[ 35.793973] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.812724] device veth1_macvtap left promiscuous mode [ 35.818790] device veth0_macvtap left promiscuous mode [ 35.824197] device veth1_vlan left promiscuous mode [ 35.831379] device veth0_vlan left promiscuous mode [ 35.997258] team0 (unregistering): Port device team_slave_1 removed [ 36.011972] team0 (unregistering): Port device team_slave_0 removed [ 36.024779] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 36.041390] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 36.101271] bond0 (unregistering): Released all slaves Warning: Permanently added '10.128.15.197' (ECDSA) to the list of known hosts. 2020/12/17 05:09:09 parsed 1 programs 2020/12/17 05:09:09 executed programs: 0 [ 43.073419] IPv6: ADDRCONF(NETDEV_CHANGE): nr2: link becomes ready [ 43.102172] IPv6: ADDRCONF(NETDEV_CHANGE): nr5: link becomes ready [ 43.122154] IPv6: ADDRCONF(NETDEV_CHANGE): nr0: link becomes ready [ 43.123133] IPVS: Creating netns size=2720 id=2 [ 43.123222] IPVS: ftp: loaded support on port[0] = 21 [ 43.151126] IPv6: ADDRCONF(NETDEV_CHANGE): nr4: link becomes ready [ 43.164617] IPv6: ADDRCONF(NETDEV_CHANGE): nr1: link becomes ready [ 43.178277] IPv6: ADDRCONF(NETDEV_CHANGE): nr3: link becomes ready [ 43.232683] IPVS: Creating netns size=2720 id=3 [ 43.237954] IPVS: ftp: loaded support on port[0] = 21 [ 43.352090] chnl_net:caif_netlink_parms(): no params data found [ 43.425982] IPVS: Creating netns size=2720 id=4 [ 43.430801] IPVS: ftp: loaded support on port[0] = 21 [ 43.580716] IPVS: Creating netns size=2720 id=5 [ 43.586717] IPVS: ftp: loaded support on port[0] = 21 [ 43.658016] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.664605] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.673324] device bridge_slave_0 entered promiscuous mode [ 43.691690] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.698073] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.706838] device bridge_slave_1 entered promiscuous mode [ 43.727562] chnl_net:caif_netlink_parms(): no params data found [ 43.795393] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 43.823653] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 43.846595] IPVS: Creating netns size=2720 id=6 [ 43.852739] IPVS: ftp: loaded support on port[0] = 21 [ 43.946526] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 43.956748] team0: Port device team_slave_0 added [ 44.005568] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 44.013244] team0: Port device team_slave_1 added [ 44.084676] chnl_net:caif_netlink_parms(): no params data found [ 44.116612] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 44.123757] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 44.148949] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 44.161280] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 44.167517] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 44.192833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 44.224323] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 44.232162] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 44.265457] IPVS: Creating netns size=2720 id=7 [ 44.271072] IPVS: ftp: loaded support on port[0] = 21 [ 44.381452] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.387914] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.396384] device bridge_slave_0 entered promiscuous mode [ 44.448659] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.455662] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.466377] device bridge_slave_1 entered promiscuous mode [ 44.496689] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 44.536022] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 44.583903] chnl_net:caif_netlink_parms(): no params data found [ 44.612636] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 44.660460] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 44.813498] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.821051] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.829731] device bridge_slave_0 entered promiscuous mode [ 44.873484] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.880249] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.889627] device bridge_slave_1 entered promiscuous mode [ 44.896713] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 44.905183] team0: Port device team_slave_0 added [ 44.917988] chnl_net:caif_netlink_parms(): no params data found [ 44.945580] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 44.953916] team0: Port device team_slave_1 added [ 45.016098] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 45.056654] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 45.160521] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 45.205462] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 45.212949] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.219993] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.228347] device bridge_slave_0 entered promiscuous mode [ 45.235359] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 45.244531] team0: Port device team_slave_0 added [ 45.305120] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.311714] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.321317] device bridge_slave_1 entered promiscuous mode [ 45.345366] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 45.353782] team0: Port device team_slave_1 added [ 45.455533] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 45.485868] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 45.495698] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 45.507410] chnl_net:caif_netlink_parms(): no params data found [ 45.521800] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 45.548831] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.576572] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 45.649341] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 45.674933] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 45.682743] team0: Port device team_slave_0 added [ 45.690293] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.696668] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.705182] device bridge_slave_0 entered promiscuous mode [ 45.744328] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 45.752416] team0: Port device team_slave_1 added [ 45.773911] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.780761] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.789568] device bridge_slave_1 entered promiscuous mode [ 45.896962] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 45.906104] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 45.923042] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 45.931585] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 45.961834] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 45.972530] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 46.098495] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.104927] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.113596] device bridge_slave_0 entered promiscuous mode [ 46.141593] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 46.149314] team0: Port device team_slave_0 added [ 46.164321] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.171731] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.181044] device bridge_slave_1 entered promiscuous mode [ 46.195873] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 46.204149] team0: Port device team_slave_1 added [ 46.224357] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 46.276072] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 46.295754] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.364348] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 46.373516] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 46.390585] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 46.400972] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 46.409750] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 46.539555] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 46.545832] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.556047] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 46.563252] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 46.571013] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 46.579436] team0: Port device team_slave_0 added [ 46.604710] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 46.629997] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 46.638262] team0: Port device team_slave_1 added [ 46.669902] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 46.678723] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.685282] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.692354] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 46.785479] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.821134] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.858674] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 46.866560] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.873260] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.880958] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 46.889551] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 46.899880] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 46.907779] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 46.915477] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 46.973932] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 46.982822] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 47.099064] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.119332] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 47.163131] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 47.238526] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.286579] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.426513] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.470264] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.483910] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 47.519125] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 47.550860] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.562575] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 47.583349] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.593143] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.605511] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 47.612296] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.623634] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 47.638185] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 47.644532] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.654580] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.665273] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 47.692985] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.700147] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.710543] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.716950] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.723907] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.732038] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.738447] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.748098] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.755663] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.762108] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.780684] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 47.787993] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 47.860836] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 47.880183] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.888187] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.894518] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.902457] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.909759] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 47.918413] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 47.925972] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 47.947611] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 47.954550] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 47.965034] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 47.997579] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 48.005226] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 48.015284] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.023347] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.034419] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 48.041025] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.048859] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 48.055975] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 48.063564] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 48.081502] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 48.089026] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.095326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.127425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.135249] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.141794] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.155235] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 