[   43.610157] audit: type=1800 audit(1576281145.464:32): pid=7146 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   55.429394] IPVS: Creating netns size=2712 id=1
[   55.434585] IPVS: ftp: loaded support on port[0] = 21
[   56.015932] audit_printk_skb: 3 callbacks suppressed
[   56.021103] audit: type=1400 audit(1576281157.874:34): avc:  denied  { create } for  pid=7334 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1
[   56.046002] audit: type=1400 audit(1576281157.904:35): avc:  denied  { create } for  pid=7334 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[   56.070335] audit: type=1400 audit(1576281157.924:36): avc:  denied  { create } for  pid=7334 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
Warning: Permanently added '10.128.10.30' (ECDSA) to the list of known hosts.
2019/12/13 23:52:44 parsed 1 programs
2019/12/13 23:52:44 executed programs: 0
[   63.165191] IPv6: ADDRCONF(NETDEV_CHANGE): nr1: link becomes ready
[   63.178644] IPv6: ADDRCONF(NETDEV_CHANGE): nr0: link becomes ready
[   63.186777] IPv6: ADDRCONF(NETDEV_CHANGE): nr4: link becomes ready
[   63.196090] IPv6: ADDRCONF(NETDEV_CHANGE): nr3: link becomes ready
[   63.204366] IPv6: ADDRCONF(NETDEV_CHANGE): nr2: link becomes ready
[   63.212215] IPv6: ADDRCONF(NETDEV_CHANGE): nr5: link becomes ready
[   63.229761] IPVS: Creating netns size=2712 id=2
[   63.234602] IPVS: ftp: loaded support on port[0] = 21
[   63.307318] IPVS: Creating netns size=2712 id=3
[   63.312460] IPVS: ftp: loaded support on port[0] = 21
[   63.444655] chnl_net:caif_netlink_parms(): no params data found
[   63.470422] IPVS: Creating netns size=2712 id=4
[   63.475348] IPVS: ftp: loaded support on port[0] = 21
[   63.694919] IPVS: Creating netns size=2712 id=5
[   63.699754] IPVS: ftp: loaded support on port[0] = 21
[   63.706617] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.713555] bridge0: port 1(bridge_slave_0) entered disabled state
[   63.724045] device bridge_slave_0 entered promiscuous mode
[   63.766067] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.772452] bridge0: port 2(bridge_slave_1) entered disabled state
[   63.781647] device bridge_slave_1 entered promiscuous mode
[   63.788390] chnl_net:caif_netlink_parms(): no params data found
[   63.937057] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   63.967146] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   63.988546] chnl_net:caif_netlink_parms(): no params data found
[   64.051731] IPVS: Creating netns size=2712 id=6
[   64.057458] IPVS: ftp: loaded support on port[0] = 21
[   64.142154] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.149367] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.158846] device bridge_slave_0 entered promiscuous mode
[   64.189932] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.196592] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.206078] device bridge_slave_1 entered promiscuous mode
[   64.238284] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   64.291935] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   64.321753] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   64.387072] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   64.434081] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.440527] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.449565] device bridge_slave_0 entered promiscuous mode
[   64.510727] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   64.512300] IPVS: Creating netns size=2712 id=7
[   64.512417] IPVS: ftp: loaded support on port[0] = 21
[   64.530858] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.538120] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.547515] device bridge_slave_1 entered promiscuous mode
[   64.605799] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   64.675098] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   64.717526] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   64.759231] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   64.829847] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   64.930040] chnl_net:caif_netlink_parms(): no params data found
[   64.994671] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   65.025069] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   65.034728] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   65.068302] chnl_net:caif_netlink_parms(): no params data found
[   65.103646] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   65.159899] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   65.216535] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.227592] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.236547] device bridge_slave_0 entered promiscuous mode
[   65.309901] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   65.322717] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.329261] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.338004] device bridge_slave_1 entered promiscuous mode
[   65.383644] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   65.425100] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   65.437745] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   65.519980] chnl_net:caif_netlink_parms(): no params data found
[   65.566861] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   65.575002] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.581391] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.593459] device bridge_slave_0 entered promiscuous mode
[   65.624343] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.630871] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.644112] device bridge_slave_1 entered promiscuous mode
[   65.655384] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   65.707735] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   65.796496] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   65.834403] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   65.892050] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.898733] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.907497] device bridge_slave_0 entered promiscuous mode
[   65.917140] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   65.959850] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.966655] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.975765] device bridge_slave_1 entered promiscuous mode
[   66.019013] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.118703] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   66.127572] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   66.140642] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   66.156132] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   66.171407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   66.188306] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   66.205737] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.273827] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   66.284807] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   66.296032] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   66.311443] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.322435] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   66.344956] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   66.354180] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.360637] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.401039] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   66.413814] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   66.421024] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   66.428502] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   66.437204] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.443608] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.483778] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   66.495662] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   66.505934] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   66.545616] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   66.576012] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   66.599014] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   66.612380] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   66.635613] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   66.643498] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   66.651256] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   66.660074] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.666463] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.690517] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   66.733762] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   66.742187] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   66.753787] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.760182] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.768580] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   66.807641] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   66.817079] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.823504] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.830941] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   66.839290] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.845682] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.872994] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   66.884944] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   66.895972] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   66.910843] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.928885] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   66.949187] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   66.978135] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   67.003707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   67.020037] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   67.067542] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   67.075644] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   67.087642] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   67.127433] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   67.155714] 8021q: adding VLAN 0 to HW filter on device batadv0
[   67.182208] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   67.224313] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   67.232384] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.238839] bridge0: port 1(bridge_slave_0) entered forwarding state
[   67.248124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   67.273566] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   67.281598] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.288008] bridge0: port 2(bridge_slave_1) entered forwarding state
[   67.313500] audit: type=1400 audit(1576281169.174:37): avc:  denied  { associate } for  pid=7432 comm="syz-executor.1" name="syz1" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1
[   67.366566] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   67.384757] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   67.415335] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   67.450506] 8021q: adding VLAN 0 to HW filter on device bond0
[   67.478325] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   67.496965] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   67.542407] 8021q: adding VLAN 0 to HW filter on device bond0
[   67.580571] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   67.594226] netlink: 2 bytes leftover after parsing attributes in process `syz-executor.1'.
