[   56.933573] audit: type=1800 audit(1560690493.666:28): pid=6701 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.
[   57.759133] audit: type=1800 audit(1560690494.496:29): pid=6701 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   57.780389] audit: type=1800 audit(1560690494.516:30): pid=6701 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   90.804352] IPVS: Creating netns size=2720 id=1
[   90.809210] IPVS: ftp: loaded support on port[0] = 21
Warning: Permanently added '10.128.10.62' (ECDSA) to the list of known hosts.
2019/06/16 13:08:56 parsed 1 programs
2019/06/16 13:08:56 executed programs: 0
[   99.782050] IPv6: ADDRCONF(NETDEV_CHANGE): nr3: link becomes ready
[   99.794821] IPv6: ADDRCONF(NETDEV_CHANGE): nr4: link becomes ready
[   99.800276] IPVS: Creating netns size=2720 id=2
[   99.800401] IPVS: ftp: loaded support on port[0] = 21
[   99.820515] IPv6: ADDRCONF(NETDEV_CHANGE): nr2: link becomes ready
[   99.828177] IPv6: ADDRCONF(NETDEV_CHANGE): nr1: link becomes ready
[   99.836176] IPv6: ADDRCONF(NETDEV_CHANGE): nr0: link becomes ready
[   99.843906] IPv6: ADDRCONF(NETDEV_CHANGE): nr5: link becomes ready
[   99.926068] IPVS: Creating netns size=2720 id=3
[   99.930911] IPVS: ftp: loaded support on port[0] = 21
[  100.036897] chnl_net:caif_netlink_parms(): no params data found
[  100.164446] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.172051] bridge0: port 1(bridge_slave_0) entered disabled state
[  100.173971] IPVS: Creating netns size=2720 id=4
[  100.174083] IPVS: ftp: loaded support on port[0] = 21
[  100.191426] device bridge_slave_0 entered promiscuous mode
[  100.204654] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.211133] bridge0: port 2(bridge_slave_1) entered disabled state
[  100.220032] device bridge_slave_1 entered promiscuous mode
[  100.266224] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  100.285865] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  100.386444] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  100.394560] team0: Port device team_slave_0 added
[  100.442060] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  100.450034] team0: Port device team_slave_1 added
[  100.493432] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  100.509950] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  100.518291] IPVS: Creating netns size=2720 id=5
[  100.523096] IPVS: ftp: loaded support on port[0] = 21
[  100.558279] chnl_net:caif_netlink_parms(): no params data found
[  100.610513] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  100.630678] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  100.814468] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.820868] bridge0: port 2(bridge_slave_1) entered forwarding state
[  100.827941] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.834303] bridge0: port 1(bridge_slave_0) entered forwarding state
[  100.843905] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.850411] bridge0: port 1(bridge_slave_0) entered disabled state
[  100.860300] device bridge_slave_0 entered promiscuous mode
[  100.891835] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.898648] bridge0: port 2(bridge_slave_1) entered disabled state
[  100.907836] device bridge_slave_1 entered promiscuous mode
[  100.922564] chnl_net:caif_netlink_parms(): no params data found
[  100.973425] IPVS: Creating netns size=2720 id=6
[  100.978314] IPVS: ftp: loaded support on port[0] = 21
[  101.011750] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.018765] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.042520] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  101.086720] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  101.253072] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.259969] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.268800] device bridge_slave_0 entered promiscuous mode
[  101.314481] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  101.322706] team0: Port device team_slave_0 added
[  101.342115] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.349438] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.359258] device bridge_slave_1 entered promiscuous mode
[  101.373924] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  101.382188] team0: Port device team_slave_1 added
[  101.430136] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  101.461746] chnl_net:caif_netlink_parms(): no params data found
[  101.475944] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  101.493454] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  101.499312] IPVS: Creating netns size=2720 id=7
[  101.499424] IPVS: ftp: loaded support on port[0] = 21
[  101.540888] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  101.620914] 8021q: adding VLAN 0 to HW filter on device bond0
[  101.630332] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  101.639746] team0: Port device team_slave_0 added
[  101.673761] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  101.682560] team0: Port device team_slave_1 added
[  101.712059] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  101.748426] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  101.761346] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  101.783183] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  101.809032] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  101.830861] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.837579] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.846818] device bridge_slave_0 entered promiscuous mode
[  101.929886] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  101.941150] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.948291] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.957691] device bridge_slave_1 entered promiscuous mode
[  102.031899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  102.096347] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  102.102425] 8021q: adding VLAN 0 to HW filter on device team0
[  102.111702] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  102.130498] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  102.137892] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  102.148036] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  102.169499] chnl_net:caif_netlink_parms(): no params data found
[  102.233373] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  102.269458] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  102.278836] team0: Port device team_slave_0 added
[  102.296349] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  102.304074] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.310593] bridge0: port 1(bridge_slave_0) entered forwarding state
[  102.318699] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  102.326688] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.333035] bridge0: port 2(bridge_slave_1) entered forwarding state
[  102.387420] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  102.399692] team0: Port device team_slave_1 added
[  102.459448] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  102.470859] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  102.479006] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  102.517847] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  102.549132] chnl_net:caif_netlink_parms(): no params data found
[  102.654207] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  102.678257] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.684788] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.698088] device bridge_slave_0 entered promiscuous mode
[  102.707566] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.714017] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.723594] device bridge_slave_1 entered promiscuous mode
[  102.738263] 8021q: adding VLAN 0 to HW filter on device bond0
[  102.748528] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  102.756397] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  102.784949] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  102.838585] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  102.848129] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  102.882813] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  102.894265] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  102.931743] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  102.972130] 8021q: adding VLAN 0 to HW filter on device bond0
[  102.979125] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.986659] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.996399] device bridge_slave_0 entered promiscuous mode
[  103.003546] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  103.014942] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  103.021772] 8021q: adding VLAN 0 to HW filter on device team0
[  103.050501] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.056964] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.066340] device bridge_slave_1 entered promiscuous mode
[  103.074476] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  103.083278] team0: Port device team_slave_0 added
[  103.111539] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  103.118879] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  103.127605] team0: Port device team_slave_1 added
[  103.154859] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  103.163722] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.170253] bridge0: port 1(bridge_slave_0) entered forwarding state
[  103.178470] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  103.187687] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  103.200330] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  103.212894] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  103.224291] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  103.286834] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  103.293929] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  103.302681] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.309091] bridge0: port 2(bridge_slave_1) entered forwarding state
[  103.322527] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  103.328903] 8021q: adding VLAN 0 to HW filter on device team0
[  103.386577] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  103.398117] team0: Port device team_slave_0 added
[  103.408128] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  103.417345] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  103.425248] team0: Port device team_slave_1 added
[  103.446998] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  103.455120] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.461649] bridge0: port 1(bridge_slave_0) entered forwarding state
[  103.469190] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  103.477632] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  103.485808] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  103.493430] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  103.500906] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  103.508863] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  103.526554] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  103.546199] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  103.555054] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.561443] bridge0: port 2(bridge_slave_1) entered forwarding state
[  103.574684] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  103.623339] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  103.631901] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  103.639683] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  103.649486] 8021q: adding VLAN 0 to HW filter on device batadv0
[  103.710232] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  103.719049] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  103.733098] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  103.753176] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  103.763049] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  103.794124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  103.817512] 8021q: adding VLAN 0 to HW filter on device bond0
[  103.844337] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  103.857894] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  103.920817] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  103.948148] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  103.954265] 8021q: adding VLAN 0 to HW filter on device team0
[  104.011721] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  104.021194] bridge0: port 1(bridge_slave_0) entered blocking state
[  104.027761] bridge0: port 1(bridge_slave_0) entered forwarding state
[  104.036861] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  104.054974] 8021q: adding VLAN 0 to HW filter on device bond0
[  104.073686] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  104.081838] bridge0: port 2(bridge_slave_1) entered blocking state
[  104.088249] bridge0: port 2(bridge_slave_1) entered forwarding state
[  104.129830] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  104.152129] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  104.183018] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  104.196077] 8021q: adding VLAN 0 to HW filter on device team0
[  104.202570] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  104.215087] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  104.260256] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  104.291814] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  104.300439] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  104.310086] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  104.319047] bridge0: port 1(bridge_slave_0) entered blocking state
[  104.325458] bridge0: port 1(bridge_slave_0) entered forwarding state
[  104.343361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  104.372118] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  104.387037] bridge0: port 2(bridge_slave_1) entered blocking state
[  104.393562] bridge0: port 2(bridge_slave_1) entered forwarding state
[  104.473359] 8021q: adding VLAN 0 to HW filter on device bond0
[  104.502187] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  104.517661] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  104.528204] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  104.566924] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  104.574403] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  104.583677] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  104.609069] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  104.615952] 8021q: adding VLAN 0 to HW filter on device team0
[  104.642769] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  104.672206] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  104.680839] bridge0: port 1(bridge_slave_0) entered blocking state
[  104.687625] bridge0: port 1(bridge_slave_0) entered forwarding state
2019/06/16 13:09:01 executed programs: 9
[  104.712977] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  104.721160] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  104.729470] bridge0: port 2(bridge_slave_1) entered blocking state
[  104.736041] bridge0: port 2(bridge_slave_1) entered forwarding state
[  104.835920] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  104.844097] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  104.900808] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  104.910810] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  104.954142] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
2019/06/16 13:09:06 executed programs: 113
2019/06/16 13:09:11 executed programs: 238
2019/06/16 13:09:16 executed programs: 359
2019/06/16 13:09:21 executed programs: 484
2019/06/16 13:09:26 executed programs: 606
2019/06/16 13:09:31 executed programs: 729
2019/06/16 13:09:36 executed programs: 854
2019/06/16 13:09:41 executed programs: 977
2019/06/16 13:09:46 executed programs: 1100
2019/06/16 13:09:51 executed programs: 1222
2019/06/16 13:09:56 executed programs: 1344
2019/06/16 13:10:01 executed programs: 1465