48.163368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 48.193523] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 48.200672] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 48.208383] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.216090] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.222599] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.229569] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.237585] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.244077] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.251779] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 48.265480] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 48.273287] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 48.281093] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.289450] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.296413] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.313335] device veth0_vlan entered promiscuous mode [ 48.356772] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 48.364935] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 48.374096] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.382266] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 48.403512] device veth1_vlan entered promiscuous mode [ 48.420978] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 48.430351] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.463609] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.483951] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.504136] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.527338] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 48.550713] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.567559] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 48.578928] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.619913] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.633529] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.640093] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.655894] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 48.670603] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 48.682613] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.693169] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.699582] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.723078] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 48.758932] device veth0_macvtap entered promiscuous mode [ 48.786137] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 48.798467] device veth1_macvtap entered promiscuous mode [ 48.807099] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 48.837058] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 48.844466] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 48.853321] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.861216] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 48.872166] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 48.891662] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.913462] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 48.951683] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 48.973685] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.989130] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 48.998732] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 49.023104] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 49.045977] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 49.054630] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 49.062785] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 49.070604] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 49.125711] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 49.143680] device veth0_vlan entered promiscuous mode [ 49.159219] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 49.168043] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 49.174968] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 49.184752] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 49.193204] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 49.218269] device veth0_vlan entered promiscuous mode [ 49.239524] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 49.247421] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 49.254248] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 49.281552] device veth1_vlan entered promiscuous mode [ 49.297145] device veth1_vlan entered promiscuous mode [ 49.428559] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 49.450309] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 49.464966] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 49.485845] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 49.510865] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 49.520876] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 49.548783] device veth0_macvtap entered promiscuous mode [ 49.570884] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 49.593653] device veth1_macvtap entered promiscuous mode [ 49.610474] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 49.621087] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 49.630180] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 49.655952] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 49.673727] device veth0_vlan entered promiscuous mode [ 49.681497] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 49.690165] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 49.698438] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 49.705308] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 49.714171] device veth0_macvtap entered promiscuous mode [ 49.728244] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 49.735638] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 49.743468] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 49.758399] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 49.772478] device veth1_macvtap entered promiscuous mode [ 49.784043] device veth1_vlan entered promiscuous mode [ 49.806038] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 49.815000] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 49.832597] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 49.840074] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 49.847687] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 49.854668] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 49.876837] device veth0_vlan entered promiscuous mode [ 49.888833] device veth1_vlan entered promiscuous mode [ 49.909159] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 49.920511] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 49.934493] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 49.969500] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 49.995944] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2020/12/17 05:09:16 executed programs: 6 [ 50.042638] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 50.058523] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 50.067843] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 50.085153] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 50.110888] device veth0_vlan entered promiscuous mode [ 50.119591] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 50.132790] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 50.146989] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 50.154733] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 50.163496] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 50.190124] device veth0_macvtap entered promiscuous mode [ 50.203585] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 50.220411] device veth1_vlan entered promiscuous mode [ 50.232552] device veth0_macvtap entered promiscuous mode [ 50.250841] device veth1_macvtap entered promiscuous mode [ 50.269598] device veth1_macvtap entered promiscuous mode [ 50.281496] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 50.302855] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 50.315511] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 50.335555] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 50.352653] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 50.388024] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 50.397412] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 50.405751] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 50.450632] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 50.478013] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 50.497220] device veth0_macvtap entered promiscuous mode [ 50.510104] device veth1_macvtap entered promiscuous mode [ 50.530963] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 50.557877] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 50.580296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 50.600078] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 53.716248] NOHZ: local_softirq_pending 08 2020/12/17 05:09:21 executed programs: 53 2020/12/17 05:09:26 executed programs: 109 2020/12/17 05:09:31 executed programs: 165 2020/12/17 05:09:36 executed programs: 220 [ 74.192056] NOHZ: local_softirq_pending 08 2020/12/17 05:09:41 executed programs: 275 2020/12/17 05:09:46 executed programs: 332 2020/12/17 05:09:51 executed programs: 388 2020/12/17 05:09:56 executed programs: 443 2020/12/17 05:10:01 executed programs: 499 2020/12/17 05:10:06 executed programs: 555 2020/12/17 05:10:11 executed programs: 611 2020/12/17 05:10:16 executed programs: 667 2020/12/17 05:10:21 executed programs: 723 2020/12/17 05:10:26 executed programs: 780 2020/12/17 05:10:31 executed programs: 836 2020/12/17 05:10:36 executed programs: 892 2020/12/17 05:10:41 executed programs: 947 2020/12/17 05:10:47 executed programs: 1003 2020/12/17 05:10:52 executed programs: 1058 2020/12/17 05:10:57 executed programs: 1115 2020/12/17 05:11:02 executed programs: 1171 2020/12/17 05:11:07 executed programs: 1227 2020/12/17 05:11:12 executed programs: 1282 2020/12/17 05:11:17 executed programs: 1339 2020/12/17 05:11:22 executed programs: 1394 2020/12/17 05:11:27 executed programs: 1450 2020/12/17 05:11:32 executed programs: 1506 2020/12/17 05:11:37 executed programs: 1562 2020/12/17 05:11:42 executed programs: 1618 2020/12/17 05:11:47 executed programs: 1674 2020/12/17 05:11:52 executed programs: 1730 2020/12/17 05:11:57 executed programs: 1786 2020/12/17 05:12:02 executed programs: 1842 [ 217.539754] NOHZ: local_softirq_pending 08 2020/12/17 05:12:07 executed programs: 1898 2020/12/17 05:12:13 executed programs: 1954 2020/12/17 05:12:18 executed programs: 2010 2020/12/17 05:12:23 executed programs: 2067 [ 238.019055] NOHZ: local_softirq_pending 08 2020/12/17 05:12:28 executed programs: 2123 2020/12/17 05:12:33 executed programs: 2179 2020/12/17 05:12:38 executed programs: 2236 2020/12/17 05:12:43 executed programs: 2291 [ 258.497405] NOHZ: local_softirq_pending 08 2020/12/17 05:12:48 executed programs: 2347 2020/12/17 05:12:53 executed programs: 2403 2020/12/17 05:12:58 executed programs: 2459 2020/12/17 05:13:03 executed programs: 2515 [ 278.973926] NOHZ: local_softirq_pending 08 2020/12/17 05:13:08 executed programs: 2571 2020/12/17 05:13:13 executed programs: 2627 2020/12/17 05:13:18 executed programs: 2682 [ 296.251529] ================================================================== [ 296.259250] BUG: KASAN: use-after-free in __lock_acquire+0x5047/0x5290 at addr ffff8801362e3648 [ 296.268275] Read of size 8 by task swapper/0/0 [ 296.272836] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.8.0-syzkaller #0 [ 296.279908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 296.289258] 0000000000000000 ffff88013bc07980 ffffffff82e4dd32 ffff88013b802a80 [ 296.297285] ffff8801362e2100 ffff8801362e4100 ffffffff88076580 1ffff10027780f64 [ 296.305324] ffff88013bc079a8 ffffffff8171d43c ffff88013bc07a38 ffff88013b802a80 [ 296.313346] Call Trace: [ 296.315939] [] dump_stack+0x136/0x1d4 [ 296.322119] [] kasan_object_err+0x1c/0x70 [ 296.327915] [] kasan_report_error+0x1e2/0x4c0 [ 296.334643] [] ? __lock_acquire+0x9a7/0x5290 [ 296.340727] [] __asan_report_load8_noabort+0x3e/0x40 [ 296.347461] [] ? __lock_acquire+0x5047/0x5290 [ 296.355160] [] __lock_acquire+0x5047/0x5290 [ 296.361135] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 296.368190] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 296.375195] [] lock_acquire+0x197/0x4b0 [ 296.380806] [] ? br_multicast_group_expired+0x47/0x360 [ 296.387714] [] ? debug_object_deactivate+0xdb/0x350 [ 296.394358] [] _raw_spin_lock+0x36/0x50 [ 296.399962] [] ? br_multicast_group_expired+0x47/0x360 [ 296.406869] [] br_multicast_group_expired+0x47/0x360 [ 296.413618] [] call_timer_fn+0x14f/0x630 [ 296.419304] [] ? call_timer_fn+0xc9/0x630 [ 296.425177] [] ? br_mdb_free+0x70/0x70 [ 296.430706] [] ? process_timeout+0x10/0x10 [ 296.436678] [] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 296.443880] [] ? br_mdb_free+0x70/0x70 [ 296.449400] [] expire_timers+0x28f/0x460 [ 296.455091] [] run_timer_softirq+0x1a6/0x520 [ 296.461129] [] ? expire_timers+0x460/0x460 [ 296.466997] [] __do_softirq+0x2cb/0xa1c [ 296.472599] [] irq_exit+0x14f/0x190 [ 296.477860] [] smp_apic_timer_interrupt+0x7b/0xa0 [ 296.484352] [] apic_timer_interrupt+0x8c/0xa0 [ 296.490472] [] ? native_safe_halt+0x6/0x10 [ 296.497609] [] default_idle+0x4f/0x390 [ 296.503121] [] arch_cpu_idle+0xa/0x10 [ 296.508570] [] default_idle_call+0x48/0xa0 [ 296.514432] [] cpu_startup_entry+0x5ec/0x7e0 [ 296.520472] [] rest_init+0x152/0x160 [ 296.525818] [] start_kernel+0x4fd/0x523 [ 296.531422] [] ? thread_stack_cache_init+0x6/0x6 [ 296.537867] [] ? early_idt_handler_array+0x120/0x120 [ 296.544606] [] x86_64_start_reservations+0x2a/0x2c [ 296.551171] [] x86_64_start_kernel+0x17c/0x18b [ 296.557396] Object at ffff8801362e2100, in cache kmalloc-8192 size: 8192 [ 296.564223] Allocated: [ 296.566713] PID = 7529 [ 296.569187] [] save_stack_trace+0x26/0x50 [ 296.575140] [] kasan_kmalloc+0xee/0x180 [ 296.580949] [] __kmalloc+0x15f/0x3c0 [ 296.586415] [] alloc_netdev_mqs+0x940/0xda0 [ 296.592594] [] rtnl_create_link+0x132/0x830 [ 296.598701] [] rtnl_newlink+0xc55/0x1220 [ 296.604528] [] rtnetlink_rcv_msg+0x222/0x670 [ 296.611122] [] netlink_rcv_skb+0x242/0x350 [ 296.617118] [] rtnetlink_rcv+0x25/0x30 [ 296.622776] [] netlink_unicast+0x3df/0x570 [ 296.628761] [] netlink_sendmsg+0x9bb/0xb40 [ 296.634757] [] sock_sendmsg+0xb5/0xf0 [ 296.640316] [] SyS_sendto+0x1ca/0x2c0 [ 296.646079] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 296.652937] Freed: [ 296.655173] PID = 2978 [ 296.657672] [] save_stack_trace+0x26/0x50 [ 296.663593] [] kasan_slab_free+0xae/0x180 [ 296.669660] [] kfree+0x11b/0x3a0 [ 296.674794] [] kvfree+0x25/0x30 [ 296.679839] [] netdev_freemem+0x47/0x60 [ 296.685562] [] netdev_release+0x6c/0x90 [ 296.691342] [] device_release+0x71/0x1e0 [ 296.697217] [] kobject_put+0x146/0x400 [ 296.702867] [] netdev_run_todo+0x483/0x650 [ 296.708872] [] rtnl_unlock+0x9/0x10 [ 296.714254] [] default_device_exit_batch+0x2fe/0x3d0 [ 296.721105] [] ops_exit_list.isra.0+0xd6/0x120 [ 296.727670] [] cleanup_net+0x2d0/0x540 [ 296.733310] [] process_one_work+0x67d/0x14f0 [ 296.739652] [] worker_thread+0xda/0xf10 [ 296.745380] [] kthread+0x209/0x2d0 [ 296.750669] [] ret_from_fork+0x1f/0x40 [ 296.756477] Memory state around the buggy address: [ 296.761382] ffff8801362e3500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 296.768992] ffff8801362e3580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 296.776332] >ffff8801362e3600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 296.784163] ^ [ 296.789851] ffff8801362e3680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 296.797560] ffff8801362e3700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 296.804892] ================================================================== [ 296.812237] Disabling lock debugging due to kernel taint [ 296.817676] ================================================================== [ 296.825012] BUG: KASAN: use-after-free in __lock_acquire+0x4ea4/0x5290 at addr ffff8801362e3650 [ 296.834005] Read of size 8 by task swapper/0/0 [ 296.839005] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 4.8.0-syzkaller #0 [ 296.847038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 296.856652] 0000000000000000 ffff88013bc07980 ffffffff82e4dd32 ffff88013b802a80 [ 296.864685] ffff8801362e2100 ffff8801362e4100 ffffffff88076580 1ffff10027780f64 [ 296.873000] ffff88013bc079a8 ffffffff8171d43c ffff88013bc07a38 ffff88013b802a80 [ 296.881005] Call Trace: [ 296.883568] [] dump_stack+0x136/0x1d4 [ 296.889748] [] kasan_object_err+0x1c/0x70 [ 296.895546] [] kasan_report_error+0x1e2/0x4c0 [ 296.902630] [] __asan_report_load8_noabort+0x3e/0x40 [ 296.909380] [] ? __lock_acquire+0x4ea4/0x5290 [ 296.915590] [] __lock_acquire+0x4ea4/0x5290 [ 296.921660] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 296.928786] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 296.935790] [] lock_acquire+0x197/0x4b0 [ 296.941425] [] ? br_multicast_group_expired+0x47/0x360 [ 296.948362] [] ? debug_object_deactivate+0xdb/0x350 [ 296.955029] [] _raw_spin_lock+0x36/0x50 [ 296.960632] [] ? br_multicast_group_expired+0x47/0x360 [ 296.967534] [] br_multicast_group_expired+0x47/0x360 [ 296.974288] [] call_timer_fn+0x14f/0x630 [ 296.979999] [] ? call_timer_fn+0xc9/0x630 [ 296.985776] [] ? br_mdb_free+0x70/0x70 [ 296.991412] [] ? process_timeout+0x10/0x10 [ 296.997279] [] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 297.004103] [] ? br_mdb_free+0x70/0x70 [ 297.009721] [] expire_timers+0x28f/0x460 [ 297.015432] [] run_timer_softirq+0x1a6/0x520 [ 297.021485] [] ? expire_timers+0x460/0x460 [ 297.027351] [] __do_softirq+0x2cb/0xa1c [ 297.033071] [] irq_exit+0x14f/0x190 [ 297.038328] [] smp_apic_timer_interrupt+0x7b/0xa0 [ 297.044801] [] apic_timer_interrupt+0x8c/0xa0 [ 297.050951] [] ? native_safe_halt+0x6/0x10 [ 297.057995] [] default_idle+0x4f/0x390 [ 297.063510] [] arch_cpu_idle+0xa/0x10 [ 297.068939] [] default_idle_call+0x48/0xa0 [ 297.074816] [] cpu_startup_entry+0x5ec/0x7e0 [ 297.080850] [] rest_init+0x152/0x160 [ 297.086188] [] start_kernel+0x4fd/0x523 [ 297.091794] [] ? thread_stack_cache_init+0x6/0x6 [ 297.098191] [] ? early_idt_handler_array+0x120/0x120 [ 297.104930] [] x86_64_start_reservations+0x2a/0x2c [ 297.111600] [] x86_64_start_kernel+0x17c/0x18b [ 297.117843] Object at ffff8801362e2100, in cache kmalloc-8192 size: 8192 [ 297.124660] Allocated: [ 297.127167] PID = 7529 [ 297.129671] [] save_stack_trace+0x26/0x50 [ 297.135574] [] kasan_kmalloc+0xee/0x180 [ 297.141323] [] __kmalloc+0x15f/0x3c0 [ 297.146819] [] alloc_netdev_mqs+0x940/0xda0 [ 297.153069] [] rtnl_create_link+0x132/0x830 [ 297.159150] [] rtnl_newlink+0xc55/0x1220 [ 297.164974] [] rtnetlink_rcv_msg+0x222/0x670 [ 297.171286] [] netlink_rcv_skb+0x242/0x350 [ 297.177298] [] rtnetlink_rcv+0x25/0x30 [ 297.182955] [] netlink_unicast+0x3df/0x570 [ 297.189085] [] netlink_sendmsg+0x9bb/0xb40 [ 297.195098] [] sock_sendmsg+0xb5/0xf0 [ 297.200648] [] SyS_sendto+0x1ca/0x2c0 [ 297.206211] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 297.212902] Freed: [ 297.215030] PID = 2978 [ 297.217503] [] save_stack_trace+0x26/0x50 [ 297.223572] [] kasan_slab_free+0xae/0x180 [ 297.230166] [] kfree+0x11b/0x3a0 [ 297.235317] [] kvfree+0x25/0x30 [ 297.240363] [] netdev_freemem+0x47/0x60 [ 297.246111] [] netdev_release+0x6c/0x90 [ 297.251835] [] device_release+0x71/0x1e0 [ 297.257639] [] kobject_put+0x146/0x400 [ 297.263287] [] netdev_run_todo+0x483/0x650 [ 297.269275] [] rtnl_unlock+0x9/0x10 [ 297.274671] [] default_device_exit_batch+0x2fe/0x3d0 [ 297.281521] [] ops_exit_list.isra.0+0xd6/0x120 [ 297.287859] [] cleanup_net+0x2d0/0x540 [ 297.293762] [] process_one_work+0x67d/0x14f0 [ 297.299928] [] worker_thread+0xda/0xf10 [ 297.305671] [] kthread+0x209/0x2d0 [ 297.310950] [] ret_from_fork+0x1f/0x40 [ 297.316579] Memory state around the buggy address: [ 297.321493] ffff8801362e3500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 297.328927] ffff8801362e3580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 297.336260] >ffff8801362e3600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 297.343590] ^ [ 297.349544] ffff8801362e3680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 297.357084] ffff8801362e3700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 297.364436] ================================================================== [ 297.371827] ================================================================== [ 297.379181] BUG: KASAN: use-after-free in do_raw_spin_lock+0x28b/0x2f0 at addr ffff8801362e3634 [ 297.388032] Read of size 4 by task swapper/0/0 [ 297.392604] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 4.8.0-syzkaller #0 [ 297.400757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 297.410101] 0000000000000000 ffff88013bc07b70 ffffffff82e4dd32 ffff88013b802a80 [ 297.418189] ffff8801362e2100 ffff8801362e4100 0000000000000101 dffffc0000000000 [ 297.426407] ffff88013bc07b98 ffffffff8171d43c ffff88013bc07c28 ffff88013b802a80 [ 297.434543] Call Trace: [ 297.437118] [] dump_stack+0x136/0x1d4 [ 297.445209] [] kasan_object_err+0x1c/0x70 [ 297.451240] [] kasan_report_error+0x1e2/0x4c0 [ 297.457372] [] __asan_report_load4_noabort+0x3e/0x40 [ 297.464112] [] ? debug_object_deactivate+0xc0/0x350 [ 297.470777] [] ? do_raw_spin_lock+0x28b/0x2f0 [ 297.476922] [] do_raw_spin_lock+0x28b/0x2f0 [ 297.482902] [] _raw_spin_lock+0x3e/0x50 [ 297.488522] [] ? br_multicast_group_expired+0x47/0x360 [ 297.495469] [] br_multicast_group_expired+0x47/0x360 [ 297.502276] [] call_timer_fn+0x14f/0x630 [ 297.507974] [] ? call_timer_fn+0xc9/0x630 [ 297.513786] [] ? br_mdb_free+0x70/0x70 [ 297.519306] [] ? process_timeout+0x10/0x10 [ 297.525265] [] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 297.532095] [] ? br_mdb_free+0x70/0x70 [ 297.537622] [] expire_timers+0x28f/0x460 [ 297.543318] [] run_timer_softirq+0x1a6/0x520 [ 297.549350] [] ? expire_timers+0x460/0x460 2020/12/17 05:13:23 executed programs: 2727 [ 297.555217] [] __do_softirq+0x2cb/0xa1c [ 297.560909] [] irq_exit+0x14f/0x190 [ 297.566216] [] smp_apic_timer_interrupt+0x7b/0xa0 [ 297.573742] [] apic_timer_interrupt+0x8c/0xa0 [ 297.579876] [] ? native_safe_halt+0x6/0x10 [ 297.586485] [] default_idle+0x4f/0x390 [ 297.592019] [] arch_cpu_idle+0xa/0x10 [ 297.597882] [] default_idle_call+0x48/0xa0 [ 297.603750] [] cpu_startup_entry+0x5ec/0x7e0 [ 297.609806] [] rest_init+0x152/0x160 [ 297.615165] [] start_kernel+0x4fd/0x523 [ 297.620766] [] ? thread_stack_cache_init+0x6/0x6 [ 297.627158] [] ? early_idt_handler_array+0x120/0x120 [ 297.633898] [] x86_64_start_reservations+0x2a/0x2c [ 297.640455] [] x86_64_start_kernel+0x17c/0x18b [ 297.647629] Object at ffff8801362e2100, in cache kmalloc-8192 size: 8192 [ 297.654456] Allocated: [ 297.656937] PID = 7529 [ 297.659408] [] save_stack_trace+0x26/0x50 [ 297.665311] [] kasan_kmalloc+0xee/0x180 [ 297.671033] [] __kmalloc+0x15f/0x3c0 [ 297.676495] [] alloc_netdev_mqs+0x940/0xda0 [ 297.682591] [] rtnl_create_link+0x132/0x830 [ 297.688679] [] rtnl_newlink+0xc55/0x1220 [ 297.694536] [] rtnetlink_rcv_msg+0x222/0x670 [ 297.700801] [] netlink_rcv_skb+0x242/0x350 [ 297.706813] [] rtnetlink_rcv+0x25/0x30 [ 297.712489] [] netlink_unicast+0x3df/0x570 [ 297.719336] [] netlink_sendmsg+0x9bb/0xb40 [ 297.725419] [] sock_sendmsg+0xb5/0xf0 [ 297.731323] [] SyS_sendto+0x1ca/0x2c0 [ 297.736868] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 297.743550] Freed: [ 297.745681] PID = 2978 [ 297.748166] [] save_stack_trace+0x26/0x50 [ 297.754088] [] kasan_slab_free+0xae/0x180 [ 297.759992] [] kfree+0x11b/0x3a0 [ 297.765146] [] kvfree+0x25/0x30 [ 297.770199] [] netdev_freemem+0x47/0x60 [ 297.775959] [] netdev_release+0x6c/0x90 [ 297.781708] [] device_release+0x71/0x1e0 [ 297.787537] [] kobject_put+0x146/0x400 [ 297.793397] [] netdev_run_todo+0x483/0x650 [ 297.799400] [] rtnl_unlock+0x9/0x10 [ 297.804774] [] default_device_exit_batch+0x2fe/0x3d0 [ 297.812281] [] ops_exit_list.isra.0+0xd6/0x120 [ 297.818608] [] cleanup_net+0x2d0/0x540 [ 297.824250] [] process_one_work+0x67d/0x14f0 [ 297.830421] [] worker_thread+0xda/0xf10 [ 297.836225] [] kthread+0x209/0x2d0 [ 297.841509] [] ret_from_fork+0x1f/0x40 [ 297.847165] Memory state around the buggy address: [ 297.852199] ffff8801362e3500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 297.859532] ffff8801362e3580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 297.867233] >ffff8801362e3600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 297.874603] ^ [ 297.879522] ffff8801362e3680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 297.891923] ffff8801362e3700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 297.899287] ================================================================== [ 297.906712] ================================================================== [ 297.914068] BUG: KASAN: use-after-free in do_raw_spin_lock+0x2c1/0x2f0 at addr ffff8801362e3640 [ 297.922894] Read of size 8 by task swapper/0/0 [ 297.927473] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 4.8.0-syzkaller #0 [ 297.935524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 297.944868] 0000000000000000 ffff88013bc07b70 ffffffff82e4dd32 ffff88013b802a80 [ 297.952877] ffff8801362e2100 ffff8801362e4100 0000000000000101 dffffc0000000000 [ 297.964909] ffff88013bc07b98 ffffffff8171d43c ffff88013bc07c28 ffff88013b802a80 [ 297.972923] Call Trace: [ 297.975678] [] dump_stack+0x136/0x1d4 [ 297.982054] [] kasan_object_err+0x1c/0x70 [ 297.987828] [] kasan_report_error+0x1e2/0x4c0 [ 297.993958] [] __asan_report_load8_noabort+0x3e/0x40 [ 298.000715] [] ? debug_object_deactivate+0xc0/0x350 [ 298.007359] [] ? do_raw_spin_lock+0x2c1/0x2f0 [ 298.013487] [] do_raw_spin_lock+0x2c1/0x2f0 [ 298.019466] [] _raw_spin_lock+0x3e/0x50 [ 298.025252] [] ? br_multicast_group_expired+0x47/0x360 [ 298.032356] [] br_multicast_group_expired+0x47/0x360 [ 298.039087] [] call_timer_fn+0x14f/0x630 [ 