BUG: KASAN: use-after-free in pneigh_get_next.isra.18+0x1f7/0x320 at addr ffff8800b82d2708
[  469.827988] Read of size 8 by task syz-executor.3/15217
[  469.833354] CPU: 0 PID: 15217 Comm: syz-executor.3 Tainted: G    B           4.7.0-rc3+ #1
[  469.841846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  469.852998]  1ffffffff0d55dda ffff8800b829f1c0 ffffffff829ccc36 ffff8800b82d2700
[  469.861138]  ffff8800b829f250 ffff8800b82d2700 ffff88012bc00000 ffff8800b829f240
[  469.869144]  ffffffff81746e17 0000000000000010 ffff880000000000 0000000000000282
[  469.877170] Call Trace:
[  469.881428]  [<ffffffff829ccc36>] dump_stack+0xe6/0x120
[  469.886767]  [<ffffffff81746e17>] kasan_report_error+0x1e7/0x5b0
[  469.892885]  [<ffffffff817472de>] __asan_report_load8_noabort+0x3e/0x40
[  469.899636]  [<ffffffff8464adb7>] ? pneigh_get_next.isra.18+0x1f7/0x320
[  469.906368]  [<ffffffff8464adb7>] pneigh_get_next.isra.18+0x1f7/0x320
[  469.912923]  [<ffffffff846522f0>] ? neigh_table_clear+0x2b0/0x2b0
[  469.919153]  [<ffffffff8586c290>] ? mutex_trylock+0x570/0x570
[  469.925043]  [<ffffffff8464bc51>] neigh_seq_next+0x91/0x1c0
[  469.930755]  [<ffffffff818096a4>] seq_read+0x9e4/0x11a0
[  469.936180]  [<ffffffff81808cc0>] ? seq_hlist_next_rcu+0x130/0x130
[  469.942485]  [<ffffffff8148677e>] ? rcu_read_lock_sched_held+0x9e/0x120
[  469.949225]  [<ffffffff818f7b9c>] proc_reg_read+0xbc/0x180
[  469.954836]  [<ffffffff82a0a667>] ? import_iovec+0x97/0x420
[  469.960522]  [<ffffffff814865b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[  469.968039]  [<ffffffff81797944>] do_loop_readv_writev+0x134/0x210
[  469.974343]  [<ffffffff826f1938>] ? security_file_permission+0x148/0x1a0
[  469.981158]  [<ffffffff818f7ae0>] ? proc_reg_write+0x180/0x180
[  469.994020]  [<ffffffff818f7ae0>] ? proc_reg_write+0x180/0x180
[  470.000432]  [<ffffffff8179c235>] do_readv_writev+0x565/0x660
[  470.006302]  [<ffffffff8179bcd0>] ? vfs_write+0x4a0/0x4a0
[  470.011819]  [<ffffffff816127b0>] ? perf_event_fork+0x20/0x20
[  470.017689]  [<ffffffff814865b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[  470.024424]  [<ffffffff8172b910>] ? alloc_pages_current+0x1b0/0x490
[  470.030806]  [<ffffffff8179c397>] vfs_readv+0x67/0xa0
[  470.035989]  [<ffffffff8183748d>] default_file_splice_read+0x42d/0x800
[  470.042810]  [<ffffffff81837060>] ? __generic_file_splice_read+0xef0/0xef0
[  470.049889]  [<ffffffff8143d9b8>] ? mark_held_locks+0xc8/0x120
[  470.055838]  [<ffffffff82a3230f>] ? debug_check_no_obj_freed+0x15f/0x760
[  470.062919]  [<ffffffff8587773a>] ? _raw_spin_unlock_irqrestore+0x6a/0xd0
[  470.069928]  [<ffffffff81835ab0>] ? page_cache_pipe_buf_release+0x120/0x120
[  470.077003]  [<ffffffff85877776>] ? _raw_spin_unlock_irqrestore+0xa6/0xd0
[  470.083910]  [<ffffffff8143d9b8>] ? mark_held_locks+0xc8/0x120
[  470.089859]  [<ffffffff816415f1>] ? free_hot_cold_page+0x501/0xa70
[  470.096343]  [<ffffffff8143de5c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  470.103160]  [<ffffffff8143dffd>] ? trace_hardirqs_on+0xd/0x10
[  470.109108]  [<ffffffff8165e5b7>] ? __put_page+0x67/0x80
[  470.114974]  [<ffffffff8179b368>] ? rw_verify_area+0xb8/0x2b0
[  470.120897]  [<ffffffff81832e43>] do_splice_to+0xe3/0x140
[  470.126444]  [<ffffffff818330d5>] splice_direct_to_actor+0x235/0x7c0
[  470.132940]  [<ffffffff81831b50>] ? generic_pipe_buf_nosteal+0x10/0x10