[   67.646631] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   67.653264] ==================================================================
[   67.660636] BUG: KASAN: use-after-free in memset+0x1a/0x30 at addr ffff8801a7fc7500
[   67.668430] Write of size 32 by task udevd/7315
[   67.673088] page:ffffea00069ff1c0 count:0 mapcount:0 mapping:          (null) index:0x0
[   67.681335] flags: 0x57ffe0000000000()
[   67.685200] page dumped because: kasan: bad access detected
[   67.686231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   67.697375] CPU: 0 PID: 7315 Comm: udevd Not tainted 4.6.0-syzkaller #0
[   67.704112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   67.713455]  1ffffffff0d9577e ffff88012c0076d8 ffffffff82c4dd46 ffff8801a7fc7500
[   67.721516]  ffff88012c007768 ffff8801a7fc7500 ffff88012c007850 ffff88012c007758
[   67.729569]  ffffffff817405ba ffff880126aa2640 ffffffff86d0ede0 0000000000000286
[   67.737619] Call Trace:
[   67.740185]  <IRQ>  [<ffffffff82c4dd46>] dump_stack+0xe6/0x120
[   67.746290]  [<ffffffff817405ba>] kasan_report_error+0x59a/0x5c0
[   67.752439]  [<ffffffff8173f626>] ? kasan_unpoison_shadow+0x36/0x50
[   67.758834]  [<ffffffff8173f7a9>] ? kasan_kmalloc+0xc9/0xe0
[   67.764535]  [<ffffffff8173f626>] ? kasan_unpoison_shadow+0x36/0x50
[   67.770930]  [<ffffffff81740914>] kasan_report+0x34/0x40
[   67.775496] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   67.776194] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.776247] bridge0: port 1(bridge_slave_0) entered forwarding state
[   67.776839] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   67.803156]  [<ffffffff8173f81a>] ? memset+0x1a/0x30
[   67.805986] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   67.806687] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.806740] bridge0: port 2(bridge_slave_1) entered forwarding state
[   67.828372]  [<ffffffff8173f34d>] __asan_storeN+0x12d/0x180
[   67.834077]  [<ffffffff8173f81a>] memset+0x1a/0x30
[   67.839002]  [<ffffffff848fb78a>] __alloc_skb+0x31a/0x5b0
[   67.844532]  [<ffffffff848fb470>] ? skb_to_sgvec+0x90/0x90
[   67.850156]  [<ffffffff81436e01>] ? __lock_acquire+0xca1/0x5560
[   67.856208]  [<ffffffff8490099d>] alloc_skb_with_frags+0x8d/0x4b0
[   67.862432]  [<ffffffff81436e01>] ? __lock_acquire+0xca1/0x5560
[   67.863933] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   67.872226] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   67.881955]  [<ffffffff848ec559>] sock_alloc_send_pskb+0x5c9/0x740
[   67.886765] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   67.895271]  [<ffffffff813e0a44>] ? __enqueue_entity+0x134/0x230
[   67.901414]  [<ffffffff848ebf90>] ? sock_wmalloc+0xd0/0xd0
[   67.907038]  [<ffffffff814290dc>] ? cpuacct_charge+0x16c/0x300
[   67.907735] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   67.919992]  [<ffffffff848ec6e3>] sock_alloc_send_skb+0x13/0x20
[   67.926048]  [<ffffffff85080a8b>] mld_newpack+0x1bb/0x930
[   67.931577]  [<ffffffff81437ae5>] ? __lock_acquire+0x1985/0x5560
[   67.937715]  [<ffffffff850808d0>] ? ip6_mc_hdr.constprop.41+0x630/0x630
[   67.944464]  [<ffffffff8147fc27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   67.951220]  [<ffffffff81437b98>] ? __lock_acquire+0x1a38/0x5560
[   67.957357]  [<ffffffff850814ba>] add_grhead.isra.29+0x2ba/0x3a0
[   67.963497]  [<ffffffff85085d7c>] add_grec+0x85c/0xcb0
[   67.968765]  [<ffffffff85085520>] ? mld_sendpack+0xb80/0xb80
[   67.974558]  [<ffffffff8508689b>] mld_ifc_timer_expire+0x2fb/0x710
[   67.980870]  [<ffffffff814a053e>] call_timer_fn+0x14e/0x620
[   67.986569]  [<ffffffff814a04b9>] ? call_timer_fn+0xc9/0x620
[   67.992362]  [<ffffffff850865a0>] ? mld_dad_timer_expire+0xb0/0xb0
[   67.998676]  [<ffffffff814a03f0>] ? timer_fixup_init+0x30/0x30
[   68.004638]  [<ffffffff85b6f677>] ? _raw_spin_unlock_irq+0x27/0x80
[   68.010950]  [<ffffffff814353ba>] ? trace_hardirqs_on_caller+0x1aa/0x5e0
[   68.017779]  [<ffffffff814a1007>] run_timer_softirq+0x5f7/0x9c0
[   68.023855]  [<ffffffff850865a0>] ? mld_dad_timer_expire+0xb0/0xb0
[   68.030169]  [<ffffffff814a0a10>] ? call_timer_fn+0x620/0x620
[   68.036046]  [<ffffffff85b7302c>] __do_softirq+0x2cc/0xa06
[   68.041665]  [<ffffffff811f5681>] ? sched_clock+0x31/0x40
[   68.047191]  [<ffffffff81355107>] irq_exit+0x157/0x190
[   68.052466]  [<ffffffff85b727bb>] smp_apic_timer_interrupt+0x7b/0xa0
[   68.058950]  [<ffffffff85b70afc>] apic_timer_interrupt+0x8c/0xa0
[   68.065079]  <EOI>  [<ffffffff8297b14f>] ? avc_has_perm+0x1bf/0x470
[   68.071648]  [<ffffffff8297b154>] ? avc_has_perm+0x1c4/0x470
[   68.077436]  [<ffffffff8297b02a>] ? avc_has_perm+0x9a/0x470
[   68.083139]  [<ffffffff8147fdee>] ? rcu_read_lock_sched_held+0x9e/0x120
[   68.089886]  [<ffffffff8297af90>] ? avc_has_perm_noaudit+0x3f0/0x3f0
[   68.096370]  [<ffffffff813b61a1>] ? ___might_sleep+0x331/0x440
[   68.102336]  [<ffffffff813a9101>] ? creds_are_invalid.part.1+0x11/0xb0
[   68.108994]  [<ffffffff829899ef>] inode_has_perm.isra.47+0x13f/0x1c0
[   68.115495]  [<ffffffff8298ba7b>] selinux_inode_readlink+0xdb/0x120
[   68.121896]  [<ffffffff8298b9a0>] ? selinux_inode_getattr+0x180/0x180
[   68.128473]  [<ffffffff817ca3ad>] ? getname_flags+0xfd/0x500
[   68.134268]  [<ffffffff829721a1>] security_inode_readlink+0xb1/0xf0
[   68.140668]  [<ffffffff817a7341>] SyS_readlink+0x141/0x290
[   68.146285]  [<ffffffff817a7200>] ? SyS_readlinkat+0x2b0/0x2b0
[   68.152250]  [<ffffffff8143565c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[   68.159086]  [<ffffffff8100401b>] ? trace_hardirqs_on_thunk+0x1b/0x1d
[   68.165662]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   68.172229] Memory state around the buggy address:
[   68.177148]  ffff8801a7fc7400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   68.184502]  ffff8801a7fc7480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   68.191856] >ffff8801a7fc7500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   68.199203]                    ^
[   68.202565]  ffff8801a7fc7580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   68.209923]  ffff8801a7fc7600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   68.217278] ==================================================================
[   68.224627] Disabling lock debugging due to kernel taint
[   68.231012] ==================================================================
[   68.238389] BUG: KASAN: use-after-free in __alloc_skb+0x4bb/0x5b0 at addr ffff8801a7fc7520
[   68.246784] Write of size 4 by task udevd/7315
[   68.251359] page:ffffea00069ff1c0 count:0 mapcount:0 mapping:          (null) index:0x0
[   68.259625] flags: 0x57ffe0000000000()
[   68.263499] page dumped because: kasan: bad access detected
[   68.269201] CPU: 0 PID: 7315 Comm: udevd Tainted: G    B           4.6.0-syzkaller #0
[   68.277156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   68.286641]  1ffffffff0d9577e ffff88012c007710 ffffffff82c4dd46 0000000000000000[   68.293987] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   68.294578] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.294629] bridge0: port 1(bridge_slave_0) entered forwarding state
[   68.295216] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   68.300009] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   68.300676] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.300726] bridge0: port 2(bridge_slave_1) entered forwarding state

[   68.341142] 
[   68.343067]  ffff88012c0077a0 ffff8801a7fc7520[   68.346229] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   68.352759] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   68.360885] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready

[   68.368072]  ffff88012c007850[   68.369668] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   68.378294]  ffff88012c007790
[   68.381640]  ffffffff817405ba 6637613130383866 00203a3030363763 0000000000000286
[   68.389706] Call Trace:
[   68.392276]  <IRQ>  [<ffffffff82c4dd46>] dump_stack+0xe6/0x120
[   68.398416]  [<ffffffff817405ba>] kasan_report_error+0x59a/0x5c0
[   68.404556]  [<ffffffff81740914>] ? kasan_report+0x34/0x40
[   68.410186]  [<ffffffff817407de>] __asan_report_store4_noabort+0x3e/0x40
[   68.417019]  [<ffffffff848fb92b>] ? __alloc_skb+0x4bb/0x5b0
[   68.422728]  [<ffffffff848fb92b>] __alloc_skb+0x4bb/0x5b0
[   68.428261]  [<ffffffff848fb470>] ? skb_to_sgvec+0x90/0x90
[   68.433879]  [<ffffffff81436e01>] ? __lock_acquire+0xca1/0x5560
[   68.439932]  [<ffffffff8490099d>] alloc_skb_with_frags+0x8d/0x4b0
[   68.446159]  [<ffffffff81436e01>] ? __lock_acquire+0xca1/0x5560
[   68.452210]  [<ffffffff848ec559>] sock_alloc_send_pskb+0x5c9/0x740
[   68.458521]  [<ffffffff813e0a44>] ? __enqueue_entity+0x134/0x230
[   68.464661]  [<ffffffff848ebf90>] ? sock_wmalloc+0xd0/0xd0
[   68.470277]  [<ffffffff814290dc>] ? cpuacct_charge+0x16c/0x300
[   68.476242]  [<ffffffff848ec6e3>] sock_alloc_send_skb+0x13/0x20
[   68.482289]  [<ffffffff85080a8b>] mld_newpack+0x1bb/0x930
[   68.487815]  [<ffffffff81437ae5>] ? __lock_acquire+0x1985/0x5560
[   68.493957]  [<ffffffff850808d0>] ? ip6_mc_hdr.constprop.41+0x630/0x630
[   68.500700]  [<ffffffff8147fc27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   68.507448]  [<ffffffff81437b98>] ? __lock_acquire+0x1a38/0x5560
[   68.513587]  [<ffffffff850814ba>] add_grhead.isra.29+0x2ba/0x3a0
[   68.519731]  [<ffffffff85085d7c>] add_grec+0x85c/0xcb0
[   68.525002]  [<ffffffff85085520>] ? mld_sendpack+0xb80/0xb80
[   68.530793]  [<ffffffff8508689b>] mld_ifc_timer_expire+0x2fb/0x710
[   68.537106]  [<ffffffff814a053e>] call_timer_fn+0x14e/0x620
[   68.542808]  [<ffffffff814a04b9>] ? call_timer_fn+0xc9/0x620
[   68.548596]  [<ffffffff850865a0>] ? mld_dad_timer_expire+0xb0/0xb0
[   68.554997]  [<ffffffff814a03f0>] ? timer_fixup_init+0x30/0x30
[   68.560962]  [<ffffffff85b6f677>] ? _raw_spin_unlock_irq+0x27/0x80
[   68.567280]  [<ffffffff814353ba>] ? trace_hardirqs_on_caller+0x1aa/0x5e0
[   68.574118]  [<ffffffff814a1007>] run_timer_softirq+0x5f7/0x9c0
[   68.580179]  [<ffffffff850865a0>] ? mld_dad_timer_expire+0xb0/0xb0
[   68.586494]  [<ffffffff814a0a10>] ? call_timer_fn+0x620/0x620
[   68.592377]  [<ffffffff85b7302c>] __do_softirq+0x2cc/0xa06
[   68.597999]  [<ffffffff811f5681>] ? sched_clock+0x31/0x40
[   68.603532]  [<ffffffff81355107>] irq_exit+0x157/0x190
[   68.608803]  [<ffffffff85b727bb>] smp_apic_timer_interrupt+0x7b/0xa0
[   68.615290]  [<ffffffff85b70afc>] apic_timer_interrupt+0x8c/0xa0
[   68.621425]  <EOI>  [<ffffffff8297b14f>] ? avc_has_perm+0x1bf/0x470
[   68.628002]  [<ffffffff8297b154>] ? avc_has_perm+0x1c4/0x470
[   68.633794]  [<ffffffff8297b02a>] ? avc_has_perm+0x9a/0x470
[   68.639503]  [<ffffffff8147fdee>] ? rcu_read_lock_sched_held+0x9e/0x120
[   68.646254]  [<ffffffff8297af90>] ? avc_has_perm_noaudit+0x3f0/0x3f0
[   68.652742]  [<ffffffff813b61a1>] ? ___might_sleep+0x331/0x440
[   68.658710]  [<ffffffff813a9101>] ? creds_are_invalid.part.1+0x11/0xb0
[   68.665377]  [<ffffffff829899ef>] inode_has_perm.isra.47+0x13f/0x1c0
[   68.671868]  [<ffffffff8298ba7b>] selinux_inode_readlink+0xdb/0x120
[   68.678277]  [<ffffffff8298b9a0>] ? selinux_inode_getattr+0x180/0x180
[   68.684851]  [<ffffffff817ca3ad>] ? getname_flags+0xfd/0x500
[   68.690627]  [<ffffffff829721a1>] security_inode_readlink+0xb1/0xf0
[   68.697248]  [<ffffffff817a7341>] SyS_readlink+0x141/0x290
[   68.702863]  [<ffffffff817a7200>] ? SyS_readlinkat+0x2b0/0x2b0