2019/06/16 13:10:06 executed programs: 1587
2019/06/16 13:10:12 executed programs: 1704
2019/06/16 13:10:17 executed programs: 1827
2019/06/16 13:10:22 executed programs: 1949
2019/06/16 13:10:27 executed programs: 2073
2019/06/16 13:10:32 executed programs: 2193
2019/06/16 13:10:37 executed programs: 2312
2019/06/16 13:10:42 executed programs: 2434
2019/06/16 13:10:47 executed programs: 2556
2019/06/16 13:10:52 executed programs: 2669
2019/06/16 13:10:57 executed programs: 2793
2019/06/16 13:11:02 executed programs: 2913
2019/06/16 13:11:07 executed programs: 3037
2019/06/16 13:11:12 executed programs: 3153
2019/06/16 13:11:17 executed programs: 3272
2019/06/16 13:11:22 executed programs: 3393
2019/06/16 13:11:27 executed programs: 3515
2019/06/16 13:11:32 executed programs: 3640
2019/06/16 13:11:37 executed programs: 3760
2019/06/16 13:11:42 executed programs: 3886
2019/06/16 13:11:47 executed programs: 4006
2019/06/16 13:11:52 executed programs: 4132
2019/06/16 13:11:57 executed programs: 4256
2019/06/16 13:12:02 executed programs: 4380
2019/06/16 13:12:07 executed programs: 4495
2019/06/16 13:12:12 executed programs: 4615
2019/06/16 13:12:17 executed programs: 4740
2019/06/16 13:12:23 executed programs: 4865
2019/06/16 13:12:28 executed programs: 4986
2019/06/16 13:12:33 executed programs: 5112
2019/06/16 13:12:38 executed programs: 5239
2019/06/16 13:12:43 executed programs: 5355
2019/06/16 13:12:48 executed programs: 5479
2019/06/16 13:12:53 executed programs: 5603
2019/06/16 13:12:58 executed programs: 5722
2019/06/16 13:13:03 executed programs: 5848
2019/06/16 13:13:08 executed programs: 5967
2019/06/16 13:13:13 executed programs: 6092
2019/06/16 13:13:18 executed programs: 6211
2019/06/16 13:13:23 executed programs: 6326
2019/06/16 13:13:28 executed programs: 6449
2019/06/16 13:13:33 executed programs: 6570
2019/06/16 13:13:38 executed programs: 6697
2019/06/16 13:13:43 executed programs: 6822
2019/06/16 13:13:48 executed programs: 6944
2019/06/16 13:13:53 executed programs: 7065
2019/06/16 13:13:58 executed programs: 7181
2019/06/16 13:14:03 executed programs: 7305
2019/06/16 13:14:08 executed programs: 7427
2019/06/16 13:14:13 executed programs: 7546
2019/06/16 13:14:18 executed programs: 7665
2019/06/16 13:14:24 executed programs: 7786
2019/06/16 13:14:29 executed programs: 7906
2019/06/16 13:14:34 executed programs: 8031
[  440.825060] ==================================================================
[  440.832540] BUG: KASAN: use-after-free in pneigh_get_next.isra.18+0x214/0x320 at addr ffff8800b14abf80
[  440.841958] Read of size 8 by task syz-executor.2/12203
[  440.847296] CPU: 1 PID: 12203 Comm: syz-executor.2 Not tainted 4.7.0+ #1
[  440.854103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  440.863430]  1ffffffff0d56312 ffff8800aef371c0 ffffffff829e0956 ffff8800b14abf80
[  440.871421]  ffff8800aef37250 ffff8800b14abf80 ffff88012bc00200 ffff8800aef37240
[  440.879453]  ffffffff8174e667 ffff8800aef37268 ffff8800aef37310 0000000000000282
[  440.887490] Call Trace:
[  440.890104]  [<ffffffff829e0956>] dump_stack+0xe6/0x120
[  440.895464]  [<ffffffff8174e667>] kasan_report_error+0x1e7/0x5b0
[  440.901581]  [<ffffffff8174eb2e>] __asan_report_load8_noabort+0x3e/0x40
[  440.908313]  [<ffffffff84698324>] ? pneigh_get_next.isra.18+0x214/0x320
[  440.915036]  [<ffffffff84698324>] pneigh_get_next.isra.18+0x214/0x320
[  440.921589]  [<ffffffff8469f880>] ? neigh_connected_output+0x510/0x510
[  440.928293]  [<ffffffff858bea30>] ? mutex_lock_killable_nested+0xce0/0xce0
[  440.935286]  [<ffffffff846991a1>] neigh_seq_next+0x91/0x1c0
[  440.940994]  [<ffffffff81811434>] seq_read+0x9e4/0x11a0
[  440.946331]  [<ffffffff81810a50>] ? seq_hlist_next_rcu+0x130/0x130
[  440.952652]  [<ffffffff817a6ba7>] ? rw_copy_check_uvector+0x97/0x280
[  440.959161]  [<ffffffff8148bcee>] ? rcu_read_lock_sched_held+0x9e/0x120
[  440.965904]  [<ffffffff818ff3ec>] proc_reg_read+0xbc/0x180
[  440.971515]  [<ffffffff8179efa4>] do_loop_readv_writev+0x134/0x210
[  440.977835]  [<ffffffff826fc2e8>] ? security_file_permission+0x148/0x1a0
[  440.984648]  [<ffffffff818ff330>] ? proc_reg_write+0x180/0x180
[  440.990586]  [<ffffffff818ff330>] ? proc_reg_write+0x180/0x180
[  440.996527]  [<ffffffff817a3895>] do_readv_writev+0x565/0x660
[  441.002385]  [<ffffffff817a3330>] ? vfs_write+0x4a0/0x4a0
[  441.007956]  [<ffffffff81619f70>] ? perf_event_fork+0x20/0x20
[  441.013828]  [<ffffffff8148bb27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[  441.020594]  [<ffffffff81732fd0>] ? alloc_pages_current+0x1b0/0x490
[  441.026975]  [<ffffffff817a39f7>] vfs_readv+0x67/0xa0
[  441.032149]  [<ffffffff8183f55d>] default_file_splice_read+0x42d/0x800
[  441.038786]  [<ffffffff8183f130>] ? __generic_file_splice_read+0xef0/0xef0
[  441.045816]  [<ffffffff81444f68>] ? mark_held_locks+0xc8/0x120
[  441.051802]  [<ffffffff82a45fcf>] ? debug_check_no_obj_freed+0x15f/0x760
[  441.058624]  [<ffffffff858c91ea>] ? _raw_spin_unlock_irqrestore+0x6a/0xd0
[  441.065529]  [<ffffffff8183db80>] ? page_cache_pipe_buf_release+0x120/0x120
[  441.072613]  [<ffffffff858c9226>] ? _raw_spin_unlock_irqrestore+0xa6/0xd0
[  441.079523]  [<ffffffff81444f68>] ? mark_held_locks+0xc8/0x120
[  441.085531]  [<ffffffff81648c12>] ? free_hot_cold_page+0x502/0xa70
[  441.091828]  [<ffffffff8144540c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  441.098652]  [<ffffffff814455ad>] ? trace_hardirqs_on+0xd/0x10
[  441.104610]  [<ffffffff81665bf7>] ? __put_page+0x67/0x80
[  441.110042]  [<ffffffff817a29c8>] ? rw_verify_area+0xb8/0x2b0
[  441.115905]  [<ffffffff8183af13>] do_splice_to+0xe3/0x140
[  441.121412]  [<ffffffff8183b1a5>] splice_direct_to_actor+0x235/0x7c0
[  441.127876]  [<ffffffff81839c20>] ? generic_pipe_buf_nosteal+0x10/0x10
[  441.134511]  [<ffffffff8183af70>] ? do_splice_to+0x140/0x140
[  441.140280]  [<ffffffff826fc20a>] ? security_file_permission+0x6a/0x1a0
[  441.147002]  [<ffffffff817a29c8>] ? rw_verify_area+0xb8/0x2b0
[  441.152855]  [<ffffffff8183b87e>] do_splice_direct+0x14e/0x260
[  441.158799]  [<ffffffff8183b730>] ? splice_direct_to_actor+0x7c0/0x7c0
[  441.165449]  [<ffffffff81439b62>] ? percpu_down_read+0x52/0x90
[  441.171398]  [<ffffffff817aa7a2>] ? __sb_start_write+0xb2/0xf0
[  441.177337]  [<ffffffff817aa7a2>] ? __sb_start_write+0xb2/0xf0
[  441.183276]  [<ffffffff817a5560>] do_sendfile+0x4c0/0xe40
[  441.188783]  [<ffffffff817a50a0>] ? do_compat_pwritev64.isra.24+0xc0/0xc0
[  441.195749]  [<ffffffff816c1c21>] ? __might_fault+0xf1/0x1b0
[  441.201521]  [<ffffffff817a713d>] SyS_sendfile64+0x11d/0x120
[  441.207289]  [<ffffffff817a7020>] ? SyS_sendfile+0x110/0x110
[  441.213060]  [<ffffffff8144540c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  441.219888]  [<ffffffff8100501a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
[  441.226443]  [<ffffffff858c93c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  441.232994] Object at ffff8800b14abf80, in cache kmalloc-64
[  441.238675] Object freed, allocated with size 36 bytes
[  441.243923] Allocation:
[  441.246475] PID = 12208
[  441.249032]  [<ffffffff812103a6>] save_stack_trace+0x26/0x50
[  441.254948]  [<ffffffff8174d8d6>] save_stack+0x46/0xd0
[  441.260318]  [<ffffffff8174db7a>] kasan_kmalloc+0xda/0x100
[  441.266043]  [<ffffffff81748a09>] __kmalloc+0x169/0x7a0
[  441.271506]  [<ffffffff84696aae>] pneigh_lookup+0x15e/0x3b0
[  441.277486]  [<ffffffff84bd10e3>] arp_req_set+0x323/0x540
[  441.283154]  [<ffffffff84bd6085>] arp_ioctl+0x1c5/0x5c0
[  441.288612]  [<ffffffff84bece8b>] inet_ioctl+0x6b/0x170
[  441.294067]  [<ffffffff84609f22>] sock_do_ioctl+0x62/0xa0
[  441.299730]  [<ffffffff8460a203>] sock_ioctl+0x2a3/0x390
[  441.305278]  [<ffffffff817dbd5f>] do_vfs_ioctl+0x17f/0xec0
[  441.311029]  [<ffffffff817dcb14>] SyS_ioctl+0x74/0x80
[  441.316332]  [<ffffffff858c93c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  441.323016] Deallocation:
[  441.325752] PID = 12198
[  441.328311]  [<ffffffff812103a6>] save_stack_trace+0x26/0x50
[  441.334203]  [<ffffffff8174d8d6>] save_stack+0x46/0xd0
[  441.339578]  [<ffffffff8174e0bb>] kasan_slab_free+0x9b/0xd0
[  441.350004]  [<ffffffff8174bf0f>] kfree+0xcf/0x2c0
[  441.356373]  [<ffffffff8469d902>] neigh_ifdown+0x162/0x220
[  441.362096]  [<ffffffff84bd6493>] arp_ifdown+0x13/0x20
[  441.367468]  [<ffffffff84be35d3>] inetdev_event+0x573/0xf60
[  441.373279]  [<ffffffff813b470b>] notifier_call_chain+0x8b/0x170
[  441.379582]  [<ffffffff813b4811>] raw_notifier_call_chain+0x11/0x20
[  441.386097]  [<ffffffff84661377>] call_netdevice_notifiers_info+0x47/0x80
[  441.393122]  [<ffffffff8466dfca>] rollback_registered_many+0x3fa/0x740
[  441.399885]  [<ffffffff8466e37f>] rollback_registered+0x6f/0x90
[  441.406033]  [<ffffffff8466e408>] unregister_netdevice_queue+0x68/0x120
[  441.412889]  [<ffffffff835e0cfe>] __tun_detach+0x73e/0x9c0
[  441.418657]  [<ffffffff835e0fc0>] tun_chr_close+0x40/0x60
[  441.424283]  [<ffffffff817a7b9e>] __fput+0x20e/0x750
[  441.429484]  [<ffffffff817a8149>] ____fput+0x9/0x10
[  441.434601]  [<ffffffff813ac959>] task_work_run+0xd9/0x150
[  441.440326]  [<ffffffff810066d3>] exit_to_usermode_loop+0x183/0x1c0
[  441.446836]  [<ffffffff81008815>] syscall_return_slowpath+0x275/0x2f0
[  441.453534]  [<ffffffff858c945c>] entry_SYSCALL_64_fastpath+0xbf/0xc1
[  441.460220] Memory state around the buggy address:
[  441.465122]  ffff8800b14abe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  441.472455]  ffff8800b14abf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  441.479793] >ffff8800b14abf80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  441.487139]                    ^
[  441.490482]  ffff8800b14ac000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  441.497826]  ffff8800b14ac080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  441.505157] ==================================================================
[  441.512487] Disabling lock debugging due to kernel taint
[  441.517949] ==================================================================
[  441.526797] BUG: KASAN: use-after-free in pneigh_get_next.isra.18+0x1f7/0x320 at addr ffff8800a7868848
[  441.536212] Read of size 8 by task syz-executor.2/12203
[  441.541548] CPU: 1 PID: 12203 Comm: syz-executor.2 Tainted: G    B           4.7.0+ #1
[  441.549572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  441.558910]  1ffffffff0d56312 ffff8800aef371c0 ffffffff829e0956 ffff8800a7868840
[  441.566906]  ffff8800aef37250 ffff8800a7868840 ffff88012bc00500 ffff8800aef37240
[  441.574898]  ffffffff8174e667 0000000000000010 ffff880000000000 0000000000000282
[  441.582890] Call Trace:
[  441.585452]  [<ffffffff829e0956>] dump_stack+0xe6/0x120
[  441.590811]  [<ffffffff8174e667>] kasan_report_error+0x1e7/0x5b0
[  441.596927]  [<ffffffff8174eb2e>] __asan_report_load8_noabort+0x3e/0x40
[  441.603649]  [<ffffffff84698307>] ? pneigh_get_next.isra.18+0x1f7/0x320
[  441.610374]  [<ffffffff84698307>] pneigh_get_next.isra.18+0x1f7/0x320
[  441.616938]  [<ffffffff8469f880>] ? neigh_connected_output+0x510/0x510
[  441.623580]  [<ffffffff858bea30>] ? mutex_lock_killable_nested+0xce0/0xce0
[  441.630566]  [<ffffffff846991a1>] neigh_seq_next+0x91/0x1c0
[  441.636251]  [<ffffffff81811434>] seq_read+0x9e4/0x11a0
[  441.641584]  [<ffffffff81810a50>] ? seq_hlist_next_rcu+0x130/0x130
[  441.647874]  [<ffffffff817a6ba7>] ? rw_copy_check_uvector+0x97/0x280
[  441.654341]  [<ffffffff8148bcee>] ? rcu_read_lock_sched_held+0x9e/0x120
[  441.661066]  [<ffffffff818ff3ec>] proc_reg_read+0xbc/0x180
[  441.666664]  [<ffffffff8179efa4>] do_loop_readv_writev+0x134/0x210
[  441.672954]  [<ffffffff826fc2e8>] ? security_file_permission+0x148/0x1a0
[  441.679762]  [<ffffffff818ff330>] ? proc_reg_write+0x180/0x180
[  441.685718]  [<ffffffff818ff330>] ? proc_reg_write+0x180/0x180
[  441.691660]  [<ffffffff817a3895>] do_readv_writev+0x565/0x660
[  441.697514]  [<ffffffff817a3330>] ? vfs_write+0x4a0/0x4a0
[  441.703032]  [<ffffffff81619f70>] ? perf_event_fork+0x20/0x20
[  441.708905]  [<ffffffff8148bb27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[  441.715634]  [<ffffffff81732fd0>] ? alloc_pages_current+0x1b0/0x490
[  441.722009]  [<ffffffff817a39f7>] vfs_readv+0x67/0xa0
[  441.727173]  [<ffffffff8183f55d>] default_file_splice_read+0x42d/0x800
[  441.733811]  [<ffffffff8183f130>] ? __generic_file_splice_read+0xef0/0xef0
[  441.740798]  [<ffffffff81444f68>] ? mark_held_locks+0xc8/0x120
[  441.746751]  [<ffffffff82a45fcf>] ? debug_check_no_obj_freed+0x15f/0x760
[  441.753574]  [<ffffffff858c91ea>] ? _raw_spin_unlock_irqrestore+0x6a/0xd0
[  441.760485]  [<ffffffff8183db80>] ? page_cache_pipe_buf_release+0x120/0x120
[  441.767574]  [<ffffffff858c9226>] ? _raw_spin_unlock_irqrestore+0xa6/0xd0
[  441.774474]  [<ffffffff81444f68>] ? mark_held_locks+0xc8/0x120
[  441.780419]  [<ffffffff81648c12>] ? free_hot_cold_page+0x502/0xa70
[  441.786710]  [<ffffffff8144540c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  441.793535]  [<ffffffff814455ad>] ? trace_hardirqs_on+0xd/0x10
[  441.799482]  [<ffffffff81665bf7>] ? __put_page+0x67/0x80
[  441.804904]  [<ffffffff817a29c8>] ? rw_verify_area+0xb8/0x2b0
[  441.810759]  [<ffffffff8183af13>] do_splice_to+0xe3/0x140
[  441.816281]  [<ffffffff8183b1a5>] splice_direct_to_actor+0x235/0x7c0
[  441.822745]  [<ffffffff81839c20>] ? generic_pipe_buf_nosteal+0x10/0x10
[  441.829382]  [<ffffffff8183af70>] ? do_splice_to+0x140/0x140
[  441.835153]  [<ffffffff826fc20a>] ? security_file_permission+0x6a/0x1a0
[  441.841877]  [<ffffffff817a29c8>] ? rw_verify_area+0xb8/0x2b0
[  441.847734]  [<ffffffff8183b87e>] do_splice_direct+0x14e/0x260
[  441.853675]  [<ffffffff8183b730>] ? splice_direct_to_actor+0x7c0/0x7c0
[  441.860312]  [<ffffffff81439b62>] ? percpu_down_read+0x52/0x90
[  441.866261]  [<ffffffff817aa7a2>] ? __sb_start_write+0xb2/0xf0
[  441.872208]  [<ffffffff817aa7a2>] ? __sb_start_write+0xb2/0xf0
[  441.878148]  [<ffffffff817a5560>] do_sendfile+0x4c0/0xe40
[  441.883660]  [<ffffffff817a50a0>] ? do_compat_pwritev64.isra.24+0xc0/0xc0
[  441.890555]  [<ffffffff816c1c21>] ? __might_fault+0xf1/0x1b0
[  441.896337]  [<ffffffff817a713d>] SyS_sendfile64+0x11d/0x120
[  441.902105]  [<ffffffff817a7020>] ? SyS_sendfile+0x110/0x110
[  441.907878]  [<ffffffff8144540c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  441.914694]  [<ffffffff8100501a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
[  441.921244]  [<ffffffff858c93c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  441.927792] Object at ffff8800a7868840, in cache kmalloc-256
[  441.933558] Object freed, allocated with size 198 bytes
[  441.938890] Allocation:
[  441.941442] PID = 12203
[  441.943998]  [<ffffffff812103a6>] save_stack_trace+0x26/0x50
[  441.949894]  [<ffffffff8174d8d6>] save_stack+0x46/0xd0
[  441.955269]  [<ffffffff8174db7a>] kasan_kmalloc+0xda/0x100
[  441.960982]  [<ffffffff81748a09>] __kmalloc+0x169/0x7a0
[  441.966437]  [<ffffffff8190ef76>] __proc_create+0x136/0x570
[  441.972240]  [<ffffffff8190fb25>] proc_create_data+0x55/0x140
[  441.978223]  [<ffffffff84e1d9f0>] snmp6_register_dev+0xb0/0x130
[  441.984433]  [<ffffffff84d53bbc>] ipv6_add_dev+0x55c/0xfd0
[  441.990176]  [<ffffffff84d67254>] addrconf_notify+0x764/0x1cf0
[  441.996239]  [<ffffffff813b470b>] notifier_call_chain+0x8b/0x170
[  442.002476]  [<ffffffff813b4811>] raw_notifier_call_chain+0x11/0x20
[  442.008973]  [<ffffffff84661377>] call_netdevice_notifiers_info+0x47/0x80
[  442.015992]  [<ffffffff84687697>] register_netdevice+0x907/0xd60
[  442.022227]  [<ffffffff835e3170>] __tun_chr_ioctl+0x13e0/0x3540
[  442.028373]  [<ffffffff835e52fe>] tun_chr_ioctl+0xe/0x10
[  442.033923]  [<ffffffff817dbd5f>] do_vfs_ioctl+0x17f/0xec0
[  442.039640]  [<ffffffff817dcb14>] SyS_ioctl+0x74/0x80
[  442.044932]  [<ffffffff858c93c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  442.051608] Deallocation:
[  442.054338] PID = 12198
[  442.056892]  [<ffffffff812103a6>] save_stack_trace+0x26/0x50
[  442.062798]  [<ffffffff8174d8d6>] save_stack+0x46/0xd0
[  442.068166]  [<ffffffff8174e0bb>] kasan_slab_free+0x9b/0xd0
[  442.073982]  [<ffffffff8174bf0f>] kfree+0xcf/0x2c0