[  470.139601]  [<ffffffff81832ea0>] ? do_splice_to+0x140/0x140
[  470.146208]  [<ffffffff8179b368>] ? rw_verify_area+0xb8/0x2b0
[  470.152958]  [<ffffffff818337ae>] do_splice_direct+0x14e/0x260
[  470.159596]  [<ffffffff81833660>] ? splice_direct_to_actor+0x7c0/0x7c0
[  470.166866]  [<ffffffff81432452>] ? percpu_down_read+0x52/0x90
[  470.172821]  [<ffffffff817a3132>] ? __sb_start_write+0xb2/0xf0
[  470.178888]  [<ffffffff817a3132>] ? __sb_start_write+0xb2/0xf0
[  470.184917]  [<ffffffff8179df00>] do_sendfile+0x4c0/0xe40
[  470.190454]  [<ffffffff8179da40>] ? do_compat_pwritev64.isra.24+0xc0/0xc0
[  470.199031]  [<ffffffff816ba611>] ? __might_fault+0xf1/0x1b0
[  470.204807]  [<ffffffff8179facd>] SyS_sendfile64+0x11d/0x120
[  470.210598]  [<ffffffff8179f9b0>] ? SyS_sendfile+0x110/0x110
[  470.216376]  [<ffffffff8143de5c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  470.223203]  [<ffffffff8100501a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
[  470.229775]  [<ffffffff85877900>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  470.236332] Object at ffff8800b82d2700, in cache kmalloc-node
[  470.242449] Object freed, allocated with size 160 bytes
[  470.247798] Allocation:
[  470.250391] PID = 15216
[  470.253328]  [<ffffffff8120b336>] save_stack_trace+0x26/0x50
[  470.259682]  [<ffffffff81746086>] save_stack+0x46/0xd0
[  470.265983]  [<ffffffff817462da>] kasan_kmalloc+0xda/0x100
[  470.272495]  [<ffffffff817426f2>] kmem_cache_alloc_trace+0x142/0x780
[  470.279096]  [<ffffffff8407064f>] netdevice_event+0x24f/0x7c0
[  470.285159]  [<ffffffff813af26b>] notifier_call_chain+0x8b/0x170
[  470.291877]  [<ffffffff813af371>] raw_notifier_call_chain+0x11/0x20
[  470.298525]  [<ffffffff84613e77>] call_netdevice_notifiers_info+0x47/0x80
[  470.307260]  [<ffffffff84620aea>] rollback_registered_many+0x3fa/0x740
[  470.314053]  [<ffffffff84620e9f>] rollback_registered+0x6f/0x90
[  470.320231]  [<ffffffff84620f28>] unregister_netdevice_queue+0x68/0x120
[  470.328232]  [<ffffffff835b6644>] __tun_detach+0x764/0x9f0
[  470.334522]  [<ffffffff835b6910>] tun_chr_close+0x40/0x60
[  470.340374]  [<ffffffff817a052e>] __fput+0x20e/0x750
[  470.346361]  [<ffffffff817a0ad9>] ____fput+0x9/0x10
[  470.352211]  [<ffffffff813a74bc>] task_work_run+0xdc/0x150
[  470.358743]  [<ffffffff810066d3>] exit_to_usermode_loop+0x183/0x1c0
[  470.365531]  [<ffffffff81008815>] syscall_return_slowpath+0x275/0x2f0
[  470.372297]  [<ffffffff8587799c>] entry_SYSCALL_64_fastpath+0xbf/0xc1
[  470.379462] Deallocation:
[  470.382206] PID = 6598
[  470.384912]  [<ffffffff8120b336>] save_stack_trace+0x26/0x50
[  470.392467]  [<ffffffff81746086>] save_stack+0x46/0xd0
[  470.398123]  [<ffffffff8174686b>] kasan_slab_free+0x9b/0xd0
[  470.406676]  [<ffffffff817446be>] kfree+0xce/0x2c0
[  470.411882]  [<ffffffff8406ff8c>] netdevice_event_work_handler+0x11c/0x1d0
[  470.419375]  [<ffffffff8139a6f1>] process_one_work+0x6a1/0x1580
[  470.425534]  [<ffffffff8139b6a7>] worker_thread+0xd7/0xf10
[  470.431292]  [<ffffffff813abf49>] kthread+0x209/0x2d0
[  470.436601]  [<ffffffff85877b4f>] ret_from_fork+0x1f/0x40
[  470.442412] Memory state around the buggy address:
[  470.447406]  ffff8800b82d2600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  470.454752]  ffff8800b82d2680: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  470.462091] >ffff8800b82d2700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  470.470038]                       ^