[   68.708833]  [<ffffffff8143565c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[   68.715693]  [<ffffffff8100401b>] ? trace_hardirqs_on_thunk+0x1b/0x1d
[   68.722250]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   68.728806] Memory state around the buggy address:
[   68.733710]  ffff8801a7fc7400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   68.741041]  ffff8801a7fc7480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   68.748376] >ffff8801a7fc7500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   68.755714]                                ^
[   68.760097]  ffff8801a7fc7580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   68.767440]  ffff8801a7fc7600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   68.774793] ==================================================================
[   68.782330] ==================================================================
[   68.789686] BUG: KASAN: use-after-free in __dev_queue_xmit+0x1828/0x1f40 at addr ffff8801a7fc7501
[   68.798673] Read of size 1 by task udevd/7315
[   68.803152] page:ffffea00069ff1c0 count:0 mapcount:0 mapping:          (null) index:0x0
[   68.811393] flags: 0x57ffe0000000000()
[   68.815252] page dumped because: kasan: bad access detected
[   68.820938] CPU: 0 PID: 7315 Comm: udevd Tainted: G    B           4.6.0-syzkaller #0
[   68.828879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   68.838216]  1ffffffff0d9577e ffff88012c0075e8 ffffffff82c4dd46 ffff8800b5aead86
[   68.846267]  ffff88012c007678 ffff8801a7fc7501 ffff8800b5aeace0 ffff88012c007668
[   68.854373]  ffffffff817405ba ffffffff00000000 1ffff10025800ec2 0000000000000286
[   68.862385] Call Trace:
[   68.864944]  <IRQ>  [<ffffffff82c4dd46>] dump_stack+0xe6/0x120
[   68.871028]  [<ffffffff817405ba>] kasan_report_error+0x59a/0x5c0
[   68.877153]  [<ffffffff81436160>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   68.884173]  [<ffffffff8174061e>] __asan_report_load1_noabort+0x3e/0x40
[   68.890912]  [<ffffffff84953c48>] ? __dev_queue_xmit+0x1828/0x1f40
[   68.897204]  [<ffffffff84953c48>] __dev_queue_xmit+0x1828/0x1f40
[   68.903434]  [<ffffffff84952420>] ? netdev_pick_tx+0x2a0/0x2a0
[   68.909466]  [<ffffffff8173f8a6>] ? memcpy+0x36/0x40
[   68.914544]  [<ffffffff8495436b>] dev_queue_xmit+0xb/0x10
[   68.920057]  [<ffffffff849748c8>] neigh_resolve_output+0x488/0x7d0
[   68.926349]  [<ffffffff84ffaefb>] ? ip6_finish_output2+0x98b/0x1b90
[   68.932727]  [<ffffffff84ffaefb>] ip6_finish_output2+0x98b/0x1b90
[   68.938944]  [<ffffffff84ffa73c>] ? ip6_finish_output2+0x1cc/0x1b90
[   68.945400]  [<ffffffff84ffa570>] ? ip6_copy_metadata+0x7e0/0x7e0
[   68.951752]  [<ffffffff85035360>] ? ip6_mtu+0xc0/0x2c0
[   68.957028]  [<ffffffff8503546d>] ? ip6_mtu+0x1cd/0x2c0
[   68.962387]  [<ffffffff85004813>] ip6_finish_output+0x353/0x700
[   68.968449]  [<ffffffff85004d27>] ip6_output+0x167/0x530
[   68.973880]  [<ffffffff85004bc0>] ? ip6_finish_output+0x700/0x700
[   68.980083]  [<ffffffff850044c0>] ? ip6_fragment+0x3940/0x3940
[   68.986033]  [<ffffffff85082c89>] NF_HOOK_THRESH.constprop.38+0xc9/0x290
[   68.992846]  [<ffffffff85082bc0>] ? ip6_mc_add_src+0xb30/0xb30
[   68.998798]  [<ffffffff8504031d>] ? icmp6_dst_alloc+0x35d/0x560
[   69.004845]  [<ffffffff8143570a>] ? trace_hardirqs_on_caller+0x4fa/0x5e0
[   69.011659]  [<ffffffff8507f9c0>] ? mld_dad_start_timer+0x80/0x80
[   69.017866]  [<ffffffff85040338>] ? icmp6_dst_alloc+0x378/0x560
[   69.023913]  [<ffffffff8503ffc0>] ? ip6_blackhole_route+0x5c0/0x5c0
[   69.030379]  [<ffffffff85084f98>] mld_sendpack+0x5f8/0xb80
[   69.036007]  [<ffffffff85084b07>] ? mld_sendpack+0x167/0xb80
[   69.041899]  [<ffffffff85085d7c>] ? add_grec+0x85c/0xcb0
[   69.047335]  [<ffffffff850849a0>] ? igmp6_mcf_seq_next+0x420/0x420
[   69.053631]  [<ffffffff850868f3>] ? mld_ifc_timer_expire+0x353/0x710
[   69.060098]  [<ffffffff814357fd>] ? trace_hardirqs_on+0xd/0x10
[   69.066048]  [<ffffffff813533a7>] ? __local_bh_enable_ip+0xa7/0x1a0
[   69.072444]  [<ffffffff85086900>] mld_ifc_timer_expire+0x360/0x710
[   69.078753]  [<ffffffff814a053e>] call_timer_fn+0x14e/0x620
[   69.084446]  [<ffffffff814a04b9>] ? call_timer_fn+0xc9/0x620
[   69.090223]  [<ffffffff850865a0>] ? mld_dad_timer_expire+0xb0/0xb0
[   69.096529]  [<ffffffff814a03f0>] ? timer_fixup_init+0x30/0x30
[   69.102491]  [<ffffffff85b6f677>] ? _raw_spin_unlock_irq+0x27/0x80
[   69.108791]  [<ffffffff814353ba>] ? trace_hardirqs_on_caller+0x1aa/0x5e0
[   69.115606]  [<ffffffff814a1007>] run_timer_softirq+0x5f7/0x9c0
[   69.121726]  [<ffffffff850865a0>] ? mld_dad_timer_expire+0xb0/0xb0
[   69.128020]  [<ffffffff814a0a10>] ? call_timer_fn+0x620/0x620
[   69.133887]  [<ffffffff85b7302c>] __do_softirq+0x2cc/0xa06
[   69.139551]  [<ffffffff811f5681>] ? sched_clock+0x31/0x40
[   69.145082]  [<ffffffff81355107>] irq_exit+0x157/0x190
[   69.150333]  [<ffffffff85b727bb>] smp_apic_timer_interrupt+0x7b/0xa0
[   69.156808]  [<ffffffff85b70afc>] apic_timer_interrupt+0x8c/0xa0
[   69.162927]  <EOI>  [<ffffffff8297b14f>] ? avc_has_perm+0x1bf/0x470
[   69.169485]  [<ffffffff8297b154>] ? avc_has_perm+0x1c4/0x470
[   69.175261]  [<ffffffff8297b02a>] ? avc_has_perm+0x9a/0x470
[   69.180946]  [<ffffffff8147fdee>] ? rcu_read_lock_sched_held+0x9e/0x120
[   69.187680]  [<ffffffff8297af90>] ? avc_has_perm_noaudit+0x3f0/0x3f0
[   69.194210]  [<ffffffff813b61a1>] ? ___might_sleep+0x331/0x440
[   69.200207]  [<ffffffff813a9101>] ? creds_are_invalid.part.1+0x11/0xb0
[   69.206867]  [<ffffffff829899ef>] inode_has_perm.isra.47+0x13f/0x1c0
[   69.213346]  [<ffffffff8298ba7b>] selinux_inode_readlink+0xdb/0x120
[   69.219786]  [<ffffffff8298b9a0>] ? selinux_inode_getattr+0x180/0x180
[   69.226345]  [<ffffffff817ca3ad>] ? getname_flags+0xfd/0x500
[   69.232129]  [<ffffffff829721a1>] security_inode_readlink+0xb1/0xf0
[   69.238510]  [<ffffffff817a7341>] SyS_readlink+0x141/0x290
[   69.244117]  [<ffffffff817a7200>] ? SyS_readlinkat+0x2b0/0x2b0
[   69.250068]  [<ffffffff8143565c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[   69.256883]  [<ffffffff8100401b>] ? trace_hardirqs_on_thunk+0x1b/0x1d
[   69.263441]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   69.270002] Memory state around the buggy address:
[   69.274906]  ffff8801a7fc7400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   69.282236]  ffff8801a7fc7480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   69.289568] >ffff8801a7fc7500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   69.296898]                    ^
[   69.300235]  ffff8801a7fc7580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   69.307582]  ffff8801a7fc7600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   69.314919] ==================================================================
[   69.322298] ==================================================================
[   69.329661] BUG: KASAN: use-after-free in __dev_queue_xmit+0x17db/0x1f40 at addr ffff8801a7fc7502
[   69.338662] Read of size 2 by task udevd/7315
[   69.343138] page:ffffea00069ff1c0 count:0 mapcount:0 mapping:          (null) index:0x0
[   69.351380] flags: 0x57ffe0000000000()
[   69.355255] page dumped because: kasan: bad access detected
[   69.360940] CPU: 0 PID: 7315 Comm: udevd Tainted: G    B           4.6.0-syzkaller #0
[   69.368888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   69.378226]  1ffffffff0d9577e ffff88012c0075e8 ffffffff82c4dd46 ffff8800b5aead86
[   69.386325]  ffff88012c007678 ffff8801a7fc7502 ffff8801a7fc7500 ffff88012c007668
[   69.394324]  ffffffff817405ba 0000000000000010 ffff880126aa2640 0000000000000286
[   69.402359] Call Trace:
[   69.404926]  <IRQ>  [<ffffffff82c4dd46>] dump_stack+0xe6/0x120
[   69.411010]  [<ffffffff817405ba>] kasan_report_error+0x59a/0x5c0
[   69.417210]  [<ffffffff8174065e>] __asan_report_load2_noabort+0x3e/0x40
[   69.423952]  [<ffffffff84953bfb>] ? __dev_queue_xmit+0x17db/0x1f40
[   69.430256]  [<ffffffff84953bfb>] __dev_queue_xmit+0x17db/0x1f40
[   69.436378]  [<ffffffff849525d9>] ? __dev_queue_xmit+0x1b9/0x1f40
[   69.442604]  [<ffffffff84952420>] ? netdev_pick_tx+0x2a0/0x2a0
[   69.448558]  [<ffffffff8173f8a6>] ? memcpy+0x36/0x40
[   69.453638]  [<ffffffff8495436b>] dev_queue_xmit+0xb/0x10
[   69.459147]  [<ffffffff849748c8>] neigh_resolve_output+0x488/0x7d0
[   69.465440]  [<ffffffff84ffaefb>] ? ip6_finish_output2+0x98b/0x1b90
[   69.471817]  [<ffffffff84ffaefb>] ip6_finish_output2+0x98b/0x1b90
[   69.478025]  [<ffffffff84ffa73c>] ? ip6_finish_output2+0x1cc/0x1b90
[   69.484407]  [<ffffffff84ffa570>] ? ip6_copy_metadata+0x7e0/0x7e0
[   69.490612]  [<ffffffff85035360>] ? ip6_mtu+0xc0/0x2c0
[   69.495863]  [<ffffffff8503546d>] ? ip6_mtu+0x1cd/0x2c0
[   69.501200]  [<ffffffff85004813>] ip6_finish_output+0x353/0x700
[   69.507233]  [<ffffffff85004d27>] ip6_output+0x167/0x530
[   69.512655]  [<ffffffff85004bc0>] ? ip6_finish_output+0x700/0x700
[   69.518864]  [<ffffffff850044c0>] ? ip6_fragment+0x3940/0x3940
[   69.524810]  [<ffffffff85082c89>] NF_HOOK_THRESH.constprop.38+0xc9/0x290
[   69.531638]  [<ffffffff85082bc0>] ? ip6_mc_add_src+0xb30/0xb30
[   69.537617]  [<ffffffff8504031d>] ? icmp6_dst_alloc+0x35d/0x560
[   69.543682]  [<ffffffff8143570a>] ? trace_hardirqs_on_caller+0x4fa/0x5e0
[   69.550509]  [<ffffffff8507f9c0>] ? mld_dad_start_timer+0x80/0x80
[   69.556740]  [<ffffffff85040338>] ? icmp6_dst_alloc+0x378/0x560
[   69.562779]  [<ffffffff8503ffc0>] ? ip6_blackhole_route+0x5c0/0x5c0
[   69.569157]  [<ffffffff85084f98>] mld_sendpack+0x5f8/0xb80
[   69.574768]  [<ffffffff85084b07>] ? mld_sendpack+0x167/0xb80
[   69.580552]  [<ffffffff85085d7c>] ? add_grec+0x85c/0xcb0
[   69.585976]  [<ffffffff850849a0>] ? igmp6_mcf_seq_next+0x420/0x420
[   69.592268]  [<ffffffff850868f3>] ? mld_ifc_timer_expire+0x353/0x710
[   69.598739]  [<ffffffff814357fd>] ? trace_hardirqs_on+0xd/0x10
[   69.604698]  [<ffffffff813533a7>] ? __local_bh_enable_ip+0xa7/0x1a0
[   69.611075]  [<ffffffff85086900>] mld_ifc_timer_expire+0x360/0x710
[   69.617387]  [<ffffffff814a053e>] call_timer_fn+0x14e/0x620
[   69.623161]  [<ffffffff814a04b9>] ? call_timer_fn+0xc9/0x620
[   69.628951]  [<ffffffff850865a0>] ? mld_dad_timer_expire+0xb0/0xb0
[   69.635301]  [<ffffffff814a03f0>] ? timer_fixup_init+0x30/0x30
[   69.641260]  [<ffffffff85b6f677>] ? _raw_spin_unlock_irq+0x27/0x80
[   69.647613]  [<ffffffff814353ba>] ? trace_hardirqs_on_caller+0x1aa/0x5e0
[   69.654432]  [<ffffffff814a1007>] run_timer_softirq+0x5f7/0x9c0
[   69.660472]  [<ffffffff850865a0>] ? mld_dad_timer_expire+0xb0/0xb0
[   69.666774]  [<ffffffff814a0a10>] ? call_timer_fn+0x620/0x620
[   69.672682]  [<ffffffff85b7302c>] __do_softirq+0x2cc/0xa06
[   69.678333]  [<ffffffff811f5681>] ? sched_clock+0x31/0x40
[   69.683853]  [<ffffffff81355107>] irq_exit+0x157/0x190
[   69.689110]  [<ffffffff85b727bb>] smp_apic_timer_interrupt+0x7b/0xa0
[   69.695580]  [<ffffffff85b70afc>] apic_timer_interrupt+0x8c/0xa0
[   69.701698]  <EOI>  [<ffffffff8297b14f>] ? avc_has_perm+0x1bf/0x470
[   69.708208]  [<ffffffff8297b154>] ? avc_has_perm+0x1c4/0x470
[   69.713985]  [<ffffffff8297b02a>] ? avc_has_perm+0x9a/0x470
[   69.719679]  [<ffffffff8147fdee>] ? rcu_read_lock_sched_held+0x9e/0x120
[   69.726410]  [<ffffffff8297af90>] ? avc_has_perm_noaudit+0x3f0/0x3f0
[   69.732877]  [<ffffffff813b61a1>] ? ___might_sleep+0x331/0x440
[   69.738827]  [<ffffffff813a9101>] ? creds_are_invalid.part.1+0x11/0xb0
[   69.745469]  [<ffffffff829899ef>] inode_has_perm.isra.47+0x13f/0x1c0