298.044784] [] ? call_timer_fn+0xc9/0x630 [ 298.050615] [] ? br_mdb_free+0x70/0x70 [ 298.056269] [] ? process_timeout+0x10/0x10 [ 298.062132] [] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 298.068978] [] ? br_mdb_free+0x70/0x70 [ 298.074505] [] expire_timers+0x28f/0x460 [ 298.080226] [] run_timer_softirq+0x1a6/0x520 [ 298.086525] [] ? expire_timers+0x460/0x460 [ 298.092404] [] __do_softirq+0x2cb/0xa1c [ 298.098017] [] irq_exit+0x14f/0x190 [ 298.103436] [] smp_apic_timer_interrupt+0x7b/0xa0 [ 298.109927] [] apic_timer_interrupt+0x8c/0xa0 [ 298.116384] [] ? native_safe_halt+0x6/0x10 [ 298.123635] [] default_idle+0x4f/0x390 [ 298.129323] [] arch_cpu_idle+0xa/0x10 [ 298.134851] [] default_idle_call+0x48/0xa0 [ 298.140726] [] cpu_startup_entry+0x5ec/0x7e0 [ 298.146774] [] rest_init+0x152/0x160 [ 298.152114] [] start_kernel+0x4fd/0x523 [ 298.157726] [] ? thread_stack_cache_init+0x6/0x6 [ 298.164554] [] ? early_idt_handler_array+0x120/0x120 [ 298.171345] [] x86_64_start_reservations+0x2a/0x2c [ 298.177921] [] x86_64_start_kernel+0x17c/0x18b [ 298.185874] Object at ffff8801362e2100, in cache kmalloc-8192 size: 8192 [ 298.192862] Allocated: [ 298.195346] PID = 7529 [ 298.197842] [] save_stack_trace+0x26/0x50 [ 298.203749] [] kasan_kmalloc+0xee/0x180 [ 298.209494] [] __kmalloc+0x15f/0x3c0 [ 298.215006] [] alloc_netdev_mqs+0x940/0xda0 [ 298.221107] [] rtnl_create_link+0x132/0x830 [ 298.227205] [] rtnl_newlink+0xc55/0x1220 [ 298.233022] [] rtnetlink_rcv_msg+0x222/0x670 [ 298.239222] [] netlink_rcv_skb+0x242/0x350 [ 298.245484] [] rtnetlink_rcv+0x25/0x30 [ 298.251122] [] netlink_unicast+0x3df/0x570 [ 298.257101] [] netlink_sendmsg+0x9bb/0xb40 [ 298.263085] [] sock_sendmsg+0xb5/0xf0 [ 298.269254] [] SyS_sendto+0x1ca/0x2c0 [ 298.275688] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 298.282383] Freed: [ 298.284508] PID = 2978 [ 298.287052] [] save_stack_trace+0x26/0x50 [ 298.292973] [] kasan_slab_free+0xae/0x180 [ 298.298874] [] kfree+0x11b/0x3a0 [ 298.303986] [] kvfree+0x25/0x30 [ 298.309006] [] netdev_freemem+0x47/0x60 [ 298.314775] [] netdev_release+0x6c/0x90 [ 298.320528] [] device_release+0x71/0x1e0 [ 298.326379] [] kobject_put+0x146/0x400 [ 298.332032] [] netdev_run_todo+0x483/0x650 [ 298.338019] [] rtnl_unlock+0x9/0x10 [ 298.343402] [] default_device_exit_batch+0x2fe/0x3d0 [ 298.350250] [] ops_exit_list.isra.0+0xd6/0x120 [ 298.357320] [] cleanup_net+0x2d0/0x540 [ 298.362950] [] process_one_work+0x67d/0x14f0 [ 298.369129] [] worker_thread+0xda/0xf10 [ 298.374897] [] kthread+0x209/0x2d0 [ 298.380723] [] ret_from_fork+0x1f/0x40 [ 298.386377] Memory state around the buggy address: [ 298.391286] ffff8801362e3500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 298.398623] ffff8801362e3580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 298.406563] >ffff8801362e3600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 298.413910] ^ [ 298.419794] ffff8801362e3680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 298.427129] ffff8801362e3700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 298.434459] ================================================================== [ 298.441824] ================================================================== [ 298.449184] BUG: KASAN: use-after-free in do_raw_spin_lock+0x2a5/0x2f0 at addr ffff8801362e3638 [ 298.458005] Read of size 4 by task swapper/0/0 [ 298.462577] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 4.8.0-syzkaller #0 [ 298.470797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 298.480145] 0000000000000000 ffff88013bc07b70 ffffffff82e4dd32 ffff88013b802a80 [ 298.488185] ffff8801362e2100 ffff8801362e4100 0000000000000101 dffffc0000000000 [ 298.496188] ffff88013bc07b98 ffffffff8171d43c ffff88013bc07c28 ffff88013b802a80 [ 298.504223] Call Trace: [ 298.506778] [] dump_stack+0x136/0x1d4 [ 298.512968] [] kasan_object_err+0x1c/0x70 [ 298.518738] [] kasan_report_error+0x1e2/0x4c0 [ 298.524857] [] __asan_report_load4_noabort+0x3e/0x40 [ 298.531621] [] ? debug_object_deactivate+0xc0/0x350 [ 298.538263] [] ? do_raw_spin_lock+0x2a5/0x2f0 [ 298.544397] [] do_raw_spin_lock+0x2a5/0x2f0 [ 298.550350] [] _raw_spin_lock+0x3e/0x50 [ 298.555967] [] ? br_multicast_group_expired+0x47/0x360 [ 298.562971] [] br_multicast_group_expired+0x47/0x360 [ 298.569698] [] call_timer_fn+0x14f/0x630 [ 298.575396] [] ? call_timer_fn+0xc9/0x630 [ 298.581199] [] ? br_mdb_free+0x70/0x70 [ 298.586721] [] ? process_timeout+0x10/0x10 [ 298.592606] [] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 298.599542] [] ? br_mdb_free+0x70/0x70 [ 298.605070] [] expire_timers+0x28f/0x460 [ 298.611460] [] run_timer_softirq+0x1a6/0x520 [ 298.617525] [] ? expire_timers+0x460/0x460 [ 298.623660] [] __do_softirq+0x2cb/0xa1c [ 298.629283] [] irq_exit+0x14f/0x190 [ 298.634685] [] smp_apic_timer_interrupt+0x7b/0xa0 [ 298.641450] [] apic_timer_interrupt+0x8c/0xa0 [ 298.647856] [] ? native_safe_halt+0x6/0x10 [ 298.654580] [] default_idle+0x4f/0x390 [ 298.660373] [] arch_cpu_idle+0xa/0x10 [ 298.665815] [] default_idle_call+0x48/0xa0 [ 298.672326] [] cpu_startup_entry+0x5ec/0x7e0 [ 298.680037] [] rest_init+0x152/0x160 [ 298.686194] [] start_kernel+0x4fd/0x523 [ 298.692560] [] ? thread_stack_cache_init+0x6/0x6 [ 298.699549] [] ? early_idt_handler_array+0x120/0x120 [ 298.706694] [] x86_64_start_reservations+0x2a/0x2c [ 298.714324] [] x86_64_start_kernel+0x17c/0x18b [ 298.721663] Object at ffff8801362e2100, in cache kmalloc-8192 size: 8192 [ 298.729072] Allocated: [ 298.731746] PID = 7529 [ 298.734624] [] save_stack_trace+0x26/0x50 [ 298.741310] [] kasan_kmalloc+0xee/0x180 [ 298.748722] [] __kmalloc+0x15f/0x3c0 [ 298.754386] [] alloc_netdev_mqs+0x940/0xda0 [ 298.760983] [] rtnl_create_link+0x132/0x830 [ 298.768194] [] rtnl_newlink+0xc55/0x1220 [ 298.775158] [] rtnetlink_rcv_msg+0x222/0x670 [ 298.781414] [] netlink_rcv_skb+0x242/0x350 [ 298.787404] [] rtnetlink_rcv+0x25/0x30 [ 298.793135] [] netlink_unicast+0x3df/0x570 [ 298.799212] [] netlink_sendmsg+0x9bb/0xb40 [ 298.805203] [] sock_sendmsg+0xb5/0xf0 [ 298.810749] [] SyS_sendto+0x1ca/0x2c0 [ 298.816816] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 298.824057] Freed: [ 298.826366] PID = 2978 [ 298.829094] [] save_stack_trace+0x26/0x50 [ 298.837779] [] kasan_slab_free+0xae/0x180 [ 298.843683] [] kfree+0x11b/0x3a0 [ 298.848813] [] kvfree+0x25/0x30 [ 298.854380] [] netdev_freemem+0x47/0x60 [ 298.860176] [] netdev_release+0x6c/0x90 [ 298.866012] [] device_release+0x71/0x1e0 [ 298.871869] [] kobject_put+0x146/0x400 [ 298.877872] [] netdev_run_todo+0x483/0x650 [ 298.883905] [] rtnl_unlock+0x9/0x10 [ 298.889480] [] default_device_exit_batch+0x2fe/0x3d0 [ 298.897325] [] ops_exit_list.isra.0+0xd6/0x120 [ 298.903776] [] cleanup_net+0x2d0/0x540 [ 298.909588] [] process_one_work+0x67d/0x14f0 [ 298.916354] [] worker_thread+0xda/0xf10 [ 298.922205] [] kthread+0x209/0x2d0 [ 298.927512] [] ret_from_fork+0x1f/0x40 [ 298.933168] Memory state around the buggy address: [ 298.938163] ffff8801362e3500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 298.946035] ffff8801362e3580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 298.953380] >ffff8801362e3600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 298.960740] ^ [ 298.966095] ffff8801362e3680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 298.973432] ffff8801362e3700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 298.980763] ================================================================== [ 298.988150] ================================================================== [ 298.995525] BUG: KASAN: use-after-free in do_raw_spin_lock+0x298/0x2f0 at addr ffff8801362e3630 [ 299.004958] Read of size 4 by task swapper/0/0 [ 299.009528] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 4.8.0-syzkaller #0 [ 299.017661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 299.027139] 0000000000000000 ffff88013bc07b70 ffffffff82e4dd32 ffff88013b802a80 [ 299.035158] ffff8801362e2100 ffff8801362e4100 0000000000000101 dffffc0000000000 [ 299.043164] ffff88013bc07b98 ffffffff8171d43c ffff88013bc07c28 ffff88013b802a80 [ 299.051246] Call Trace: [ 299.053809] [] dump_stack+0x136/0x1d4 [ 299.060623] [] kasan_object_err+0x1c/0x70 [ 299.066402] [] kasan_report_error+0x1e2/0x4c0 [ 299.072554] [] __asan_report_load4_noabort+0x3e/0x40 [ 299.079495] [] ? debug_object_deactivate+0xc0/0x350 [ 299.086174] [] ? do_raw_spin_lock+0x298/0x2f0 [ 299.092295] [] do_raw_spin_lock+0x298/0x2f0 [ 299.098359] [] _raw_spin_lock+0x3e/0x50 [ 299.103996] [] ? br_multicast_group_expired+0x47/0x360 [ 299.110901] [] br_multicast_group_expired+0x47/0x360 [ 299.117640] [] call_timer_fn+0x14f/0x630 [ 299.123337] [] ? call_timer_fn+0xc9/0x630 [ 299.129108] [] ? br_mdb_free+0x70/0x70 [ 299.134619] [] ? process_timeout+0x10/0x10 [ 299.140997] [] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 299.147809] [] ? br_mdb_free+0x70/0x70 [ 299.153322] [] expire_timers+0x28f/0x460 [ 299.159040] [] run_timer_softirq+0x1a6/0x520 [ 299.165220] [] ? expire_timers+0x460/0x460 [ 299.171081] [] __do_softirq+0x2cb/0xa1c [ 299.176702] [] irq_exit+0x14f/0x190 [ 299.181956] [] smp_apic_timer_interrupt+0x7b/0xa0 [ 299.188524] [] apic_timer_interrupt+0x8c/0xa0 [ 299.194667] [] ? native_safe_halt+0x6/0x10 [ 299.201296] [] default_idle+0x4f/0x390 [ 299.206810] [] arch_cpu_idle+0xa/0x10 [ 299.212262] [] default_idle_call+0x48/0xa0 [ 299.218138] [] cpu_startup_entry+0x5ec/0x7e0 [ 299.224544] [] rest_init+0x152/0x160 [ 299.229898] [] start_kernel+0x4fd/0x523 [ 299.235511] [] ? thread_stack_cache_init+0x6/0x6 [ 299.241904] [] ? early_idt_handler_array+0x120/0x120 [ 299.248628] [] x86_64_start_reservations+0x2a/0x2c [ 299.255187] [] x86_64_start_kernel+0x17c/0x18b [ 299.261390] Object at ffff8801362e2100, in cache kmalloc-8192 size: 8192 [ 299.268212] Allocated: [ 299.270688] PID = 7529 [ 299.273170] [] save_stack_trace+0x26/0x50 [ 299.279082] [] kasan_kmalloc+0xee/0x180 [ 299.284811] [] __kmalloc+0x15f/0x3c0 [ 299.290389] [] alloc_netdev_mqs+0x940/0xda0 [ 299.296475] [] rtnl_create_link+0x132/0x830 [ 299.302539] [] rtnl_newlink+0xc55/0x1220 [ 299.308358] [] rtnetlink_rcv_msg+0x222/0x670 [ 299.314587] [] netlink_rcv_skb+0x242/0x350 [ 299.320578] [] rtnetlink_rcv+0x25/0x30 [ 299.326218] [] netlink_unicast+0x3df/0x570 [ 299.332201] [] netlink_sendmsg+0x9bb/0xb40 [ 299.338174] [] sock_sendmsg+0xb5/0xf0 [ 299.343737] [] SyS_sendto+0x1ca/0x2c0 [ 299.349285] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 299.355966] Freed: [ 299.358171] PID = 2978 [ 299.360636] [] save_stack_trace+0x26/0x50 [ 299.366527] [] kasan_slab_free+0xae/0x180 [ 299.372415] [] kfree+0x11b/0x3a0 [ 299.377528] [] kvfree+0x25/0x30 [ 299.382573] [] netdev_freemem+0x47/0x60 [ 299.388294] [] netdev_release+0x6c/0x90 [ 299.394024] [] device_release+0x71/0x1e0 [ 299.399907] [] kobject_put+0x146/0x400 [ 299.405535] [] netdev_run_todo+0x483/0x650 [ 299.411530] [] rtnl_unlock+0x9/0x10 [ 299.416916] [] default_device_exit_batch+0x2fe/0x3d0 [ 299.423856] [] ops_exit_list.isra.0+0xd6/0x120 [ 299.430196] [] cleanup_net+0x2d0/0x540 [ 299.435948] [] process_one_work+0x67d/0x14f0 [ 299.442103] [] worker_thread+0xda/0xf10 [ 299.447838] [] kthread+0x209/0x2d0 [ 299.451629] NOHZ: local_softirq_pending 08 [ 299.457326] [] ret_from_fork+0x1f/0x40 [ 299.462970] Memory state around the buggy address: [ 299.467871] ffff8801362e3500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 299.475199] ffff8801362e3580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 299.482615] >ffff8801362e3600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 299.489944] ^ [ 299.494841] ffff8801362e3680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 299.502168] ffff8801362e3700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 299.510201] ================================================================== [ 299.517745] ================================================================== [ 299.525103] BUG: KASAN: use-after-free in do_raw_spin_lock+0x2b2/0x2f0 at addr ffff8801362e3638 [ 299.533928] Write of size 4 by task swapper/0/0 [ 299.538583] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 4.8.0-syzkaller #0 [ 299.547050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 299.556388] 0000000000000000 ffff88013bc07b70 ffffffff82e4dd32 ffff88013b802a80 [ 299.564426] ffff8801362e2100 ffff8801362e4100 0000000000000000 dffffc0000000000 [ 299.572676] ffff88013bc07b98 ffffffff8171d43c ffff88013bc07c28 ffff88013b802a80 [ 299.580686] Call Trace: [ 299.583241] [] dump_stack+0x136/0x1d4 [ 299.589400] [] kasan_object_err+0x1c/0x70 [ 299.595170] [] kasan_report_error+0x1e2/0x4c0 [ 299.601288] [] __asan_report_store4_noabort+0x3e/0x40 [ 299.608113] [] ? debug_object_deactivate+0xc1/0x350 [ 299.614759] [] ? do_raw_spin_lock+0x2b2/0x2f0 [ 299.620917] [] do_raw_spin_lock+0x2b2/0x2f0 [ 299.626877] [] _raw_spin_lock+0x3e/0x50 [ 299.632494] [] ? br_multicast_group_expired+0x47/0x360 [ 299.639497] [] br_multicast_group_expired+0x47/0x360 [ 299.646225] [] call_timer_fn+0x14f/0x630 [ 299.651911] [] ? call_timer_fn+0xc9/0x630 [ 299.658058] [] ? br_mdb_free+0x70/0x70 [ 