[  470.473643]  ffff8800b82d2780: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  470.481079]  ffff8800b82d2800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  470.488877] ==================================================================
[  470.496723] ==================================================================
[  470.504807] BUG: KASAN: use-after-free in pneigh_get_next.isra.18+0x214/0x320 at addr ffff8800b82d2700
[  470.514808] Read of size 8 by task syz-executor.3/15217
[  470.520279] CPU: 0 PID: 15217 Comm: syz-executor.3 Tainted: G    B           4.7.0-rc3+ #1
[  470.533231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  470.542564]  1ffffffff0d55dda ffff8800b829f1c0 ffffffff829ccc36 ffff8800b82d2700
[  470.550667]  ffff8800b829f250 ffff8800b82d2700 ffff88012bc00000 ffff8800b829f240
[  470.558653]  ffffffff81746e17 0000000000000010 ffff880000000000 0000000000000282
[  470.566664] Call Trace:
[  470.569249]  [<ffffffff829ccc36>] dump_stack+0xe6/0x120
[  470.574600]  [<ffffffff81746e17>] kasan_report_error+0x1e7/0x5b0
[  470.580718]  [<ffffffff817472de>] __asan_report_load8_noabort+0x3e/0x40
[  470.587472]  [<ffffffff8464add4>] ? pneigh_get_next.isra.18+0x214/0x320
[  470.594201]  [<ffffffff8464add4>] pneigh_get_next.isra.18+0x214/0x320
[  470.600877]  [<ffffffff846522f0>] ? neigh_table_clear+0x2b0/0x2b0
[  470.607101]  [<ffffffff8586c290>] ? mutex_trylock+0x570/0x570
[  470.612972]  [<ffffffff8464bc51>] neigh_seq_next+0x91/0x1c0
[  470.618713]  [<ffffffff818096a4>] seq_read+0x9e4/0x11a0
[  470.624061]  [<ffffffff81808cc0>] ? seq_hlist_next_rcu+0x130/0x130
[  470.630355]  [<ffffffff8148677e>] ? rcu_read_lock_sched_held+0x9e/0x120
[  470.637083]  [<ffffffff818f7b9c>] proc_reg_read+0xbc/0x180
[  470.642704]  [<ffffffff82a0a667>] ? import_iovec+0x97/0x420
[  470.658373]  [<ffffffff814865b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[  470.665128]  [<ffffffff81797944>] do_loop_readv_writev+0x134/0x210
[  470.671433]  [<ffffffff826f1938>] ? security_file_permission+0x148/0x1a0
[  470.678247]  [<ffffffff818f7ae0>] ? proc_reg_write+0x180/0x180
[  470.684215]  [<ffffffff818f7ae0>] ? proc_reg_write+0x180/0x180
[  470.690164]  [<ffffffff8179c235>] do_readv_writev+0x565/0x660
[  470.696020]  [<ffffffff8179bcd0>] ? vfs_write+0x4a0/0x4a0
[  470.701534]  [<ffffffff816127b0>] ? perf_event_fork+0x20/0x20
[  470.707395]  [<ffffffff814865b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[  470.714152]  [<ffffffff8172b910>] ? alloc_pages_current+0x1b0/0x490
[  470.720554]  [<ffffffff8179c397>] vfs_readv+0x67/0xa0
[  470.725739]  [<ffffffff8183748d>] default_file_splice_read+0x42d/0x800
[  470.732377]  [<ffffffff81837060>] ? __generic_file_splice_read+0xef0/0xef0
[  470.739372]  [<ffffffff8143d9b8>] ? mark_held_locks+0xc8/0x120
[  470.745318]  [<ffffffff82a3230f>] ? debug_check_no_obj_freed+0x15f/0x760
[  470.752145]  [<ffffffff8587773a>] ? _raw_spin_unlock_irqrestore+0x6a/0xd0
[  470.759151]  [<ffffffff81835ab0>] ? page_cache_pipe_buf_release+0x120/0x120
[  470.766227]  [<ffffffff85877776>] ? _raw_spin_unlock_irqrestore+0xa6/0xd0
[  470.773128]  [<ffffffff8143d9b8>] ? mark_held_locks+0xc8/0x120
[  470.779081]  [<ffffffff816415f1>] ? free_hot_cold_page+0x501/0xa70
[  470.785391]  [<ffffffff8143de5c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  470.792207]  [<ffffffff8143dffd>] ? trace_hardirqs_on+0xd/0x10