[  442.079003]  [<ffffffff8190ffa3>] pde_put+0x73/0xc0
[  442.084125]  [<ffffffff81910a9b>] remove_proc_subtree+0x1cb/0x240
[  442.090462]  [<ffffffff81910b48>] proc_remove+0x38/0x50
[  442.095916]  [<ffffffff84e1db1c>] snmp6_unregister_dev+0xac/0x120
[  442.102252]  [<ffffffff84d5cdd1>] addrconf_ifdown+0xa51/0xcd0
[  442.108234]  [<ffffffff84d67200>] addrconf_notify+0x710/0x1cf0
[  442.114298]  [<ffffffff813b470b>] notifier_call_chain+0x8b/0x170
[  442.120535]  [<ffffffff813b4811>] raw_notifier_call_chain+0x11/0x20
[  442.127029]  [<ffffffff84661377>] call_netdevice_notifiers_info+0x47/0x80
[  442.134044]  [<ffffffff8466dfca>] rollback_registered_many+0x3fa/0x740
[  442.140803]  [<ffffffff8466e37f>] rollback_registered+0x6f/0x90
[  442.146958]  [<ffffffff8466e408>] unregister_netdevice_queue+0x68/0x120
[  442.153799]  [<ffffffff835e0cfe>] __tun_detach+0x73e/0x9c0
[  442.159524]  [<ffffffff835e0fc0>] tun_chr_close+0x40/0x60
[  442.165153]  [<ffffffff817a7b9e>] __fput+0x20e/0x750
[  442.170348]  [<ffffffff817a8149>] ____fput+0x9/0x10
[  442.175452]  [<ffffffff813ac959>] task_work_run+0xd9/0x150
[  442.181195]  [<ffffffff810066d3>] exit_to_usermode_loop+0x183/0x1c0
[  442.187704]  [<ffffffff81008815>] syscall_return_slowpath+0x275/0x2f0
[  442.194383]  [<ffffffff858c945c>] entry_SYSCALL_64_fastpath+0xbf/0xc1
[  442.201059] Memory state around the buggy address:
[  442.205958]  ffff8800a7868700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  442.213297]  ffff8800a7868780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 fc
[  442.220624] >ffff8800a7868800: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[  442.227954]                                               ^
[  442.233632]  ffff8800a7868880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  442.240961]  ffff8800a7868900: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  442.248291] ==================================================================
[  442.255656] ==================================================================
[  442.262999] BUG: KASAN: use-after-free in pneigh_get_next.isra.18+0x214/0x320 at addr ffff8800a7868840
[  442.272430] Read of size 8 by task syz-executor.2/12203
[  442.277780] CPU: 1 PID: 12203 Comm: syz-executor.2 Tainted: G    B           4.7.0+ #1
[  442.285803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  442.295128]  1ffffffff0d56312 ffff8800aef371c0 ffffffff829e0956 ffff8800a7868840
[  442.303114]  ffff8800aef37250 ffff8800a7868840 ffff88012bc00500 ffff8800aef37240
[  442.311106]  ffffffff8174e667 0000000000000010 ffff880000000000 0000000000000282
[  442.319084] Call Trace:
[  442.321647]  [<ffffffff829e0956>] dump_stack+0xe6/0x120
[  442.327003]  [<ffffffff8174e667>] kasan_report_error+0x1e7/0x5b0
[  442.333122]  [<ffffffff8174eb2e>] __asan_report_load8_noabort+0x3e/0x40
[  442.339849]  [<ffffffff84698324>] ? pneigh_get_next.isra.18+0x214/0x320
[  442.346589]  [<ffffffff84698324>] pneigh_get_next.isra.18+0x214/0x320
[  442.353143]  [<ffffffff8469f880>] ? neigh_connected_output+0x510/0x510
[  442.359781]  [<ffffffff858bea30>] ? mutex_lock_killable_nested+0xce0/0xce0
[  442.366780]  [<ffffffff846991a1>] neigh_seq_next+0x91/0x1c0
[  442.372464]  [<ffffffff81811434>] seq_read+0x9e4/0x11a0
[  442.377798]  [<ffffffff81810a50>] ? seq_hlist_next_rcu+0x130/0x130
[  442.384089]  [<ffffffff817a6ba7>] ? rw_copy_check_uvector+0x97/0x280
[  442.390555]  [<ffffffff8148bcee>] ? rcu_read_lock_sched_held+0x9e/0x120
[  442.397281]  [<ffffffff818ff3ec>] proc_reg_read+0xbc/0x180
[  442.402875]  [<ffffffff8179efa4>] do_loop_readv_writev+0x134/0x210
[  442.409165]  [<ffffffff826fc2e8>] ? security_file_permission+0x148/0x1a0
[  442.415993]  [<ffffffff818ff330>] ? proc_reg_write+0x180/0x180
[  442.421937]  [<ffffffff818ff330>] ? proc_reg_write+0x180/0x180
[  442.427892]  [<ffffffff817a3895>] do_readv_writev+0x565/0x660
[  442.433754]  [<ffffffff817a3330>] ? vfs_write+0x4a0/0x4a0
[  442.439275]  [<ffffffff81619f70>] ? perf_event_fork+0x20/0x20
[  442.445129]  [<ffffffff8148bb27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[  442.451857]  [<ffffffff81732fd0>] ? alloc_pages_current+0x1b0/0x490
[  442.458234]  [<ffffffff817a39f7>] vfs_readv+0x67/0xa0
[  442.463398]  [<ffffffff8183f55d>] default_file_splice_read+0x42d/0x800
[  442.470036]  [<ffffffff8183f130>] ? __generic_file_splice_read+0xef0/0xef0
[  442.477038]  [<ffffffff81444f68>] ? mark_held_locks+0xc8/0x120
[  442.482982]  [<ffffffff82a45fcf>] ? debug_check_no_obj_freed+0x15f/0x760
[  442.489793]  [<ffffffff858c91ea>] ? _raw_spin_unlock_irqrestore+0x6a/0xd0
[  442.496688]  [<ffffffff8183db80>] ? page_cache_pipe_buf_release+0x120/0x120
[  442.503756]  [<ffffffff858c9226>] ? _raw_spin_unlock_irqrestore+0xa6/0xd0
[  442.510657]  [<ffffffff81444f68>] ? mark_held_locks+0xc8/0x120
[  442.516607]  [<ffffffff81648c12>] ? free_hot_cold_page+0x502/0xa70
[  442.522895]  [<ffffffff8144540c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  442.529719]  [<ffffffff814455ad>] ? trace_hardirqs_on+0xd/0x10
[  442.535671]  [<ffffffff81665bf7>] ? __put_page+0x67/0x80
[  442.541098]  [<ffffffff817a29c8>] ? rw_verify_area+0xb8/0x2b0
[  442.546963]  [<ffffffff8183af13>] do_splice_to+0xe3/0x140
[  442.552470]  [<ffffffff8183b1a5>] splice_direct_to_actor+0x235/0x7c0
[  442.558943]  [<ffffffff81839c20>] ? generic_pipe_buf_nosteal+0x10/0x10
[  442.565580]  [<ffffffff8183af70>] ? do_splice_to+0x140/0x140
[  442.571356]  [<ffffffff826fc20a>] ? security_file_permission+0x6a/0x1a0
[  442.578080]  [<ffffffff817a29c8>] ? rw_verify_area+0xb8/0x2b0
[  442.583932]  [<ffffffff8183b87e>] do_splice_direct+0x14e/0x260
[  442.589872]  [<ffffffff8183b730>] ? splice_direct_to_actor+0x7c0/0x7c0
[  442.596506]  [<ffffffff81439b62>] ? percpu_down_read+0x52/0x90
[  442.602447]  [<ffffffff817aa7a2>] ? __sb_start_write+0xb2/0xf0
[  442.608410]  [<ffffffff817aa7a2>] ? __sb_start_write+0xb2/0xf0
[  442.614357]  [<ffffffff817a5560>] do_sendfile+0x4c0/0xe40
[  442.619878]  [<ffffffff817a50a0>] ? do_compat_pwritev64.isra.24+0xc0/0xc0
[  442.626775]  [<ffffffff816c1c21>] ? __might_fault+0xf1/0x1b0
[  442.632544]  [<ffffffff817a713d>] SyS_sendfile64+0x11d/0x120
[  442.638311]  [<ffffffff817a7020>] ? SyS_sendfile+0x110/0x110
[  442.644080]  [<ffffffff8144540c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  442.650905]  [<ffffffff8100501a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
[  442.657456]  [<ffffffff858c93c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  442.664005] Object at ffff8800a7868840, in cache kmalloc-256
[  442.669774] Object freed, allocated with size 198 bytes
[  442.675111] Allocation:
[  442.677671] PID = 12203
[  442.680227]  [<ffffffff812103a6>] save_stack_trace+0x26/0x50
[  442.686116]  [<ffffffff8174d8d6>] save_stack+0x46/0xd0
[  442.691481]  [<ffffffff8174db7a>] kasan_kmalloc+0xda/0x100
[  442.697199]  [<ffffffff81748a09>] __kmalloc+0x169/0x7a0
[  442.702661]  [<ffffffff8190ef76>] __proc_create+0x136/0x570
[  442.708464]  [<ffffffff8190fb25>] proc_create_data+0x55/0x140
[  442.714440]  [<ffffffff84e1d9f0>] snmp6_register_dev+0xb0/0x130
[  442.720587]  [<ffffffff84d53bbc>] ipv6_add_dev+0x55c/0xfd0
[  442.726308]  [<ffffffff84d67254>] addrconf_notify+0x764/0x1cf0
[  442.732370]  [<ffffffff813b470b>] notifier_call_chain+0x8b/0x170
[  442.738610]  [<ffffffff813b4811>] raw_notifier_call_chain+0x11/0x20
[  442.745113]  [<ffffffff84661377>] call_netdevice_notifiers_info+0x47/0x80
[  442.752135]  [<ffffffff84687697>] register_netdevice+0x907/0xd60
[  442.758373]  [<ffffffff835e3170>] __tun_chr_ioctl+0x13e0/0x3540
[  442.764519]  [<ffffffff835e52fe>] tun_chr_ioctl+0xe/0x10
[  442.770057]  [<ffffffff817dbd5f>] do_vfs_ioctl+0x17f/0xec0
[  442.775780]  [<ffffffff817dcb14>] SyS_ioctl+0x74/0x80
[  442.781060]  [<ffffffff858c93c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  442.787736] Deallocation:
[  442.790473] PID = 12198
[  442.793028]  [<ffffffff812103a6>] save_stack_trace+0x26/0x50
[  442.798928]  [<ffffffff8174d8d6>] save_stack+0x46/0xd0
[  442.804300]  [<ffffffff8174e0bb>] kasan_slab_free+0x9b/0xd0
[  442.810101]  [<ffffffff8174bf0f>] kfree+0xcf/0x2c0
[  442.815141]  [<ffffffff8190ffa3>] pde_put+0x73/0xc0
[  442.820248]  [<ffffffff81910a9b>] remove_proc_subtree+0x1cb/0x240
[  442.826689]  [<ffffffff81910b48>] proc_remove+0x38/0x50
[  442.832174]  [<ffffffff84e1db1c>] snmp6_unregister_dev+0xac/0x120
[  442.838523]  [<ffffffff84d5cdd1>] addrconf_ifdown+0xa51/0xcd0
[  442.844501]  [<ffffffff84d67200>] addrconf_notify+0x710/0x1cf0
[  442.850568]  [<ffffffff813b470b>] notifier_call_chain+0x8b/0x170
[  442.856809]  [<ffffffff813b4811>] raw_notifier_call_chain+0x11/0x20
[  442.863303]  [<ffffffff84661377>] call_netdevice_notifiers_info+0x47/0x80
[  442.870317]  [<ffffffff8466dfca>] rollback_registered_many+0x3fa/0x740
[  442.877091]  [<ffffffff8466e37f>] rollback_registered+0x6f/0x90
[  442.883240]  [<ffffffff8466e408>] unregister_netdevice_queue+0x68/0x120
[  442.890084]  [<ffffffff835e0cfe>] __tun_detach+0x73e/0x9c0
[  442.895820]  [<ffffffff835e0fc0>] tun_chr_close+0x40/0x60
[  442.901452]  [<ffffffff817a7b9e>] __fput+0x20e/0x750
[  442.906677]  [<ffffffff817a8149>] ____fput+0x9/0x10
[  442.911786]  [<ffffffff813ac959>] task_work_run+0xd9/0x150
[  442.917515]  [<ffffffff810066d3>] exit_to_usermode_loop+0x183/0x1c0
[  442.924017]  [<ffffffff81008815>] syscall_return_slowpath+0x275/0x2f0
[  442.930705]  [<ffffffff858c945c>] entry_SYSCALL_64_fastpath+0xbf/0xc1
[  442.937391] Memory state around the buggy address:
[  442.942289]  ffff8800a7868700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  442.949616]  ffff8800a7868780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 fc
[  442.956945] >ffff8800a7868800: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[  442.964273]                                            ^
[  442.969705]  ffff8800a7868880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  442.977039]  ffff8800a7868900: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  442.984368] ==================================================================
[  442.991746] ==================================================================
[  442.999088] BUG: KASAN: use-after-free in pneigh_get_next.isra.18+0x1f7/0x320 at addr ffff8800a7868348
[  443.008502] Read of size 8 by task syz-executor.2/12203
[  443.013840] CPU: 1 PID: 12203 Comm: syz-executor.2 Tainted: G    B           4.7.0+ #1
[  443.021869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  443.031193]  1ffffffff0d56312 ffff8800aef371c0 ffffffff829e0956 ffff8800a7868340
[  443.039203]  ffff8800aef37250 ffff8800a7868340 ffff88012bc00500 ffff8800aef37240
[  443.047209]  ffffffff8174e667 0000000000000010 ffff880000000000 0000000000000282
[  443.055213] Call Trace:
[  443.057773]  [<ffffffff829e0956>] dump_stack+0xe6/0x120
[  443.063109]  [<ffffffff8174e667>] kasan_report_error+0x1e7/0x5b0
[  443.069227]  [<ffffffff8174eb2e>] __asan_report_load8_noabort+0x3e/0x40
[  443.075953]  [<ffffffff84698307>] ? pneigh_get_next.isra.18+0x1f7/0x320
[  443.082675]  [<ffffffff84698307>] pneigh_get_next.isra.18+0x1f7/0x320
[  443.089223]  [<ffffffff8469f880>] ? neigh_connected_output+0x510/0x510
[  443.095861]  [<ffffffff858bea30>] ? mutex_lock_killable_nested+0xce0/0xce0
[  443.102845]  [<ffffffff846991a1>] neigh_seq_next+0x91/0x1c0
[  443.108530]  [<ffffffff81811434>] seq_read+0x9e4/0x11a0
[  443.113864]  [<ffffffff81810a50>] ? seq_hlist_next_rcu+0x130/0x130
[  443.120153]  [<ffffffff817a6ba7>] ? rw_copy_check_uvector+0x97/0x280
[  443.126618]  [<ffffffff8148bcee>] ? rcu_read_lock_sched_held+0x9e/0x120
[  443.133345]  [<ffffffff818ff3ec>] proc_reg_read+0xbc/0x180
[  443.138941]  [<ffffffff8179efa4>] do_loop_readv_writev+0x134/0x210
[  443.145234]  [<ffffffff826fc2e8>] ? security_file_permission+0x148/0x1a0
[  443.152044]  [<ffffffff818ff330>] ? proc_reg_write+0x180/0x180
[  443.157984]  [<ffffffff818ff330>] ? proc_reg_write+0x180/0x180
[  443.163926]  [<ffffffff817a3895>] do_readv_writev+0x565/0x660
[  443.169782]  [<ffffffff817a3330>] ? vfs_write+0x4a0/0x4a0
[  443.175292]  [<ffffffff81619f70>] ? perf_event_fork+0x20/0x20
[  443.181150]  [<ffffffff8148bb27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[  443.187874]  [<ffffffff81732fd0>] ? alloc_pages_current+0x1b0/0x490
[  443.194248]  [<ffffffff817a39f7>] vfs_readv+0x67/0xa0
[  443.199407]  [<ffffffff8183f55d>] default_file_splice_read+0x42d/0x800
[  443.206047]  [<ffffffff8183f130>] ? __generic_file_splice_read+0xef0/0xef0
[  443.213035]  [<ffffffff81444f68>] ? mark_held_locks+0xc8/0x120
[  443.218981]  [<ffffffff82a45fcf>] ? debug_check_no_obj_freed+0x15f/0x760
[  443.225792]  [<ffffffff858c91ea>] ? _raw_spin_unlock_irqrestore+0x6a/0xd0
[  443.232686]  [<ffffffff8183db80>] ? page_cache_pipe_buf_release+0x120/0x120
[  443.239757]  [<ffffffff858c9226>] ? _raw_spin_unlock_irqrestore+0xa6/0xd0
[  443.246654]  [<ffffffff81444f68>] ? mark_held_locks+0xc8/0x120
[  443.252599]  [<ffffffff81648c12>] ? free_hot_cold_page+0x502/0xa70
[  443.258898]  [<ffffffff8144540c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  443.265708]  [<ffffffff814455ad>] ? trace_hardirqs_on+0xd/0x10
[  443.271651]  [<ffffffff81665bf7>] ? __put_page+0x67/0x80
[  443.277073]  [<ffffffff817a29c8>] ? rw_verify_area+0xb8/0x2b0
[  443.282930]  [<ffffffff8183af13>] do_splice_to+0xe3/0x140
[  443.288440]  [<ffffffff8183b1a5>] splice_direct_to_actor+0x235/0x7c0
[  443.294903]  [<ffffffff81839c20>] ? generic_pipe_buf_nosteal+0x10/0x10
[  443.301538]  [<ffffffff8183af70>] ? do_splice_to+0x140/0x140
[  443.307321]  [<ffffffff826fc20a>] ? security_file_permission+0x6a/0x1a0
[  443.314045]  [<ffffffff817a29c8>] ? rw_verify_area+0xb8/0x2b0
[  443.319900]  [<ffffffff8183b87e>] do_splice_direct+0x14e/0x260
[  443.325839]  [<ffffffff8183b730>] ? splice_direct_to_actor+0x7c0/0x7c0
[  443.332473]  [<ffffffff81439b62>] ? percpu_down_read+0x52/0x90
[  443.338417]  [<ffffffff817aa7a2>] ? __sb_start_write+0xb2/0xf0
[  443.344358]  [<ffffffff817aa7a2>] ? __sb_start_write+0xb2/0xf0
[  443.350298]  [<ffffffff817a5560>] do_sendfile+0x4c0/0xe40
[  443.356985]  [<ffffffff817a50a0>] ? do_compat_pwritev64.isra.24+0xc0/0xc0
[  443.363886]  [<ffffffff816c1c21>] ? __might_fault+0xf1/0x1b0
[  443.369656]  [<ffffffff817a713d>] SyS_sendfile64+0x11d/0x120
[  443.375422]  [<ffffffff817a7020>] ? SyS_sendfile+0x110/0x110
[  443.381194]  [<ffffffff8144540c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  443.388006]  [<ffffffff8100501a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
[  443.394557]  [<ffffffff858c93c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  443.401112] Object at ffff8800a7868340, in cache kmalloc-256
[  443.406880] Object freed, allocated with size 240 bytes
[  443.412211] Allocation:
[  443.414769] PID = 12203
[  443.417327]  [<ffffffff812103a6>] save_stack_trace+0x26/0x50
[  443.423218]  [<ffffffff8174d8d6>] save_stack+0x46/0xd0
[  443.428588]  [<ffffffff8174db7a>] kasan_kmalloc+0xda/0x100
[  443.434301]  [<ffffffff81749f32>] kmem_cache_alloc_trace+0x142/0x780
[  443.440894]  [<ffffffff84dc7484>] ipv6_dev_mc_inc+0x294/0xde0
[  443.446927]  [<ffffffff84d540f6>] ipv6_add_dev+0xa96/0xfd0
[  443.452644]  [<ffffffff84d67254>] addrconf_notify+0x764/0x1cf0
[  443.458712]  [<ffffffff813b470b>] notifier_call_chain+0x8b/0x170
[  443.464951]  [<ffffffff813b4811>] raw_notifier_call_chain+0x11/0x20
[  443.471450]  [<ffffffff84661377>] call_netdevice_notifiers_info+0x47/0x80
[  443.478472]  [<ffffffff84687697>] register_netdevice+0x907/0xd60
[  443.484710]  [<ffffffff835e3170>] __tun_chr_ioctl+0x13e0/0x3540
[  443.490879]  [<ffffffff835e52fe>] tun_chr_ioctl+0xe/0x10
[  443.496418]  [<ffffffff817dbd5f>] do_vfs_ioctl+0x17f/0xec0
[  443.502151]  [<ffffffff817dcb14>] SyS_ioctl+0x74/0x80
[  443.507430]  [<ffffffff858c93c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  443.514113] Deallocation:
[  443.516841] PID = 12198
[  443.519395]  [<ffffffff812103a6>] save_stack_trace+0x26/0x50
[  443.526733]  [<ffffffff8174d8d6>] save_stack+0x46/0xd0
[  443.532112]  [<ffffffff8174e0bb>] kasan_slab_free+0x9b/0xd0
[  443.537921]  [<ffffffff8174bf0f>] kfree+0xcf/0x2c0