299.663566] [] ? process_timeout+0x10/0x10 [ 299.669440] [] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 299.676370] [] ? br_mdb_free+0x70/0x70 [ 299.681947] [] expire_timers+0x28f/0x460 [ 299.687669] [] run_timer_softirq+0x1a6/0x520 [ 299.693706] [] ? expire_timers+0x460/0x460 [ 299.699581] [] __do_softirq+0x2cb/0xa1c [ 299.705180] [] irq_exit+0x14f/0x190 [ 299.710525] [] smp_apic_timer_interrupt+0x7b/0xa0 [ 299.716992] [] apic_timer_interrupt+0x8c/0xa0 [ 299.723115] [] ? native_safe_halt+0x6/0x10 [ 299.731832] [] default_idle+0x4f/0x390 [ 299.737372] [] arch_cpu_idle+0xa/0x10 [ 299.742797] [] default_idle_call+0x48/0xa0 [ 299.748663] [] cpu_startup_entry+0x5ec/0x7e0 [ 299.754693] [] rest_init+0x152/0x160 [ 299.760029] [] start_kernel+0x4fd/0x523 [ 299.765632] [] ? thread_stack_cache_init+0x6/0x6 [ 299.772171] [] ? early_idt_handler_array+0x120/0x120 [ 299.778902] [] x86_64_start_reservations+0x2a/0x2c [ 299.785456] [] x86_64_start_kernel+0x17c/0x18b [ 299.791677] Object at ffff8801362e2100, in cache kmalloc-8192 size: 8192 [ 299.798493] Allocated: [ 299.800962] PID = 7529 [ 299.803432] [] save_stack_trace+0x26/0x50 [ 299.809344] [] kasan_kmalloc+0xee/0x180 [ 299.815061] [] __kmalloc+0x15f/0x3c0 [ 299.820539] [] alloc_netdev_mqs+0x940/0xda0 [ 299.826608] [] rtnl_create_link+0x132/0x830 [ 299.832685] [] rtnl_newlink+0xc55/0x1220 [ 299.838512] [] rtnetlink_rcv_msg+0x222/0x670 [ 299.844657] [] netlink_rcv_skb+0x242/0x350 [ 299.850631] [] rtnetlink_rcv+0x25/0x30 [ 299.856277] [] netlink_unicast+0x3df/0x570 [ 299.862324] [] netlink_sendmsg+0x9bb/0xb40 [ 299.868304] [] sock_sendmsg+0xb5/0xf0 [ 299.873843] [] SyS_sendto+0x1ca/0x2c0 [ 299.879828] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 299.886525] Freed: [ 299.888646] PID = 2978 [ 299.891118] [] save_stack_trace+0x26/0x50 [ 299.897035] [] kasan_slab_free+0xae/0x180 [ 299.902941] [] kfree+0x11b/0x3a0 [ 299.908083] [] kvfree+0x25/0x30 [ 299.913135] [] netdev_freemem+0x47/0x60 [ 299.919144] [] netdev_release+0x6c/0x90 [ 299.924896] [] device_release+0x71/0x1e0 [ 299.930863] [] kobject_put+0x146/0x400 [ 299.936852] [] netdev_run_todo+0x483/0x650 [ 299.942974] [] rtnl_unlock+0x9/0x10 [ 299.948406] [] default_device_exit_batch+0x2fe/0x3d0 [ 299.955273] [] ops_exit_list.isra.0+0xd6/0x120 [ 299.961617] [] cleanup_net+0x2d0/0x540 [ 299.967267] [] process_one_work+0x67d/0x14f0 [ 299.973447] [] worker_thread+0xda/0xf10 [ 299.979195] [] kthread+0x209/0x2d0 [ 299.984475] [] ret_from_fork+0x1f/0x40 [ 299.990098] Memory state around the buggy address: [ 299.995008] ffff8801362e3500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 300.002401] ffff8801362e3580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 300.009929] >ffff8801362e3600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 300.017664] ^ [ 300.022922] ffff8801362e3680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 300.030391] ffff8801362e3700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 300.037725] ================================================================== [ 300.045104] ================================================================== [ 300.053238] BUG: KASAN: use-after-free in do_raw_spin_lock+0x2e5/0x2f0 at addr ffff8801362e3640 [ 300.062096] Write of size 8 by task swapper/0/0 [ 300.066751] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 4.8.0-syzkaller #0 [ 300.074810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 300.084144] 0000000000000000 ffff88013bc07b70 ffffffff82e4dd32 ffff88013b802a80 [ 300.092149] ffff8801362e2100 ffff8801362e4100 0000000000000000 dffffc0000000000 [ 300.100156] ffff88013bc07b98 ffffffff8171d43c ffff88013bc07c28 ffff88013b802a80 [ 300.108159] Call Trace: [ 300.110723] [] dump_stack+0x136/0x1d4 [ 300.116989] [] kasan_object_err+0x1c/0x70 [ 300.122758] [] kasan_report_error+0x1e2/0x4c0 [ 300.128889] [] __asan_report_store8_noabort+0x3e/0x40 [ 300.135723] [] ? debug_object_deactivate+0xc1/0x350 [ 300.142494] [] ? do_raw_spin_lock+0x2e5/0x2f0 [ 300.148700] [] do_raw_spin_lock+0x2e5/0x2f0 [ 300.154659] [] _raw_spin_lock+0x3e/0x50 [ 300.160693] [] ? br_multicast_group_expired+0x47/0x360 [ 300.167592] [] br_multicast_group_expired+0x47/0x360 [ 300.174420] [] call_timer_fn+0x14f/0x630 [ 300.180103] [] ? call_timer_fn+0xc9/0x630 [ 300.185870] [] ? br_mdb_free+0x70/0x70 [ 300.191404] [] ? process_timeout+0x10/0x10 [ 300.197266] [] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 300.204076] [] ? br_mdb_free+0x70/0x70 [ 300.209583] [] expire_timers+0x28f/0x460 [ 300.215276] [] run_timer_softirq+0x1a6/0x520 [ 300.222953] [] ? expire_timers+0x460/0x460 [ 300.228818] [] __do_softirq+0x2cb/0xa1c [ 300.234489] [] irq_exit+0x14f/0x190 [ 300.239769] [] smp_apic_timer_interrupt+0x7b/0xa0 [ 300.246243] [] apic_timer_interrupt+0x8c/0xa0 [ 300.252360] [] ? native_safe_halt+0x6/0x10 [ 300.259051] [] default_idle+0x4f/0x390 [ 300.264579] [] arch_cpu_idle+0xa/0x10 [ 300.270269] [] default_idle_call+0x48/0xa0 [ 300.276136] [] cpu_startup_entry+0x5ec/0x7e0 [ 300.282184] [] rest_init+0x152/0x160 [ 300.287518] [] start_kernel+0x4fd/0x523 [ 300.293389] [] ? thread_stack_cache_init+0x6/0x6 [ 300.299971] [] ? early_idt_handler_array+0x120/0x120 [ 300.306706] [] x86_64_start_reservations+0x2a/0x2c [ 300.313260] [] x86_64_start_kernel+0x17c/0x18b [ 300.319516] Object at ffff8801362e2100, in cache kmalloc-8192 size: 8192 [ 300.326329] Allocated: [ 300.328807] PID = 7529 [ 300.331281] [] save_stack_trace+0x26/0x50 [ 300.337204] [] kasan_kmalloc+0xee/0x180 [ 300.344068] [] __kmalloc+0x15f/0x3c0 [ 300.349553] [] alloc_netdev_mqs+0x940/0xda0 [ 300.355801] [] rtnl_create_link+0x132/0x830 [ 300.361872] [] rtnl_newlink+0xc55/0x1220 [ 300.367700] [] rtnetlink_rcv_msg+0x222/0x670 [ 300.373864] [] netlink_rcv_skb+0x242/0x350 [ 300.379853] [] rtnetlink_rcv+0x25/0x30 [ 300.385875] [] netlink_unicast+0x3df/0x570 [ 300.392145] [] netlink_sendmsg+0x9bb/0xb40 [ 300.398157] [] sock_sendmsg+0xb5/0xf0 [ 300.403717] [] SyS_sendto+0x1ca/0x2c0 [ 300.409272] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 300.416050] Freed: [ 300.418185] PID = 2978 [ 300.420653] [] save_stack_trace+0x26/0x50 [ 300.427336] [] kasan_slab_free+0xae/0x180 [ 300.433402] [] kfree+0x11b/0x3a0 [ 300.438529] [] kvfree+0x25/0x30 [ 300.443714] [] netdev_freemem+0x47/0x60 [ 300.449458] [] netdev_release+0x6c/0x90 [ 300.455192] [] device_release+0x71/0x1e0 [ 300.461006] [] kobject_put+0x146/0x400 [ 300.466647] [] netdev_run_todo+0x483/0x650 [ 300.472625] [] rtnl_unlock+0x9/0x10 [ 300.478021] [] default_device_exit_batch+0x2fe/0x3d0 [ 300.484960] [] ops_exit_list.isra.0+0xd6/0x120 [ 300.491815] [] cleanup_net+0x2d0/0x540 [ 300.497459] [] process_one_work+0x67d/0x14f0 [ 300.503638] [] worker_thread+0xda/0xf10 [ 300.509377] [] kthread+0x209/0x2d0 [ 300.514691] [] ret_from_fork+0x1f/0x40 [ 300.522345] Memory state around the buggy address: [ 300.527251] ffff8801362e3500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 300.534595] ffff8801362e3580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 300.541928] >ffff8801362e3600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 300.549264] ^ [ 300.554711] ffff8801362e3680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 300.562039] ffff8801362e3700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 300.569375] ================================================================== [ 300.577262] ================================================================== [ 300.584632] BUG: KASAN: use-after-free in br_multicast_group_expired+0x346/0x360 at addr ffff8801362e2b88 [ 300.594322] Read of size 8 by task swapper/0/0 [ 300.599843] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 4.8.0-syzkaller #0 [ 300.607902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 300.617595] 0000000000000000 ffff88013bc07bd0 ffffffff82e4dd32 ffff88013b802a80 [ 300.625640] ffff8801362e2100 ffff8801362e4100 0000000000000101 dffffc0000000000 [ 300.633630] ffff88013bc07bf8 ffffffff8171d43c ffff88013bc07c88 ffff88013b802a80 [ 300.641769] Call Trace: [ 300.644323] [] dump_stack+0x136/0x1d4 [ 300.650492] [] kasan_object_err+0x1c/0x70 [ 300.656284] [] kasan_report_error+0x1e2/0x4c0 [ 300.662413] [] ? debug_object_deactivate+0xc1/0x350 [ 300.669139] [] ? do_raw_spin_lock+0x2e5/0x2f0 [ 300.675274] [] __asan_report_load8_noabort+0x3e/0x40 [ 300.682025] [] ? br_mdb_free+0x70/0x70 [ 300.687537] [] ? br_multicast_group_expired+0x346/0x360 [ 300.694534] [] br_multicast_group_expired+0x346/0x360 [ 300.701351] [] call_timer_fn+0x14f/0x630 [ 300.707544] [] ? call_timer_fn+0xc9/0x630 [ 300.713321] [] ? br_mdb_free+0x70/0x70 [ 300.718842] [] ? process_timeout+0x10/0x10 [ 300.724706] [] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 300.731524] [] ? br_mdb_free+0x70/0x70 [ 300.737211] [] expire_timers+0x28f/0x460 [ 300.742902] [] run_timer_softirq+0x1a6/0x520 [ 300.748929] [] ? expire_timers+0x460/0x460 [ 300.754796] [] __do_softirq+0x2cb/0xa1c [ 300.760400] [] irq_exit+0x14f/0x190 [ 300.765647] [] smp_apic_timer_interrupt+0x7b/0xa0 [ 300.772111] [] apic_timer_interrupt+0x8c/0xa0 [ 300.778222] [] ? native_safe_halt+0x6/0x10 [ 300.784829] [] default_idle+0x4f/0x390 [ 300.790337] [] arch_cpu_idle+0xa/0x10 [ 300.795769] [] default_idle_call+0x48/0xa0 [ 300.801626] [] cpu_startup_entry+0x5ec/0x7e0 [ 300.807664] [] rest_init+0x152/0x160 [ 300.812999] [] start_kernel+0x4fd/0x523 [ 300.818591] [] ? thread_stack_cache_init+0x6/0x6 [ 300.826367] [] ? early_idt_handler_array+0x120/0x120 [ 300.833102] [] x86_64_start_reservations+0x2a/0x2c [ 300.839662] [] x86_64_start_kernel+0x17c/0x18b [ 300.845868] Object at ffff8801362e2100, in cache kmalloc-8192 size: 8192 [ 300.852847] Allocated: [ 300.855327] PID = 7529 [ 300.857792] [] save_stack_trace+0x26/0x50 [ 300.863692] [] kasan_kmalloc+0xee/0x180 [ 300.870329] [] __kmalloc+0x15f/0x3c0 [ 300.875872] [] alloc_netdev_mqs+0x940/0xda0 [ 300.881955] [] rtnl_create_link+0x132/0x830 [ 300.888021] [] rtnl_newlink+0xc55/0x1220 [ 300.894017] [] rtnetlink_rcv_msg+0x222/0x670 [ 300.901158] [] netlink_rcv_skb+0x242/0x350 [ 300.907152] [] rtnetlink_rcv+0x25/0x30 [ 300.912944] [] netlink_unicast+0x3df/0x570 [ 300.918924] [] netlink_sendmsg+0x9bb/0xb40 [ 300.924922] [] sock_sendmsg+0xb5/0xf0 [ 300.930483] [] SyS_sendto+0x1ca/0x2c0 [ 300.936125] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 300.942919] Freed: [ 300.945054] PID = 2978 [ 300.947608] [] save_stack_trace+0x26/0x50 [ 300.953667] [] kasan_slab_free+0xae/0x180 [ 300.959585] [] kfree+0x11b/0x3a0 [ 300.964868] [] kvfree+0x25/0x30 [ 300.969899] [] netdev_freemem+0x47/0x60 [ 300.975965] [] netdev_release+0x6c/0x90 [ 300.981703] [] device_release+0x71/0x1e0 [ 300.987553] [] kobject_put+0x146/0x400 [ 300.993228] [] netdev_run_todo+0x483/0x650 [ 300.999241] [] rtnl_unlock+0x9/0x10 [ 301.004619] [] default_device_exit_batch+0x2fe/0x3d0 [ 301.011468] [] ops_exit_list.isra.0+0xd6/0x120 [ 301.017796] [] cleanup_net+0x2d0/0x540 [ 301.023456] [] process_one_work+0x67d/0x14f0 [ 301.029620] [] worker_thread+0xda/0xf10 [ 301.035511] [] kthread+0x209/0x2d0 [ 301.040803] [] ret_from_fork+0x1f/0x40 [ 301.046458] Memory state around the buggy address: [ 301.051375] ffff8801362e2a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 301.058708] ffff8801362e2b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 301.066045] >ffff8801362e2b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 301.073381] ^ [ 301.076981] ffff8801362e2c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 301.084750] ffff8801362e2c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 301.092091] ================================================================== [ 301.099613] ================================================================== [ 301.106970] BUG: KASAN: use-after-free in br_multicast_group_expired+0x33c/0x360 at addr ffff8801362e2148 [ 301.116662] Read of size 8 by task swapper/0/0 [ 301.121232] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 4.8.0-syzkaller #0 [ 301.129268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 301.138606] 0000000000000000 ffff88013bc07bd0 ffffffff82e4dd32 ffff88013b802a80 [ 301.146697] ffff8801362e2100 ffff8801362e4100 ffff8801362e2100 dffffc0000000000 [ 301.154697] ffff88013bc07bf8 ffffffff8171d43c ffff88013bc07c88 ffff88013b802a80 [ 301.162932] Call Trace: [ 301.165504] [] dump_stack+0x136/0x1d4 [ 301.171767] [] kasan_object_err+0x1c/0x70 [ 301.177637] [] kasan_report_error+0x1e2/0x4c0 [ 301.183753] [] __asan_report_load8_noabort+0x3e/0x40 [ 301.190669] [] ? br_mdb_free+0x70/0x70 [ 301.196188] [] ? br_multicast_group_expired+0x33c/0x360 [ 301.203173] [] br_multicast_group_expired+0x33c/0x360 [ 301.209984] [] call_timer_fn+0x14f/0x630 [ 301.215665] [] ? call_timer_fn+0xc9/0x630 [ 301.221437] [] ? br_mdb_free+0x70/0x70 [ 301.226959] [] ? process_timeout+0x10/0x10 [ 301.232822] [] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 301.239648] [] ? br_mdb_free+0x70/0x70 [ 301.245161] [] expire_timers+0x28f/0x460 [ 301.250843] [] run_timer_softirq+0x1a6/0x520 [ 301.256886] [] ? expire_timers+0x460/0x460 [ 