[   69.751935]  [<ffffffff8298ba7b>] selinux_inode_readlink+0xdb/0x120
[   69.758319]  [<ffffffff8298b9a0>] ? selinux_inode_getattr+0x180/0x180
[   69.764878]  [<ffffffff817ca3ad>] ? getname_flags+0xfd/0x500
[   69.770649]  [<ffffffff829721a1>] security_inode_readlink+0xb1/0xf0
[   69.777030]  [<ffffffff817a7341>] SyS_readlink+0x141/0x290
[   69.782628]  [<ffffffff817a7200>] ? SyS_readlinkat+0x2b0/0x2b0
[   69.788589]  [<ffffffff8143565c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[   69.795419]  [<ffffffff8100401b>] ? trace_hardirqs_on_thunk+0x1b/0x1d
[   69.801972]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   69.808522] Memory state around the buggy address:
[   69.813439]  ffff8801a7fc7400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   69.820783]  ffff8801a7fc7480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   69.828116] >ffff8801a7fc7500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   69.835450]                    ^
[   69.838786]  ffff8801a7fc7580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   69.846120]  ffff8801a7fc7600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   69.853461] ==================================================================
[   69.860825] ==================================================================
[   69.868178] BUG: KASAN: use-after-free in netif_skb_features+0x601/0x7d0 at addr ffff8801a7fc7504
[   69.877164] Read of size 2 by task udevd/7315
[   69.881635] page:ffffea00069ff1c0 count:0 mapcount:0 mapping:          (null) index:0x0
[   69.889874] flags: 0x57ffe0000000000()
[   69.893768] page dumped because: kasan: bad access detected
[   69.899461] CPU: 0 PID: 7315 Comm: udevd Tainted: G    B           4.6.0-syzkaller #0
[   69.907399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   69.916740]  1ffffffff0d9577e ffff88012c0074e8 ffffffff82c4dd46 ffff8800b5aeacc0
[   69.924784]  ffff88012c007578 ffff8801a7fc7504 ffff8800b5aeace0 ffff88012c007568
[   69.932816]  ffffffff817405ba 1ffffffff0eca2ec 0000000000000000 0000000000000286
[   69.940849] Call Trace:
[   69.943409]  <IRQ>  [<ffffffff82c4dd46>] dump_stack+0xe6/0x120
[   69.949484]  [<ffffffff817405ba>] kasan_report_error+0x59a/0x5c0
[   69.955603]  [<ffffffff85b70879>] ? retint_kernel+0x2d/0x2d
[   69.961293]  [<ffffffff8174065e>] __asan_report_load2_noabort+0x3e/0x40
[   69.968040]  [<ffffffff84950361>] ? netif_skb_features+0x601/0x7d0
[   69.974332]  [<ffffffff84950361>] netif_skb_features+0x601/0x7d0
[   69.980451]  [<ffffffff8494fd60>] ? __skb_gso_segment+0x3c0/0x3c0
[   69.986678]  [<ffffffff8174048d>] ? kasan_report_error+0x46d/0x5c0
[   69.992997]  [<ffffffff84950550>] validate_xmit_skb.isra.107.part.108+0x20/0xa20
[   70.000514]  [<ffffffff8495407d>] __dev_queue_xmit+0x1c5d/0x1f40
[   70.006633]  [<ffffffff849525d9>] ? __dev_queue_xmit+0x1b9/0x1f40
[   70.012854]  [<ffffffff84952420>] ? netdev_pick_tx+0x2a0/0x2a0
[   70.018822]  [<ffffffff8173f8a6>] ? memcpy+0x36/0x40
[   70.023915]  [<ffffffff8495436b>] dev_queue_xmit+0xb/0x10
[   70.029434]  [<ffffffff849748c8>] neigh_resolve_output+0x488/0x7d0
[   70.035738]  [<ffffffff84ffaefb>] ? ip6_finish_output2+0x98b/0x1b90
[   70.042122]  [<ffffffff84ffaefb>] ip6_finish_output2+0x98b/0x1b90
[   70.048332]  [<ffffffff84ffa73c>] ? ip6_finish_output2+0x1cc/0x1b90
[   70.054757]  [<ffffffff84ffa570>] ? ip6_copy_metadata+0x7e0/0x7e0
[   70.060963]  [<ffffffff85035360>] ? ip6_mtu+0xc0/0x2c0
[   70.066222]  [<ffffffff8503546d>] ? ip6_mtu+0x1cd/0x2c0
[   70.071560]  [<ffffffff85004813>] ip6_finish_output+0x353/0x700
[   70.077600]  [<ffffffff85004d27>] ip6_output+0x167/0x530
[   70.083026]  [<ffffffff85004bc0>] ? ip6_finish_output+0x700/0x700
[   70.089237]  [<ffffffff850044c0>] ? ip6_fragment+0x3940/0x3940
[   70.095183]  [<ffffffff85082c89>] NF_HOOK_THRESH.constprop.38+0xc9/0x290
[   70.102008]  [<ffffffff85082bc0>] ? ip6_mc_add_src+0xb30/0xb30
[   70.107958]  [<ffffffff8504031d>] ? icmp6_dst_alloc+0x35d/0x560
[   70.114004]  [<ffffffff8143570a>] ? trace_hardirqs_on_caller+0x4fa/0x5e0
[   70.120816]  [<ffffffff8507f9c0>] ? mld_dad_start_timer+0x80/0x80
[   70.127022]  [<ffffffff85040338>] ? icmp6_dst_alloc+0x378/0x560
[   70.133058]  [<ffffffff8503ffc0>] ? ip6_blackhole_route+0x5c0/0x5c0
[   70.139444]  [<ffffffff85084f98>] mld_sendpack+0x5f8/0xb80
[   70.145055]  [<ffffffff85084b07>] ? mld_sendpack+0x167/0xb80
[   70.150824]  [<ffffffff85085d7c>] ? add_grec+0x85c/0xcb0
[   70.156248]  [<ffffffff850849a0>] ? igmp6_mcf_seq_next+0x420/0x420
[   70.162539]  [<ffffffff850868f3>] ? mld_ifc_timer_expire+0x353/0x710
[   70.169005]  [<ffffffff814357fd>] ? trace_hardirqs_on+0xd/0x10
[   70.174974]  [<ffffffff813533a7>] ? __local_bh_enable_ip+0xa7/0x1a0
[   70.181349]  [<ffffffff85086900>] mld_ifc_timer_expire+0x360/0x710
[   70.187658]  [<ffffffff814a053e>] call_timer_fn+0x14e/0x620
[   70.193461]  [<ffffffff814a04b9>] ? call_timer_fn+0xc9/0x620
[   70.199244]  [<ffffffff850865a0>] ? mld_dad_timer_expire+0xb0/0xb0
[   70.205548]  [<ffffffff814a03f0>] ? timer_fixup_init+0x30/0x30
[   70.211513]  [<ffffffff85b6f677>] ? _raw_spin_unlock_irq+0x27/0x80
[   70.217809]  [<ffffffff814353ba>] ? trace_hardirqs_on_caller+0x1aa/0x5e0
[   70.224621]  [<ffffffff814a1007>] run_timer_softirq+0x5f7/0x9c0
[   70.230653]  [<ffffffff850865a0>] ? mld_dad_timer_expire+0xb0/0xb0
[   70.236962]  [<ffffffff814a0a10>] ? call_timer_fn+0x620/0x620
[   70.242822]  [<ffffffff85b7302c>] __do_softirq+0x2cc/0xa06
[   70.248422]  [<ffffffff811f5681>] ? sched_clock+0x31/0x40
[   70.253952]  [<ffffffff81355107>] irq_exit+0x157/0x190
[   70.259203]  [<ffffffff85b727bb>] smp_apic_timer_interrupt+0x7b/0xa0
[   70.265681]  [<ffffffff85b70afc>] apic_timer_interrupt+0x8c/0xa0
[   70.271810]  <EOI>  [<ffffffff8297b14f>] ? avc_has_perm+0x1bf/0x470
[   70.278342]  [<ffffffff8297b154>] ? avc_has_perm+0x1c4/0x470
[   70.284131]  [<ffffffff8297b02a>] ? avc_has_perm+0x9a/0x470
[   70.289814]  [<ffffffff8147fdee>] ? rcu_read_lock_sched_held+0x9e/0x120
[   70.296546]  [<ffffffff8297af90>] ? avc_has_perm_noaudit+0x3f0/0x3f0
[   70.303021]  [<ffffffff813b61a1>] ? ___might_sleep+0x331/0x440
[   70.308978]  [<ffffffff813a9101>] ? creds_are_invalid.part.1+0x11/0xb0
[   70.315631]  [<ffffffff829899ef>] inode_has_perm.isra.47+0x13f/0x1c0
[   70.322095]  [<ffffffff8298ba7b>] selinux_inode_readlink+0xdb/0x120
[   70.328495]  [<ffffffff8298b9a0>] ? selinux_inode_getattr+0x180/0x180
[   70.335049]  [<ffffffff817ca3ad>] ? getname_flags+0xfd/0x500
[   70.340833]  [<ffffffff829721a1>] security_inode_readlink+0xb1/0xf0
[   70.347297]  [<ffffffff817a7341>] SyS_readlink+0x141/0x290
[   70.352954]  [<ffffffff817a7200>] ? SyS_readlinkat+0x2b0/0x2b0
[   70.359045]  [<ffffffff8143565c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[   70.365886]  [<ffffffff8100401b>] ? trace_hardirqs_on_thunk+0x1b/0x1d
[   70.372450]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   70.379022] Memory state around the buggy address:
[   70.383930]  ffff8801a7fc7400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   70.391262]  ffff8801a7fc7480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   70.398596] >ffff8801a7fc7500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   70.405928]                    ^
[   70.409268]  ffff8801a7fc7580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   70.416601]  ffff8801a7fc7600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   70.423946] ==================================================================
[   70.431315] ==================================================================
[   70.438669] BUG: KASAN: use-after-free in validate_xmit_skb.isra.107.part.108+0x831/0xa20 at addr ffff8801a7fc7502
[   70.449140] Read of size 2 by task udevd/7315
[   70.453615] page:ffffea00069ff1c0 count:0 mapcount:0 mapping:          (null) index:0x0
[   70.461868] flags: 0x57ffe0000000000()
[   70.465842] page dumped because: kasan: bad access detected
[   70.471535] CPU: 0 PID: 7315 Comm: udevd Tainted: G    B           4.6.0-syzkaller #0
[   70.479489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   70.488862]  1ffffffff0d9577e ffff88012c007590 ffffffff82c4dd46 ffff8800b5aeacc0
[   70.496880]  ffff88012c007620 ffff8801a7fc7502 0000000000000000 ffff88012c007610
[   70.504895]  ffffffff817405ba ffff88012c007648 ffffffff8495006e 0000000000000286
[   70.512919] Call Trace:
[   70.515481]  <IRQ>  [<ffffffff82c4dd46>] dump_stack+0xe6/0x120
[   70.521577]  [<ffffffff817405ba>] kasan_report_error+0x59a/0x5c0
[   70.527712]  [<ffffffff8495006e>] ? netif_skb_features+0x30e/0x7d0
[   70.534006]  [<ffffffff8494fd60>] ? __skb_gso_segment+0x3c0/0x3c0
[   70.540213]  [<ffffffff8174065e>] __asan_report_load2_noabort+0x3e/0x40
[   70.546974]  [<ffffffff84950d61>] ? validate_xmit_skb.isra.107.part.108+0x831/0xa20
[   70.554756]  [<ffffffff84950d61>] validate_xmit_skb.isra.107.part.108+0x831/0xa20
[   70.562352]  [<ffffffff8495407d>] __dev_queue_xmit+0x1c5d/0x1f40
[   70.568472]  [<ffffffff849525d9>] ? __dev_queue_xmit+0x1b9/0x1f40
[   70.574677]  [<ffffffff84952420>] ? netdev_pick_tx+0x2a0/0x2a0
[   70.580623]  [<ffffffff8173f8a6>] ? memcpy+0x36/0x40
[   70.585700]  [<ffffffff8495436b>] dev_queue_xmit+0xb/0x10
[   70.591209]  [<ffffffff849748c8>] neigh_resolve_output+0x488/0x7d0
[   70.597501]  [<ffffffff84ffaefb>] ? ip6_finish_output2+0x98b/0x1b90
[   70.603891]  [<ffffffff84ffaefb>] ip6_finish_output2+0x98b/0x1b90
[   70.610367]  [<ffffffff84ffa73c>] ? ip6_finish_output2+0x1cc/0x1b90
[   70.616745]  [<ffffffff84ffa570>] ? ip6_copy_metadata+0x7e0/0x7e0
[   70.622952]  [<ffffffff85035360>] ? ip6_mtu+0xc0/0x2c0
[   70.628208]  [<ffffffff8503546d>] ? ip6_mtu+0x1cd/0x2c0
[   70.633543]  [<ffffffff85004813>] ip6_finish_output+0x353/0x700
[   70.639572]  [<ffffffff85004d27>] ip6_output+0x167/0x530
[   70.645001]  [<ffffffff85004bc0>] ? ip6_finish_output+0x700/0x700
[   70.651208]  [<ffffffff850044c0>] ? ip6_fragment+0x3940/0x3940
[   70.657161]  [<ffffffff85082c89>] NF_HOOK_THRESH.constprop.38+0xc9/0x290
[   70.664040]  [<ffffffff85082bc0>] ? ip6_mc_add_src+0xb30/0xb30
[   70.670025]  [<ffffffff8504031d>] ? icmp6_dst_alloc+0x35d/0x560
[   70.676112]  [<ffffffff8143570a>] ? trace_hardirqs_on_caller+0x4fa/0x5e0
[   70.682934]  [<ffffffff8507f9c0>] ? mld_dad_start_timer+0x80/0x80
[   70.689161]  [<ffffffff85040338>] ? icmp6_dst_alloc+0x378/0x560
[   70.695213]  [<ffffffff8503ffc0>] ? ip6_blackhole_route+0x5c0/0x5c0
[   70.701602]  [<ffffffff85084f98>] mld_sendpack+0x5f8/0xb80
[   70.707205]  [<ffffffff85084b07>] ? mld_sendpack+0x167/0xb80
[   70.712984]  [<ffffffff85085d7c>] ? add_grec+0x85c/0xcb0
[   70.718413]  [<ffffffff850849a0>] ? igmp6_mcf_seq_next+0x420/0x420
[   70.724707]  [<ffffffff850868f3>] ? mld_ifc_timer_expire+0x353/0x710
[   70.731912]  [<ffffffff814357fd>] ? trace_hardirqs_on+0xd/0x10
[   70.737861]  [<ffffffff813533a7>] ? __local_bh_enable_ip+0xa7/0x1a0
[   70.744241]  [<ffffffff85086900>] mld_ifc_timer_expire+0x360/0x710
[   70.750706]  [<ffffffff814a053e>] call_timer_fn+0x14e/0x620
[   70.756392]  [<ffffffff814a04b9>] ? call_timer_fn+0xc9/0x620
[   70.762165]  [<ffffffff850865a0>] ? mld_dad_timer_expire+0xb0/0xb0
[   70.768641]  [<ffffffff814a03f0>] ? timer_fixup_init+0x30/0x30
[   70.780838]  [<ffffffff85b6f677>] ? _raw_spin_unlock_irq+0x27/0x80
[   70.787132]  [<ffffffff814353ba>] ? trace_hardirqs_on_caller+0x1aa/0x5e0
[   70.793946]  [<ffffffff814a1007>] run_timer_softirq+0x5f7/0x9c0
[   70.799978]  [<ffffffff850865a0>] ? mld_dad_timer_expire+0xb0/0xb0