[  443.542946]  [<ffffffff84dc0fe2>] ma_put+0x42/0x60
[  443.547969]  [<ffffffff84dc8a26>] __ipv6_dev_mc_dec+0x216/0x380
[  443.554121]  [<ffffffff84dce248>] ipv6_mc_destroy_dev+0x28/0x150
[  443.560355]  [<ffffffff84d5cb78>] addrconf_ifdown+0x7f8/0xcd0
[  443.566328]  [<ffffffff84d67200>] addrconf_notify+0x710/0x1cf0
[  443.572396]  [<ffffffff813b470b>] notifier_call_chain+0x8b/0x170
[  443.578631]  [<ffffffff813b4811>] raw_notifier_call_chain+0x11/0x20
[  443.585129]  [<ffffffff84661377>] call_netdevice_notifiers_info+0x47/0x80
[  443.592147]  [<ffffffff8466dfca>] rollback_registered_many+0x3fa/0x740
[  443.598903]  [<ffffffff8466e37f>] rollback_registered+0x6f/0x90
[  443.605094]  [<ffffffff8466e408>] unregister_netdevice_queue+0x68/0x120
[  443.611939]  [<ffffffff835e0cfe>] __tun_detach+0x73e/0x9c0
[  443.617660]  [<ffffffff835e0fc0>] tun_chr_close+0x40/0x60
[  443.623299]  [<ffffffff817a7b9e>] __fput+0x20e/0x750
[  443.628504]  [<ffffffff817a8149>] ____fput+0x9/0x10
[  443.633620]  [<ffffffff813ac959>] task_work_run+0xd9/0x150
[  443.639345]  [<ffffffff810066d3>] exit_to_usermode_loop+0x183/0x1c0
[  443.645849]  [<ffffffff81008815>] syscall_return_slowpath+0x275/0x2f0
[  443.652528]  [<ffffffff858c945c>] entry_SYSCALL_64_fastpath+0xbf/0xc1
[  443.659207] Memory state around the buggy address:
[  443.664110]  ffff8800a7868200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  443.671440]  ffff8800a7868280: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[  443.678768] >ffff8800a7868300: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[  443.686095]                                               ^
[  443.691773]  ffff8800a7868380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  443.699104]  ffff8800a7868400: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  443.706436] ==================================================================
[  443.713783] ==================================================================
[  443.721128] BUG: KASAN: use-after-free in pneigh_get_next.isra.18+0x214/0x320 at addr ffff8800a7868340
[  443.730555] Read of size 8 by task syz-executor.2/12203
[  443.735894] CPU: 1 PID: 12203 Comm: syz-executor.2 Tainted: G    B           4.7.0+ #1
[  443.743929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  443.753273]  1ffffffff0d56312 ffff8800aef371c0 ffffffff829e0956 ffff8800a7868340
[  443.761282]  ffff8800aef37250 ffff8800a7868340 ffff88012bc00500 ffff8800aef37240
[  443.769286]  ffffffff8174e667 0000000000000010 ffff880000000000 0000000000000282
[  443.777297] Call Trace:
[  443.779858]  [<ffffffff829e0956>] dump_stack+0xe6/0x120
[  443.785190]  [<ffffffff8174e667>] kasan_report_error+0x1e7/0x5b0
[  443.791305]  [<ffffffff8174eb2e>] __asan_report_load8_noabort+0x3e/0x40
[  443.798034]  [<ffffffff84698324>] ? pneigh_get_next.isra.18+0x214/0x320
[  443.804757]  [<ffffffff84698324>] pneigh_get_next.isra.18+0x214/0x320
[  443.811306]  [<ffffffff8469f880>] ? neigh_connected_output+0x510/0x510
[  443.817942]  [<ffffffff858bea30>] ? mutex_lock_killable_nested+0xce0/0xce0
[  443.824931]  [<ffffffff846991a1>] neigh_seq_next+0x91/0x1c0
[  443.830631]  [<ffffffff81811434>] seq_read+0x9e4/0x11a0
[  443.835967]  [<ffffffff81810a50>] ? seq_hlist_next_rcu+0x130/0x130
[  443.842257]  [<ffffffff817a6ba7>] ? rw_copy_check_uvector+0x97/0x280
[  443.848727]  [<ffffffff8148bcee>] ? rcu_read_lock_sched_held+0x9e/0x120
[  443.855452]  [<ffffffff818ff3ec>] proc_reg_read+0xbc/0x180
[  443.861046]  [<ffffffff8179efa4>] do_loop_readv_writev+0x134/0x210
[  443.867353]  [<ffffffff826fc2e8>] ? security_file_permission+0x148/0x1a0
[  443.874168]  [<ffffffff818ff330>] ? proc_reg_write+0x180/0x180
[  443.880109]  [<ffffffff818ff330>] ? proc_reg_write+0x180/0x180
[  443.886051]  [<ffffffff817a3895>] do_readv_writev+0x565/0x660
[  443.891904]  [<ffffffff817a3330>] ? vfs_write+0x4a0/0x4a0
[  443.897609]  [<ffffffff81619f70>] ? perf_event_fork+0x20/0x20
[  443.903466]  [<ffffffff8148bb27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[  443.910208]  [<ffffffff81732fd0>] ? alloc_pages_current+0x1b0/0x490
[  443.916591]  [<ffffffff817a39f7>] vfs_readv+0x67/0xa0
[  443.921750]  [<ffffffff8183f55d>] default_file_splice_read+0x42d/0x800
[  443.928384]  [<ffffffff8183f130>] ? __generic_file_splice_read+0xef0/0xef0
[  443.935370]  [<ffffffff81444f68>] ? mark_held_locks+0xc8/0x120
[  443.941312]  [<ffffffff82a45fcf>] ? debug_check_no_obj_freed+0x15f/0x760
[  443.948124]  [<ffffffff858c91ea>] ? _raw_spin_unlock_irqrestore+0x6a/0xd0
[  443.955047]  [<ffffffff8183db80>] ? page_cache_pipe_buf_release+0x120/0x120
[  443.962216]  [<ffffffff858c9226>] ? _raw_spin_unlock_irqrestore+0xa6/0xd0
[  443.969128]  [<ffffffff81444f68>] ? mark_held_locks+0xc8/0x120
[  443.975074]  [<ffffffff81648c12>] ? free_hot_cold_page+0x502/0xa70
[  443.981359]  [<ffffffff8144540c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  443.988170]  [<ffffffff814455ad>] ? trace_hardirqs_on+0xd/0x10
[  443.994111]  [<ffffffff81665bf7>] ? __put_page+0x67/0x80
[  443.999530]  [<ffffffff817a29c8>] ? rw_verify_area+0xb8/0x2b0
[  444.005391]  [<ffffffff8183af13>] do_splice_to+0xe3/0x140
[  444.010902]  [<ffffffff8183b1a5>] splice_direct_to_actor+0x235/0x7c0
[  444.017361]  [<ffffffff81839c20>] ? generic_pipe_buf_nosteal+0x10/0x10
[  444.023993]  [<ffffffff8183af70>] ? do_splice_to+0x140/0x140
[  444.029758]  [<ffffffff826fc20a>] ? security_file_permission+0x6a/0x1a0
[  444.036482]  [<ffffffff817a29c8>] ? rw_verify_area+0xb8/0x2b0
[  444.042333]  [<ffffffff8183b87e>] do_splice_direct+0x14e/0x260
[  444.048272]  [<ffffffff8183b730>] ? splice_direct_to_actor+0x7c0/0x7c0
[  444.054907]  [<ffffffff81439b62>] ? percpu_down_read+0x52/0x90
[  444.060848]  [<ffffffff817aa7a2>] ? __sb_start_write+0xb2/0xf0
[  444.066789]  [<ffffffff817aa7a2>] ? __sb_start_write+0xb2/0xf0
[  444.072726]  [<ffffffff817a5560>] do_sendfile+0x4c0/0xe40
[  444.078236]  [<ffffffff817a50a0>] ? do_compat_pwritev64.isra.24+0xc0/0xc0
[  444.085132]  [<ffffffff816c1c21>] ? __might_fault+0xf1/0x1b0
[  444.090896]  [<ffffffff817a713d>] SyS_sendfile64+0x11d/0x120
[  444.096665]  [<ffffffff817a7020>] ? SyS_sendfile+0x110/0x110
[  444.102433]  [<ffffffff8144540c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  444.109243]  [<ffffffff8100501a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
[  444.115803]  [<ffffffff858c93c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  444.122352] Object at ffff8800a7868340, in cache kmalloc-256
[  444.128118] Object freed, allocated with size 240 bytes
[  444.133449] Allocation:
[  444.136002] PID = 12203
[  444.138557]  [<ffffffff812103a6>] save_stack_trace+0x26/0x50
[  444.144459]  [<ffffffff8174d8d6>] save_stack+0x46/0xd0
[  444.149827]  [<ffffffff8174db7a>] kasan_kmalloc+0xda/0x100
[  444.155537]  [<ffffffff81749f32>] kmem_cache_alloc_trace+0x142/0x780
[  444.162117]  [<ffffffff84dc7484>] ipv6_dev_mc_inc+0x294/0xde0
[  444.168092]  [<ffffffff84d540f6>] ipv6_add_dev+0xa96/0xfd0
[  444.173804]  [<ffffffff84d67254>] addrconf_notify+0x764/0x1cf0
[  444.179870]  [<ffffffff813b470b>] notifier_call_chain+0x8b/0x170
[  444.186126]  [<ffffffff813b4811>] raw_notifier_call_chain+0x11/0x20
[  444.192624]  [<ffffffff84661377>] call_netdevice_notifiers_info+0x47/0x80
[  444.199661]  [<ffffffff84687697>] register_netdevice+0x907/0xd60
[  444.205925]  [<ffffffff835e3170>] __tun_chr_ioctl+0x13e0/0x3540
[  444.212071]  [<ffffffff835e52fe>] tun_chr_ioctl+0xe/0x10
[  444.217629]  [<ffffffff817dbd5f>] do_vfs_ioctl+0x17f/0xec0
[  444.223357]  [<ffffffff817dcb14>] SyS_ioctl+0x74/0x80
[  444.228649]  [<ffffffff858c93c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  444.235323] Deallocation:
[  444.238052] PID = 12198
[  444.240608]  [<ffffffff812103a6>] save_stack_trace+0x26/0x50
[  444.246497]  [<ffffffff8174d8d6>] save_stack+0x46/0xd0
[  444.251865]  [<ffffffff8174e0bb>] kasan_slab_free+0x9b/0xd0
[  444.257665]  [<ffffffff8174bf0f>] kfree+0xcf/0x2c0
[  444.262712]  [<ffffffff84dc0fe2>] ma_put+0x42/0x60
[  444.267733]  [<ffffffff84dc8a26>] __ipv6_dev_mc_dec+0x216/0x380
[  444.273900]  [<ffffffff84dce248>] ipv6_mc_destroy_dev+0x28/0x150
[  444.280139]  [<ffffffff84d5cb78>] addrconf_ifdown+0x7f8/0xcd0
[  444.286114]  [<ffffffff84d67200>] addrconf_notify+0x710/0x1cf0
[  444.292172]  [<ffffffff813b470b>] notifier_call_chain+0x8b/0x170
[  444.298410]  [<ffffffff813b4811>] raw_notifier_call_chain+0x11/0x20
[  444.304913]  [<ffffffff84661377>] call_netdevice_notifiers_info+0x47/0x80
[  444.311929]  [<ffffffff8466dfca>] rollback_registered_many+0x3fa/0x740
[  444.318682]  [<ffffffff8466e37f>] rollback_registered+0x6f/0x90
[  444.324825]  [<ffffffff8466e408>] unregister_netdevice_queue+0x68/0x120
[  444.331691]  [<ffffffff835e0cfe>] __tun_detach+0x73e/0x9c0
[  444.337532]  [<ffffffff835e0fc0>] tun_chr_close+0x40/0x60
[  444.344722]  [<ffffffff817a7b9e>] __fput+0x20e/0x750
[  444.349920]  [<ffffffff817a8149>] ____fput+0x9/0x10
[  444.355041]  [<ffffffff813ac959>] task_work_run+0xd9/0x150
[  444.360783]  [<ffffffff810066d3>] exit_to_usermode_loop+0x183/0x1c0
[  444.367288]  [<ffffffff81008815>] syscall_return_slowpath+0x275/0x2f0
[  444.373952]  [<ffffffff858c945c>] entry_SYSCALL_64_fastpath+0xbf/0xc1
[  444.380620] Memory state around the buggy address:
[  444.385527]  ffff8800a7868200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  444.392872]  ffff8800a7868280: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[  444.400213] >ffff8800a7868300: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[  444.407562]                                            ^
[  444.412987]  ffff8800a7868380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  444.420314]  ffff8800a7868400: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  444.427642] ==================================================================
[  444.435007] ==================================================================
[  444.442353] BUG: KASAN: use-after-free in pneigh_get_next.isra.18+0x1f7/0x320 at addr ffff8800a7868488
[  444.451781] Read of size 8 by task syz-executor.2/12203
[  444.457116] CPU: 1 PID: 12203 Comm: syz-executor.2 Tainted: G    B           4.7.0+ #1
[  444.465156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  444.474485]  1ffffffff0d56312 ffff8800aef371c0 ffffffff829e0956 ffff8800a7868480
[  444.482489]  ffff8800aef37250 ffff8800a7868480 ffff88012bc00500 ffff8800aef37240
[  444.490500]  ffffffff8174e667 0000000000000010 ffff880000000000 0000000000000282
[  444.498479] Call Trace:
[  444.501036]  [<ffffffff829e0956>] dump_stack+0xe6/0x120
[  444.506373]  [<ffffffff8174e667>] kasan_report_error+0x1e7/0x5b0
[  444.512486]  [<ffffffff8174eb2e>] __asan_report_load8_noabort+0x3e/0x40
[  444.519208]  [<ffffffff84698307>] ? pneigh_get_next.isra.18+0x1f7/0x320
[  444.525934]  [<ffffffff84698307>] pneigh_get_next.isra.18+0x1f7/0x320
[  444.532482]  [<ffffffff8469f880>] ? neigh_connected_output+0x510/0x510
[  444.539118]  [<ffffffff858bea30>] ? mutex_lock_killable_nested+0xce0/0xce0
[  444.546101]  [<ffffffff846991a1>] neigh_seq_next+0x91/0x1c0
[  444.551779]  [<ffffffff81811434>] seq_read+0x9e4/0x11a0
[  444.557113]  [<ffffffff81810a50>] ? seq_hlist_next_rcu+0x130/0x130
[  444.563400]  [<ffffffff817a6ba7>] ? rw_copy_check_uvector+0x97/0x280
[  444.569863]  [<ffffffff8148bcee>] ? rcu_read_lock_sched_held+0x9e/0x120
[  444.576588]  [<ffffffff818ff3ec>] proc_reg_read+0xbc/0x180
[  444.582182]  [<ffffffff8179efa4>] do_loop_readv_writev+0x134/0x210
[  444.588470]  [<ffffffff826fc2e8>] ? security_file_permission+0x148/0x1a0
[  444.595281]  [<ffffffff818ff330>] ? proc_reg_write+0x180/0x180
[  444.601224]  [<ffffffff818ff330>] ? proc_reg_write+0x180/0x180
[  444.607162]  [<ffffffff817a3895>] do_readv_writev+0x565/0x660
[  444.613034]  [<ffffffff817a3330>] ? vfs_write+0x4a0/0x4a0
[  444.618555]  [<ffffffff81619f70>] ? perf_event_fork+0x20/0x20
[  444.624408]  [<ffffffff8148bb27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[  444.631145]  [<ffffffff81732fd0>] ? alloc_pages_current+0x1b0/0x490
[  444.637519]  [<ffffffff817a39f7>] vfs_readv+0x67/0xa0
[  444.642677]  [<ffffffff8183f55d>] default_file_splice_read+0x42d/0x800
[  444.649326]  [<ffffffff8183f130>] ? __generic_file_splice_read+0xef0/0xef0
[  444.656315]  [<ffffffff81444f68>] ? mark_held_locks+0xc8/0x120
[  444.662255]  [<ffffffff82a45fcf>] ? debug_check_no_obj_freed+0x15f/0x760
[  444.669064]  [<ffffffff858c91ea>] ? _raw_spin_unlock_irqrestore+0x6a/0xd0
[  444.675981]  [<ffffffff8183db80>] ? page_cache_pipe_buf_release+0x120/0x120
[  444.683055]  [<ffffffff858c9226>] ? _raw_spin_unlock_irqrestore+0xa6/0xd0
[  444.689956]  [<ffffffff81444f68>] ? mark_held_locks+0xc8/0x120
[  444.695900]  [<ffffffff81648c12>] ? free_hot_cold_page+0x502/0xa70
[  444.702184]  [<ffffffff8144540c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  444.708993]  [<ffffffff814455ad>] ? trace_hardirqs_on+0xd/0x10
[  444.714931]  [<ffffffff81665bf7>] ? __put_page+0x67/0x80
[  444.720366]  [<ffffffff817a29c8>] ? rw_verify_area+0xb8/0x2b0
[  444.726226]  [<ffffffff8183af13>] do_splice_to+0xe3/0x140
[  444.731731]  [<ffffffff8183b1a5>] splice_direct_to_actor+0x235/0x7c0
[  444.738193]  [<ffffffff81839c20>] ? generic_pipe_buf_nosteal+0x10/0x10
[  444.744829]  [<ffffffff8183af70>] ? do_splice_to+0x140/0x140
[  444.750595]  [<ffffffff826fc20a>] ? security_file_permission+0x6a/0x1a0
[  444.757327]  [<ffffffff817a29c8>] ? rw_verify_area+0xb8/0x2b0
[  444.763178]  [<ffffffff8183b87e>] do_splice_direct+0x14e/0x260
[  444.769120]  [<ffffffff8183b730>] ? splice_direct_to_actor+0x7c0/0x7c0
[  444.775756]  [<ffffffff81439b62>] ? percpu_down_read+0x52/0x90
[  444.781693]  [<ffffffff817aa7a2>] ? __sb_start_write+0xb2/0xf0
[  444.787632]  [<ffffffff817aa7a2>] ? __sb_start_write+0xb2/0xf0
[  444.793572]  [<ffffffff817a5560>] do_sendfile+0x4c0/0xe40
[  444.799097]  [<ffffffff817a50a0>] ? do_compat_pwritev64.isra.24+0xc0/0xc0
[  444.806000]  [<ffffffff816c1c21>] ? __might_fault+0xf1/0x1b0
[  444.811766]  [<ffffffff817a713d>] SyS_sendfile64+0x11d/0x120
[  444.817533]  [<ffffffff817a7020>] ? SyS_sendfile+0x110/0x110
[  444.824436]  [<ffffffff8144540c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  444.831345]  [<ffffffff8100501a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
[  444.837896]  [<ffffffff858c93c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  444.844442] Object at ffff8800a7868480, in cache kmalloc-256
[  444.850206] Object freed, allocated with size 240 bytes
[  444.855535] Allocation:
[  444.858090] PID = 12203
[  444.860641]  [<ffffffff812103a6>] save_stack_trace+0x26/0x50
[  444.866531]  [<ffffffff8174d8d6>] save_stack+0x46/0xd0
[  444.871892]  [<ffffffff8174db7a>] kasan_kmalloc+0xda/0x100
[  444.877600]  [<ffffffff81749f32>] kmem_cache_alloc_trace+0x142/0x780
[  444.884198]  [<ffffffff84dc7484>] ipv6_dev_mc_inc+0x294/0xde0
[  444.890174]  [<ffffffff84d540e7>] ipv6_add_dev+0xa87/0xfd0
[  444.895888]  [<ffffffff84d67254>] addrconf_notify+0x764/0x1cf0
[  444.901946]  [<ffffffff813b470b>] notifier_call_chain+0x8b/0x170
[  444.908182]  [<ffffffff813b4811>] raw_notifier_call_chain+0x11/0x20
[  444.914684]  [<ffffffff84661377>] call_netdevice_notifiers_info+0x47/0x80
[  444.921702]  [<ffffffff84687697>] register_netdevice+0x907/0xd60
[  444.927936]  [<ffffffff835e3170>] __tun_chr_ioctl+0x13e0/0x3540
[  444.934080]  [<ffffffff835e52fe>] tun_chr_ioctl+0xe/0x10
[  444.939620]  [<ffffffff817dbd5f>] do_vfs_ioctl+0x17f/0xec0
[  444.945338]  [<ffffffff817dcb14>] SyS_ioctl+0x74/0x80
[  444.950619]  [<ffffffff858c93c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  444.957288] Deallocation:
[  444.960013] PID = 12198
[  444.962563]  [<ffffffff812103a6>] save_stack_trace+0x26/0x50
[  444.968452]  [<ffffffff8174d8d6>] save_stack+0x46/0xd0
[  444.973835]  [<ffffffff8174e0bb>] kasan_slab_free+0x9b/0xd0
[  444.979640]  [<ffffffff8174bf0f>] kfree+0xcf/0x2c0
[  444.984657]  [<ffffffff84dc0fe2>] ma_put+0x42/0x60
[  444.989682]  [<ffffffff84dce301>] ipv6_mc_destroy_dev+0xe1/0x150
[  444.995920]  [<ffffffff84d5cb78>] addrconf_ifdown+0x7f8/0xcd0
[  445.001894]  [<ffffffff84d67200>] addrconf_notify+0x710/0x1cf0