301.262744] [] __do_softirq+0x2cb/0xa1c [ 301.268338] [] irq_exit+0x14f/0x190 [ 301.273584] [] smp_apic_timer_interrupt+0x7b/0xa0 [ 301.280044] [] apic_timer_interrupt+0x8c/0xa0 [ 301.286164] [] ? native_safe_halt+0x6/0x10 [ 301.292896] [] default_idle+0x4f/0x390 [ 301.298414] [] arch_cpu_idle+0xa/0x10 [ 301.303851] [] default_idle_call+0x48/0xa0 [ 301.309718] [] cpu_startup_entry+0x5ec/0x7e0 [ 301.315762] [] rest_init+0x152/0x160 [ 301.321098] [] start_kernel+0x4fd/0x523 [ 301.326868] [] ? thread_stack_cache_init+0x6/0x6 [ 301.333253] [] ? early_idt_handler_array+0x120/0x120 [ 301.339974] [] x86_64_start_reservations+0x2a/0x2c [ 301.346643] [] x86_64_start_kernel+0x17c/0x18b [ 301.352852] Object at ffff8801362e2100, in cache kmalloc-8192 size: 8192 [ 301.359677] Allocated: [ 301.362145] PID = 7529 [ 301.364619] [] save_stack_trace+0x26/0x50 [ 301.370530] [] kasan_kmalloc+0xee/0x180 [ 301.376249] [] __kmalloc+0x15f/0x3c0 [ 301.381704] [] alloc_netdev_mqs+0x940/0xda0 [ 301.387767] [] rtnl_create_link+0x132/0x830 [ 301.393826] [] rtnl_newlink+0xc55/0x1220 [ 301.399646] [] rtnetlink_rcv_msg+0x222/0x670 [ 301.405818] [] netlink_rcv_skb+0x242/0x350 [ 301.411795] [] rtnetlink_rcv+0x25/0x30 [ 301.417444] [] netlink_unicast+0x3df/0x570 [ 301.423420] [] netlink_sendmsg+0x9bb/0xb40 [ 301.429638] [] sock_sendmsg+0xb5/0xf0 [ 301.435203] [] SyS_sendto+0x1ca/0x2c0 [ 301.440744] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 301.447423] Freed: [ 301.449988] PID = 2978 [ 301.452541] [] save_stack_trace+0x26/0x50 [ 301.458464] [] kasan_slab_free+0xae/0x180 [ 301.464366] [] kfree+0x11b/0x3a0 [ 301.469475] [] kvfree+0x25/0x30 [ 301.474585] [] netdev_freemem+0x47/0x60 [ 301.480348] [] netdev_release+0x6c/0x90 [ 301.486078] [] device_release+0x71/0x1e0 [ 301.491890] [] kobject_put+0x146/0x400 [ 301.497541] [] netdev_run_todo+0x483/0x650 [ 301.503537] [] rtnl_unlock+0x9/0x10 [ 301.508920] [] default_device_exit_batch+0x2fe/0x3d0 [ 301.515775] [] ops_exit_list.isra.0+0xd6/0x120 [ 301.522308] [] cleanup_net+0x2d0/0x540 [ 301.527949] [] process_one_work+0x67d/0x14f0 [ 301.534535] [] worker_thread+0xda/0xf10 [ 301.540292] [] kthread+0x209/0x2d0 [ 301.545822] [] ret_from_fork+0x1f/0x40 [ 301.551495] Memory state around the buggy address: [ 301.556462] ffff8801362e2000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 301.563797] ffff8801362e2080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 301.571137] >ffff8801362e2100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 301.578678] ^ [ 301.584402] ffff8801362e2180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 301.592173] ffff8801362e2200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 301.599522] ================================================================== [ 301.607295] ================================================================== [ 301.615002] BUG: KASAN: use-after-free in do_raw_spin_unlock+0x20f/0x250 at addr ffff8801362e3634 [ 301.624002] Read of size 4 by task swapper/0/0 [ 301.628569] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 4.8.0-syzkaller #0 [ 301.636625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 301.645989] 0000000000000000 ffff88013bc07b90 ffffffff82e4dd32 ffff88013b802a80 [ 301.654016] ffff8801362e2100 ffff8801362e4100 ffff8801362e2100 dffffc0000000000 [ 301.662030] ffff88013bc07bb8 ffffffff8171d43c ffff88013bc07c48 ffff88013b802a80 [ 301.670018] Call Trace: [ 301.672607] [] dump_stack+0x136/0x1d4 [ 301.678781] [] kasan_object_err+0x1c/0x70 [ 301.684564] [] kasan_report_error+0x1e2/0x4c0 [ 301.690767] [] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 301.697672] [] ? kasan_report_error+0x415/0x4c0 [ 301.703968] [] __asan_report_load4_noabort+0x3e/0x40 [ 301.711131] [] ? do_raw_spin_unlock+0x20f/0x250 [ 301.717571] [] do_raw_spin_unlock+0x20f/0x250 [ 301.723703] [] _raw_spin_unlock+0x22/0x50 [ 301.729615] [] br_multicast_group_expired+0xc1/0x360 [ 301.736885] [] call_timer_fn+0x14f/0x630 [ 301.742867] [] ? call_timer_fn+0xc9/0x630 [ 301.748653] [] ? br_mdb_free+0x70/0x70 [ 301.754205] [] ? process_timeout+0x10/0x10 [ 301.760064] [] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 301.766877] [] ? br_mdb_free+0x70/0x70 [ 301.772534] [] expire_timers+0x28f/0x460 [ 301.778265] [] run_timer_softirq+0x1a6/0x520 [ 301.784310] [] ? expire_timers+0x460/0x460 [ 301.790205] [] __do_softirq+0x2cb/0xa1c [ 301.795824] [] irq_exit+0x14f/0x190 [ 301.801077] [] smp_apic_timer_interrupt+0x7b/0xa0 [ 301.807904] [] apic_timer_interrupt+0x8c/0xa0 [ 301.814035] [] ? native_safe_halt+0x6/0x10 [ 301.820689] [] default_idle+0x4f/0x390 [ 301.826205] [] arch_cpu_idle+0xa/0x10 [ 301.831665] [] default_idle_call+0x48/0xa0 [ 301.837536] [] cpu_startup_entry+0x5ec/0x7e0 [ 301.844023] [] rest_init+0x152/0x160 [ 301.851272] [] start_kernel+0x4fd/0x523 [ 301.856879] [] ? thread_stack_cache_init+0x6/0x6 [ 301.863264] [] ? early_idt_handler_array+0x120/0x120 [ 301.870012] [] x86_64_start_reservations+0x2a/0x2c [ 301.876578] [] x86_64_start_kernel+0x17c/0x18b [ 301.882789] Object at ffff8801362e2100, in cache kmalloc-8192 size: 8192 [ 301.889601] Allocated: [ 301.892242] PID = 7529 [ 301.895141] [] save_stack_trace+0x26/0x50 [ 301.901033] [] kasan_kmalloc+0xee/0x180 [ 301.906767] [] __kmalloc+0x15f/0x3c0 [ 301.912227] [] alloc_netdev_mqs+0x940/0xda0 [ 301.918389] [] rtnl_create_link+0x132/0x830 [ 301.924453] [] rtnl_newlink+0xc55/0x1220 [ 301.930261] [] rtnetlink_rcv_msg+0x222/0x670 [ 301.936429] [] netlink_rcv_skb+0x242/0x350 [ 301.942406] [] rtnetlink_rcv+0x25/0x30 [ 301.948523] [] netlink_unicast+0x3df/0x570 [ 301.954524] [] netlink_sendmsg+0x9bb/0xb40 [ 301.960633] [] sock_sendmsg+0xb5/0xf0 [ 301.966309] [] SyS_sendto+0x1ca/0x2c0 [ 301.971863] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 301.978559] Freed: [ 301.980680] PID = 2978 [ 301.983148] [] save_stack_trace+0x26/0x50 [ 301.989040] [] kasan_slab_free+0xae/0x180 [ 301.994943] [] kfree+0x11b/0x3a0 [ 302.000321] [] kvfree+0x25/0x30 [ 302.005356] [] netdev_freemem+0x47/0x60 [ 302.011079] [] netdev_release+0x6c/0x90 [ 302.016990] [] device_release+0x71/0x1e0 [ 302.023420] [] kobject_put+0x146/0x400 [ 302.029057] [] netdev_run_todo+0x483/0x650 [ 302.035047] [] rtnl_unlock+0x9/0x10 [ 302.040416] [] default_device_exit_batch+0x2fe/0x3d0 [ 302.047271] [] ops_exit_list.isra.0+0xd6/0x120 [ 302.053598] [] cleanup_net+0x2d0/0x540 [ 302.061292] [] process_one_work+0x67d/0x14f0 [ 302.067446] [] worker_thread+0xda/0xf10 [ 302.073177] [] kthread+0x209/0x2d0 [ 302.078467] [] ret_from_fork+0x1f/0x40 [ 302.084113] Memory state around the buggy address: [ 302.089014] ffff8801362e3500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 302.096636] ffff8801362e3580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 302.103988] >ffff8801362e3600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 302.111331] ^ [ 302.116289] ffff8801362e3680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 302.123646] ffff8801362e3700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 302.130987] ================================================================== [ 302.138375] ================================================================== [ 302.145733] BUG: KASAN: use-after-free in do_raw_spin_unlock+0x205/0x250 at addr ffff8801362e3630 [ 302.154728] Read of size 4 by task swapper/0/0 [ 302.159332] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 4.8.0-syzkaller #0 [ 302.167387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 302.176780] 0000000000000000 ffff88013bc07b90 ffffffff82e4dd32 ffff88013b802a80 [ 302.184804] ffff8801362e2100 ffff8801362e4100 ffff8801362e2100 dffffc0000000000 [ 302.192839] ffff88013bc07bb8 ffffffff8171d43c ffff88013bc07c48 ffff88013b802a80 [ 302.200822] Call Trace: [ 302.203434] [] dump_stack+0x136/0x1d4 [ 302.209740] [] kasan_object_err+0x1c/0x70 [ 302.215546] [] kasan_report_error+0x1e2/0x4c0 [ 302.221694] [] __asan_report_load4_noabort+0x3e/0x40 [ 302.228438] [] ? do_raw_spin_unlock+0x205/0x250 [ 302.234734] [] do_raw_spin_unlock+0x205/0x250 [ 302.240857] [] _raw_spin_unlock+0x22/0x50 [ 302.246629] [] br_multicast_group_expired+0xc1/0x360 [ 302.253371] [] call_timer_fn+0x14f/0x630 [ 302.259068] [] ? call_timer_fn+0xc9/0x630 [ 302.264858] [] ? br_mdb_free+0x70/0x70 [ 302.270425] [] ? process_timeout+0x10/0x10 [ 302.276302] [] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 302.283407] [] ? br_mdb_free+0x70/0x70 [ 302.288924] [] expire_timers+0x28f/0x460 [ 302.294610] [] run_timer_softirq+0x1a6/0x520 [ 302.301967] [] ? expire_timers+0x460/0x460 [ 302.307930] [] __do_softirq+0x2cb/0xa1c [ 302.313529] [] irq_exit+0x14f/0x190 [ 302.318843] [] smp_apic_timer_interrupt+0x7b/0xa0 [ 302.325323] [] apic_timer_interrupt+0x8c/0xa0 [ 302.331468] [] ? native_safe_halt+0x6/0x10 [ 302.338244] [] default_idle+0x4f/0x390 [ 302.343763] [] arch_cpu_idle+0xa/0x10 [ 302.349207] [] default_idle_call+0x48/0xa0 [ 302.355080] [] cpu_startup_entry+0x5ec/0x7e0 [ 302.361115] [] rest_init+0x152/0x160 [ 302.366456] [] start_kernel+0x4fd/0x523 [ 302.372084] [] ? thread_stack_cache_init+0x6/0x6 [ 302.378575] [] ? early_idt_handler_array+0x120/0x120 [ 302.385300] [] x86_64_start_reservations+0x2a/0x2c [ 302.392142] [] x86_64_start_kernel+0x17c/0x18b [ 302.398384] Object at ffff8801362e2100, in cache kmalloc-8192 size: 8192 [ 302.405208] Allocated: [ 302.407691] PID = 7529 [ 302.410161] [] save_stack_trace+0x26/0x50 [ 302.416197] [] kasan_kmalloc+0xee/0x180 [ 302.422792] [] __kmalloc+0x15f/0x3c0 [ 302.428264] [] alloc_netdev_mqs+0x940/0xda0 [ 302.434431] [] rtnl_create_link+0x132/0x830 [ 302.440510] [] rtnl_newlink+0xc55/0x1220 [ 302.446334] [] rtnetlink_rcv_msg+0x222/0x670 [ 302.452527] [] netlink_rcv_skb+0x242/0x350 [ 302.458504] [] rtnetlink_rcv+0x25/0x30 [ 302.464855] [] netlink_unicast+0x3df/0x570 [ 302.470844] [] netlink_sendmsg+0x9bb/0xb40 [ 302.476989] [] sock_sendmsg+0xb5/0xf0 [ 302.482532] [] SyS_sendto+0x1ca/0x2c0 [ 302.488080] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 302.494774] Freed: [ 302.497005] PID = 2978 [ 302.499470] [] save_stack_trace+0x26/0x50 [ 302.505384] [] kasan_slab_free+0xae/0x180 [ 302.511296] [] kfree+0x11b/0x3a0 [ 302.516548] [] kvfree+0x25/0x30 [ 302.521602] [] netdev_freemem+0x47/0x60 [ 302.534022] [] netdev_release+0x6c/0x90 [ 302.539838] [] device_release+0x71/0x1e0 [ 302.545759] [] kobject_put+0x146/0x400 [ 302.551393] [] netdev_run_todo+0x483/0x650 [ 302.557369] [] rtnl_unlock+0x9/0x10 [ 302.562737] [] default_device_exit_batch+0x2fe/0x3d0 [ 302.569621] [] ops_exit_list.isra.0+0xd6/0x120 [ 302.575959] [] cleanup_net+0x2d0/0x540 [ 302.581596] [] process_one_work+0x67d/0x14f0 [ 302.587757] [] worker_thread+0xda/0xf10 [ 302.593480] [] kthread+0x209/0x2d0 [ 302.598761] [] ret_from_fork+0x1f/0x40 [ 302.604394] Memory state around the buggy address: [ 302.609318] ffff8801362e3500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 302.616651] ffff8801362e3580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 302.623983] >ffff8801362e3600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 302.631334] ^ [ 302.636242] ffff8801362e3680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 302.643571] ffff8801362e3700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 302.651154] ================================================================== [ 302.658521] ================================================================== [ 302.665873] BUG: KASAN: use-after-free in do_raw_spin_unlock+0x229/0x250 at addr ffff8801362e3640 [ 302.674868] Read of size 8 by task swapper/0/0 [ 302.679438] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 4.8.0-syzkaller #0 [ 302.687473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 302.697847] 0000000000000000 ffff88013bc07b90 ffffffff82e4dd32 ffff88013b802a80 [ 302.705838] ffff8801362e2100 ffff8801362e4100 ffff8801362e2100 dffffc0000000000 [ 302.713880] ffff88013bc07bb8 ffffffff8171d43c ffff88013bc07c48 ffff88013b802a80 [ 302.721860] Call Trace: [ 302.724413] [] dump_stack+0x136/0x1d4 [ 302.730580] [] kasan_object_err+0x1c/0x70 [ 302.736353] [] kasan_report_error+0x1e2/0x4c0 [ 302.742485] [] __asan_report_load8_noabort+0x3e/0x40 [ 302.749223] [] ? do_raw_spin_unlock+0x229/0x250 [ 302.755736] [] do_raw_spin_unlock+0x229/0x250 [ 302.761922] [] _raw_spin_unlock+0x22/0x50 [ 302.767701] [] br_multicast_group_expired+0xc1/0x360 [ 302.774433] [] call_timer_fn+0x14f/0x630 [ 302.780117] [] ? call_timer_fn+0xc9/0x630 [ 302.785891] [] ? br_mdb_free+0x70/0x70 [ 302.791416] [] ? process_timeout+0x10/0x10 [ 302.797282] [] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 302.804098] [] ? br_mdb_free+0x70/0x70 [ 302.809607] [] expire_timers+0x28f/0x460 [ 302.815311] [] run_timer_softirq+0x1a6/0x520 [ 302.821349] [] ? expire_timers+0x460/0x460 [ 302.827212] [] __do_softirq+0x2cb/0xa1c [ 302.832822] [] irq_exit+0x14f/0x190 [ 302.838086] [] smp_apic_timer_interrupt+0x7b/0xa0 [ 302.844558] [] apic_timer_interrupt+0x8c/0xa0 [ 302.850674] [] ? native_safe_halt+0x6/0x10 [ 302.857328] [] default_idle+0x4f/0x390 [ 302.862848] [] arch_cpu_idle+0xa/0x10 [ 