[  470.798149]  [<ffffffff8165e5b7>] ? __put_page+0x67/0x80
[  470.803587]  [<ffffffff8179b368>] ? rw_verify_area+0xb8/0x2b0
[  470.809447]  [<ffffffff81832e43>] do_splice_to+0xe3/0x140
[  470.814970]  [<ffffffff818330d5>] splice_direct_to_actor+0x235/0x7c0
[  470.821437]  [<ffffffff81831b50>] ? generic_pipe_buf_nosteal+0x10/0x10
[  470.828082]  [<ffffffff81832ea0>] ? do_splice_to+0x140/0x140
[  470.833852]  [<ffffffff8179b368>] ? rw_verify_area+0xb8/0x2b0
[  470.839722]  [<ffffffff818337ae>] do_splice_direct+0x14e/0x260
[  470.845670]  [<ffffffff81833660>] ? splice_direct_to_actor+0x7c0/0x7c0
[  470.852327]  [<ffffffff81432452>] ? percpu_down_read+0x52/0x90
[  470.858277]  [<ffffffff817a3132>] ? __sb_start_write+0xb2/0xf0
[  470.864224]  [<ffffffff817a3132>] ? __sb_start_write+0xb2/0xf0
[  470.870169]  [<ffffffff8179df00>] do_sendfile+0x4c0/0xe40
[  470.875678]  [<ffffffff8179da40>] ? do_compat_pwritev64.isra.24+0xc0/0xc0
[  470.882596]  [<ffffffff816ba611>] ? __might_fault+0xf1/0x1b0
[  470.888371]  [<ffffffff8179facd>] SyS_sendfile64+0x11d/0x120
[  470.894146]  [<ffffffff8179f9b0>] ? SyS_sendfile+0x110/0x110
[  470.899918]  [<ffffffff8143de5c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  470.906733]  [<ffffffff8100501a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
[  470.913284]  [<ffffffff85877900>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  470.919839] Object at ffff8800b82d2700, in cache kmalloc-node
[  470.925698] Object freed, allocated with size 160 bytes
[  470.931034] Allocation:
[  470.933597] PID = 15216
[  470.936155]  [<ffffffff8120b336>] save_stack_trace+0x26/0x50
[  470.942070]  [<ffffffff81746086>] save_stack+0x46/0xd0
[  470.947452]  [<ffffffff817462da>] kasan_kmalloc+0xda/0x100
[  470.953182]  [<ffffffff817426f2>] kmem_cache_alloc_trace+0x142/0x780
[  470.959772]  [<ffffffff8407064f>] netdevice_event+0x24f/0x7c0
[  470.965837]  [<ffffffff813af26b>] notifier_call_chain+0x8b/0x170
[  470.972075]  [<ffffffff813af371>] raw_notifier_call_chain+0x11/0x20
[  470.978577]  [<ffffffff84613e77>] call_netdevice_notifiers_info+0x47/0x80
[  470.985599]  [<ffffffff84620aea>] rollback_registered_many+0x3fa/0x740
[  470.992368]  [<ffffffff84620e9f>] rollback_registered+0x6f/0x90
[  470.998533]  [<ffffffff84620f28>] unregister_netdevice_queue+0x68/0x120
[  471.005401]  [<ffffffff835b6644>] __tun_detach+0x764/0x9f0
[  471.011395]  [<ffffffff835b6910>] tun_chr_close+0x40/0x60
[  471.017033]  [<ffffffff817a052e>] __fput+0x20e/0x750
[  471.022233]  [<ffffffff817a0ad9>] ____fput+0x9/0x10
[  471.027430]  [<ffffffff813a74bc>] task_work_run+0xdc/0x150
[  471.033262]  [<ffffffff810066d3>] exit_to_usermode_loop+0x183/0x1c0
[  471.039789]  [<ffffffff81008815>] syscall_return_slowpath+0x275/0x2f0
[  471.046474]  [<ffffffff8587799c>] entry_SYSCALL_64_fastpath+0xbf/0xc1
[  471.053156] Deallocation:
[  471.055887] PID = 6598
[  471.058362]  [<ffffffff8120b336>] save_stack_trace+0x26/0x50
[  471.064254]  [<ffffffff81746086>] save_stack+0x46/0xd0
[  471.069629]  [<ffffffff8174686b>] kasan_slab_free+0x9b/0xd0
[  471.075435]  [<ffffffff817446be>] kfree+0xce/0x2c0
[  471.080456]  [<ffffffff8406ff8c>] netdevice_event_work_handler+0x11c/0x1d0
[  471.087565]  [<ffffffff8139a6f1>] process_one_work+0x6a1/0x1580
[  471.093748]  [<ffffffff8139b6a7>] worker_thread+0xd7/0xf10
[  471.099467]  [<ffffffff813abf49>] kthread+0x209/0x2d0