[  445.007952]  [<ffffffff813b470b>] notifier_call_chain+0x8b/0x170
[  445.014194]  [<ffffffff813b4811>] raw_notifier_call_chain+0x11/0x20
[  445.020689]  [<ffffffff84661377>] call_netdevice_notifiers_info+0x47/0x80
[  445.027702]  [<ffffffff8466dfca>] rollback_registered_many+0x3fa/0x740
[  445.034458]  [<ffffffff8466e37f>] rollback_registered+0x6f/0x90
[  445.040601]  [<ffffffff8466e408>] unregister_netdevice_queue+0x68/0x120
[  445.047444]  [<ffffffff835e0cfe>] __tun_detach+0x73e/0x9c0
[  445.053161]  [<ffffffff835e0fc0>] tun_chr_close+0x40/0x60
[  445.058788]  [<ffffffff817a7b9e>] __fput+0x20e/0x750
[  445.063978]  [<ffffffff817a8149>] ____fput+0x9/0x10
[  445.069090]  [<ffffffff813ac959>] task_work_run+0xd9/0x150
[  445.074824]  [<ffffffff810066d3>] exit_to_usermode_loop+0x183/0x1c0
[  445.081331]  [<ffffffff81008815>] syscall_return_slowpath+0x275/0x2f0
[  445.088000]  [<ffffffff858c945c>] entry_SYSCALL_64_fastpath+0xbf/0xc1
[  445.094671] Memory state around the buggy address:
[  445.099575]  ffff8800a7868380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  445.106905]  ffff8800a7868400: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  445.114231] >ffff8800a7868480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  445.121646]                       ^
[  445.125242]  ffff8800a7868500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  445.132569]  ffff8800a7868580: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[  445.139895] ==================================================================
[  445.147260] ==================================================================
[  445.154621] BUG: KASAN: use-after-free in pneigh_get_next.isra.18+0x214/0x320 at addr ffff8800a7868480
[  445.164032] Read of size 8 by task syz-executor.2/12203
[  445.169365] CPU: 1 PID: 12203 Comm: syz-executor.2 Tainted: G    B           4.7.0+ #1
[  445.177398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  445.186819]  1ffffffff0d56312 ffff8800aef371c0 ffffffff829e0956 ffff8800a7868480
[  445.194813]  ffff8800aef37250 ffff8800a7868480 ffff88012bc00500 ffff8800aef37240
[  445.202795]  ffffffff8174e667 0000000000000010 ffff880000000000 0000000000000282
[  445.210796] Call Trace:
[  445.213358]  [<ffffffff829e0956>] dump_stack+0xe6/0x120
[  445.218694]  [<ffffffff8174e667>] kasan_report_error+0x1e7/0x5b0
[  445.224819]  [<ffffffff8174eb2e>] __asan_report_load8_noabort+0x3e/0x40
[  445.231549]  [<ffffffff84698324>] ? pneigh_get_next.isra.18+0x214/0x320
[  445.238268]  [<ffffffff84698324>] pneigh_get_next.isra.18+0x214/0x320
[  445.244814]  [<ffffffff8469f880>] ? neigh_connected_output+0x510/0x510
[  445.251461]  [<ffffffff858bea30>] ? mutex_lock_killable_nested+0xce0/0xce0
[  445.258446]  [<ffffffff846991a1>] neigh_seq_next+0x91/0x1c0
[  445.264127]  [<ffffffff81811434>] seq_read+0x9e4/0x11a0
[  445.269469]  [<ffffffff81810a50>] ? seq_hlist_next_rcu+0x130/0x130
[  445.275849]  [<ffffffff817a6ba7>] ? rw_copy_check_uvector+0x97/0x280
[  445.282311]  [<ffffffff8148bcee>] ? rcu_read_lock_sched_held+0x9e/0x120
[  445.289050]  [<ffffffff818ff3ec>] proc_reg_read+0xbc/0x180
[  445.294645]  [<ffffffff8179efa4>] do_loop_readv_writev+0x134/0x210
[  445.300936]  [<ffffffff826fc2e8>] ? security_file_permission+0x148/0x1a0
[  445.307742]  [<ffffffff818ff330>] ? proc_reg_write+0x180/0x180
[  445.313687]  [<ffffffff818ff330>] ? proc_reg_write+0x180/0x180
[  445.319647]  [<ffffffff817a3895>] do_readv_writev+0x565/0x660
[  445.325509]  [<ffffffff817a3330>] ? vfs_write+0x4a0/0x4a0
[  445.331021]  [<ffffffff81619f70>] ? perf_event_fork+0x20/0x20
[  445.336874]  [<ffffffff8148bb27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[  445.343595]  [<ffffffff81732fd0>] ? alloc_pages_current+0x1b0/0x490
[  445.349968]  [<ffffffff817a39f7>] vfs_readv+0x67/0xa0
[  445.356266]  [<ffffffff8183f55d>] default_file_splice_read+0x42d/0x800
[  445.362900]  [<ffffffff8183f130>] ? __generic_file_splice_read+0xef0/0xef0
[  445.369882]  [<ffffffff81444f68>] ? mark_held_locks+0xc8/0x120
[  445.375825]  [<ffffffff82a45fcf>] ? debug_check_no_obj_freed+0x15f/0x760
[  445.382637]  [<ffffffff858c91ea>] ? _raw_spin_unlock_irqrestore+0x6a/0xd0
[  445.389533]  [<ffffffff8183db80>] ? page_cache_pipe_buf_release+0x120/0x120
[  445.396601]  [<ffffffff858c9226>] ? _raw_spin_unlock_irqrestore+0xa6/0xd0
[  445.403499]  [<ffffffff81444f68>] ? mark_held_locks+0xc8/0x120
[  445.409455]  [<ffffffff81648c12>] ? free_hot_cold_page+0x502/0xa70
[  445.415746]  [<ffffffff8144540c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  445.422552]  [<ffffffff814455ad>] ? trace_hardirqs_on+0xd/0x10
[  445.428500]  [<ffffffff81665bf7>] ? __put_page+0x67/0x80
[  445.434004]  [<ffffffff817a29c8>] ? rw_verify_area+0xb8/0x2b0
[  445.439857]  [<ffffffff8183af13>] do_splice_to+0xe3/0x140
[  445.445364]  [<ffffffff8183b1a5>] splice_direct_to_actor+0x235/0x7c0
[  445.451833]  [<ffffffff81839c20>] ? generic_pipe_buf_nosteal+0x10/0x10
[  445.458469]  [<ffffffff8183af70>] ? do_splice_to+0x140/0x140
[  445.464247]  [<ffffffff826fc20a>] ? security_file_permission+0x6a/0x1a0
[  445.470975]  [<ffffffff817a29c8>] ? rw_verify_area+0xb8/0x2b0
[  445.476835]  [<ffffffff8183b87e>] do_splice_direct+0x14e/0x260
[  445.482774]  [<ffffffff8183b730>] ? splice_direct_to_actor+0x7c0/0x7c0
[  445.489410]  [<ffffffff81439b62>] ? percpu_down_read+0x52/0x90
[  445.495352]  [<ffffffff817aa7a2>] ? __sb_start_write+0xb2/0xf0
[  445.501297]  [<ffffffff817aa7a2>] ? __sb_start_write+0xb2/0xf0
[  445.507237]  [<ffffffff817a5560>] do_sendfile+0x4c0/0xe40
[  445.512759]  [<ffffffff817a50a0>] ? do_compat_pwritev64.isra.24+0xc0/0xc0
[  445.519657]  [<ffffffff816c1c21>] ? __might_fault+0xf1/0x1b0
[  445.525428]  [<ffffffff817a713d>] SyS_sendfile64+0x11d/0x120
[  445.531987]  [<ffffffff817a7020>] ? SyS_sendfile+0x110/0x110
[  445.537756]  [<ffffffff8144540c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  445.544563]  [<ffffffff8100501a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
[  445.551114]  [<ffffffff858c93c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  445.557663] Object at ffff8800a7868480, in cache kmalloc-256
[  445.563426] Object freed, allocated with size 240 bytes
[  445.568758] Allocation:
[  445.571311] PID = 12203
[  445.573864]  [<ffffffff812103a6>] save_stack_trace+0x26/0x50
[  445.579753]  [<ffffffff8174d8d6>] save_stack+0x46/0xd0
[  445.585118]  [<ffffffff8174db7a>] kasan_kmalloc+0xda/0x100
[  445.590831]  [<ffffffff81749f32>] kmem_cache_alloc_trace+0x142/0x780
[  445.597417]  [<ffffffff84dc7484>] ipv6_dev_mc_inc+0x294/0xde0
[  445.603401]  [<ffffffff84d540e7>] ipv6_add_dev+0xa87/0xfd0
[  445.609129]  [<ffffffff84d67254>] addrconf_notify+0x764/0x1cf0
[  445.615205]  [<ffffffff813b470b>] notifier_call_chain+0x8b/0x170
[  445.621437]  [<ffffffff813b4811>] raw_notifier_call_chain+0x11/0x20
[  445.627926]  [<ffffffff84661377>] call_netdevice_notifiers_info+0x47/0x80
[  445.634954]  [<ffffffff84687697>] register_netdevice+0x907/0xd60
[  445.641197]  [<ffffffff835e3170>] __tun_chr_ioctl+0x13e0/0x3540
[  445.647347]  [<ffffffff835e52fe>] tun_chr_ioctl+0xe/0x10
[  445.652881]  [<ffffffff817dbd5f>] do_vfs_ioctl+0x17f/0xec0
[  445.658592]  [<ffffffff817dcb14>] SyS_ioctl+0x74/0x80
[  445.663871]  [<ffffffff858c93c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  445.670549] Deallocation:
[  445.673274] PID = 12198
[  445.675847]  [<ffffffff812103a6>] save_stack_trace+0x26/0x50
[  445.681743]  [<ffffffff8174d8d6>] save_stack+0x46/0xd0
[  445.687108]  [<ffffffff8174e0bb>] kasan_slab_free+0x9b/0xd0
[  445.692911]  [<ffffffff8174bf0f>] kfree+0xcf/0x2c0
[  445.697934]  [<ffffffff84dc0fe2>] ma_put+0x42/0x60
[  445.702954]  [<ffffffff84dce301>] ipv6_mc_destroy_dev+0xe1/0x150
[  445.709188]  [<ffffffff84d5cb78>] addrconf_ifdown+0x7f8/0xcd0
[  445.715212]  [<ffffffff84d67200>] addrconf_notify+0x710/0x1cf0
[  445.721270]  [<ffffffff813b470b>] notifier_call_chain+0x8b/0x170
[  445.727504]  [<ffffffff813b4811>] raw_notifier_call_chain+0x11/0x20
[  445.734015]  [<ffffffff84661377>] call_netdevice_notifiers_info+0x47/0x80
[  445.741035]  [<ffffffff8466dfca>] rollback_registered_many+0x3fa/0x740
[  445.747791]  [<ffffffff8466e37f>] rollback_registered+0x6f/0x90
[  445.753941]  [<ffffffff8466e408>] unregister_netdevice_queue+0x68/0x120
[  445.760786]  [<ffffffff835e0cfe>] __tun_detach+0x73e/0x9c0
[  445.766513]  [<ffffffff835e0fc0>] tun_chr_close+0x40/0x60
[  445.772139]  [<ffffffff817a7b9e>] __fput+0x20e/0x750
[  445.777338]  [<ffffffff817a8149>] ____fput+0x9/0x10
[  445.782447]  [<ffffffff813ac959>] task_work_run+0xd9/0x150
[  445.788162]  [<ffffffff810066d3>] exit_to_usermode_loop+0x183/0x1c0
[  445.794661]  [<ffffffff81008815>] syscall_return_slowpath+0x275/0x2f0
[  445.801328]  [<ffffffff858c945c>] entry_SYSCALL_64_fastpath+0xbf/0xc1
[  445.807997] Memory state around the buggy address:
[  445.812895]  ffff8800a7868380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  445.820222]  ffff8800a7868400: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  445.827563] >ffff8800a7868480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  445.834892]                    ^
[  445.838228]  ffff8800a7868500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  445.845557]  ffff8800a7868580: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[  445.852888] ==================================================================
[  445.860263] ==================================================================
[  445.867607] BUG: KASAN: use-after-free in pneigh_get_next.isra.18+0x1f7/0x320 at addr ffff8800a21546c8
[  445.877023] Read of size 8 by task syz-executor.2/12203
[  445.882368] CPU: 1 PID: 12203 Comm: syz-executor.2 Tainted: G    B           4.7.0+ #1
[  445.890393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  445.899728]  1ffffffff0d56312 ffff8800aef371c0 ffffffff829e0956 ffff8800a21546c0
[  445.907713]  ffff8800aef37250 ffff8800a21546c0 ffff88012bc00900 ffff8800aef37240
[  445.915710]  ffffffff8174e667 0000000000000010 ffff880000000000 0000000000000282
[  445.923712] Call Trace:
[  445.926274]  [<ffffffff829e0956>] dump_stack+0xe6/0x120
[  445.931607]  [<ffffffff8174e667>] kasan_report_error+0x1e7/0x5b0
[  445.937723]  [<ffffffff8174eb2e>] __asan_report_load8_noabort+0x3e/0x40
[  445.944463]  [<ffffffff84698307>] ? pneigh_get_next.isra.18+0x1f7/0x320
[  445.951186]  [<ffffffff84698307>] pneigh_get_next.isra.18+0x1f7/0x320
[  445.957746]  [<ffffffff8469f880>] ? neigh_connected_output+0x510/0x510
[  445.964387]  [<ffffffff858bea30>] ? mutex_lock_killable_nested+0xce0/0xce0
[  445.971371]  [<ffffffff846991a1>] neigh_seq_next+0x91/0x1c0
[  445.977049]  [<ffffffff81811434>] seq_read+0x9e4/0x11a0
[  445.982380]  [<ffffffff81810a50>] ? seq_hlist_next_rcu+0x130/0x130
[  445.988669]  [<ffffffff817a6ba7>] ? rw_copy_check_uvector+0x97/0x280
[  445.995133]  [<ffffffff8148bcee>] ? rcu_read_lock_sched_held+0x9e/0x120
[  446.001868]  [<ffffffff818ff3ec>] proc_reg_read+0xbc/0x180
[  446.007465]  [<ffffffff8179efa4>] do_loop_readv_writev+0x134/0x210
[  446.013754]  [<ffffffff826fc2e8>] ? security_file_permission+0x148/0x1a0
[  446.020563]  [<ffffffff818ff330>] ? proc_reg_write+0x180/0x180
[  446.026516]  [<ffffffff818ff330>] ? proc_reg_write+0x180/0x180
[  446.032456]  [<ffffffff817a3895>] do_readv_writev+0x565/0x660
[  446.038308]  [<ffffffff817a3330>] ? vfs_write+0x4a0/0x4a0
[  446.043815]  [<ffffffff81619f70>] ? perf_event_fork+0x20/0x20
[  446.049670]  [<ffffffff8148bb27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[  446.056397]  [<ffffffff81732fd0>] ? alloc_pages_current+0x1b0/0x490
[  446.062787]  [<ffffffff817a39f7>] vfs_readv+0x67/0xa0
[  446.067948]  [<ffffffff8183f55d>] default_file_splice_read+0x42d/0x800
[  446.074598]  [<ffffffff8183f130>] ? __generic_file_splice_read+0xef0/0xef0
[  446.081586]  [<ffffffff81444f68>] ? mark_held_locks+0xc8/0x120
[  446.087528]  [<ffffffff82a45fcf>] ? debug_check_no_obj_freed+0x15f/0x760
[  446.094339]  [<ffffffff858c91ea>] ? _raw_spin_unlock_irqrestore+0x6a/0xd0
[  446.101236]  [<ffffffff8183db80>] ? page_cache_pipe_buf_release+0x120/0x120
[  446.108307]  [<ffffffff858c9226>] ? _raw_spin_unlock_irqrestore+0xa6/0xd0
[  446.115201]  [<ffffffff81444f68>] ? mark_held_locks+0xc8/0x120
[  446.121146]  [<ffffffff81648c12>] ? free_hot_cold_page+0x502/0xa70
[  446.127440]  [<ffffffff8144540c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  446.134247]  [<ffffffff814455ad>] ? trace_hardirqs_on+0xd/0x10
[  446.140187]  [<ffffffff81665bf7>] ? __put_page+0x67/0x80
[  446.145609]  [<ffffffff817a29c8>] ? rw_verify_area+0xb8/0x2b0
[  446.151469]  [<ffffffff8183af13>] do_splice_to+0xe3/0x140
[  446.156975]  [<ffffffff8183b1a5>] splice_direct_to_actor+0x235/0x7c0
[  446.163444]  [<ffffffff81839c20>] ? generic_pipe_buf_nosteal+0x10/0x10
[  446.170079]  [<ffffffff8183af70>] ? do_splice_to+0x140/0x140
[  446.175861]  [<ffffffff826fc20a>] ? security_file_permission+0x6a/0x1a0
[  446.182581]  [<ffffffff817a29c8>] ? rw_verify_area+0xb8/0x2b0
[  446.188434]  [<ffffffff8183b87e>] do_splice_direct+0x14e/0x260
[  446.194375]  [<ffffffff8183b730>] ? splice_direct_to_actor+0x7c0/0x7c0
[  446.201009]  [<ffffffff81439b62>] ? percpu_down_read+0x52/0x90
[  446.206963]  [<ffffffff817aa7a2>] ? __sb_start_write+0xb2/0xf0
[  446.212903]  [<ffffffff817aa7a2>] ? __sb_start_write+0xb2/0xf0
[  446.218843]  [<ffffffff817a5560>] do_sendfile+0x4c0/0xe40
[  446.224360]  [<ffffffff817a50a0>] ? do_compat_pwritev64.isra.24+0xc0/0xc0
[  446.231258]  [<ffffffff816c1c21>] ? __might_fault+0xf1/0x1b0
[  446.237024]  [<ffffffff817a713d>] SyS_sendfile64+0x11d/0x120
[  446.242788]  [<ffffffff817a7020>] ? SyS_sendfile+0x110/0x110
[  446.248553]  [<ffffffff8144540c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  446.255367]  [<ffffffff8100501a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
[  446.261915]  [<ffffffff858c93c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  446.268462] Object at ffff8800a21546c0, in cache kmalloc-4096
[  446.274314] Object freed, allocated with size 2816 bytes
[  446.279732] Allocation:
[  446.282285] PID = 12203
[  446.284836]  [<ffffffff812103a6>] save_stack_trace+0x26/0x50
[  446.290751]  [<ffffffff8174d8d6>] save_stack+0x46/0xd0
[  446.296115]  [<ffffffff8174db7a>] kasan_kmalloc+0xda/0x100
[  446.301823]  [<ffffffff81748275>] __kmalloc_track_caller+0x165/0x790
[  446.308402]  [<ffffffff81692acb>] kmemdup+0x1b/0x40
[  446.313569]  [<ffffffff84d4c486>] __addrconf_sysctl_register+0x86/0x340
[  446.320416]  [<ffffffff84d4d704>] addrconf_sysctl_register+0x104/0x1a0
[  446.327168]  [<ffffffff84d53fd8>] ipv6_add_dev+0x978/0xfd0
[  446.332894]  [<ffffffff84d67254>] addrconf_notify+0x764/0x1cf0
[  446.338961]  [<ffffffff813b470b>] notifier_call_chain+0x8b/0x170
[  446.347514]  [<ffffffff813b4811>] raw_notifier_call_chain+0x11/0x20
[  446.354015]  [<ffffffff84661377>] call_netdevice_notifiers_info+0x47/0x80
[  446.361036]  [<ffffffff84687697>] register_netdevice+0x907/0xd60
[  446.367271]  [<ffffffff835e3170>] __tun_chr_ioctl+0x13e0/0x3540
[  446.373425]  [<ffffffff835e52fe>] tun_chr_ioctl+0xe/0x10
[  446.378966]  [<ffffffff817dbd5f>] do_vfs_ioctl+0x17f/0xec0
[  446.384685]  [<ffffffff817dcb14>] SyS_ioctl+0x74/0x80
[  446.389964]  [<ffffffff858c93c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  446.396634] Deallocation:
[  446.399360] PID = 12198
[  446.401911]  [<ffffffff812103a6>] save_stack_trace+0x26/0x50
[  446.407822]  [<ffffffff8174d8d6>] save_stack+0x46/0xd0
[  446.413191]  [<ffffffff8174e0bb>] kasan_slab_free+0x9b/0xd0
[  446.418992]  [<ffffffff8174bf0f>] kfree+0xcf/0x2c0
[  446.424010]  [<ffffffff84d4d81a>] __addrconf_sysctl_unregister.isra.42+0x7a/0xa0
[  446.431642]  [<ffffffff84d5cbd6>] addrconf_ifdown+0x856/0xcd0
[  446.437619]  [<ffffffff84d67200>] addrconf_notify+0x710/0x1cf0
[  446.443679]  [<ffffffff813b470b>] notifier_call_chain+0x8b/0x170
[  446.449911]  [<ffffffff813b4811>] raw_notifier_call_chain+0x11/0x20
[  446.456406]  [<ffffffff84661377>] call_netdevice_notifiers_info+0x47/0x80
[  446.463442]  [<ffffffff8466dfca>] rollback_registered_many+0x3fa/0x740
[  446.470203]  [<ffffffff8466e37f>] rollback_registered+0x6f/0x90