[   70.806281]  [<ffffffff814a0a10>] ? call_timer_fn+0x620/0x620
[   70.812139]  [<ffffffff85b7302c>] __do_softirq+0x2cc/0xa06
[   70.817739]  [<ffffffff811f5681>] ? sched_clock+0x31/0x40
[   70.823253]  [<ffffffff81355107>] irq_exit+0x157/0x190
[   70.828504]  [<ffffffff85b727bb>] smp_apic_timer_interrupt+0x7b/0xa0
[   70.834969]  [<ffffffff85b70afc>] apic_timer_interrupt+0x8c/0xa0
[   70.841083]  <EOI>  [<ffffffff8297b14f>] ? avc_has_perm+0x1bf/0x470
[   70.847596]  [<ffffffff8297b154>] ? avc_has_perm+0x1c4/0x470
[   70.853367]  [<ffffffff8297b02a>] ? avc_has_perm+0x9a/0x470
[   70.859051]  [<ffffffff8147fdee>] ? rcu_read_lock_sched_held+0x9e/0x120
[   70.865778]  [<ffffffff8297af90>] ? avc_has_perm_noaudit+0x3f0/0x3f0
[   70.872243]  [<ffffffff813b61a1>] ? ___might_sleep+0x331/0x440
[   70.878190]  [<ffffffff813a9101>] ? creds_are_invalid.part.1+0x11/0xb0
[   70.884830]  [<ffffffff829899ef>] inode_has_perm.isra.47+0x13f/0x1c0
[   70.891295]  [<ffffffff8298ba7b>] selinux_inode_readlink+0xdb/0x120
[   70.897676]  [<ffffffff8298b9a0>] ? selinux_inode_getattr+0x180/0x180
[   70.904231]  [<ffffffff817ca3ad>] ? getname_flags+0xfd/0x500
[   70.910002]  [<ffffffff829721a1>] security_inode_readlink+0xb1/0xf0
[   70.916381]  [<ffffffff817a7341>] SyS_readlink+0x141/0x290
[   70.921978]  [<ffffffff817a7200>] ? SyS_readlinkat+0x2b0/0x2b0
[   70.927925]  [<ffffffff8143565c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[   70.934751]  [<ffffffff8100401b>] ? trace_hardirqs_on_thunk+0x1b/0x1d
[   70.941305]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   70.947856] Memory state around the buggy address:
[   70.952756]  ffff8801a7fc7400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   70.960106]  ffff8801a7fc7480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   70.967442] >ffff8801a7fc7500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   70.974773]                    ^
[   70.978124]  ffff8801a7fc7580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   70.985457]  ffff8801a7fc7600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   70.992790] ==================================================================
[   71.000359] ==================================================================
[   71.007928] BUG: KASAN: use-after-free in skb_release_data+0x39f/0x470 at addr ffff8801a7fc7500
[   71.016753] Read of size 1 by task udevd/7315
[   71.021225] page:ffffea00069ff1c0 count:0 mapcount:0 mapping:          (null) index:0x0
[   71.029459] flags: 0x57ffe0000000000()
[   71.033320] page dumped because: kasan: bad access detected
[   71.039005] CPU: 0 PID: 7315 Comm: udevd Tainted: G    B           4.6.0-syzkaller #0
[   71.046947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   71.056278]  1ffffffff0d9577e ffff88012c007330 ffffffff82c4dd46 ffff8800b5aeacc0
[   71.064284]  ffff88012c0073c0 ffff8801a7fc7500 ffff8800a78ca1c0 ffff88012c0073b0
[   71.072294]  ffffffff817405ba 0000000000000000 ffffffff848f05c0 0000000000000286
[   71.080362] Call Trace:
[   71.082924]  <IRQ>  [<ffffffff82c4dd46>] dump_stack+0xe6/0x120
[   71.089058]  [<ffffffff817405ba>] kasan_report_error+0x59a/0x5c0
[   71.095228]  [<ffffffff848f05c0>] ? sock_def_wakeup+0x1b0/0x1b0
[   71.101265]  [<ffffffff848f0694>] ? sock_def_write_space+0xd4/0x460
[   71.107648]  [<ffffffff8174061e>] __asan_report_load1_noabort+0x3e/0x40
[   71.114376]  [<ffffffff848fffbf>] ? skb_release_data+0x39f/0x470
[   71.120492]  [<ffffffff848fffbf>] skb_release_data+0x39f/0x470
[   71.126437]  [<ffffffff8519bcd6>] ? br_flood+0x236/0x350
[   71.131875]  [<ffffffff849000cd>] skb_release_all+0x3d/0x50
[   71.137557]  [<ffffffff849000ed>] __kfree_skb+0xd/0x20
[   71.142808]  [<ffffffff84900190>] kfree_skb+0x90/0x2f0
[   71.148059]  [<ffffffff8519bcd6>] br_flood+0x236/0x350
[   71.153311]  [<ffffffff8519c790>] ? __br_forward+0x4b0/0x4b0
[   71.159079]  [<ffffffff8519d046>] br_flood_deliver+0x16/0x20
[   71.164851]  [<ffffffff85192c70>] br_dev_xmit+0x680/0xbc0
[   71.170359]  [<ffffffff851926e0>] ? br_dev_xmit+0xf0/0xbc0
[   71.175956]  [<ffffffff851925f0>] ? br_get_stats64+0x350/0x350
[   71.181903]  [<ffffffff85b60000>] ? __schedule+0x9d0/0x1c00
[   71.187608]  [<ffffffff8174048d>] ? kasan_report_error+0x46d/0x5c0
[   71.193908]  [<ffffffff84951609>] dev_hard_start_xmit+0x6b9/0x1140
[   71.200213]  [<ffffffff84953fa5>] __dev_queue_xmit+0x1b85/0x1f40
[   71.206353]  [<ffffffff849525d9>] ? __dev_queue_xmit+0x1b9/0x1f40
[   71.212580]  [<ffffffff84952420>] ? netdev_pick_tx+0x2a0/0x2a0
[   71.218540]  [<ffffffff8173f8a6>] ? memcpy+0x36/0x40
[   71.223619]  [<ffffffff8495436b>] dev_queue_xmit+0xb/0x10
[   71.229128]  [<ffffffff849748c8>] neigh_resolve_output+0x488/0x7d0
[   71.235422]  [<ffffffff84ffaefb>] ? ip6_finish_output2+0x98b/0x1b90
[   71.241815]  [<ffffffff84ffaefb>] ip6_finish_output2+0x98b/0x1b90
[   71.248032]  [<ffffffff84ffa73c>] ? ip6_finish_output2+0x1cc/0x1b90
[   71.254413]  [<ffffffff84ffa570>] ? ip6_copy_metadata+0x7e0/0x7e0
[   71.260618]  [<ffffffff85035360>] ? ip6_mtu+0xc0/0x2c0
[   71.265869]  [<ffffffff8503546d>] ? ip6_mtu+0x1cd/0x2c0
[   71.271207]  [<ffffffff85004813>] ip6_finish_output+0x353/0x700
[   71.277246]  [<ffffffff85004d27>] ip6_output+0x167/0x530
[   71.282672]  [<ffffffff85004bc0>] ? ip6_finish_output+0x700/0x700
[   71.288875]  [<ffffffff850044c0>] ? ip6_fragment+0x3940/0x3940
[   71.294842]  [<ffffffff85082c89>] NF_HOOK_THRESH.constprop.38+0xc9/0x290
[   71.301658]  [<ffffffff85082bc0>] ? ip6_mc_add_src+0xb30/0xb30
[   71.307603]  [<ffffffff8504031d>] ? icmp6_dst_alloc+0x35d/0x560
[   71.313637]  [<ffffffff8143570a>] ? trace_hardirqs_on_caller+0x4fa/0x5e0
[   71.320463]  [<ffffffff8507f9c0>] ? mld_dad_start_timer+0x80/0x80
[   71.326670]  [<ffffffff85040338>] ? icmp6_dst_alloc+0x378/0x560
[   71.332702]  [<ffffffff8503ffc0>] ? ip6_blackhole_route+0x5c0/0x5c0
[   71.339080]  [<ffffffff85084f98>] mld_sendpack+0x5f8/0xb80
[   71.344680]  [<ffffffff85084b07>] ? mld_sendpack+0x167/0xb80
[   71.350458]  [<ffffffff85085d7c>] ? add_grec+0x85c/0xcb0
[   71.355882]  [<ffffffff850849a0>] ? igmp6_mcf_seq_next+0x420/0x420
[   71.362189]  [<ffffffff850868f3>] ? mld_ifc_timer_expire+0x353/0x710
[   71.368664]  [<ffffffff814357fd>] ? trace_hardirqs_on+0xd/0x10
[   71.374615]  [<ffffffff813533a7>] ? __local_bh_enable_ip+0xa7/0x1a0
[   71.380996]  [<ffffffff85086900>] mld_ifc_timer_expire+0x360/0x710
[   71.387291]  [<ffffffff814a053e>] call_timer_fn+0x14e/0x620
[   71.392980]  [<ffffffff814a04b9>] ? call_timer_fn+0xc9/0x620
[   71.398755]  [<ffffffff850865a0>] ? mld_dad_timer_expire+0xb0/0xb0
[   71.405053]  [<ffffffff814a03f0>] ? timer_fixup_init+0x30/0x30
[   71.411015]  [<ffffffff85b6f677>] ? _raw_spin_unlock_irq+0x27/0x80
[   71.417311]  [<ffffffff814353ba>] ? trace_hardirqs_on_caller+0x1aa/0x5e0
[   71.424122]  [<ffffffff814a1007>] run_timer_softirq+0x5f7/0x9c0
[   71.431108]  [<ffffffff850865a0>] ? mld_dad_timer_expire+0xb0/0xb0
[   71.437399]  [<ffffffff814a0a10>] ? call_timer_fn+0x620/0x620
[   71.443265]  [<ffffffff85b7302c>] __do_softirq+0x2cc/0xa06
[   71.448885]  [<ffffffff811f5681>] ? sched_clock+0x31/0x40
[   71.454397]  [<ffffffff81355107>] irq_exit+0x157/0x190
[   71.459664]  [<ffffffff85b727bb>] smp_apic_timer_interrupt+0x7b/0xa0
[   71.466145]  [<ffffffff85b70afc>] apic_timer_interrupt+0x8c/0xa0
[   71.472275]  <EOI>  [<ffffffff8297b14f>] ? avc_has_perm+0x1bf/0x470
[   71.478789]  [<ffffffff8297b154>] ? avc_has_perm+0x1c4/0x470
[   71.484562]  [<ffffffff8297b02a>] ? avc_has_perm+0x9a/0x470
[   71.490247]  [<ffffffff8147fdee>] ? rcu_read_lock_sched_held+0x9e/0x120
[   71.496976]  [<ffffffff8297af90>] ? avc_has_perm_noaudit+0x3f0/0x3f0
[   71.503445]  [<ffffffff813b61a1>] ? ___might_sleep+0x331/0x440
[   71.509397]  [<ffffffff813a9101>] ? creds_are_invalid.part.1+0x11/0xb0
[   71.516038]  [<ffffffff829899ef>] inode_has_perm.isra.47+0x13f/0x1c0
[   71.522525]  [<ffffffff8298ba7b>] selinux_inode_readlink+0xdb/0x120
[   71.528995]  [<ffffffff8298b9a0>] ? selinux_inode_getattr+0x180/0x180
[   71.535561]  [<ffffffff817ca3ad>] ? getname_flags+0xfd/0x500
[   71.541338]  [<ffffffff829721a1>] security_inode_readlink+0xb1/0xf0
[   71.547724]  [<ffffffff817a7341>] SyS_readlink+0x141/0x290
[   71.553336]  [<ffffffff817a7200>] ? SyS_readlinkat+0x2b0/0x2b0
[   71.559281]  [<ffffffff8143565c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[   71.566095]  [<ffffffff8100401b>] ? trace_hardirqs_on_thunk+0x1b/0x1d
[   71.572661]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   71.579213] Memory state around the buggy address:
[   71.584114]  ffff8801a7fc7400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   71.591447]  ffff8801a7fc7480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   71.598796] >ffff8801a7fc7500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   71.606128]                    ^
[   71.609466]  ffff8801a7fc7580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   71.616805]  ffff8801a7fc7600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   71.624138] ==================================================================
[   71.631505] ==================================================================
[   71.638948] BUG: KASAN: use-after-free in skb_release_data+0x3f0/0x470 at addr ffff8801a7fc7501
[   71.647759] Read of size 1 by task udevd/7315
[   71.652233] page:ffffea00069ff1c0 count:0 mapcount:0 mapping:          (null) index:0x0
[   71.660487] flags: 0x57ffe0000000000()
[   71.664361] page dumped because: kasan: bad access detected
[   71.670065] CPU: 0 PID: 7315 Comm: udevd Tainted: G    B           4.6.0-syzkaller #0
[   71.678006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   71.687336]  1ffffffff0d9577e ffff88012c007330 ffffffff82c4dd46 ffff8800b5aeacc0
[   71.695362]  ffff88012c0073c0 ffff8801a7fc7501 ffffed0034ff8ea0 ffff88012c0073b0
[   71.703396]  ffffffff817405ba 0000000000000010 ffffffff00000000 0000000000000286
[   71.711397] Call Trace:
[   71.713954]  <IRQ>  [<ffffffff82c4dd46>] dump_stack+0xe6/0x120
[   71.720025]  [<ffffffff817405ba>] kasan_report_error+0x59a/0x5c0
[   71.726146]  [<ffffffff848f0694>] ? sock_def_write_space+0xd4/0x460
[   71.732525]  [<ffffffff8174061e>] __asan_report_load1_noabort+0x3e/0x40
[   71.739261]  [<ffffffff84900010>] ? skb_release_data+0x3f0/0x470
[   71.745382]  [<ffffffff84900010>] skb_release_data+0x3f0/0x470
[   71.751325]  [<ffffffff8519bcd6>] ? br_flood+0x236/0x350
[   71.756769]  [<ffffffff849000cd>] skb_release_all+0x3d/0x50
[   71.762464]  [<ffffffff849000ed>] __kfree_skb+0xd/0x20
[   71.767737]  [<ffffffff84900190>] kfree_skb+0x90/0x2f0
[   71.773001]  [<ffffffff8519bcd6>] br_flood+0x236/0x350
[   71.778397]  [<ffffffff8519c790>] ? __br_forward+0x4b0/0x4b0
[   71.784224]  [<ffffffff8519d046>] br_flood_deliver+0x16/0x20
[   71.790011]  [<ffffffff85192c70>] br_dev_xmit+0x680/0xbc0
[   71.795549]  [<ffffffff851926e0>] ? br_dev_xmit+0xf0/0xbc0
[   71.801148]  [<ffffffff851925f0>] ? br_get_stats64+0x350/0x350
[   71.807117]  [<ffffffff85b60000>] ? __schedule+0x9d0/0x1c00
[   71.812804]  [<ffffffff8174048d>] ? kasan_report_error+0x46d/0x5c0
[   71.819099]  [<ffffffff84951609>] dev_hard_start_xmit+0x6b9/0x1140
[   71.825394]  [<ffffffff84953fa5>] __dev_queue_xmit+0x1b85/0x1f40
[   71.831513]  [<ffffffff849525d9>] ? __dev_queue_xmit+0x1b9/0x1f40
[   71.837718]  [<ffffffff84952420>] ? netdev_pick_tx+0x2a0/0x2a0
[   71.843678]  [<ffffffff8173f8a6>] ? memcpy+0x36/0x40
[   71.848771]  [<ffffffff8495436b>] dev_queue_xmit+0xb/0x10