302.868617] [] default_idle_call+0x48/0xa0 [ 302.874660] [] cpu_startup_entry+0x5ec/0x7e0 [ 302.880700] [] rest_init+0x152/0x160 [ 302.886064] [] start_kernel+0x4fd/0x523 [ 302.891683] [] ? thread_stack_cache_init+0x6/0x6 [ 302.898074] [] ? early_idt_handler_array+0x120/0x120 [ 302.904915] [] x86_64_start_reservations+0x2a/0x2c [ 302.911486] [] x86_64_start_kernel+0x17c/0x18b [ 302.917704] Object at ffff8801362e2100, in cache kmalloc-8192 size: 8192 [ 302.924515] Allocated: [ 302.927007] PID = 7529 [ 302.929476] [] save_stack_trace+0x26/0x50 [ 302.935573] [] kasan_kmalloc+0xee/0x180 [ 302.941333] [] __kmalloc+0x15f/0x3c0 [ 302.946796] [] alloc_netdev_mqs+0x940/0xda0 [ 302.952881] [] rtnl_create_link+0x132/0x830 [ 302.958955] [] rtnl_newlink+0xc55/0x1220 [ 302.964774] [] rtnetlink_rcv_msg+0x222/0x670 [ 302.970956] [] netlink_rcv_skb+0x242/0x350 [ 302.977564] [] rtnetlink_rcv+0x25/0x30 [ 302.983199] [] netlink_unicast+0x3df/0x570 [ 302.989228] [] netlink_sendmsg+0x9bb/0xb40 [ 302.995219] [] sock_sendmsg+0xb5/0xf0 [ 303.000775] [] SyS_sendto+0x1ca/0x2c0 [ 303.006329] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 303.013002] Freed: [ 303.015121] PID = 2978 [ 303.017586] [] save_stack_trace+0x26/0x50 [ 303.023491] [] kasan_slab_free+0xae/0x180 [ 303.029391] [] kfree+0x11b/0x3a0 [ 303.034505] [] kvfree+0x25/0x30 [ 303.039547] [] netdev_freemem+0x47/0x60 [ 303.045295] [] netdev_release+0x6c/0x90 [ 303.051009] [] device_release+0x71/0x1e0 [ 303.056810] [] kobject_put+0x146/0x400 [ 303.062441] [] netdev_run_todo+0x483/0x650 [ 303.068412] [] rtnl_unlock+0x9/0x10 [ 303.073785] [] default_device_exit_batch+0x2fe/0x3d0 [ 303.080629] [] ops_exit_list.isra.0+0xd6/0x120 [ 303.086953] [] cleanup_net+0x2d0/0x540 [ 303.092773] [] process_one_work+0x67d/0x14f0 [ 303.098938] [] worker_thread+0xda/0xf10 [ 303.104665] [] kthread+0x209/0x2d0 [ 303.109956] [] ret_from_fork+0x1f/0x40 [ 303.115610] Memory state around the buggy address: [ 303.120598] ffff8801362e3500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 303.127936] ffff8801362e3580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 303.135267] >ffff8801362e3600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 303.142604] ^ [ 303.148034] ffff8801362e3680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 303.160325] ffff8801362e3700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 303.167932] ================================================================== [ 303.175297] ================================================================== [ 303.182651] BUG: KASAN: use-after-free in do_raw_spin_unlock+0x1f8/0x250 at addr ffff8801362e3638 [ 303.191669] Read of size 4 by task swapper/0/0 [ 303.196241] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 4.8.0-syzkaller #0 [ 303.204385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 303.213726] 0000000000000000 ffff88013bc07b90 ffffffff82e4dd32 ffff88013b802a80 [ 303.221753] ffff8801362e2100 ffff8801362e4100 ffff8801362e2100 dffffc0000000000 [ 303.229757] ffff88013bc07bb8 ffffffff8171d43c ffff88013bc07c48 ffff88013b802a80 [ 303.237862] Call Trace: [ 303.240432] [] dump_stack+0x136/0x1d4 [ 303.246630] [] kasan_object_err+0x1c/0x70 [ 303.252414] [] kasan_report_error+0x1e2/0x4c0 [ 303.258535] [] __asan_report_load4_noabort+0x3e/0x40 [ 303.265278] [] ? do_raw_spin_unlock+0x1f8/0x250 [ 303.271569] [] do_raw_spin_unlock+0x1f8/0x250 [ 303.277789] [] _raw_spin_unlock+0x22/0x50 [ 303.283570] [] br_multicast_group_expired+0xc1/0x360 [ 303.290312] [] call_timer_fn+0x14f/0x630 [ 303.296957] [] ? call_timer_fn+0xc9/0x630 [ 303.302920] [] ? br_mdb_free+0x70/0x70 [ 303.308434] [] ? process_timeout+0x10/0x10 [ 303.314319] [] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 303.321335] [] ? br_mdb_free+0x70/0x70 [ 303.326853] [] expire_timers+0x28f/0x460 [ 303.332557] [] run_timer_softirq+0x1a6/0x520 [ 303.338753] [] ? expire_timers+0x460/0x460 [ 303.344623] [] __do_softirq+0x2cb/0xa1c [ 303.350356] [] irq_exit+0x14f/0x190 [ 303.355613] [] smp_apic_timer_interrupt+0x7b/0xa0 [ 303.362116] [] apic_timer_interrupt+0x8c/0xa0 [ 303.368232] [] ? native_safe_halt+0x6/0x10 [ 303.374901] [] default_idle+0x4f/0x390 [ 303.380449] [] arch_cpu_idle+0xa/0x10 [ 303.387336] [] default_idle_call+0x48/0xa0 [ 303.393213] [] cpu_startup_entry+0x5ec/0x7e0 [ 303.399275] [] rest_init+0x152/0x160 [ 303.404626] [] start_kernel+0x4fd/0x523 [ 303.410227] [] ? thread_stack_cache_init+0x6/0x6 [ 303.416609] [] ? early_idt_handler_array+0x120/0x120 [ 303.423354] [] x86_64_start_reservations+0x2a/0x2c [ 303.429917] [] x86_64_start_kernel+0x17c/0x18b [ 303.436128] Object at ffff8801362e2100, in cache kmalloc-8192 size: 8192 [ 303.442960] Allocated: [ 303.445430] PID = 7529 [ 303.447897] [] save_stack_trace+0x26/0x50 [ 303.453792] [] kasan_kmalloc+0xee/0x180 [ 303.459509] [] __kmalloc+0x15f/0x3c0 [ 303.465027] [] alloc_netdev_mqs+0x940/0xda0 [ 303.471097] [] rtnl_create_link+0x132/0x830 [ 303.478124] [] rtnl_newlink+0xc55/0x1220 [ 303.484051] [] rtnetlink_rcv_msg+0x222/0x670 [ 303.491304] [] netlink_rcv_skb+0x242/0x350 [ 303.497314] [] rtnetlink_rcv+0x25/0x30 [ 303.502972] [] netlink_unicast+0x3df/0x570 [ 303.509052] [] netlink_sendmsg+0x9bb/0xb40 [ 303.515080] [] sock_sendmsg+0xb5/0xf0 [ 303.520630] [] SyS_sendto+0x1ca/0x2c0 [ 303.526176] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 303.532867] Freed: [ 303.535003] PID = 2978 [ 303.537475] [] save_stack_trace+0x26/0x50 [ 303.543391] [] kasan_slab_free+0xae/0x180 [ 303.549295] [] kfree+0x11b/0x3a0 [ 303.554535] [] kvfree+0x25/0x30 [ 303.559577] [] netdev_freemem+0x47/0x60 [ 303.565313] [] netdev_release+0x6c/0x90 [ 303.571141] [] device_release+0x71/0x1e0 [ 303.576952] [] kobject_put+0x146/0x400 [ 303.582605] [] netdev_run_todo+0x483/0x650 [ 303.588628] [] rtnl_unlock+0x9/0x10 [ 303.594005] [] default_device_exit_batch+0x2fe/0x3d0 [ 303.600864] [] ops_exit_list.isra.0+0xd6/0x120 [ 303.607213] [] cleanup_net+0x2d0/0x540 [ 303.612846] [] process_one_work+0x67d/0x14f0 [ 303.619508] [] worker_thread+0xda/0xf10 [ 303.625262] [] kthread+0x209/0x2d0 [ 303.630548] [] ret_from_fork+0x1f/0x40 [ 303.636191] Memory state around the buggy address: [ 303.641108] ffff8801362e3500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 303.648446] ffff8801362e3580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 303.655888] >ffff8801362e3600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 303.663228] ^ [ 303.668400] ffff8801362e3680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 303.675734] ffff8801362e3700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 303.683073] ================================================================== [ 303.690470] ================================================================== [ 303.697824] BUG: KASAN: use-after-free in do_raw_spin_unlock+0x240/0x250 at addr ffff8801362e3640 [ 303.706820] Write of size 8 by task swapper/0/0 [ 303.711481] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 4.8.0-syzkaller #0 [ 303.719633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 303.729754] 0000000000000000 ffff88013bc07b90 ffffffff82e4dd32 ffff88013b802a80 [ 303.738173] ffff8801362e2100 ffff8801362e4100 ffff8801362e2100 dffffc0000000000 [ 303.746308] ffff88013bc07bb8 ffffffff8171d43c ffff88013bc07c48 ffff88013b802a80 [ 303.754321] Call Trace: [ 303.756877] [] dump_stack+0x136/0x1d4 [ 303.763045] [] kasan_object_err+0x1c/0x70 [ 303.768821] [] kasan_report_error+0x1e2/0x4c0 [ 303.774947] [] __asan_report_store8_noabort+0x3e/0x40 [ 303.781776] [] ? do_raw_spin_unlock+0x240/0x250 [ 303.788067] [] do_raw_spin_unlock+0x240/0x250 [ 303.794250] [] _raw_spin_unlock+0x22/0x50 [ 303.800019] [] br_multicast_group_expired+0xc1/0x360 [ 303.806757] [] call_timer_fn+0x14f/0x630 [ 303.812437] [] ? call_timer_fn+0xc9/0x630 [ 303.818238] [] ? br_mdb_free+0x70/0x70 [ 303.823752] [] ? process_timeout+0x10/0x10 [ 303.829609] [] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 303.836423] [] ? br_mdb_free+0x70/0x70 [ 303.841943] [] expire_timers+0x28f/0x460 [ 303.847625] [] run_timer_softirq+0x1a6/0x520 [ 303.853654] [] ? expire_timers+0x460/0x460 [ 303.859684] [] __do_softirq+0x2cb/0xa1c [ 303.865291] [] irq_exit+0x14f/0x190 [ 303.870547] [] smp_apic_timer_interrupt+0x7b/0xa0 [ 303.877028] [] apic_timer_interrupt+0x8c/0xa0 [ 303.883258] [] ? native_safe_halt+0x6/0x10 [ 303.890125] [] default_idle+0x4f/0x390 [ 303.896520] [] arch_cpu_idle+0xa/0x10 [ 303.901973] [] default_idle_call+0x48/0xa0 [ 303.907846] [] cpu_startup_entry+0x5ec/0x7e0 [ 303.913887] [] rest_init+0x152/0x160 [ 303.919367] [] start_kernel+0x4fd/0x523 [ 303.924981] [] ? thread_stack_cache_init+0x6/0x6 [ 303.931377] [] ? early_idt_handler_array+0x120/0x120 [ 303.938237] [] x86_64_start_reservations+0x2a/0x2c [ 303.945086] [] x86_64_start_kernel+0x17c/0x18b [ 303.951306] Object at ffff8801362e2100, in cache kmalloc-8192 size: 8192 [ 303.958140] Allocated: [ 303.960623] PID = 7529 [ 303.963106] [] save_stack_trace+0x26/0x50 [ 303.969015] [] kasan_kmalloc+0xee/0x180 [ 303.974750] [] __kmalloc+0x15f/0x3c0 [ 303.980247] [] alloc_netdev_mqs+0x940/0xda0 [ 303.986332] [] rtnl_create_link+0x132/0x830 [ 303.992400] [] rtnl_newlink+0xc55/0x1220 [ 303.998243] [] rtnetlink_rcv_msg+0x222/0x670 [ 304.004432] [] netlink_rcv_skb+0x242/0x350 [ 304.010439] [] rtnetlink_rcv+0x25/0x30 [ 304.016940] [] netlink_unicast+0x3df/0x570 [ 304.022926] [] netlink_sendmsg+0x9bb/0xb40 [ 304.029365] [] sock_sendmsg+0xb5/0xf0 [ 304.034968] [] SyS_sendto+0x1ca/0x2c0 [ 304.040512] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 304.047192] Freed: [ 304.049314] PID = 2978 [ 304.051781] [] save_stack_trace+0x26/0x50 [ 304.057697] [] kasan_slab_free+0xae/0x180 [ 304.063615] [] kfree+0x11b/0x3a0 [ 304.068760] [] kvfree+0x25/0x30 [ 304.073782] [] netdev_freemem+0x47/0x60 [ 304.079543] [] netdev_release+0x6c/0x90 [ 304.085276] [] device_release+0x71/0x1e0 [ 304.091099] [] kobject_put+0x146/0x400 [ 304.096863] [] netdev_run_todo+0x483/0x650 [ 304.102846] [] rtnl_unlock+0x9/0x10 [ 304.108322] [] default_device_exit_batch+0x2fe/0x3d0 [ 304.115177] [] ops_exit_list.isra.0+0xd6/0x120 [ 304.121508] [] cleanup_net+0x2d0/0x540 [ 304.127306] [] process_one_work+0x67d/0x14f0 [ 304.133469] [] worker_thread+0xda/0xf10 [ 304.139207] [] kthread+0x209/0x2d0 [ 304.140867] [] ret_from_fork+0x1f/0x40 [ 304.140872] Memory state around the buggy address: [ 304.140876] ffff8801362e3500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 304.140878] ffff8801362e3580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 304.140881] >ffff8801362e3600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 304.140882] ^ [ 304.140884] ffff8801362e3680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 304.140886] ffff8801362e3700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 304.140887] ================================================================== [ 304.140916] ================================================================== [ 304.140921] BUG: KASAN: use-after-free in do_raw_spin_unlock+0x21c/0x250 at addr ffff8801362e3638 [ 304.140924] Write of size 4 by task swapper/0/0 [ 304.140929] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 4.8.0-syzkaller #0 [ 304.140931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 304.140935] 0000000000000000 ffff88013bc07b90 ffffffff82e4dd32 ffff88013b802a80 [ 304.140940] ffff8801362e2100 ffff8801362e4100 ffff8801362e2100 dffffc0000000000 [ 304.140945] ffff88013bc07bb8 ffffffff8171d43c ffff88013bc07c48 ffff88013b802a80 [ 304.140950] Call Trace: [ 304.140952] [] dump_stack+0x136/0x1d4 [ 304.140963] [] kasan_object_err+0x1c/0x70 [ 304.140967] [] kasan_report_error+0x1e2/0x4c0 [ 304.140970] [] __asan_report_store4_noabort+0x3e/0x40 [ 304.140974] [] ? do_raw_spin_unlock+0x21c/0x250 [ 304.140977] [] do_raw_spin_unlock+0x21c/0x250 [ 304.140981] [] _raw_spin_unlock+0x22/0x50 [ 304.140987] [] br_multicast_group_expired+0xc1/0x360 [ 304.140991] [] call_timer_fn+0x14f/0x630 [ 304.140994] [] ? call_timer_fn+0xc9/0x630 [ 304.140998] [] ? br_mdb_free+0x70/0x70 [ 304.141001] [] ? process_timeout+0x10/0x10 [ 304.141004] [] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 304.141007] [] ? br_mdb_free+0x70/0x70 [ 304.141010] [] expire_timers+0x28f/0x460 [ 304.141014] [] run_timer_softirq+0x1a6/0x520 [ 304.141017] [] ? expire_timers+0x460/0x460 [ 304.141020] [] __do_softirq+0x2cb/0xa1c [ 304.141024] [] irq_exit+0x14f/0x190 [ 304.141027] [] smp_apic_timer_interrupt+0x7b/0xa0 [ 304.141030] [] apic_timer_interrupt+0x8c/0xa0 [ 304.141037] [] ? native_safe_halt+0x6/0x10 [ 304.141042] [] default_idle+0x4f/0x390 [ 304.141044] [] arch_cpu_idle+0xa/0x10 [ 304.141049] [] default_idle_call+0x48/0xa0 [ 304.141053] [] cpu_startup_entry+0x5ec/0x7e0 [ 304.141056] [] rest_init+0x152/0x160 [ 304.141096] [] start_kernel+0x4fd/0x523 [ 304.141099] [] ? thread_stack_cache_init+0x6/0x6 [ 304.141102] [] ? early_idt_handler_array+0x120/0x120 [ 304.141105] [] x86_64_start_reservations+0x2a/0x2c [ 304.141108] [] x86_64_start_kernel+0x17c/0x18b [ 304.141111] Object at ffff8801362e2100, in cache kmalloc-8192 