[  446.476351]  [<ffffffff8466e408>] unregister_netdevice_queue+0x68/0x120
[  446.483194]  [<ffffffff835e0cfe>] __tun_detach+0x73e/0x9c0
[  446.488904]  [<ffffffff835e0fc0>] tun_chr_close+0x40/0x60
[  446.494529]  [<ffffffff817a7b9e>] __fput+0x20e/0x750
[  446.499744]  [<ffffffff817a8149>] ____fput+0x9/0x10
[  446.504850]  [<ffffffff813ac959>] task_work_run+0xd9/0x150
[  446.510567]  [<ffffffff810066d3>] exit_to_usermode_loop+0x183/0x1c0
[  446.517073]  [<ffffffff81008815>] syscall_return_slowpath+0x275/0x2f0
[  446.523752]  [<ffffffff858c945c>] entry_SYSCALL_64_fastpath+0xbf/0xc1
[  446.530419] Memory state around the buggy address:
[  446.535322]  ffff8800a2154580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  446.542654]  ffff8800a2154600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  446.549995] >ffff8800a2154680: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[  446.557328]                                               ^
[  446.563008]  ffff8800a2154700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  446.570425]  ffff8800a2154780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  446.577755] ==================================================================
[  446.585130] ==================================================================
[  446.592473] BUG: KASAN: use-after-free in pneigh_get_next.isra.18+0x214/0x320 at addr ffff8800a21546c0
[  446.601885] Read of size 8 by task syz-executor.2/12203
[  446.607220] CPU: 1 PID: 12203 Comm: syz-executor.2 Tainted: G    B           4.7.0+ #1
[  446.615244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  446.624573]  1ffffffff0d56312 ffff8800aef371c0 ffffffff829e0956 ffff8800a21546c0
[  446.632575]  ffff8800aef37250 ffff8800a21546c0 ffff88012bc00900 ffff8800aef37240
[  446.640566]  ffffffff8174e667 0000000000000010 ffff880000000000 0000000000000282
[  446.648561] Call Trace:
[  446.651121]  [<ffffffff829e0956>] dump_stack+0xe6/0x120
[  446.656805]  [<ffffffff8174e667>] kasan_report_error+0x1e7/0x5b0
[  446.662938]  [<ffffffff8174eb2e>] __asan_report_load8_noabort+0x3e/0x40
[  446.669663]  [<ffffffff84698324>] ? pneigh_get_next.isra.18+0x214/0x320
[  446.676387]  [<ffffffff84698324>] pneigh_get_next.isra.18+0x214/0x320
[  446.682939]  [<ffffffff8469f880>] ? neigh_connected_output+0x510/0x510
[  446.689575]  [<ffffffff858bea30>] ? mutex_lock_killable_nested+0xce0/0xce0
[  446.696560]  [<ffffffff846991a1>] neigh_seq_next+0x91/0x1c0
[  446.702240]  [<ffffffff81811434>] seq_read+0x9e4/0x11a0
[  446.707592]  [<ffffffff81810a50>] ? seq_hlist_next_rcu+0x130/0x130
[  446.713882]  [<ffffffff817a6ba7>] ? rw_copy_check_uvector+0x97/0x280
[  446.720348]  [<ffffffff8148bcee>] ? rcu_read_lock_sched_held+0x9e/0x120
[  446.727069]  [<ffffffff818ff3ec>] proc_reg_read+0xbc/0x180
[  446.732664]  [<ffffffff8179efa4>] do_loop_readv_writev+0x134/0x210
[  446.738951]  [<ffffffff826fc2e8>] ? security_file_permission+0x148/0x1a0
[  446.745761]  [<ffffffff818ff330>] ? proc_reg_write+0x180/0x180
[  446.751700]  [<ffffffff818ff330>] ? proc_reg_write+0x180/0x180
[  446.757639]  [<ffffffff817a3895>] do_readv_writev+0x565/0x660
[  446.763492]  [<ffffffff817a3330>] ? vfs_write+0x4a0/0x4a0
[  446.768999]  [<ffffffff81619f70>] ? perf_event_fork+0x20/0x20
[  446.774854]  [<ffffffff8148bb27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[  446.781580]  [<ffffffff81732fd0>] ? alloc_pages_current+0x1b0/0x490
[  446.787955]  [<ffffffff817a39f7>] vfs_readv+0x67/0xa0
[  446.793115]  [<ffffffff8183f55d>] default_file_splice_read+0x42d/0x800
[  446.799752]  [<ffffffff8183f130>] ? __generic_file_splice_read+0xef0/0xef0
[  446.806748]  [<ffffffff81444f68>] ? mark_held_locks+0xc8/0x120
[  446.812692]  [<ffffffff82a45fcf>] ? debug_check_no_obj_freed+0x15f/0x760
[  446.819499]  [<ffffffff858c91ea>] ? _raw_spin_unlock_irqrestore+0x6a/0xd0
[  446.826411]  [<ffffffff8183db80>] ? page_cache_pipe_buf_release+0x120/0x120
[  446.833480]  [<ffffffff858c9226>] ? _raw_spin_unlock_irqrestore+0xa6/0xd0
[  446.840380]  [<ffffffff81444f68>] ? mark_held_locks+0xc8/0x120
[  446.846326]  [<ffffffff81648c12>] ? free_hot_cold_page+0x502/0xa70
[  446.852612]  [<ffffffff8144540c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  446.859422]  [<ffffffff814455ad>] ? trace_hardirqs_on+0xd/0x10
[  446.865363]  [<ffffffff81665bf7>] ? __put_page+0x67/0x80
[  446.870785]  [<ffffffff817a29c8>] ? rw_verify_area+0xb8/0x2b0
[  446.876641]  [<ffffffff8183af13>] do_splice_to+0xe3/0x140
[  446.882150]  [<ffffffff8183b1a5>] splice_direct_to_actor+0x235/0x7c0
[  446.888619]  [<ffffffff81839c20>] ? generic_pipe_buf_nosteal+0x10/0x10
[  446.895254]  [<ffffffff8183af70>] ? do_splice_to+0x140/0x140
[  446.901023]  [<ffffffff826fc20a>] ? security_file_permission+0x6a/0x1a0
[  446.907747]  [<ffffffff817a29c8>] ? rw_verify_area+0xb8/0x2b0
[  446.913615]  [<ffffffff8183b87e>] do_splice_direct+0x14e/0x260
[  446.919555]  [<ffffffff8183b730>] ? splice_direct_to_actor+0x7c0/0x7c0
[  446.926202]  [<ffffffff81439b62>] ? percpu_down_read+0x52/0x90
[  446.932144]  [<ffffffff817aa7a2>] ? __sb_start_write+0xb2/0xf0
[  446.938085]  [<ffffffff817aa7a2>] ? __sb_start_write+0xb2/0xf0
[  446.944044]  [<ffffffff817a5560>] do_sendfile+0x4c0/0xe40
[  446.949550]  [<ffffffff817a50a0>] ? do_compat_pwritev64.isra.24+0xc0/0xc0
[  446.956446]  [<ffffffff816c1c21>] ? __might_fault+0xf1/0x1b0
[  446.962212]  [<ffffffff817a713d>] SyS_sendfile64+0x11d/0x120
[  446.967980]  [<ffffffff817a7020>] ? SyS_sendfile+0x110/0x110
[  446.973750]  [<ffffffff8144540c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  446.980564]  [<ffffffff8100501a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
[  446.987113]  [<ffffffff858c93c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  446.993665] Object at ffff8800a21546c0, in cache kmalloc-4096
[  446.999518] Object freed, allocated with size 2816 bytes
[  447.004939] Allocation:
[  447.007498] PID = 12203
[  447.010067]  [<ffffffff812103a6>] save_stack_trace+0x26/0x50
[  447.015962]  [<ffffffff8174d8d6>] save_stack+0x46/0xd0
[  447.021331]  [<ffffffff8174db7a>] kasan_kmalloc+0xda/0x100
[  447.027046]  [<ffffffff81748275>] __kmalloc_track_caller+0x165/0x790
[  447.033633]  [<ffffffff81692acb>] kmemdup+0x1b/0x40
[  447.038747]  [<ffffffff84d4c486>] __addrconf_sysctl_register+0x86/0x340
[  447.045592]  [<ffffffff84d4d704>] addrconf_sysctl_register+0x104/0x1a0
[  447.052351]  [<ffffffff84d53fd8>] ipv6_add_dev+0x978/0xfd0
[  447.058066]  [<ffffffff84d67254>] addrconf_notify+0x764/0x1cf0
[  447.064133]  [<ffffffff813b470b>] notifier_call_chain+0x8b/0x170
[  447.070371]  [<ffffffff813b4811>] raw_notifier_call_chain+0x11/0x20
[  447.076871]  [<ffffffff84661377>] call_netdevice_notifiers_info+0x47/0x80
[  447.083893]  [<ffffffff84687697>] register_netdevice+0x907/0xd60
[  447.090130]  [<ffffffff835e3170>] __tun_chr_ioctl+0x13e0/0x3540
[  447.096283]  [<ffffffff835e52fe>] tun_chr_ioctl+0xe/0x10
[  447.101825]  [<ffffffff817dbd5f>] do_vfs_ioctl+0x17f/0xec0
[  447.107544]  [<ffffffff817dcb14>] SyS_ioctl+0x74/0x80
[  447.112825]  [<ffffffff858c93c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  447.119503] Deallocation:
[  447.122231] PID = 12198
[  447.124784]  [<ffffffff812103a6>] save_stack_trace+0x26/0x50
[  447.130677]  [<ffffffff8174d8d6>] save_stack+0x46/0xd0
[  447.136048]  [<ffffffff8174e0bb>] kasan_slab_free+0x9b/0xd0
[  447.141851]  [<ffffffff8174bf0f>] kfree+0xcf/0x2c0
[  447.146890]  [<ffffffff84d4d81a>] __addrconf_sysctl_unregister.isra.42+0x7a/0xa0
[  447.154534]  [<ffffffff84d5cbd6>] addrconf_ifdown+0x856/0xcd0
[  447.160516]  [<ffffffff84d67200>] addrconf_notify+0x710/0x1cf0
[  447.166578]  [<ffffffff813b470b>] notifier_call_chain+0x8b/0x170
[  447.172813]  [<ffffffff813b4811>] raw_notifier_call_chain+0x11/0x20
[  447.179311]  [<ffffffff84661377>] call_netdevice_notifiers_info+0x47/0x80
[  447.186334]  [<ffffffff8466dfca>] rollback_registered_many+0x3fa/0x740
[  447.193092]  [<ffffffff8466e37f>] rollback_registered+0x6f/0x90
[  447.199242]  [<ffffffff8466e408>] unregister_netdevice_queue+0x68/0x120
[  447.206083]  [<ffffffff835e0cfe>] __tun_detach+0x73e/0x9c0
[  447.211802]  [<ffffffff835e0fc0>] tun_chr_close+0x40/0x60
[  447.217435]  [<ffffffff817a7b9e>] __fput+0x20e/0x750
[  447.222627]  [<ffffffff817a8149>] ____fput+0x9/0x10
[  447.227738]  [<ffffffff813ac959>] task_work_run+0xd9/0x150
[  447.233457]  [<ffffffff810066d3>] exit_to_usermode_loop+0x183/0x1c0
[  447.239955]  [<ffffffff81008815>] syscall_return_slowpath+0x275/0x2f0
[  447.246629]  [<ffffffff858c945c>] entry_SYSCALL_64_fastpath+0xbf/0xc1
[  447.253303] Memory state around the buggy address:
[  447.258202]  ffff8800a2154580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  447.265530]  ffff8800a2154600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  447.272857] >ffff8800a2154680: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[  447.280184]                                            ^
[  447.285605]  ffff8800a2154700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  447.292936]  ffff8800a2154780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  447.300267] ==================================================================
[  447.307616] ==================================================================
[  447.314958] BUG: KASAN: use-after-free in pneigh_get_next.isra.18+0x1f7/0x320 at addr ffff8800a2153308
[  447.324370] Read of size 8 by task syz-executor.2/12203
[  447.329775] CPU: 1 PID: 12203 Comm: syz-executor.2 Tainted: G    B           4.7.0+ #1
[  447.337806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  447.347134]  1ffffffff0d56312 ffff8800aef371c0 ffffffff829e0956 ffff8800a2153300
[  447.356252]  ffff8800aef37250 ffff8800a2153300 ffff88012bc00800 ffff8800aef37240
[  447.364244]  ffffffff8174e667 0000000000000010 ffff880000000000 0000000000000282
[  447.372225] Call Trace:
[  447.374787]  [<ffffffff829e0956>] dump_stack+0xe6/0x120
[  447.380121]  [<ffffffff8174e667>] kasan_report_error+0x1e7/0x5b0
[  447.386234]  [<ffffffff8174eb2e>] __asan_report_load8_noabort+0x3e/0x40
[  447.392958]  [<ffffffff84698307>] ? pneigh_get_next.isra.18+0x1f7/0x320
[  447.399680]  [<ffffffff84698307>] pneigh_get_next.isra.18+0x1f7/0x320
[  447.406230]  [<ffffffff8469f880>] ? neigh_connected_output+0x510/0x510
[  447.412867]  [<ffffffff858bea30>] ? mutex_lock_killable_nested+0xce0/0xce0
[  447.419861]  [<ffffffff846991a1>] neigh_seq_next+0x91/0x1c0
[  447.425544]  [<ffffffff81811434>] seq_read+0x9e4/0x11a0
[  447.430881]  [<ffffffff81810a50>] ? seq_hlist_next_rcu+0x130/0x130
[  447.437171]  [<ffffffff817a6ba7>] ? rw_copy_check_uvector+0x97/0x280
[  447.443635]  [<ffffffff8148bcee>] ? rcu_read_lock_sched_held+0x9e/0x120
[  447.450356]  [<ffffffff818ff3ec>] proc_reg_read+0xbc/0x180
[  447.455949]  [<ffffffff8179efa4>] do_loop_readv_writev+0x134/0x210
[  447.462238]  [<ffffffff826fc2e8>] ? security_file_permission+0x148/0x1a0
[  447.469045]  [<ffffffff818ff330>] ? proc_reg_write+0x180/0x180
[  447.474989]  [<ffffffff818ff330>] ? proc_reg_write+0x180/0x180
[  447.480930]  [<ffffffff817a3895>] do_readv_writev+0x565/0x660
[  447.486781]  [<ffffffff817a3330>] ? vfs_write+0x4a0/0x4a0
[  447.492291]  [<ffffffff81619f70>] ? perf_event_fork+0x20/0x20
[  447.498147]  [<ffffffff8148bb27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[  447.504869]  [<ffffffff81732fd0>] ? alloc_pages_current+0x1b0/0x490
[  447.511245]  [<ffffffff817a39f7>] vfs_readv+0x67/0xa0
[  447.516406]  [<ffffffff8183f55d>] default_file_splice_read+0x42d/0x800
[  447.523698]  [<ffffffff8183f130>] ? __generic_file_splice_read+0xef0/0xef0
[  447.530686]  [<ffffffff81444f68>] ? mark_held_locks+0xc8/0x120
[  447.536629]  [<ffffffff82a45fcf>] ? debug_check_no_obj_freed+0x15f/0x760
[  447.543447]  [<ffffffff858c91ea>] ? _raw_spin_unlock_irqrestore+0x6a/0xd0
[  447.550342]  [<ffffffff8183db80>] ? page_cache_pipe_buf_release+0x120/0x120
[  447.557410]  [<ffffffff858c9226>] ? _raw_spin_unlock_irqrestore+0xa6/0xd0
[  447.564303]  [<ffffffff81444f68>] ? mark_held_locks+0xc8/0x120
[  447.570246]  [<ffffffff81648c12>] ? free_hot_cold_page+0x502/0xa70
[  447.576534]  [<ffffffff8144540c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  447.583343]  [<ffffffff814455ad>] ? trace_hardirqs_on+0xd/0x10
[  447.589300]  [<ffffffff81665bf7>] ? __put_page+0x67/0x80
[  447.594725]  [<ffffffff817a29c8>] ? rw_verify_area+0xb8/0x2b0
[  447.600579]  [<ffffffff8183af13>] do_splice_to+0xe3/0x140
[  447.606085]  [<ffffffff8183b1a5>] splice_direct_to_actor+0x235/0x7c0
[  447.612547]  [<ffffffff81839c20>] ? generic_pipe_buf_nosteal+0x10/0x10
[  447.619180]  [<ffffffff8183af70>] ? do_splice_to+0x140/0x140
[  447.624947]  [<ffffffff826fc20a>] ? security_file_permission+0x6a/0x1a0
[  447.631669]  [<ffffffff817a29c8>] ? rw_verify_area+0xb8/0x2b0
[  447.637526]  [<ffffffff8183b87e>] do_splice_direct+0x14e/0x260
[  447.643465]  [<ffffffff8183b730>] ? splice_direct_to_actor+0x7c0/0x7c0
[  447.650106]  [<ffffffff81439b62>] ? percpu_down_read+0x52/0x90
[  447.656045]  [<ffffffff817aa7a2>] ? __sb_start_write+0xb2/0xf0
[  447.661986]  [<ffffffff817aa7a2>] ? __sb_start_write+0xb2/0xf0
[  447.667928]  [<ffffffff817a5560>] do_sendfile+0x4c0/0xe40
[  447.673433]  [<ffffffff817a50a0>] ? do_compat_pwritev64.isra.24+0xc0/0xc0
[  447.680328]  [<ffffffff816c1c21>] ? __might_fault+0xf1/0x1b0
[  447.686094]  [<ffffffff817a713d>] SyS_sendfile64+0x11d/0x120
[  447.691859]  [<ffffffff817a7020>] ? SyS_sendfile+0x110/0x110
[  447.697626]  [<ffffffff8144540c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  447.704433]  [<ffffffff8100501a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
[  447.710987]  [<ffffffff858c93c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  447.717536] Object at ffff8800a2153300, in cache kmalloc-2048
[  447.723388] Object freed, allocated with size 1352 bytes
[  447.728806] Allocation:
[  447.731359] PID = 12203
[  447.733910]  [<ffffffff812103a6>] save_stack_trace+0x26/0x50
[  447.739798]  [<ffffffff8174d8d6>] save_stack+0x46/0xd0
[  447.745182]  [<ffffffff8174db7a>] kasan_kmalloc+0xda/0x100
[  447.750906]  [<ffffffff81748275>] __kmalloc_track_caller+0x165/0x790
[  447.757506]  [<ffffffff81692acb>] kmemdup+0x1b/0x40
[  447.762634]  [<ffffffff84697769>] neigh_sysctl_register+0x89/0x7c0
[  447.769051]  [<ffffffff84d4d6a4>] addrconf_sysctl_register+0xa4/0x1a0
[  447.775716]  [<ffffffff84d53fd8>] ipv6_add_dev+0x978/0xfd0
[  447.781424]  [<ffffffff84d67254>] addrconf_notify+0x764/0x1cf0
[  447.787483]  [<ffffffff813b470b>] notifier_call_chain+0x8b/0x170
[  447.793717]  [<ffffffff813b4811>] raw_notifier_call_chain+0x11/0x20
[  447.800209]  [<ffffffff84661377>] call_netdevice_notifiers_info+0x47/0x80
[  447.807226]  [<ffffffff84687697>] register_netdevice+0x907/0xd60
[  447.813461]  [<ffffffff835e3170>] __tun_chr_ioctl+0x13e0/0x3540
[  447.819610]  [<ffffffff835e52fe>] tun_chr_ioctl+0xe/0x10
[  447.825145]  [<ffffffff817dbd5f>] do_vfs_ioctl+0x17f/0xec0
[  447.830871]  [<ffffffff817dcb14>] SyS_ioctl+0x74/0x80
[  447.836162]  [<ffffffff858c93c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  447.842828] Deallocation:
[  447.845569] PID = 12198
[  447.848130]  [<ffffffff812103a6>] save_stack_trace+0x26/0x50
[  447.854013]  [<ffffffff8174d8d6>] save_stack+0x46/0xd0
[  447.859388]  [<ffffffff8174e0bb>] kasan_slab_free+0x9b/0xd0
[  447.865191]  [<ffffffff8174bf0f>] kfree+0xcf/0x2c0
[  447.870206]  [<ffffffff84697eff>] neigh_sysctl_unregister+0x5f/0x80
[  447.876702]  [<ffffffff84d5cc04>] addrconf_ifdown+0x884/0xcd0
[  447.882693]  [<ffffffff84d67200>] addrconf_notify+0x710/0x1cf0
[  447.888754]  [<ffffffff813b470b>] notifier_call_chain+0x8b/0x170
[  447.894984]  [<ffffffff813b4811>] raw_notifier_call_chain+0x11/0x20
[  447.901477]  [<ffffffff84661377>] call_netdevice_notifiers_info+0x47/0x80
[  447.908518]  [<ffffffff8466dfca>] rollback_registered_many+0x3fa/0x740
[  447.915271]  [<ffffffff8466e37f>] rollback_registered+0x6f/0x90
[  447.921422]  [<ffffffff8466e408>] unregister_netdevice_queue+0x68/0x120
[  447.928268]  [<ffffffff835e0cfe>] __tun_detach+0x73e/0x9c0
[  447.933980]  [<ffffffff835e0fc0>] tun_chr_close+0x40/0x60