[   71.854291]  [<ffffffff849748c8>] neigh_resolve_output+0x488/0x7d0
[   71.860607]  [<ffffffff84ffaefb>] ? ip6_finish_output2+0x98b/0x1b90
[   71.866989]  [<ffffffff84ffaefb>] ip6_finish_output2+0x98b/0x1b90
[   71.873280]  [<ffffffff84ffa73c>] ? ip6_finish_output2+0x1cc/0x1b90
[   71.879655]  [<ffffffff84ffa570>] ? ip6_copy_metadata+0x7e0/0x7e0
[   71.885864]  [<ffffffff85035360>] ? ip6_mtu+0xc0/0x2c0
[   71.891113]  [<ffffffff8503546d>] ? ip6_mtu+0x1cd/0x2c0
[   71.896451]  [<ffffffff85004813>] ip6_finish_output+0x353/0x700
[   71.902505]  [<ffffffff85004d27>] ip6_output+0x167/0x530
[   71.907928]  [<ffffffff85004bc0>] ? ip6_finish_output+0x700/0x700
[   71.914149]  [<ffffffff850044c0>] ? ip6_fragment+0x3940/0x3940
[   71.920093]  [<ffffffff85082c89>] NF_HOOK_THRESH.constprop.38+0xc9/0x290
[   71.926904]  [<ffffffff85082bc0>] ? ip6_mc_add_src+0xb30/0xb30
[   71.932849]  [<ffffffff8504031d>] ? icmp6_dst_alloc+0x35d/0x560
[   71.938902]  [<ffffffff8143570a>] ? trace_hardirqs_on_caller+0x4fa/0x5e0
[   71.945717]  [<ffffffff8507f9c0>] ? mld_dad_start_timer+0x80/0x80
[   71.951922]  [<ffffffff85040338>] ? icmp6_dst_alloc+0x378/0x560
[   71.957954]  [<ffffffff8503ffc0>] ? ip6_blackhole_route+0x5c0/0x5c0
[   71.964334]  [<ffffffff85084f98>] mld_sendpack+0x5f8/0xb80
[   71.969929]  [<ffffffff85084b07>] ? mld_sendpack+0x167/0xb80
[   71.975703]  [<ffffffff85085d7c>] ? add_grec+0x85c/0xcb0
[   71.981125]  [<ffffffff850849a0>] ? igmp6_mcf_seq_next+0x420/0x420
[   71.987432]  [<ffffffff850868f3>] ? mld_ifc_timer_expire+0x353/0x710
[   71.993900]  [<ffffffff814357fd>] ? trace_hardirqs_on+0xd/0x10
[   71.999845]  [<ffffffff813533a7>] ? __local_bh_enable_ip+0xa7/0x1a0
[   72.006222]  [<ffffffff85086900>] mld_ifc_timer_expire+0x360/0x710
[   72.012525]  [<ffffffff814a053e>] call_timer_fn+0x14e/0x620
[   72.018208]  [<ffffffff814a04b9>] ? call_timer_fn+0xc9/0x620
[   72.023977]  [<ffffffff850865a0>] ? mld_dad_timer_expire+0xb0/0xb0
[   72.030280]  [<ffffffff814a03f0>] ? timer_fixup_init+0x30/0x30
[   72.036226]  [<ffffffff85b6f677>] ? _raw_spin_unlock_irq+0x27/0x80
[   72.042518]  [<ffffffff814353ba>] ? trace_hardirqs_on_caller+0x1aa/0x5e0
[   72.049331]  [<ffffffff814a1007>] run_timer_softirq+0x5f7/0x9c0
[   72.055365]  [<ffffffff850865a0>] ? mld_dad_timer_expire+0xb0/0xb0
[   72.061657]  [<ffffffff814a0a10>] ? call_timer_fn+0x620/0x620
[   72.067529]  [<ffffffff85b7302c>] __do_softirq+0x2cc/0xa06
[   72.073134]  [<ffffffff811f5681>] ? sched_clock+0x31/0x40
[   72.078661]  [<ffffffff81355107>] irq_exit+0x157/0x190
[   72.083925]  [<ffffffff85b727bb>] smp_apic_timer_interrupt+0x7b/0xa0
[   72.090392]  [<ffffffff85b70afc>] apic_timer_interrupt+0x8c/0xa0
[   72.096520]  <EOI>  [<ffffffff8297b14f>] ? avc_has_perm+0x1bf/0x470
[   72.103031]  [<ffffffff8297b154>] ? avc_has_perm+0x1c4/0x470
[   72.108806]  [<ffffffff8297b02a>] ? avc_has_perm+0x9a/0x470
[   72.114492]  [<ffffffff8147fdee>] ? rcu_read_lock_sched_held+0x9e/0x120
[   72.121234]  [<ffffffff8297af90>] ? avc_has_perm_noaudit+0x3f0/0x3f0
[   72.127712]  [<ffffffff813b61a1>] ? ___might_sleep+0x331/0x440
[   72.133669]  [<ffffffff813a9101>] ? creds_are_invalid.part.1+0x11/0xb0
[   72.140327]  [<ffffffff829899ef>] inode_has_perm.isra.47+0x13f/0x1c0
[   72.146808]  [<ffffffff8298ba7b>] selinux_inode_readlink+0xdb/0x120
[   72.153208]  [<ffffffff8298b9a0>] ? selinux_inode_getattr+0x180/0x180
[   72.159797]  [<ffffffff817ca3ad>] ? getname_flags+0xfd/0x500
[   72.165580]  [<ffffffff829721a1>] security_inode_readlink+0xb1/0xf0
[   72.172121]  [<ffffffff817a7341>] SyS_readlink+0x141/0x290
[   72.177734]  [<ffffffff817a7200>] ? SyS_readlinkat+0x2b0/0x2b0
[   72.183687]  [<ffffffff8143565c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[   72.190506]  [<ffffffff8100401b>] ? trace_hardirqs_on_thunk+0x1b/0x1d
[   72.197064]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   72.203637] Memory state around the buggy address:
[   72.208574]  ffff8801a7fc7400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   72.215915]  ffff8801a7fc7480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   72.223254] >ffff8801a7fc7500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   72.230720]                    ^
[   72.234061]  ffff8801a7fc7580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   72.241394]  ffff8801a7fc7600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   72.248730] ==================================================================
[   72.256111] ==================================================================
[   72.263583] BUG: KASAN: use-after-free in skb_release_data+0x3b6/0x470 at addr ffff8801a7fc7508
[   72.272415] Read of size 8 by task udevd/7315
[   72.276889] page:ffffea00069ff1c0 count:0 mapcount:0 mapping:          (null) index:0x0
[   72.285133] flags: 0x57ffe0000000000()
[   72.288994] page dumped because: kasan: bad access detected
[   72.294682] CPU: 0 PID: 7315 Comm: udevd Tainted: G    B           4.6.0-syzkaller #0
[   72.302634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   72.311978]  1ffffffff0d9577e ffff88012c007330 ffffffff82c4dd46 ffff8800b5aeacc0
[   72.319990]  ffff88012c0073c0 ffff8801a7fc7508 ffffed0034ff8ea0 ffff88012c0073b0
[   72.328007]  ffffffff817405ba 0000000000000010 ffffffff00000000 0000000000000286
[   72.336002] Call Trace:
[   72.338557]  <IRQ>  [<ffffffff82c4dd46>] dump_stack+0xe6/0x120
[   72.344649]  [<ffffffff817405ba>] kasan_report_error+0x59a/0x5c0
[   72.350778]  [<ffffffff848f0694>] ? sock_def_write_space+0xd4/0x460
[   72.357164]  [<ffffffff817406de>] __asan_report_load8_noabort+0x3e/0x40
[   72.363896]  [<ffffffff848fffd6>] ? skb_release_data+0x3b6/0x470
[   72.370016]  [<ffffffff848fffd6>] skb_release_data+0x3b6/0x470
[   72.375963]  [<ffffffff8519bcd6>] ? br_flood+0x236/0x350
[   72.381385]  [<ffffffff849000cd>] skb_release_all+0x3d/0x50
[   72.387071]  [<ffffffff849000ed>] __kfree_skb+0xd/0x20
[   72.392321]  [<ffffffff84900190>] kfree_skb+0x90/0x2f0
[   72.397575]  [<ffffffff8519bcd6>] br_flood+0x236/0x350
[   72.402824]  [<ffffffff8519c790>] ? __br_forward+0x4b0/0x4b0
[   72.408596]  [<ffffffff8519d046>] br_flood_deliver+0x16/0x20
[   72.414366]  [<ffffffff85192c70>] br_dev_xmit+0x680/0xbc0
[   72.419873]  [<ffffffff851926e0>] ? br_dev_xmit+0xf0/0xbc0
[   72.425468]  [<ffffffff851925f0>] ? br_get_stats64+0x350/0x350
[   72.431431]  [<ffffffff85b60000>] ? __schedule+0x9d0/0x1c00
[   72.437123]  [<ffffffff8174048d>] ? kasan_report_error+0x46d/0x5c0
[   72.443425]  [<ffffffff84951609>] dev_hard_start_xmit+0x6b9/0x1140
[   72.449733]  [<ffffffff84953fa5>] __dev_queue_xmit+0x1b85/0x1f40
[   72.455852]  [<ffffffff849525d9>] ? __dev_queue_xmit+0x1b9/0x1f40
[   72.462058]  [<ffffffff84952420>] ? netdev_pick_tx+0x2a0/0x2a0
[   72.468007]  [<ffffffff8173f8a6>] ? memcpy+0x36/0x40
[   72.473085]  [<ffffffff8495436b>] dev_queue_xmit+0xb/0x10
[   72.478603]  [<ffffffff849748c8>] neigh_resolve_output+0x488/0x7d0
[   72.484893]  [<ffffffff84ffaefb>] ? ip6_finish_output2+0x98b/0x1b90
[   72.491283]  [<ffffffff84ffaefb>] ip6_finish_output2+0x98b/0x1b90
[   72.497506]  [<ffffffff84ffa73c>] ? ip6_finish_output2+0x1cc/0x1b90
[   72.503884]  [<ffffffff84ffa570>] ? ip6_copy_metadata+0x7e0/0x7e0
[   72.510107]  [<ffffffff85035360>] ? ip6_mtu+0xc0/0x2c0
[   72.515356]  [<ffffffff8503546d>] ? ip6_mtu+0x1cd/0x2c0
[   72.520693]  [<ffffffff85004813>] ip6_finish_output+0x353/0x700
[   72.526747]  [<ffffffff85004d27>] ip6_output+0x167/0x530
[   72.532180]  [<ffffffff85004bc0>] ? ip6_finish_output+0x700/0x700
[   72.538385]  [<ffffffff850044c0>] ? ip6_fragment+0x3940/0x3940
[   72.544333]  [<ffffffff85082c89>] NF_HOOK_THRESH.constprop.38+0xc9/0x290
[   72.551149]  [<ffffffff85082bc0>] ? ip6_mc_add_src+0xb30/0xb30
[   72.557094]  [<ffffffff8504031d>] ? icmp6_dst_alloc+0x35d/0x560
[   72.563131]  [<ffffffff8143570a>] ? trace_hardirqs_on_caller+0x4fa/0x5e0
[   72.569948]  [<ffffffff8507f9c0>] ? mld_dad_start_timer+0x80/0x80
[   72.576159]  [<ffffffff85040338>] ? icmp6_dst_alloc+0x378/0x560
[   72.582189]  [<ffffffff8503ffc0>] ? ip6_blackhole_route+0x5c0/0x5c0
[   72.588585]  [<ffffffff85084f98>] mld_sendpack+0x5f8/0xb80
[   72.594199]  [<ffffffff85084b07>] ? mld_sendpack+0x167/0xb80
[   72.599972]  [<ffffffff85085d7c>] ? add_grec+0x85c/0xcb0
[   72.605399]  [<ffffffff850849a0>] ? igmp6_mcf_seq_next+0x420/0x420
[   72.611698]  [<ffffffff850868f3>] ? mld_ifc_timer_expire+0x353/0x710
[   72.618169]  [<ffffffff814357fd>] ? trace_hardirqs_on+0xd/0x10
[   72.624117]  [<ffffffff813533a7>] ? __local_bh_enable_ip+0xa7/0x1a0
[   72.630495]  [<ffffffff85086900>] mld_ifc_timer_expire+0x360/0x710
[   72.636790]  [<ffffffff814a053e>] call_timer_fn+0x14e/0x620
[   72.642486]  [<ffffffff814a04b9>] ? call_timer_fn+0xc9/0x620
[   72.648270]  [<ffffffff850865a0>] ? mld_dad_timer_expire+0xb0/0xb0
[   72.654562]  [<ffffffff814a03f0>] ? timer_fixup_init+0x30/0x30
[   72.660507]  [<ffffffff85b6f677>] ? _raw_spin_unlock_irq+0x27/0x80
[   72.666798]  [<ffffffff814353ba>] ? trace_hardirqs_on_caller+0x1aa/0x5e0
[   72.673624]  [<ffffffff814a1007>] run_timer_softirq+0x5f7/0x9c0
[   72.679656]  [<ffffffff850865a0>] ? mld_dad_timer_expire+0xb0/0xb0
[   72.685956]  [<ffffffff814a0a10>] ? call_timer_fn+0x620/0x620
[   72.691813]  [<ffffffff85b7302c>] __do_softirq+0x2cc/0xa06
[   72.697410]  [<ffffffff811f5681>] ? sched_clock+0x31/0x40
[   72.702927]  [<ffffffff81355107>] irq_exit+0x157/0x190
[   72.708185]  [<ffffffff85b727bb>] smp_apic_timer_interrupt+0x7b/0xa0
[   72.714651]  [<ffffffff85b70afc>] apic_timer_interrupt+0x8c/0xa0
[   72.720782]  <EOI>  [<ffffffff8297b14f>] ? avc_has_perm+0x1bf/0x470
[   72.727290]  [<ffffffff8297b154>] ? avc_has_perm+0x1c4/0x470
[   72.733066]  [<ffffffff8297b02a>] ? avc_has_perm+0x9a/0x470
[   72.738774]  [<ffffffff8147fdee>] ? rcu_read_lock_sched_held+0x9e/0x120
[   72.745517]  [<ffffffff8297af90>] ? avc_has_perm_noaudit+0x3f0/0x3f0
[   72.751989]  [<ffffffff813b61a1>] ? ___might_sleep+0x331/0x440
[   72.757985]  [<ffffffff813a9101>] ? creds_are_invalid.part.1+0x11/0xb0
[   72.764630]  [<ffffffff829899ef>] inode_has_perm.isra.47+0x13f/0x1c0
[   72.771097]  [<ffffffff8298ba7b>] selinux_inode_readlink+0xdb/0x120
[   72.777561]  [<ffffffff8298b9a0>] ? selinux_inode_getattr+0x180/0x180
[   72.784127]  [<ffffffff817ca3ad>] ? getname_flags+0xfd/0x500
[   72.789901]  [<ffffffff829721a1>] security_inode_readlink+0xb1/0xf0
[   72.796281]  [<ffffffff817a7341>] SyS_readlink+0x141/0x290
[   72.801877]  [<ffffffff817a7200>] ? SyS_readlinkat+0x2b0/0x2b0
[   72.807823]  [<ffffffff8143565c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[   72.814639]  [<ffffffff8100401b>] ? trace_hardirqs_on_thunk+0x1b/0x1d
[   72.821205]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   72.827768] Memory state around the buggy address:
[   72.832676]  ffff8801a7fc7400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   72.840051]  ffff8801a7fc7480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   72.847396] >ffff8801a7fc7500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   72.854734]                       ^
[   72.858334]  ffff8801a7fc7580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   72.865679]  ffff8801a7fc7600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   72.873012] ==================================================================
2019/12/13 23:52:54 executed programs: 7
[   72.937842] netlink: 2 bytes leftover after parsing attributes in process `syz-executor.1'.