size: 8192 [ 304.141112] Allocated: [ 304.141114] PID = 7529 [ 304.141118] [] save_stack_trace+0x26/0x50 [ 304.141122] [] kasan_kmalloc+0xee/0x180 [ 304.141126] [] __kmalloc+0x15f/0x3c0 [ 304.141130] [] alloc_netdev_mqs+0x940/0xda0 [ 304.141133] [] rtnl_create_link+0x132/0x830 [ 304.141137] [] rtnl_newlink+0xc55/0x1220 [ 304.141139] [] rtnetlink_rcv_msg+0x222/0x670 [ 304.141144] [] netlink_rcv_skb+0x242/0x350 [ 304.141147] [] rtnetlink_rcv+0x25/0x30 [ 304.141150] [] netlink_unicast+0x3df/0x570 [ 304.141153] [] netlink_sendmsg+0x9bb/0xb40 [ 304.141159] [] sock_sendmsg+0xb5/0xf0 [ 304.141162] [] SyS_sendto+0x1ca/0x2c0 [ 304.141166] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 304.141167] Freed: [ 304.141168] PID = 2978 [ 304.141171] [] save_stack_trace+0x26/0x50 [ 304.141175] [] kasan_slab_free+0xae/0x180 [ 304.141178] [] kfree+0x11b/0x3a0 2020/12/17 05:13:30 executed programs: 2730 [ 304.141181] [] kvfree+0x25/0x30 [ 304.141184] [] netdev_freemem+0x47/0x60 [ 304.141187] [] netdev_release+0x6c/0x90 [ 304.141195] [] device_release+0x71/0x1e0 [ 304.141198] [] kobject_put+0x146/0x400 [ 304.141201] [] netdev_run_todo+0x483/0x650 [ 304.141205] [] rtnl_unlock+0x9/0x10 [ 304.141208] [] default_device_exit_batch+0x2fe/0x3d0 [ 304.141211] [] ops_exit_list.isra.0+0xd6/0x120 [ 304.141214] [] cleanup_net+0x2d0/0x540 [ 304.141218] [] process_one_work+0x67d/0x14f0 [ 304.141221] [] worker_thread+0xda/0xf10 [ 304.141224] [] kthread+0x209/0x2d0 [ 304.141227] [] ret_from_fork+0x1f/0x40 [ 304.141228] Memory state around the buggy address: [ 304.141230] ffff8801362e3500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 304.141232] ffff8801362e3580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 304.141234] >ffff8801362e3600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 304.141235] ^ [ 304.141237] ffff8801362e3680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 304.141239] ffff8801362e3700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 304.141240] ================================================================== [ 304.141243] ================================================================== [ 304.141247] BUG: KASAN: use-after-free in do_raw_spin_lock+0x28b/0x2f0 at addr ffff8801362e3634 [ 304.141249] Read of size 4 by task swapper/0/0 [ 304.141252] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 4.8.0-syzkaller #0 [ 304.141253] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 304.141258] 0000000000000000 ffff88013bc07b70 ffffffff82e4dd32 ffff88013b802a80 [ 304.141262] ffff8801362e2100 ffff8801362e4100 0000000000000101 dffffc0000000000 [ 304.141266] ffff88013bc07b98 ffffffff8171d43c ffff88013bc07c28 ffff88013b802a80 [ 304.141267] Call Trace: [ 304.141271] [] dump_stack+0x136/0x1d4 [ 304.141274] [] kasan_object_err+0x1c/0x70 [ 304.141277] [] kasan_report_error+0x1e2/0x4c0 [ 304.141280] [] ? kasan_end_report+0x32/0x50 [ 304.141283] [] __asan_report_load4_noabort+0x3e/0x40 [ 304.141288] [] ? debug_object_deactivate+0xc0/0x350 [ 304.141291] [] ? do_raw_spin_lock+0x28b/0x2f0 [ 304.141294] [] do_raw_spin_lock+0x28b/0x2f0 [ 304.141297] [] _raw_spin_lock+0x3e/0x50 [ 304.141300] [] ? br_multicast_group_expired+0x47/0x360 [ 304.141304] [] br_multicast_group_expired+0x47/0x360 [ 304.141307] [] call_timer_fn+0x14f/0x630 [ 304.141310] [] ? call_timer_fn+0xc9/0x630 [ 304.141313] [] ? br_mdb_free+0x70/0x70 [ 304.141316] [] ? process_timeout+0x10/0x10 [ 304.141319] [] ? br_mdb_free+0x70/0x70 [ 304.141322] [] expire_timers+0x28f/0x460 [ 304.141326] [] run_timer_softirq+0x1a6/0x520 [ 304.141329] [] ? expire_timers+0x460/0x460 [ 304.141332] [] __do_softirq+0x2cb/0xa1c [ 304.141335] [] irq_exit+0x14f/0x190 [ 304.141338] [] smp_apic_timer_interrupt+0x7b/0xa0 [ 304.141341] [] apic_timer_interrupt+0x8c/0xa0 [ 304.141345] [] ? native_safe_halt+0x6/0x10 [ 304.141348] [] default_idle+0x4f/0x390 [ 304.141351] [] arch_cpu_idle+0xa/0x10 [ 304.141355] [] default_idle_call+0x48/0xa0 [ 304.141358] [] cpu_startup_entry+0x5ec/0x7e0 [ 304.141361] [] rest_init+0x152/0x160 [ 304.141364] [] start_kernel+0x4fd/0x523 [ 304.141367] [] ? thread_stack_cache_init+0x6/0x6 [ 304.141370] [] ? early_idt_handler_array+0x120/0x120 [ 304.141373] [] x86_64_start_reservations+0x2a/0x2c [ 304.141376] [] x86_64_start_kernel+0x17c/0x18b [ 304.141378] Object at ffff8801362e2100, in cache kmalloc-8192 size: 8192 [ 304.141379] Allocated: [ 304.141380] PID = 7529 [ 304.141383] [] save_stack_trace+0x26/0x50 [ 304.141387] [] kasan_kmalloc+0xee/0x180 [ 304.141389] [] __kmalloc+0x15f/0x3c0 [ 304.141392] [] alloc_netdev_mqs+0x940/0xda0 [ 304.141395] [] rtnl_create_link+0x132/0x830 [ 304.141398] [] rtnl_newlink+0xc55/0x1220 [ 304.141401] [] rtnetlink_rcv_msg+0x222/0x670 [ 304.141404] [] netlink_rcv_skb+0x242/0x350 [ 304.141407] [] rtnetlink_rcv+0x25/0x30 [ 304.141410] [] netlink_unicast+0x3df/0x570 [ 304.141413] [] netlink_sendmsg+0x9bb/0xb40 [ 304.141416] [] sock_sendmsg+0xb5/0xf0 [ 304.141419] [] SyS_sendto+0x1ca/0x2c0 [ 304.141423] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 304.141424] Freed: [ 304.141424] PID = 2978 [ 304.141428] [] save_stack_trace+0x26/0x50 [ 304.141431] [] kasan_slab_free+0xae/0x180 [ 304.141434] [] kfree+0x11b/0x3a0 [ 304.141436] [] kvfree+0x25/0x30 [ 304.141439] [] netdev_freemem+0x47/0x60 [ 304.141442] [] netdev_release+0x6c/0x90 [ 304.141445] [] device_release+0x71/0x1e0 [ 304.141448] [] kobject_put+0x146/0x400 [ 304.141451] [] netdev_run_todo+0x483/0x650 [ 304.141455] [] rtnl_unlock+0x9/0x10 [ 304.141458] [] default_device_exit_batch+0x2fe/0x3d0 [ 304.141461] [] ops_exit_list.isra.0+0xd6/0x120 [ 304.141464] [] cleanup_net+0x2d0/0x540 [ 304.141468] [] process_one_work+0x67d/0x14f0 [ 304.141471] [] worker_thread+0xda/0xf10 [ 304.141474] [] kthread+0x209/0x2d0 [ 304.141477] [] ret_from_fork+0x1f/0x40 [ 304.141477] Memory state around the buggy address: [ 304.141479] ffff8801362e3500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 304.141481] ffff8801362e3580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 304.141483] >ffff8801362e3600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 304.141484] ^ [ 304.141486] ffff8801362e3680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 304.141488] ffff8801362e3700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 304.141489] ================================================================== [ 304.141490] ================================================================== [ 304.141493] BUG: KASAN: use-after-free in do_raw_spin_lock+0x2c1/0x2f0 at addr ffff8801362e3640 [ 304.141495] Read of size 8 by task swapper/0/0 [ 304.141497] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 4.8.0-syzkaller #0 [ 304.141499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 304.141503] 0000000000000000 ffff88013bc07b70 ffffffff82e4dd32 ffff88013b802a80 [ 304.141507] ffff8801362e2100 ffff8801362e4100 0000000000000101 dffffc0000000000 [ 304.141512] ffff88013bc07b98 ffffffff8171d43c ffff88013bc07c28 ffff88013b802a80 [ 304.141512] Call Trace: [ 304.141516] [] dump_stack+0x136/0x1d4 [ 304.141519] [] kasan_object_err+0x1c/0x70 [ 304.141522] [] kasan_report_error+0x1e2/0x4c0 [ 304.141526] [] __asan_report_load8_noabort+0x3e/0x40 [ 304.141529] [] ? debug_object_deactivate+0xc0/0x350 [ 304.141532] [] ? do_raw_spin_lock+0x2c1/0x2f0 [ 304.141535] [] do_raw_spin_lock+0x2c1/0x2f0 [ 304.141539] [] _raw_spin_lock+0x3e/0x50 [ 304.141542] [] ? br_multicast_group_expired+0x47/0x360 [ 304.141545] [] br_multicast_group_expired+0x47/0x360 [ 304.141549] [] call_timer_fn+0x14f/0x630 [ 304.141552] [] ? call_timer_fn+0xc9/0x630 [ 304.141555] [] ? br_mdb_free+0x70/0x70 [ 304.141558] [] ? process_timeout+0x10/0x10 [ 304.141561] [] ? br_mdb_free+0x70/0x70 [ 304.141564] [] expire_timers+0x28f/0x460 [ 304.141567] [] run_timer_softirq+0x1a6/0x520 [ 304.141570] [] ? expire_timers+0x460/0x460 [ 304.141574] [] __do_softirq+0x2cb/0xa1c [ 304.141577] [] irq_exit+0x14f/0x190 [ 304.141580] [] smp_apic_timer_interrupt+0x7b/0xa0 [ 304.141582] [] apic_timer_interrupt+0x8c/0xa0 [ 304.141587] [] ? native_safe_halt+0x6/0x10 [ 304.141590] [] default_idle+0x4f/0x390 [ 304.141592] [] arch_cpu_idle+0xa/0x10 [ 304.141596] [] default_idle_call+0x48/0xa0 [ 304.141599] [] cpu_startup_entry+0x5ec/0x7e0 [ 304.141602] [] rest_init+0x152/0x160 [ 304.141605] [] start_kernel+0x4fd/0x523 [ 304.141607] [] ? thread_stack_cache_init+0x6/0x6 [ 304.141611] [] ? early_idt_handler_array+0x120/0x120 [ 304.141614] [] x86_64_start_reservations+0x2a/0x2c [ 304.141616] [] x86_64_start_kernel+0x17c/0x18b [ 304.141619] Object at ffff8801362e2100, in cache kmalloc-8192 size: 8192 [ 304.141619] Allocated: [ 304.141620] PID = 7529 [ 304.141624] [] save_stack_trace+0x26/0x50 [ 304.141627] [] kasan_kmalloc+0xee/0x180 [ 304.141630] [] __kmalloc+0x15f/0x3c0 [ 304.141633] [] alloc_netdev_mqs+0x940/0xda0 [ 304.141635] [] rtnl_create_link+0x132/0x830 [ 304.141638] [] rtnl_newlink+0xc55/0x1220 [ 304.141641] [] rtnetlink_rcv_msg+0x222/0x670 [ 304.141644] [] netlink_rcv_skb+0x242/0x350 [ 304.141647] [] rtnetlink_rcv+0x25/0x30 [ 304.141650] [] netlink_unicast+0x3df/0x570 [ 304.141653] [] netlink_sendmsg+0x9bb/0xb40 [ 304.141656] [] sock_sendmsg+0xb5/0xf0 [ 304.141659] [] SyS_sendto+0x1ca/0x2c0 [ 304.141663] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 304.141663] Freed: [ 304.141664] PID = 2978 [ 304.141668] [] save_stack_trace+0x26/0x50 [ 304.141671] [] kasan_slab_free+0xae/0x180 [ 304.141673] [] kfree+0x11b/0x3a0 [ 304.141676] [] kvfree+0x25/0x30 [ 304.141679] [] netdev_freemem+0x47/0x60 [ 304.141682] [] netdev_release+0x6c/0x90 [ 304.141685] [] device_release+0x71/0x1e0 [ 304.141688] [] kobject_put+0x146/0x400 [ 304.141691] [] netdev_run_todo+0x483/0x650 [ 304.141695] [] rtnl_unlock+0x9/0x10 [ 304.141698] [] default_device_exit_batch+0x2fe/0x3d0 [ 304.141701] [] ops_exit_list.isra.0+0xd6/0x120 [ 304.141704] [] cleanup_net+0x2d0/0x540 [ 304.141707] [] process_one_work+0x67d/0x14f0 [ 304.141710] [] worker_thread+0xda/0xf10 [ 304.141713] [] kthread+0x209/0x2d0 [ 304.141716] [] ret_from_fork+0x1f/0x40 [ 304.141717] Memory state around the buggy address: [ 304.141719] ffff8801362e3500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 304.141720] ffff8801362e3580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 304.141722] >ffff8801362e3600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 304.141723] ^ [ 304.141725] ffff8801362e3680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 304.141727] ffff8801362e3700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 304.141728] ================================================================== [ 304.141729] ================================================================== [ 304.141732] BUG: KASAN: use-after-free in do_raw_spin_lock+0x2a5/0x2f0 at addr ffff8801362e3638 [ 304.141734] Read of size 4 by task swapper/0/0 [ 304.141736] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 4.8.0-syzkaller #0 [ 304.141738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 304.141742] 0000000000000000 ffff88013bc07b70 ffffffff82e4dd32 ffff88013b802a80 [ 304.141746] ffff8801362e2100 ffff8801362e4100 0000000000000101 dffffc0000000000 [ 304.141750] ffff88013bc07b98 ffffffff8171d43c ffff88013bc07c28 ffff88013b802a80 [ 304.141751] Call Trace: [ 304.141754] [] dump_stack+0x136/0x1d4 [ 304.141758] [] kasan_object_err+0x1c/0x70 [ 304.141761] [] kasan_report_error+0x1e2/0x4c0 [ 304.141764] [] __asan_report_load4_noabort+0x3e/0x40 [ 304.141768] [] ? debug_object_deactivate+0xc0/0x350 [ 304.141771] [] ? do_raw_spin_lock+0x2a5/0x2f0 [ 304.141774] [] do_raw_spin_lock+0x2a5/0x2f0 [ 304.141777] [] _raw_spin_lock+0x3e/0x50 [ 304.141780] [] ? br_multicast_group_expired+0x47/0x360 [ 304.141783] [] br_multicast_group_expired+0x47/0x360 [ 304.141787] [] call_timer_fn+0x14f/0x630 [ 304.141789] [] ? call_timer_fn+0xc9/0x630 [ 304.141792] [] ? br_mdb_free+0x70/0x70 [ 304.141795] [] ? process_timeout+0x10/0x10 [ 304.141799] [] ? br_mdb_free+0x70/0x70 [ 304.141802] [] expire_timers+0x28f/0x460 [ 304.141805] [] run_timer_softirq+0x1a6/0x520 [ 304.141808] [] ? expire_timers+0x460/0x460 [ 304.141812] [] __do_softirq+0x2cb/0xa1c [ 304.141815] [] irq_exit+0x14f/0x190 [ 304.141818] [] smp_apic_timer_interrupt+0x7b/0xa0 [ 304.141820] [] apic_timer_interrupt+0x8c/0xa0 [ 304.141825] [] ? native_safe_halt+0x6/0x10 [ 304.141828] [] default_idle+0x4f/0x390 [ 304.141831] [] arch_cpu_idle+0xa/0x10 [ 304.141834] [] default_idle_call+0x48/0xa0 [ 304.141837] [] cpu_startup_entry+0x5ec/0x7e0 [ 304.141840] [] rest_init+0x152/0x160 [ 304.141843] [] start_kernel+0x4fd/0x523 [ 304.141846] [] ? thread_stack_cache_init+0x6/0x6 [ 304.141849] [] ? early_idt_handler_array+0x120/0x120 [ 304.141852] [] x86_64_start_reservations+0x2a/0x2c [ 304.141855] [] x86_64_start_kernel+0x17c/0x18b [ 304.141856] Object at ffff8801362e2100, in cache kmalloc-8192 size: 8192 [ 304.141857] Allocated: [ 304.141858] PID = 7529 [ 304.141862] [] save_stack_trace+0x26/0x50 [ 304.141865] [] kasan_kmalloc+0xee/0x180 [ 304.141868] [] __kmalloc+0x15f/0x3c0 [ 304.141871] [] alloc_netdev_mqs+0x940/0xda0