[  447.939608]  [<ffffffff817a7b9e>] __fput+0x20e/0x750
[  447.944797]  [<ffffffff817a8149>] ____fput+0x9/0x10
[  447.949910]  [<ffffffff813ac959>] task_work_run+0xd9/0x150
[  447.955633]  [<ffffffff810066d3>] exit_to_usermode_loop+0x183/0x1c0
[  447.962129]  [<ffffffff81008815>] syscall_return_slowpath+0x275/0x2f0
[  447.968798]  [<ffffffff858c945c>] entry_SYSCALL_64_fastpath+0xbf/0xc1
[  447.975469] Memory state around the buggy address:
[  447.980465]  ffff8800a2153200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  447.987796]  ffff8800a2153280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  447.995123] >ffff8800a2153300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  448.002449]                       ^
[  448.006044]  ffff8800a2153380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  448.013375]  ffff8800a2153400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  448.020701] ==================================================================
[  448.028064] ==================================================================
[  448.035411] BUG: KASAN: use-after-free in pneigh_get_next.isra.18+0x214/0x320 at addr ffff8800a2153300
[  448.044825] Read of size 8 by task syz-executor.2/12203
[  448.050159] CPU: 1 PID: 12203 Comm: syz-executor.2 Tainted: G    B           4.7.0+ #1
[  448.058182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  448.067522]  1ffffffff0d56312 ffff8800aef371c0 ffffffff829e0956 ffff8800a2153300
[  448.075523]  ffff8800aef37250 ffff8800a2153300 ffff88012bc00800 ffff8800aef37240
[  448.083503]  ffffffff8174e667 0000000000000010 ffff880000000000 0000000000000282
[  448.091506] Call Trace:
[  448.094064]  [<ffffffff829e0956>] dump_stack+0xe6/0x120
[  448.099396]  [<ffffffff8174e667>] kasan_report_error+0x1e7/0x5b0
[  448.105518]  [<ffffffff8174eb2e>] __asan_report_load8_noabort+0x3e/0x40
[  448.112245]  [<ffffffff84698324>] ? pneigh_get_next.isra.18+0x214/0x320
[  448.118970]  [<ffffffff84698324>] pneigh_get_next.isra.18+0x214/0x320
[  448.125520]  [<ffffffff8469f880>] ? neigh_connected_output+0x510/0x510
[  448.132162]  [<ffffffff858bea30>] ? mutex_lock_killable_nested+0xce0/0xce0
[  448.139146]  [<ffffffff846991a1>] neigh_seq_next+0x91/0x1c0
[  448.144837]  [<ffffffff81811434>] seq_read+0x9e4/0x11a0
[  448.150170]  [<ffffffff81810a50>] ? seq_hlist_next_rcu+0x130/0x130
[  448.156464]  [<ffffffff817a6ba7>] ? rw_copy_check_uvector+0x97/0x280
[  448.162925]  [<ffffffff8148bcee>] ? rcu_read_lock_sched_held+0x9e/0x120
[  448.169654]  [<ffffffff818ff3ec>] proc_reg_read+0xbc/0x180
[  448.175244]  [<ffffffff8179efa4>] do_loop_readv_writev+0x134/0x210
[  448.181534]  [<ffffffff826fc2e8>] ? security_file_permission+0x148/0x1a0
[  448.188341]  [<ffffffff818ff330>] ? proc_reg_write+0x180/0x180
[  448.194281]  [<ffffffff818ff330>] ? proc_reg_write+0x180/0x180
[  448.200220]  [<ffffffff817a3895>] do_readv_writev+0x565/0x660
[  448.206073]  [<ffffffff817a3330>] ? vfs_write+0x4a0/0x4a0
[  448.211579]  [<ffffffff81619f70>] ? perf_event_fork+0x20/0x20
[  448.217433]  [<ffffffff8148bb27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[  448.224169]  [<ffffffff81732fd0>] ? alloc_pages_current+0x1b0/0x490
[  448.230546]  [<ffffffff817a39f7>] vfs_readv+0x67/0xa0
[  448.235706]  [<ffffffff8183f55d>] default_file_splice_read+0x42d/0x800
[  448.242339]  [<ffffffff8183f130>] ? __generic_file_splice_read+0xef0/0xef0
[  448.249329]  [<ffffffff81444f68>] ? mark_held_locks+0xc8/0x120
[  448.255273]  [<ffffffff82a45fcf>] ? debug_check_no_obj_freed+0x15f/0x760
[  448.262092]  [<ffffffff858c91ea>] ? _raw_spin_unlock_irqrestore+0x6a/0xd0
[  448.269001]  [<ffffffff8183db80>] ? page_cache_pipe_buf_release+0x120/0x120
[  448.276075]  [<ffffffff858c9226>] ? _raw_spin_unlock_irqrestore+0xa6/0xd0
[  448.282969]  [<ffffffff81444f68>] ? mark_held_locks+0xc8/0x120
[  448.288910]  [<ffffffff81648c12>] ? free_hot_cold_page+0x502/0xa70
[  448.295199]  [<ffffffff8144540c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  448.302007]  [<ffffffff814455ad>] ? trace_hardirqs_on+0xd/0x10
[  448.307948]  [<ffffffff81665bf7>] ? __put_page+0x67/0x80
[  448.313369]  [<ffffffff817a29c8>] ? rw_verify_area+0xb8/0x2b0
[  448.319233]  [<ffffffff8183af13>] do_splice_to+0xe3/0x140
[  448.324750]  [<ffffffff8183b1a5>] splice_direct_to_actor+0x235/0x7c0
[  448.331227]  [<ffffffff81839c20>] ? generic_pipe_buf_nosteal+0x10/0x10
[  448.337864]  [<ffffffff8183af70>] ? do_splice_to+0x140/0x140
[  448.343630]  [<ffffffff826fc20a>] ? security_file_permission+0x6a/0x1a0
[  448.350352]  [<ffffffff817a29c8>] ? rw_verify_area+0xb8/0x2b0
[  448.356210]  [<ffffffff8183b87e>] do_splice_direct+0x14e/0x260
[  448.362163]  [<ffffffff8183b730>] ? splice_direct_to_actor+0x7c0/0x7c0
[  448.368795]  [<ffffffff81439b62>] ? percpu_down_read+0x52/0x90
[  448.374737]  [<ffffffff817aa7a2>] ? __sb_start_write+0xb2/0xf0
[  448.380677]  [<ffffffff817aa7a2>] ? __sb_start_write+0xb2/0xf0
[  448.386617]  [<ffffffff817a5560>] do_sendfile+0x4c0/0xe40
[  448.392123]  [<ffffffff817a50a0>] ? do_compat_pwritev64.isra.24+0xc0/0xc0
[  448.399020]  [<ffffffff816c1c21>] ? __might_fault+0xf1/0x1b0
[  448.404787]  [<ffffffff817a713d>] SyS_sendfile64+0x11d/0x120
[  448.410554]  [<ffffffff817a7020>] ? SyS_sendfile+0x110/0x110
[  448.416319]  [<ffffffff8144540c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  448.423130]  [<ffffffff8100501a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
[  448.429681]  [<ffffffff858c93c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  448.436232] Object at ffff8800a2153300, in cache kmalloc-2048
[  448.442084] Object freed, allocated with size 1352 bytes
[  448.447505] Allocation:
[  448.450057] PID = 12203
[  448.452608]  [<ffffffff812103a6>] save_stack_trace+0x26/0x50
[  448.458509]  [<ffffffff8174d8d6>] save_stack+0x46/0xd0
[  448.463874]  [<ffffffff8174db7a>] kasan_kmalloc+0xda/0x100
[  448.469592]  [<ffffffff81748275>] __kmalloc_track_caller+0x165/0x790
[  448.476179]  [<ffffffff81692acb>] kmemdup+0x1b/0x40
[  448.481287]  [<ffffffff84697769>] neigh_sysctl_register+0x89/0x7c0
[  448.487702]  [<ffffffff84d4d6a4>] addrconf_sysctl_register+0xa4/0x1a0
[  448.494467]  [<ffffffff84d53fd8>] ipv6_add_dev+0x978/0xfd0
[  448.500190]  [<ffffffff84d67254>] addrconf_notify+0x764/0x1cf0
[  448.506288]  [<ffffffff813b470b>] notifier_call_chain+0x8b/0x170
[  448.512522]  [<ffffffff813b4811>] raw_notifier_call_chain+0x11/0x20
[  448.519018]  [<ffffffff84661377>] call_netdevice_notifiers_info+0x47/0x80
[  448.526035]  [<ffffffff84687697>] register_netdevice+0x907/0xd60
[  448.532271]  [<ffffffff835e3170>] __tun_chr_ioctl+0x13e0/0x3540
[  448.538423]  [<ffffffff835e52fe>] tun_chr_ioctl+0xe/0x10
[  448.543960]  [<ffffffff817dbd5f>] do_vfs_ioctl+0x17f/0xec0
[  448.549684]  [<ffffffff817dcb14>] SyS_ioctl+0x74/0x80
[  448.554960]  [<ffffffff858c93c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  448.561631] Deallocation:
[  448.564356] PID = 12198
[  448.566907]  [<ffffffff812103a6>] save_stack_trace+0x26/0x50
[  448.572789]  [<ffffffff8174d8d6>] save_stack+0x46/0xd0
[  448.578155]  [<ffffffff8174e0bb>] kasan_slab_free+0x9b/0xd0
[  448.583956]  [<ffffffff8174bf0f>] kfree+0xcf/0x2c0
[  448.588986]  [<ffffffff84697eff>] neigh_sysctl_unregister+0x5f/0x80
[  448.595481]  [<ffffffff84d5cc04>] addrconf_ifdown+0x884/0xcd0
[  448.601454]  [<ffffffff84d67200>] addrconf_notify+0x710/0x1cf0
[  448.607513]  [<ffffffff813b470b>] notifier_call_chain+0x8b/0x170
[  448.613753]  [<ffffffff813b4811>] raw_notifier_call_chain+0x11/0x20
[  448.620244]  [<ffffffff84661377>] call_netdevice_notifiers_info+0x47/0x80
[  448.627260]  [<ffffffff8466dfca>] rollback_registered_many+0x3fa/0x740
[  448.634027]  [<ffffffff8466e37f>] rollback_registered+0x6f/0x90
[  448.640175]  [<ffffffff8466e408>] unregister_netdevice_queue+0x68/0x120
[  448.647018]  [<ffffffff835e0cfe>] __tun_detach+0x73e/0x9c0
[  448.652728]  [<ffffffff835e0fc0>] tun_chr_close+0x40/0x60
[  448.658371]  [<ffffffff817a7b9e>] __fput+0x20e/0x750
[  448.663567]  [<ffffffff817a8149>] ____fput+0x9/0x10
[  448.668670]  [<ffffffff813ac959>] task_work_run+0xd9/0x150
[  448.674384]  [<ffffffff810066d3>] exit_to_usermode_loop+0x183/0x1c0
[  448.680893]  [<ffffffff81008815>] syscall_return_slowpath+0x275/0x2f0
[  448.687572]  [<ffffffff858c945c>] entry_SYSCALL_64_fastpath+0xbf/0xc1
[  448.694256] Memory state around the buggy address:
[  448.699160]  ffff8800a2153200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  448.706489]  ffff8800a2153280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  448.713835] >ffff8800a2153300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  448.721164]                    ^
[  448.724498]  ffff8800a2153380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  448.731825]  ffff8800a2153400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  448.739153] ==================================================================
[  448.746513] ==================================================================
[  448.753912] BUG: KASAN: use-after-free in pneigh_get_next.isra.18+0x1f7/0x320 at addr ffff8800ae433e08
[  448.763326] Read of size 8 by task syz-executor.2/12203
[  448.768672] CPU: 1 PID: 12203 Comm: syz-executor.2 Tainted: G    B           4.7.0+ #1
[  448.776706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  448.786032]  1ffffffff0d56312 ffff8800aef371c0 ffffffff829e0956 ffff8800ae433e00
[  448.794009]  ffff8800aef37250 ffff8800ae433e00 ffff88012bc00000 ffff8800aef37240
[  448.802026]  ffffffff8174e667 0000000000000010 ffff880000000000 0000000000000282
[  448.810004] Call Trace:
[  448.812578]  [<ffffffff829e0956>] dump_stack+0xe6/0x120
[  448.817913]  [<ffffffff8174e667>] kasan_report_error+0x1e7/0x5b0
[  448.824031]  [<ffffffff8174eb2e>] __asan_report_load8_noabort+0x3e/0x40
[  448.830758]  [<ffffffff84698307>] ? pneigh_get_next.isra.18+0x1f7/0x320
[  448.837500]  [<ffffffff84698307>] pneigh_get_next.isra.18+0x1f7/0x320
[  448.844047]  [<ffffffff8469f880>] ? neigh_connected_output+0x510/0x510
[  448.850682]  [<ffffffff858bea30>] ? mutex_lock_killable_nested+0xce0/0xce0
[  448.857663]  [<ffffffff846991a1>] neigh_seq_next+0x91/0x1c0
[  448.863341]  [<ffffffff81811434>] seq_read+0x9e4/0x11a0
[  448.868674]  [<ffffffff81810a50>] ? seq_hlist_next_rcu+0x130/0x130
[  448.874963]  [<ffffffff817a6ba7>] ? rw_copy_check_uvector+0x97/0x280
[  448.881424]  [<ffffffff8148bcee>] ? rcu_read_lock_sched_held+0x9e/0x120
[  448.888158]  [<ffffffff818ff3ec>] proc_reg_read+0xbc/0x180
[  448.893751]  [<ffffffff8179efa4>] do_loop_readv_writev+0x134/0x210
[  448.900038]  [<ffffffff826fc2e8>] ? security_file_permission+0x148/0x1a0
[  448.906845]  [<ffffffff818ff330>] ? proc_reg_write+0x180/0x180
[  448.912783]  [<ffffffff818ff330>] ? proc_reg_write+0x180/0x180
[  448.918726]  [<ffffffff817a3895>] do_readv_writev+0x565/0x660
[  448.924576]  [<ffffffff817a3330>] ? vfs_write+0x4a0/0x4a0
[  448.930081]  [<ffffffff81619f70>] ? perf_event_fork+0x20/0x20
[  448.935936]  [<ffffffff8148bb27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[  448.942662]  [<ffffffff81732fd0>] ? alloc_pages_current+0x1b0/0x490
[  448.949050]  [<ffffffff817a39f7>] vfs_readv+0x67/0xa0
[  448.954209]  [<ffffffff8183f55d>] default_file_splice_read+0x42d/0x800
[  448.960841]  [<ffffffff8183f130>] ? __generic_file_splice_read+0xef0/0xef0
[  448.967822]  [<ffffffff81444f68>] ? mark_held_locks+0xc8/0x120
[  448.973761]  [<ffffffff82a45fcf>] ? debug_check_no_obj_freed+0x15f/0x760
[  448.980569]  [<ffffffff858c91ea>] ? _raw_spin_unlock_irqrestore+0x6a/0xd0
[  448.987464]  [<ffffffff8183db80>] ? page_cache_pipe_buf_release+0x120/0x120
[  448.994529]  [<ffffffff858c9226>] ? _raw_spin_unlock_irqrestore+0xa6/0xd0
[  449.001436]  [<ffffffff81444f68>] ? mark_held_locks+0xc8/0x120
[  449.007381]  [<ffffffff81648c12>] ? free_hot_cold_page+0x502/0xa70
[  449.013671]  [<ffffffff8144540c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  449.020478]  [<ffffffff814455ad>] ? trace_hardirqs_on+0xd/0x10
[  449.026420]  [<ffffffff81665bf7>] ? __put_page+0x67/0x80
[  449.031840]  [<ffffffff817a29c8>] ? rw_verify_area+0xb8/0x2b0
[  449.037697]  [<ffffffff8183af13>] do_splice_to+0xe3/0x140
[  449.043203]  [<ffffffff8183b1a5>] splice_direct_to_actor+0x235/0x7c0
[  449.049676]  [<ffffffff81839c20>] ? generic_pipe_buf_nosteal+0x10/0x10
[  449.056314]  [<ffffffff8183af70>] ? do_splice_to+0x140/0x140
[  449.062088]  [<ffffffff826fc20a>] ? security_file_permission+0x6a/0x1a0
[  449.068808]  [<ffffffff817a29c8>] ? rw_verify_area+0xb8/0x2b0
[  449.074659]  [<ffffffff8183b87e>] do_splice_direct+0x14e/0x260
[  449.080600]  [<ffffffff8183b730>] ? splice_direct_to_actor+0x7c0/0x7c0
[  449.087234]  [<ffffffff81439b62>] ? percpu_down_read+0x52/0x90
[  449.093172]  [<ffffffff817aa7a2>] ? __sb_start_write+0xb2/0xf0
[  449.099110]  [<ffffffff817aa7a2>] ? __sb_start_write+0xb2/0xf0
[  449.105048]  [<ffffffff817a5560>] do_sendfile+0x4c0/0xe40
[  449.110553]  [<ffffffff817a50a0>] ? do_compat_pwritev64.isra.24+0xc0/0xc0
[  449.117447]  [<ffffffff816c1c21>] ? __might_fault+0xf1/0x1b0
[  449.123214]  [<ffffffff817a713d>] SyS_sendfile64+0x11d/0x120
[  449.128994]  [<ffffffff817a7020>] ? SyS_sendfile+0x110/0x110
[  449.134762]  [<ffffffff8144540c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  449.141568]  [<ffffffff8100501a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
[  449.148119]  [<ffffffff858c93c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  449.154665] Object at ffff8800ae433e00, in cache kmalloc-node
[  449.160518] Object freed, allocated with size 160 bytes
[  449.165849] Allocation:
[  449.168403] PID = 12198
[  449.170957]  [<ffffffff812103a6>] save_stack_trace+0x26/0x50
[  449.176843]  [<ffffffff8174d8d6>] save_stack+0x46/0xd0
[  449.182223]  [<ffffffff8174db7a>] kasan_kmalloc+0xda/0x100
[  449.187938]  [<ffffffff81749f32>] kmem_cache_alloc_trace+0x142/0x780
[  449.194520]  [<ffffffff840aef5f>] netdevice_event+0x24f/0x7c0
[  449.200556]  [<ffffffff813b470b>] notifier_call_chain+0x8b/0x170
[  449.206789]  [<ffffffff813b4811>] raw_notifier_call_chain+0x11/0x20
[  449.213284]  [<ffffffff84661377>] call_netdevice_notifiers_info+0x47/0x80
[  449.220299]  [<ffffffff8466dfca>] rollback_registered_many+0x3fa/0x740
[  449.227052]  [<ffffffff8466e37f>] rollback_registered+0x6f/0x90
[  449.233220]  [<ffffffff8466e408>] unregister_netdevice_queue+0x68/0x120
[  449.240073]  [<ffffffff835e0cfe>] __tun_detach+0x73e/0x9c0
[  449.245814]  [<ffffffff835e0fc0>] tun_chr_close+0x40/0x60
[  449.251439]  [<ffffffff817a7b9e>] __fput+0x20e/0x750
[  449.256630]  [<ffffffff817a8149>] ____fput+0x9/0x10
[  449.261732]  [<ffffffff813ac959>] task_work_run+0xd9/0x150
[  449.267451]  [<ffffffff810066d3>] exit_to_usermode_loop+0x183/0x1c0
[  449.273947]  [<ffffffff81008815>] syscall_return_slowpath+0x275/0x2f0
[  449.280613]  [<ffffffff858c945c>] entry_SYSCALL_64_fastpath+0xbf/0xc1
[  449.287283] Deallocation:
[  449.290013] PID = 8554
[  449.292477]  [<ffffffff812103a6>] save_stack_trace+0x26/0x50
[  449.298376]  [<ffffffff8174d8d6>] save_stack+0x46/0xd0
[  449.303754]  [<ffffffff8174e0bb>] kasan_slab_free+0x9b/0xd0
[  449.309572]  [<ffffffff8174bf0f>] kfree+0xcf/0x2c0
[  449.314594]  [<ffffffff840ae89c>] netdevice_event_work_handler+0x11c/0x1d0
[  449.321706]  [<ffffffff8139fc02>] process_one_work+0x6a2/0x1580
[  449.327854]  [<ffffffff813a0bb7>] worker_thread+0xd7/0xf10
[  449.333587]  [<ffffffff813b13e9>] kthread+0x209/0x2d0
[  449.339053]  [<ffffffff858c960f>] ret_from_fork+0x1f/0x40
[  449.345391] Memory state around the buggy address:
[  449.350295]  ffff8800ae433d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  449.357623]  ffff8800ae433d80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  449.364948] >ffff8800ae433e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  449.372273]                       ^
[  449.375877]  ffff8800ae433e80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  449.383203]  ffff8800ae433f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  449.390530] ==================================================================