[   72.993019] ==================================================================
[   73.000437] BUG: KASAN: use-after-free in memset+0x1a/0x30 at addr ffff8801a785f180
[   73.008223] Write of size 32 by task modprobe/7753
[   73.013146] page:ffffea00069e17c0 count:0 mapcount:0 mapping:          (null) index:0x0
[   73.021413] flags: 0x57ffe0000000000()
[   73.025284] page dumped because: kasan: bad access detected
[   73.030985] CPU: 0 PID: 7753 Comm: modprobe Tainted: G    B           4.6.0-syzkaller #0
[   73.039203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   73.048555]  1ffffffff0d9577e ffff88012c0076d8 ffffffff82c4dd46 ffff8801a785f180
[   73.056610]  ffff88012c007768 ffff8801a785f180 ffff88012c007850 ffff88012c007758
[   73.064657]  ffffffff817405ba ffff8800aff43ba7
[   73.069185]  1ffff10015fe8775 0000000000000286
[   73.074320] Call Trace:
[   73.076886]  <IRQ>  [<ffffffff82c4dd46>] dump_stack+0xe6/0x120
[   73.082994]  [<ffffffff817405ba>] kasan_report_error+0x59a/0x5c0
[   73.089135]  [<ffffffff8173f626>] ? kasan_unpoison_shadow+0x36/0x50
[   73.095539]  [<ffffffff8173f7a9>] ? kasan_kmalloc+0xc9/0xe0
[   73.101245]  [<ffffffff8173f626>] ? kasan_unpoison_shadow+0x36/0x50
[   73.107646]  [<ffffffff81740914>] kasan_report+0x34/0x40
[   73.113093]  [<ffffffff8173f81a>] ? memset+0x1a/0x30
[   73.118292]  [<ffffffff8173f34d>] __asan_storeN+0x12d/0x180
[   73.123996]  [<ffffffff8173f81a>] memset+0x1a/0x30
[   73.128951]  [<ffffffff848fb78a>] __alloc_skb+0x31a/0x5b0
[   73.134465]  [<ffffffff848fb470>] ? skb_to_sgvec+0x90/0x90
[   73.140068]  [<ffffffff84dac787>] ? ip_rcv+0x867/0x1470
[   73.145420]  [<ffffffff8490099d>] alloc_skb_with_frags+0x8d/0x4b0
[   73.151627]  [<ffffffff84dabf20>] ? ip_local_deliver+0x330/0x330
[   73.157749]  [<ffffffff848ec559>] sock_alloc_send_pskb+0x5c9/0x740
[   73.164045]  [<ffffffff813e0a44>] ? __enqueue_entity+0x134/0x230
[   73.170166]  [<ffffffff848ebf90>] ? sock_wmalloc+0xd0/0xd0
[   73.175769]  [<ffffffff813e3f16>] ? account_entity_enqueue+0x306/0x420
[   73.182421]  [<ffffffff813fff39>] ? enqueue_entity+0x729/0x26f0
[   73.188466]  [<ffffffff848ec6e3>] sock_alloc_send_skb+0x13/0x20
[   73.194509]  [<ffffffff85080a8b>] mld_newpack+0x1bb/0x930
[   73.200029]  [<ffffffff850808d0>] ? ip6_mc_hdr.constprop.41+0x630/0x630
[   73.206778]  [<ffffffff813c576f>] ? check_preempt_curr+0x23f/0x3d0
[   73.213247]  [<ffffffff850814ba>] add_grhead.isra.29+0x2ba/0x3a0
[   73.219394]  [<ffffffff85085d7c>] add_grec+0x85c/0xcb0
[   73.224650]  [<ffffffff85085520>] ? mld_sendpack+0xb80/0xb80
[   73.230424]  [<ffffffff8508689b>] mld_ifc_timer_expire+0x2fb/0x710
[   73.236718]  [<ffffffff814a04b9>] ? call_timer_fn+0xc9/0x620
[   73.242490]  [<ffffffff814a053e>] call_timer_fn+0x14e/0x620
[   73.248172]  [<ffffffff814a04b9>] ? call_timer_fn+0xc9/0x620
[   73.253945]  [<ffffffff850865a0>] ? mld_dad_timer_expire+0xb0/0xb0
[   73.260275]  [<ffffffff814a03f0>] ? timer_fixup_init+0x30/0x30
[   73.266368]  [<ffffffff814a1007>] run_timer_softirq+0x5f7/0x9c0
[   73.272409]  [<ffffffff814c6a26>] ? clockevents_program_event+0xe6/0x300
[   73.279235]  [<ffffffff850865a0>] ? mld_dad_timer_expire+0xb0/0xb0
[   73.285531]  [<ffffffff814a0a10>] ? call_timer_fn+0x620/0x620
[   73.291391]  [<ffffffff813dcf42>] ? sched_clock_cpu+0x152/0x1e0
[   73.297425]  [<ffffffff85b7302c>] __do_softirq+0x2cc/0xa06
[   73.303030]  [<ffffffff811f5681>] ? sched_clock+0x31/0x40
[   73.308546]  [<ffffffff81355107>] irq_exit+0x157/0x190
[   73.313809]  [<ffffffff85b727bb>] smp_apic_timer_interrupt+0x7b/0xa0
[   73.320275]  [<ffffffff85b70afc>] apic_timer_interrupt+0x8c/0xa0
[   73.326395]  <EOI>  [<ffffffff81739f74>] ? kfree+0x154/0x460
[   73.332367]  [<ffffffff8155ff59>] ? __acct_update_integrals+0x79/0x2a0
[   73.339018]  [<ffffffff85b6f3fc>] ? _raw_read_unlock+0x2c/0x50
[   73.344971]  [<ffffffff817a8b6a>] free_bprm+0x17a/0x1e0
[   73.350312]  [<ffffffff817aeeee>] do_execveat_common.isra.42+0x138e/0x1d60
[   73.357314]  [<ffffffff817aec03>] ? do_execveat_common.isra.42+0x10a3/0x1d60
[   73.364478]  [<ffffffff817adb60>] ? prepare_bprm_creds+0x100/0x100
[   73.370769]  [<ffffffff813aa74e>] ? commit_creds+0x9ee/0xf20
[   73.376542]  [<ffffffff8173f8a6>] ? memcpy+0x36/0x40
[   73.381634]  [<ffffffff817af8e7>] do_execve+0x27/0x30
[   73.386863]  [<ffffffff81384067>] call_usermodehelper_exec_async+0x287/0x420
[   73.394046]  [<ffffffff85b700d2>] ret_from_fork+0x22/0x50
[   73.399598] Memory state around the buggy address:
[   73.404505]  ffff8801a785f080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   73.411836]  ffff8801a785f100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   73.419217] >ffff8801a785f180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   73.426551]                    ^
[   73.429888]  ffff8801a785f200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   73.437220]  ffff8801a785f280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   73.444563] ==================================================================
[   73.452817] ==================================================================
[   73.460187] BUG: KASAN: use-after-free in __alloc_skb+0x4bb/0x5b0 at addr ffff8801a785f1a0
[   73.468579] Write of size 4 by task modprobe/7753
[   73.473398] page:ffffea00069e17c0 count:0 mapcount:0 mapping:          (null) index:0x0
[   73.481634] flags: 0x57ffe0000000000()
[   73.485496] page dumped because: kasan: bad access detected
[   73.491182] CPU: 0 PID: 7753 Comm: modprobe Tainted: G    B           4.6.0-syzkaller #0
[   73.499387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   73.508718]  1ffffffff0d9577e ffff88012c007710 ffffffff82c4dd46 0000000000000000
[   73.516736]  ffff88012c0077a0 ffff8801a785f1a0 ffff88012c007850 ffff88012c007790
[   73.524727]  ffffffff817405ba 3837613130383866 00203a3038326635 0000000000000286
[   73.532720] Call Trace:
[   73.535280]  <IRQ>  [<ffffffff82c4dd46>] dump_stack+0xe6/0x120
[   73.541377]  [<ffffffff817405ba>] kasan_report_error+0x59a/0x5c0
[   73.547499]  [<ffffffff81740914>] ? kasan_report+0x34/0x40
[   73.553105]  [<ffffffff817407de>] __asan_report_store4_noabort+0x3e/0x40
[   73.559923]  [<ffffffff848fb92b>] ? __alloc_skb+0x4bb/0x5b0
[   73.565615]  [<ffffffff848fb92b>] __alloc_skb+0x4bb/0x5b0
[   73.571126]  [<ffffffff848fb470>] ? skb_to_sgvec+0x90/0x90
[   73.576728]  [<ffffffff84dac787>] ? ip_rcv+0x867/0x1470
[   73.582075]  [<ffffffff8490099d>] alloc_skb_with_frags+0x8d/0x4b0
[   73.588278]  [<ffffffff84dabf20>] ? ip_local_deliver+0x330/0x330
[   73.594395]  [<ffffffff848ec559>] sock_alloc_send_pskb+0x5c9/0x740
[   73.600687]  [<ffffffff813e0a44>] ? __enqueue_entity+0x134/0x230
[   73.606802]  [<ffffffff848ebf90>] ? sock_wmalloc+0xd0/0xd0
[   73.612397]  [<ffffffff813e3f16>] ? account_entity_enqueue+0x306/0x420
[   73.619044]  [<ffffffff813fff39>] ? enqueue_entity+0x729/0x26f0
[   73.625081]  [<ffffffff848ec6e3>] sock_alloc_send_skb+0x13/0x20
[   73.631115]  [<ffffffff85080a8b>] mld_newpack+0x1bb/0x930
[   73.636627]  [<ffffffff850808d0>] ? ip6_mc_hdr.constprop.41+0x630/0x630
[   73.643352]  [<ffffffff813c576f>] ? check_preempt_curr+0x23f/0x3d0
[   73.649662]  [<ffffffff850814ba>] add_grhead.isra.29+0x2ba/0x3a0
[   73.655799]  [<ffffffff85085d7c>] add_grec+0x85c/0xcb0
[   73.661054]  [<ffffffff85085520>] ? mld_sendpack+0xb80/0xb80
[   73.666831]  [<ffffffff8508689b>] mld_ifc_timer_expire+0x2fb/0x710
[   73.673134]  [<ffffffff814a04b9>] ? call_timer_fn+0xc9/0x620
[   73.678931]  [<ffffffff814a053e>] call_timer_fn+0x14e/0x620
[   73.684666]  [<ffffffff814a04b9>] ? call_timer_fn+0xc9/0x620
[   73.690440]  [<ffffffff850865a0>] ? mld_dad_timer_expire+0xb0/0xb0
[   73.696735]  [<ffffffff814a03f0>] ? timer_fixup_init+0x30/0x30
[   73.702679]  [<ffffffff814a1007>] run_timer_softirq+0x5f7/0x9c0
[   73.708710]  [<ffffffff814c6a26>] ? clockevents_program_event+0xe6/0x300
[   73.715520]  [<ffffffff850865a0>] ? mld_dad_timer_expire+0xb0/0xb0
[   73.721811]  [<ffffffff814a0a10>] ? call_timer_fn+0x620/0x620
[   73.727666]  [<ffffffff813dcf42>] ? sched_clock_cpu+0x152/0x1e0
[   73.733701]  [<ffffffff85b7302c>] __do_softirq+0x2cc/0xa06
[   73.739306]  [<ffffffff811f5681>] ? sched_clock+0x31/0x40
[   73.744817]  [<ffffffff81355107>] irq_exit+0x157/0x190
[   73.750069]  [<ffffffff85b727bb>] smp_apic_timer_interrupt+0x7b/0xa0
[   73.756537]  [<ffffffff85b70afc>] apic_timer_interrupt+0x8c/0xa0
[   73.762651]  <EOI>  [<ffffffff81739f74>] ? kfree+0x154/0x460
[   73.769593]  [<ffffffff8155ff59>] ? __acct_update_integrals+0x79/0x2a0
[   73.776236]  [<ffffffff85b6f3fc>] ? _raw_read_unlock+0x2c/0x50
[   73.782200]  [<ffffffff817a8b6a>] free_bprm+0x17a/0x1e0
[   73.787549]  [<ffffffff817aeeee>] do_execveat_common.isra.42+0x138e/0x1d60
[   73.794534]  [<ffffffff817aec03>] ? do_execveat_common.isra.42+0x10a3/0x1d60
[   73.801693]  [<ffffffff817adb60>] ? prepare_bprm_creds+0x100/0x100
[   73.807986]  [<ffffffff813aa74e>] ? commit_creds+0x9ee/0xf20
[   73.813758]  [<ffffffff8173f8a6>] ? memcpy+0x36/0x40
[   73.818833]  [<ffffffff817af8e7>] do_execve+0x27/0x30
[   73.823997]  [<ffffffff81384067>] call_usermodehelper_exec_async+0x287/0x420
[   73.831156]  [<ffffffff85b700d2>] ret_from_fork+0x22/0x50
[   73.836665] Memory state around the buggy address:
[   73.841566]  ffff8801a785f080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   73.848897]  ffff8801a785f100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   73.856227] >ffff8801a785f180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   73.863560]                                ^
[   73.867939]  ffff8801a785f200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   73.875280]  ffff8801a785f280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   73.882609] ==================================================================
[   73.890144] ==================================================================
[   73.897502] BUG: KASAN: use-after-free in __dev_queue_xmit+0x1828/0x1f40 at addr ffff8801a785f181
[   73.906493] Read of size 1 by task modprobe/7753
[   73.911225] page:ffffea00069e17c0 count:0 mapcount:0 mapping:          (null) index:0x0
[   73.919463] flags: 0x57ffe0000000000()
[   73.923324] page dumped because: kasan: bad access detected
[   73.929011] CPU: 0 PID: 7753 Comm: modprobe Tainted: G    B           4.6.0-syzkaller #0
[   73.937212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   73.946555]  1ffffffff0d9577e ffff88012c0075e8 ffffffff82c4dd46 ffff8800aff43b86
[   73.954550]  ffff88012c007678 ffff8801a785f181 ffff8800aff43ae0 ffff88012c007668
[   73.962540]  ffffffff817405ba ffffffff00000000 1ffff10025800ec2 0000000000000286
[   73.970560] Call Trace:
[   73.973117]  <IRQ>  [<ffffffff82c4dd46>] dump_stack+0xe6/0x120
[   73.979202]  [<ffffffff817405ba>] kasan_report_error+0x59a/0x5c0
[   73.985324]  [<ffffffff81436160>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   73.992311]  [<ffffffff8174061e>] __asan_report_load1_noabort+0x3e/0x40
[   73.999052]  [<ffffffff84953c48>] ? __dev_queue_xmit+0x1828/0x1f40
[   74.005349]  [<ffffffff84953c48>] __dev_queue_xmit+0x1828/0x1f40
[   74.011474]  [<ffffffff84952420>] ? netdev_pick_tx+0x2a0/0x2a0
[   74.017439]  [<ffffffff8173f8a6>] ? memcpy+0x36/0x40
[   74.022513]  [<ffffffff8495436b>] dev_queue_xmit+0xb/0x10
[   74.028025]  [<ffffffff849748c8>] neigh_resolve_output+0x488/0x7d0
[   74.034330]  [<ffffffff84ffaefb>] ? ip6_finish_output2+0x98b/0x1b90
[   74.040715]  [<ffffffff84ffaefb>] ip6_finish_output2+0x98b/0x1b90
[   74.046920]  [<ffffffff84ffa73c>] ? ip6_finish_output2+0x1cc/0x1b90
[   74.053301]  [<ffffffff84ffa570>] ? ip6_copy_metadata+0x7e0/0x7e0
[   74.059521]  [<ffffffff85035360>] ? ip6_mtu+0xc0/0x2c0
[   74.064769]  [<ffffffff8503546d>] ? ip6_mtu+0x1cd/0x2c0
[   74.070105]  [<ffffffff85004813>] ip6_finish_output+0x353/0x700
[   74.076146]  [<ffffffff85004d27>] ip6_output+0x167/0x530
[   74.081566]  [<ffffffff85004bc0>] ? ip6_finish_output+0x700/0x700