[  449.397906] ==================================================================
[  449.405263] BUG: KASAN: use-after-free in pneigh_get_next.isra.18+0x214/0x320 at addr ffff8800ae433e00
[  449.414679] Read of size 8 by task syz-executor.2/12203
[  449.420097] CPU: 1 PID: 12203 Comm: syz-executor.2 Tainted: G    B           4.7.0+ #1
[  449.428120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  449.437445]  1ffffffff0d56312 ffff8800aef371c0 ffffffff829e0956 ffff8800ae433e00
[  449.445445]  ffff8800aef37250 ffff8800ae433e00 ffff88012bc00000 ffff8800aef37240
[  449.453440]  ffffffff8174e667 0000000000000010 ffff880000000000 0000000000000282
[  449.461427] Call Trace:
[  449.463983]  [<ffffffff829e0956>] dump_stack+0xe6/0x120
[  449.469336]  [<ffffffff8174e667>] kasan_report_error+0x1e7/0x5b0
[  449.475452]  [<ffffffff8174eb2e>] __asan_report_load8_noabort+0x3e/0x40
[  449.482174]  [<ffffffff84698324>] ? pneigh_get_next.isra.18+0x214/0x320
[  449.488894]  [<ffffffff84698324>] pneigh_get_next.isra.18+0x214/0x320
[  449.495449]  [<ffffffff8469f880>] ? neigh_connected_output+0x510/0x510
[  449.502086]  [<ffffffff858bea30>] ? mutex_lock_killable_nested+0xce0/0xce0
[  449.509067]  [<ffffffff846991a1>] neigh_seq_next+0x91/0x1c0
[  449.514748]  [<ffffffff81811434>] seq_read+0x9e4/0x11a0
[  449.520083]  [<ffffffff81810a50>] ? seq_hlist_next_rcu+0x130/0x130
[  449.527202]  [<ffffffff817a6ba7>] ? rw_copy_check_uvector+0x97/0x280
[  449.533662]  [<ffffffff8148bcee>] ? rcu_read_lock_sched_held+0x9e/0x120
[  449.540384]  [<ffffffff818ff3ec>] proc_reg_read+0xbc/0x180
[  449.545990]  [<ffffffff8179efa4>] do_loop_readv_writev+0x134/0x210
[  449.552284]  [<ffffffff826fc2e8>] ? security_file_permission+0x148/0x1a0
[  449.559091]  [<ffffffff818ff330>] ? proc_reg_write+0x180/0x180
[  449.565034]  [<ffffffff818ff330>] ? proc_reg_write+0x180/0x180
[  449.570973]  [<ffffffff817a3895>] do_readv_writev+0x565/0x660
[  449.576842]  [<ffffffff817a3330>] ? vfs_write+0x4a0/0x4a0
[  449.582351]  [<ffffffff81619f70>] ? perf_event_fork+0x20/0x20
[  449.588206]  [<ffffffff8148bb27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[  449.594931]  [<ffffffff81732fd0>] ? alloc_pages_current+0x1b0/0x490
[  449.601305]  [<ffffffff817a39f7>] vfs_readv+0x67/0xa0
[  449.606467]  [<ffffffff8183f55d>] default_file_splice_read+0x42d/0x800
[  449.613103]  [<ffffffff8183f130>] ? __generic_file_splice_read+0xef0/0xef0
[  449.620086]  [<ffffffff81444f68>] ? mark_held_locks+0xc8/0x120
[  449.626030]  [<ffffffff82a45fcf>] ? debug_check_no_obj_freed+0x15f/0x760
[  449.632836]  [<ffffffff858c91ea>] ? _raw_spin_unlock_irqrestore+0x6a/0xd0
[  449.639735]  [<ffffffff8183db80>] ? page_cache_pipe_buf_release+0x120/0x120
[  449.646818]  [<ffffffff858c9226>] ? _raw_spin_unlock_irqrestore+0xa6/0xd0
[  449.653715]  [<ffffffff81444f68>] ? mark_held_locks+0xc8/0x120
[  449.659656]  [<ffffffff81648c12>] ? free_hot_cold_page+0x502/0xa70
[  449.665947]  [<ffffffff8144540c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  449.672756]  [<ffffffff814455ad>] ? trace_hardirqs_on+0xd/0x10
[  449.678710]  [<ffffffff81665bf7>] ? __put_page+0x67/0x80
[  449.684136]  [<ffffffff817a29c8>] ? rw_verify_area+0xb8/0x2b0
[  449.689989]  [<ffffffff8183af13>] do_splice_to+0xe3/0x140
[  449.695510]  [<ffffffff8183b1a5>] splice_direct_to_actor+0x235/0x7c0
[  449.701972]  [<ffffffff81839c20>] ? generic_pipe_buf_nosteal+0x10/0x10
[  449.708608]  [<ffffffff8183af70>] ? do_splice_to+0x140/0x140
[  449.714375]  [<ffffffff826fc20a>] ? security_file_permission+0x6a/0x1a0
[  449.721097]  [<ffffffff817a29c8>] ? rw_verify_area+0xb8/0x2b0
[  449.726951]  [<ffffffff8183b87e>] do_splice_direct+0x14e/0x260
[  449.732890]  [<ffffffff8183b730>] ? splice_direct_to_actor+0x7c0/0x7c0
[  449.739538]  [<ffffffff81439b62>] ? percpu_down_read+0x52/0x90
[  449.745486]  [<ffffffff817aa7a2>] ? __sb_start_write+0xb2/0xf0
[  449.751433]  [<ffffffff817aa7a2>] ? __sb_start_write+0xb2/0xf0
[  449.757376]  [<ffffffff817a5560>] do_sendfile+0x4c0/0xe40
[  449.762880]  [<ffffffff817a50a0>] ? do_compat_pwritev64.isra.24+0xc0/0xc0
[  449.769790]  [<ffffffff816c1c21>] ? __might_fault+0xf1/0x1b0
[  449.775576]  [<ffffffff817a713d>] SyS_sendfile64+0x11d/0x120
[  449.781363]  [<ffffffff817a7020>] ? SyS_sendfile+0x110/0x110
[  449.787147]  [<ffffffff8144540c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  449.793955]  [<ffffffff8100501a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
[  449.800589]  [<ffffffff858c93c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  449.807136] Object at ffff8800ae433e00, in cache kmalloc-node
[  449.812988] Object freed, allocated with size 160 bytes
[  449.818329] Allocation:
[  449.820882] PID = 12198
[  449.823434]  [<ffffffff812103a6>] save_stack_trace+0x26/0x50
[  449.829323]  [<ffffffff8174d8d6>] save_stack+0x46/0xd0
[  449.834690]  [<ffffffff8174db7a>] kasan_kmalloc+0xda/0x100
[  449.840402]  [<ffffffff81749f32>] kmem_cache_alloc_trace+0x142/0x780
[  449.846987]  [<ffffffff840aef5f>] netdevice_event+0x24f/0x7c0
[  449.852963]  [<ffffffff813b470b>] notifier_call_chain+0x8b/0x170
[  449.859211]  [<ffffffff813b4811>] raw_notifier_call_chain+0x11/0x20
[  449.865708]  [<ffffffff84661377>] call_netdevice_notifiers_info+0x47/0x80
[  449.872722]  [<ffffffff8466dfca>] rollback_registered_many+0x3fa/0x740
[  449.879472]  [<ffffffff8466e37f>] rollback_registered+0x6f/0x90
[  449.885619]  [<ffffffff8466e408>] unregister_netdevice_queue+0x68/0x120
[  449.892459]  [<ffffffff835e0cfe>] __tun_detach+0x73e/0x9c0
[  449.898181]  [<ffffffff835e0fc0>] tun_chr_close+0x40/0x60
[  449.903808]  [<ffffffff817a7b9e>] __fput+0x20e/0x750
[  449.909012]  [<ffffffff817a8149>] ____fput+0x9/0x10
[  449.914120]  [<ffffffff813ac959>] task_work_run+0xd9/0x150
[  449.919832]  [<ffffffff810066d3>] exit_to_usermode_loop+0x183/0x1c0
[  449.926326]  [<ffffffff81008815>] syscall_return_slowpath+0x275/0x2f0
[  449.932996]  [<ffffffff858c945c>] entry_SYSCALL_64_fastpath+0xbf/0xc1
[  449.939663] Deallocation:
[  449.942389] PID = 8554
[  449.944854]  [<ffffffff812103a6>] save_stack_trace+0x26/0x50
[  449.950741]  [<ffffffff8174d8d6>] save_stack+0x46/0xd0
[  449.956109]  [<ffffffff8174e0bb>] kasan_slab_free+0x9b/0xd0
[  449.961908]  [<ffffffff8174bf0f>] kfree+0xcf/0x2c0
[  449.966925]  [<ffffffff840ae89c>] netdevice_event_work_handler+0x11c/0x1d0
[  449.974030]  [<ffffffff8139fc02>] process_one_work+0x6a2/0x1580
[  449.980175]  [<ffffffff813a0bb7>] worker_thread+0xd7/0xf10
[  449.985887]  [<ffffffff813b13e9>] kthread+0x209/0x2d0
[  449.991166]  [<ffffffff858c960f>] ret_from_fork+0x1f/0x40
[  449.996795] Memory state around the buggy address:
[  450.001691]  ffff8800ae433d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  450.009028]  ffff8800ae433d80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  450.016357] >ffff8800ae433e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  450.023690]                    ^
[  450.027030]  ffff8800ae433e80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  450.034359]  ffff8800ae433f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  450.041684] ==================================================================
[  450.049052] ==================================================================
[  450.056395] BUG: KASAN: use-after-free in pneigh_get_next.isra.18+0x1f7/0x320 at addr ffff8800ad2f7b48
[  450.065808] Read of size 8 by task syz-executor.2/12203
[  450.071142] CPU: 1 PID: 12203 Comm: syz-executor.2 Tainted: G    B           4.7.0+ #1
[  450.079163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  450.088491]  1ffffffff0d56312 ffff8800aef371c0 ffffffff829e0956 ffff8800ad2f7b40
[  450.096500]  ffff8800aef37250 ffff8800ad2f7b40 ffff88012bc00700 ffff8800aef37240
[  450.104497]  ffffffff8174e667 0000000000000010 ffff880000000000 0000000000000282
[  450.112489] Call Trace:
[  450.115049]  [<ffffffff829e0956>] dump_stack+0xe6/0x120
[  450.120384]  [<ffffffff8174e667>] kasan_report_error+0x1e7/0x5b0
[  450.126499]  [<ffffffff8174eb2e>] __asan_report_load8_noabort+0x3e/0x40
[  450.133222]  [<ffffffff84698307>] ? pneigh_get_next.isra.18+0x1f7/0x320
[  450.139944]  [<ffffffff84698307>] pneigh_get_next.isra.18+0x1f7/0x320
[  450.146491]  [<ffffffff8469f880>] ? neigh_connected_output+0x510/0x510
[  450.153129]  [<ffffffff858bea30>] ? mutex_lock_killable_nested+0xce0/0xce0
[  450.160114]  [<ffffffff846991a1>] neigh_seq_next+0x91/0x1c0
[  450.165793]  [<ffffffff81811434>] seq_read+0x9e4/0x11a0
[  450.171126]  [<ffffffff81810a50>] ? seq_hlist_next_rcu+0x130/0x130
[  450.177413]  [<ffffffff817a6ba7>] ? rw_copy_check_uvector+0x97/0x280
[  450.183875]  [<ffffffff8148bcee>] ? rcu_read_lock_sched_held+0x9e/0x120
[  450.190615]  [<ffffffff818ff3ec>] proc_reg_read+0xbc/0x180
[  450.196207]  [<ffffffff8179efa4>] do_loop_readv_writev+0x134/0x210
[  450.202495]  [<ffffffff826fc2e8>] ? security_file_permission+0x148/0x1a0
[  450.209302]  [<ffffffff818ff330>] ? proc_reg_write+0x180/0x180
[  450.215244]  [<ffffffff818ff330>] ? proc_reg_write+0x180/0x180
[  450.221184]  [<ffffffff817a3895>] do_readv_writev+0x565/0x660
[  450.227041]  [<ffffffff817a3330>] ? vfs_write+0x4a0/0x4a0
[  450.232550]  [<ffffffff81619f70>] ? perf_event_fork+0x20/0x20
[  450.238406]  [<ffffffff8148bb27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[  450.245133]  [<ffffffff81732fd0>] ? alloc_pages_current+0x1b0/0x490
[  450.251510]  [<ffffffff817a39f7>] vfs_readv+0x67/0xa0
[  450.256672]  [<ffffffff8183f55d>] default_file_splice_read+0x42d/0x800
[  450.263310]  [<ffffffff8183f130>] ? __generic_file_splice_read+0xef0/0xef0
[  450.270296]  [<ffffffff81444f68>] ? mark_held_locks+0xc8/0x120
[  450.276241]  [<ffffffff82a45fcf>] ? debug_check_no_obj_freed+0x15f/0x760
[  450.283051]  [<ffffffff858c91ea>] ? _raw_spin_unlock_irqrestore+0x6a/0xd0
[  450.289948]  [<ffffffff8183db80>] ? page_cache_pipe_buf_release+0x120/0x120
[  450.297019]  [<ffffffff858c9226>] ? _raw_spin_unlock_irqrestore+0xa6/0xd0
[  450.303913]  [<ffffffff81444f68>] ? mark_held_locks+0xc8/0x120
[  450.309860]  [<ffffffff81648c12>] ? free_hot_cold_page+0x502/0xa70
[  450.316148]  [<ffffffff8144540c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  450.322955]  [<ffffffff814455ad>] ? trace_hardirqs_on+0xd/0x10
[  450.328901]  [<ffffffff81665bf7>] ? __put_page+0x67/0x80
[  450.334322]  [<ffffffff817a29c8>] ? rw_verify_area+0xb8/0x2b0
[  450.340174]  [<ffffffff8183af13>] do_splice_to+0xe3/0x140
[  450.345680]  [<ffffffff8183b1a5>] splice_direct_to_actor+0x235/0x7c0
[  450.352143]  [<ffffffff81839c20>] ? generic_pipe_buf_nosteal+0x10/0x10
[  450.358777]  [<ffffffff8183af70>] ? do_splice_to+0x140/0x140
[  450.364546]  [<ffffffff826fc20a>] ? security_file_permission+0x6a/0x1a0
[  450.371266]  [<ffffffff817a29c8>] ? rw_verify_area+0xb8/0x2b0
[  450.377123]  [<ffffffff8183b87e>] do_splice_direct+0x14e/0x260
[  450.383065]  [<ffffffff8183b730>] ? splice_direct_to_actor+0x7c0/0x7c0
[  450.389701]  [<ffffffff81439b62>] ? percpu_down_read+0x52/0x90
[  450.395654]  [<ffffffff817aa7a2>] ? __sb_start_write+0xb2/0xf0
[  450.401683]  [<ffffffff817aa7a2>] ? __sb_start_write+0xb2/0xf0
[  450.407627]  [<ffffffff817a5560>] do_sendfile+0x4c0/0xe40
[  450.413135]  [<ffffffff817a50a0>] ? do_compat_pwritev64.isra.24+0xc0/0xc0
[  450.420041]  [<ffffffff816c1c21>] ? __might_fault+0xf1/0x1b0
[  450.425809]  [<ffffffff817a713d>] SyS_sendfile64+0x11d/0x120
[  450.431574]  [<ffffffff817a7020>] ? SyS_sendfile+0x110/0x110
[  450.437345]  [<ffffffff8144540c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[  450.444159]  [<ffffffff8100501a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
[  450.450711]  [<ffffffff858c93c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  450.457261] Object at ffff8800ad2f7b40, in cache kmalloc-1024
[  450.463115] Object freed, allocated with size 1024 bytes
[  450.468535] Allocation:
[  450.471091] PID = 6739
[  450.473559]  [<ffffffff812103a6>] save_stack_trace+0x26/0x50
[  450.479453]  [<ffffffff8174d8d6>] save_stack+0x46/0xd0
[  450.484825]  [<ffffffff8174db7a>] kasan_kmalloc+0xda/0x100
[  450.490544]  [<ffffffff81749f32>] kmem_cache_alloc_trace+0x142/0x780
[  450.497138]  [<ffffffff8146ec9b>] do_syslog+0x47b/0x990
[  450.502596]  [<ffffffff81926b45>] kmsg_read+0x65/0x80
[  450.507929]  [<ffffffff818ff3ec>] proc_reg_read+0xbc/0x180
[  450.513644]  [<ffffffff8179e81b>] __vfs_read+0xdb/0x730
[  450.519101]  [<ffffffff817a2caa>] vfs_read+0xea/0x2d0
[  450.524392]  [<ffffffff817a65fb>] SyS_read+0xcb/0x1a0
[  450.529671]  [<ffffffff858c93c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  450.536338] Deallocation:
[  450.539067] PID = 6739
[  450.541537]  [<ffffffff812103a6>] save_stack_trace+0x26/0x50
[  450.547449]  [<ffffffff8174d8d6>] save_stack+0x46/0xd0
[  450.552816]  [<ffffffff8174e0bb>] kasan_slab_free+0x9b/0xd0
[  450.558617]  [<ffffffff8174bf0f>] kfree+0xcf/0x2c0
[  450.563665]  [<ffffffff8146eff5>] do_syslog+0x7d5/0x990
[  450.569129]  [<ffffffff81926b45>] kmsg_read+0x65/0x80
[  450.574419]  [<ffffffff818ff3ec>] proc_reg_read+0xbc/0x180
[  450.580132]  [<ffffffff8179e81b>] __vfs_read+0xdb/0x730
[  450.585594]  [<ffffffff817a2caa>] vfs_read+0xea/0x2d0
[  450.590878]  [<ffffffff817a65fb>] SyS_read+0xcb/0x1a0
[  450.596157]  [<ffffffff858c93c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[  450.602831] Memory state around the buggy address:
[  450.607736]  ffff8800ad2f7a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  450.615064]  ffff8800ad2f7a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  450.622392] >ffff8800ad2f7b00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[  450.629720]                                               ^
[  450.635404]  ffff8800ad2f7b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  450.642736]  ffff8800ad2f7c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  450.650062] ==================================================================
[  450.657411] ==================================================================
[  450.664772] BUG: KASAN: use-after-free in pneigh_get_next.isra.18+0x214/0x320 at addr ffff8800ad2f7b40
[  450.674184] Read of size 8 by task syz-executor.2/12203
[  450.679523] CPU: 1 PID: 12203 Comm: syz-executor.2 Tainted: G    B           4.7.0+ #1
[  450.687545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  450.696873]  1ffffffff0d56312 ffff8800aef371c0 ffffffff829e0956 ffff8800ad2f7b40
[  450.704871]  ffff8800aef37250 ffff8800ad2f7b40 ffff88012bc00700 ffff8800aef37240
[  450.712859]  ffffffff8174e667 0000000000000010 ffff880000000000 0000000000000282
[  450.720870] Call Trace:
[  450.723434]  [<ffffffff829e0956>] dump_stack+0xe6/0x120
[  450.728781]  [<ffffffff8174e667>] kasan_report_error+0x1e7/0x5b0
[  450.734899]  [<ffffffff8174eb2e>] __asan_report_load8_noabort+0x3e/0x40
[  450.741621]  [<ffffffff84698324>] ? pneigh_get_next.isra.18+0x214/0x320
[  450.748357]  [<ffffffff84698324>] pneigh_get_next.isra.18+0x214/0x320
[  450.754909]  [<ffffffff8469f880>] ? neigh_connected_output+0x510/0x510
[  450.761543]  [<ffffffff858bea30>] ? mutex_lock_killable_nested+0xce0/0xce0
[  450.768524]  [<ffffffff846991a1>] neigh_seq_next+0x91/0x1c0
[  450.774205]  [<ffffffff81811434>] seq_read+0x9e4/0x11a0
[  450.779537]  [<ffffffff81810a50>] ? seq_hlist_next_rcu+0x130/0x130
[  450.785839]  [<ffffffff817a6ba7>] ? rw_copy_check_uvector+0x97/0x280
[  450.792305]  [<ffffffff8148bcee>] ? rcu_read_lock_sched_held+0x9e/0x120
[  450.799028]  [<ffffffff818ff3ec>] proc_reg_read+0xbc/0x180
[  450.804620]  [<ffffffff8179efa4>] do_loop_readv_writev+0x134/0x210
[  450.810907]  [<ffffffff826fc2e8>] ? security_file_permission+0x148/0x1a0
[  450.817716]  [<ffffffff818ff330>] ? proc_reg_write+0x180/0x180
[  450.823658]  [<ffffffff818ff330>] ? proc_reg_write+0x180/0x180
[  450.829699]  [<ffffffff817a3895>] do_readv_writev+0x565/0x660
[  450.835567]  [<ffffffff817a3330>] ? vfs_write+0x4a0/0x4a0
[  450.841081]  [<ffffffff81619f70>] ? perf_event_fork+0x20/0x20
[  450.846948]  [<ffffffff8148bb27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[  450.853671]  [<ffffffff81732fd0>] ? alloc_pages_current+0x1b0/0x490
[  450.860047]  [<ffffffff817a39f7>] vfs_readv+0x67/0xa0