[   74.087785]  [<ffffffff850044c0>] ? ip6_fragment+0x3940/0x3940
[   74.093731]  [<ffffffff85082c89>] NF_HOOK_THRESH.constprop.38+0xc9/0x290
[   74.100541]  [<ffffffff85082bc0>] ? ip6_mc_add_src+0xb30/0xb30
[   74.106487]  [<ffffffff8504031d>] ? icmp6_dst_alloc+0x35d/0x560
[   74.112520]  [<ffffffff8143570a>] ? trace_hardirqs_on_caller+0x4fa/0x5e0
[   74.119351]  [<ffffffff8507f9c0>] ? mld_dad_start_timer+0x80/0x80
[   74.125557]  [<ffffffff85040338>] ? icmp6_dst_alloc+0x378/0x560
[   74.131585]  [<ffffffff8503ffc0>] ? ip6_blackhole_route+0x5c0/0x5c0
[   74.137961]  [<ffffffff85084f98>] mld_sendpack+0x5f8/0xb80
[   74.143570]  [<ffffffff85084b07>] ? mld_sendpack+0x167/0xb80
[   74.149340]  [<ffffffff85085d7c>] ? add_grec+0x85c/0xcb0
[   74.154760]  [<ffffffff850849a0>] ? igmp6_mcf_seq_next+0x420/0x420
[   74.161050]  [<ffffffff850868f3>] ? mld_ifc_timer_expire+0x353/0x710
[   74.167513]  [<ffffffff814357fd>] ? trace_hardirqs_on+0xd/0x10
[   74.173457]  [<ffffffff813533a7>] ? __local_bh_enable_ip+0xa7/0x1a0
[   74.179835]  [<ffffffff85086900>] mld_ifc_timer_expire+0x360/0x710
[   74.186139]  [<ffffffff814a04b9>] ? call_timer_fn+0xc9/0x620
[   74.191908]  [<ffffffff814a053e>] call_timer_fn+0x14e/0x620
[   74.197606]  [<ffffffff814a04b9>] ? call_timer_fn+0xc9/0x620
[   74.203391]  [<ffffffff850865a0>] ? mld_dad_timer_expire+0xb0/0xb0
[   74.209741]  [<ffffffff814a03f0>] ? timer_fixup_init+0x30/0x30
[   74.215693]  [<ffffffff814a1007>] run_timer_softirq+0x5f7/0x9c0
[   74.221726]  [<ffffffff814c6a26>] ? clockevents_program_event+0xe6/0x300
[   74.228537]  [<ffffffff850865a0>] ? mld_dad_timer_expire+0xb0/0xb0
[   74.234826]  [<ffffffff814a0a10>] ? call_timer_fn+0x620/0x620
[   74.240685]  [<ffffffff813dcf42>] ? sched_clock_cpu+0x152/0x1e0
[   74.246737]  [<ffffffff85b7302c>] __do_softirq+0x2cc/0xa06
[   74.252334]  [<ffffffff811f5681>] ? sched_clock+0x31/0x40
[   74.257846]  [<ffffffff81355107>] irq_exit+0x157/0x190
[   74.263123]  [<ffffffff85b727bb>] smp_apic_timer_interrupt+0x7b/0xa0
[   74.269609]  [<ffffffff85b70afc>] apic_timer_interrupt+0x8c/0xa0
[   74.275778]  <EOI>  [<ffffffff81739f74>] ? kfree+0x154/0x460
[   74.281694]  [<ffffffff8155ff59>] ? __acct_update_integrals+0x79/0x2a0
[   74.288358]  [<ffffffff85b6f3fc>] ? _raw_read_unlock+0x2c/0x50
[   74.294322]  [<ffffffff817a8b6a>] free_bprm+0x17a/0x1e0
[   74.299686]  [<ffffffff817aeeee>] do_execveat_common.isra.42+0x138e/0x1d60
[   74.306736]  [<ffffffff817aec03>] ? do_execveat_common.isra.42+0x10a3/0x1d60
[   74.313912]  [<ffffffff817adb60>] ? prepare_bprm_creds+0x100/0x100
[   74.320222]  [<ffffffff813aa74e>] ? commit_creds+0x9ee/0xf20
[   74.326011]  [<ffffffff8173f8a6>] ? memcpy+0x36/0x40
[   74.331099]  [<ffffffff817af8e7>] do_execve+0x27/0x30
[   74.336282]  [<ffffffff81384067>] call_usermodehelper_exec_async+0x287/0x420
[   74.343459]  [<ffffffff85b700d2>] ret_from_fork+0x22/0x50
[   74.348979] Memory state around the buggy address:
[   74.353889]  ffff8801a785f080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   74.361244]  ffff8801a785f100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   74.368634] >ffff8801a785f180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   74.375976]                    ^
[   74.379327]  ffff8801a785f200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   74.386675]  ffff8801a785f280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   74.394015] ==================================================================
[   74.401413] ==================================================================
[   74.408828] BUG: KASAN: use-after-free in __dev_queue_xmit+0x17db/0x1f40 at addr ffff8801a785f182
[   74.417825] Read of size 2 by task modprobe/7753
[   74.422573] page:ffffea00069e17c0 count:0 mapcount:0 mapping:          (null) index:0x0
[   74.430813] flags: 0x57ffe0000000000()
[   74.434675] page dumped because: kasan: bad access detected
[   74.440360] CPU: 0 PID: 7753 Comm: modprobe Tainted: G    B           4.6.0-syzkaller #0
[   74.448571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   74.457909]  1ffffffff0d9577e ffff88012c0075e8 ffffffff82c4dd46 ffff8800aff43b86
[   74.466021]  ffff88012c007678 ffff8801a785f182 ffff8801a785f180 ffff88012c007668
[   74.474065]  ffffffff817405ba 0000000000000010 ffff8800a740e480 0000000000000286
[   74.482111] Call Trace:
[   74.484671]  <IRQ>  [<ffffffff82c4dd46>] dump_stack+0xe6/0x120
[   74.490751]  [<ffffffff817405ba>] kasan_report_error+0x59a/0x5c0
[   74.496887]  [<ffffffff8174065e>] __asan_report_load2_noabort+0x3e/0x40
[   74.503665]  [<ffffffff84953bfb>] ? __dev_queue_xmit+0x17db/0x1f40
[   74.509955]  [<ffffffff84953bfb>] __dev_queue_xmit+0x17db/0x1f40
[   74.516073]  [<ffffffff849525d9>] ? __dev_queue_xmit+0x1b9/0x1f40
[   74.522299]  [<ffffffff84952420>] ? netdev_pick_tx+0x2a0/0x2a0
[   74.528257]  [<ffffffff8173f8a6>] ? memcpy+0x36/0x40
[   74.533349]  [<ffffffff8495436b>] dev_queue_xmit+0xb/0x10
[   74.538869]  [<ffffffff849748c8>] neigh_resolve_output+0x488/0x7d0
[   74.545185]  [<ffffffff84ffaefb>] ? ip6_finish_output2+0x98b/0x1b90
[   74.551565]  [<ffffffff84ffaefb>] ip6_finish_output2+0x98b/0x1b90
[   74.557770]  [<ffffffff84ffa73c>] ? ip6_finish_output2+0x1cc/0x1b90
[   74.564150]  [<ffffffff84ffa570>] ? ip6_copy_metadata+0x7e0/0x7e0
[   74.570369]  [<ffffffff85035360>] ? ip6_mtu+0xc0/0x2c0
[   74.575615]  [<ffffffff8503546d>] ? ip6_mtu+0x1cd/0x2c0
[   74.580950]  [<ffffffff85004813>] ip6_finish_output+0x353/0x700
[   74.586980]  [<ffffffff85004d27>] ip6_output+0x167/0x530
[   74.592416]  [<ffffffff85004bc0>] ? ip6_finish_output+0x700/0x700
[   74.598620]  [<ffffffff850044c0>] ? ip6_fragment+0x3940/0x3940
[   74.604565]  [<ffffffff85082c89>] NF_HOOK_THRESH.constprop.38+0xc9/0x290
[   74.611374]  [<ffffffff85082bc0>] ? ip6_mc_add_src+0xb30/0xb30
[   74.617330]  [<ffffffff8504031d>] ? icmp6_dst_alloc+0x35d/0x560
[   74.623362]  [<ffffffff8143570a>] ? trace_hardirqs_on_caller+0x4fa/0x5e0
[   74.630185]  [<ffffffff8507f9c0>] ? mld_dad_start_timer+0x80/0x80
[   74.636401]  [<ffffffff85040338>] ? icmp6_dst_alloc+0x378/0x560
[   74.642430]  [<ffffffff8503ffc0>] ? ip6_blackhole_route+0x5c0/0x5c0
[   74.648833]  [<ffffffff85084f98>] mld_sendpack+0x5f8/0xb80
[   74.654429]  [<ffffffff85084b07>] ? mld_sendpack+0x167/0xb80
[   74.660195]  [<ffffffff85085d7c>] ? add_grec+0x85c/0xcb0
[   74.665620]  [<ffffffff850849a0>] ? igmp6_mcf_seq_next+0x420/0x420
[   74.671909]  [<ffffffff850868f3>] ? mld_ifc_timer_expire+0x353/0x710
[   74.678377]  [<ffffffff814357fd>] ? trace_hardirqs_on+0xd/0x10
[   74.684334]  [<ffffffff813533a7>] ? __local_bh_enable_ip+0xa7/0x1a0
[   74.690712]  [<ffffffff85086900>] mld_ifc_timer_expire+0x360/0x710
[   74.697004]  [<ffffffff814a04b9>] ? call_timer_fn+0xc9/0x620
[   74.702772]  [<ffffffff814a053e>] call_timer_fn+0x14e/0x620
[   74.708469]  [<ffffffff814a04b9>] ? call_timer_fn+0xc9/0x620
[   74.714255]  [<ffffffff850865a0>] ? mld_dad_timer_expire+0xb0/0xb0
[   74.720563]  [<ffffffff814a03f0>] ? timer_fixup_init+0x30/0x30
[   74.726521]  [<ffffffff814a1007>] run_timer_softirq+0x5f7/0x9c0
[   74.732557]  [<ffffffff814c6a26>] ? clockevents_program_event+0xe6/0x300
[   74.739394]  [<ffffffff850865a0>] ? mld_dad_timer_expire+0xb0/0xb0
[   74.745686]  [<ffffffff814a0a10>] ? call_timer_fn+0x620/0x620
[   74.751545]  [<ffffffff813dcf42>] ? sched_clock_cpu+0x152/0x1e0
[   74.757620]  [<ffffffff85b7302c>] __do_softirq+0x2cc/0xa06
[   74.763218]  [<ffffffff811f5681>] ? sched_clock+0x31/0x40
[   74.768729]  [<ffffffff81355107>] irq_exit+0x157/0x190
[   74.773979]  [<ffffffff85b727bb>] smp_apic_timer_interrupt+0x7b/0xa0
[   74.780445]  [<ffffffff85b70afc>] apic_timer_interrupt+0x8c/0xa0
[   74.786562]  <EOI>  [<ffffffff81739f74>] ? kfree+0x154/0x460
[   74.792464]  [<ffffffff8155ff59>] ? __acct_update_integrals+0x79/0x2a0
[   74.799104]  [<ffffffff85b6f3fc>] ? _raw_read_unlock+0x2c/0x50
[   74.805052]  [<ffffffff817a8b6a>] free_bprm+0x17a/0x1e0
[   74.810387]  [<ffffffff817aeeee>] do_execveat_common.isra.42+0x138e/0x1d60
[   74.817371]  [<ffffffff817aec03>] ? do_execveat_common.isra.42+0x10a3/0x1d60
[   74.824533]  [<ffffffff817adb60>] ? prepare_bprm_creds+0x100/0x100
[   74.830823]  [<ffffffff813aa74e>] ? commit_creds+0x9ee/0xf20
[   74.836610]  [<ffffffff8173f8a6>] ? memcpy+0x36/0x40
[   74.841684]  [<ffffffff817af8e7>] do_execve+0x27/0x30
[   74.846847]  [<ffffffff81384067>] call_usermodehelper_exec_async+0x287/0x420
[   74.854020]  [<ffffffff85b700d2>] ret_from_fork+0x22/0x50
[   74.859539] Memory state around the buggy address:
[   74.864454]  ffff8801a785f080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   74.871784]  ffff8801a785f100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   74.879114] >ffff8801a785f180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   74.886447]                    ^
[   74.889786]  ffff8801a785f200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   74.897118]  ffff8801a785f280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   74.904449] ==================================================================
[   74.911811] ==================================================================
[   74.919164] BUG: KASAN: use-after-free in netif_skb_features+0x601/0x7d0 at addr ffff8801a785f184
[   74.928152] Read of size 2 by task modprobe/7753
[   74.932883] page:ffffea00069e17c0 count:0 mapcount:0 mapping:          (null) index:0x0
[   74.941148] flags: 0x57ffe0000000000()
[   74.945021] page dumped because: kasan: bad access detected
[   74.950731] CPU: 0 PID: 7753 Comm: modprobe Tainted: G    B           4.6.0-syzkaller #0
[   74.959043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   74.968381]  1ffffffff0d9577e ffff88012c0074e8 ffffffff82c4dd46 ffff8800aff43ac0
[   74.976406]  ffff88012c007578 ffff8801a785f184 ffff8800aff43ae0 ffff88012c007568
[   74.984499]  ffffffff817405ba 1ffffffff0eca2ec 0000000000000000 0000000000000286
[   74.992505] Call Trace:
[   74.995066]  <IRQ>  [<ffffffff82c4dd46>] dump_stack+0xe6/0x120
[   75.001157]  [<ffffffff817405ba>] kasan_report_error+0x59a/0x5c0
[   75.007276]  [<ffffffff85b70879>] ? retint_kernel+0x2d/0x2d
[   75.012965]  [<ffffffff8174065e>] __asan_report_load2_noabort+0x3e/0x40
[   75.019698]  [<ffffffff84950361>] ? netif_skb_features+0x601/0x7d0
[   75.026000]  [<ffffffff84950361>] netif_skb_features+0x601/0x7d0
[   75.032117]  [<ffffffff8494fd60>] ? __skb_gso_segment+0x3c0/0x3c0
[   75.038340]  [<ffffffff8174048d>] ? kasan_report_error+0x46d/0x5c0
[   75.044633]  [<ffffffff84950550>] validate_xmit_skb.isra.107.part.108+0x20/0xa20
[   75.052140]  [<ffffffff8495407d>] __dev_queue_xmit+0x1c5d/0x1f40
[   75.058255]  [<ffffffff849525d9>] ? __dev_queue_xmit+0x1b9/0x1f40
[   75.064473]  [<ffffffff84952420>] ? netdev_pick_tx+0x2a0/0x2a0
[   75.070416]  [<ffffffff8173f8a6>] ? memcpy+0x36/0x40
[   75.075490]  [<ffffffff8495436b>] dev_queue_xmit+0xb/0x10
[   75.081001]  [<ffffffff849748c8>] neigh_resolve_output+0x488/0x7d0
[   75.087294]  [<ffffffff84ffaefb>] ? ip6_finish_output2+0x98b/0x1b90
[   75.093674]  [<ffffffff84ffaefb>] ip6_finish_output2+0x98b/0x1b90
[   75.099878]  [<ffffffff84ffa73c>] ? ip6_finish_output2+0x1cc/0x1b90
[   75.106257]  [<ffffffff84ffa570>] ? ip6_copy_metadata+0x7e0/0x7e0
[   75.112462]  [<ffffffff85035360>] ? ip6_mtu+0xc0/0x2c0
[   75.117725]  [<ffffffff8503546d>] ? ip6_mtu+0x1cd/0x2c0
[   75.123075]  [<ffffffff85004813>] ip6_finish_output+0x353/0x700
[   75.129109]  [<ffffffff85004d27>] ip6_output+0x167/0x530
[   75.134544]  [<ffffffff85004bc0>] ? ip6_finish_output+0x700/0x700
[   75.140748]  [<ffffffff850044c0>] ? ip6_fragment+0x3940/0x3940
[   75.146693]  [<ffffffff85082c89>] NF_HOOK_THRESH.constprop.38+0xc9/0x290
[   75.153505]  [<ffffffff85082bc0>] ? ip6_mc_add_src+0xb30/0xb30
[   75.159451]  [<ffffffff8504031d>] ? icmp6_dst_alloc+0x35d/0x560
[   75.165482]  [<ffffffff8143570a>] ? trace_hardirqs_on_caller+0x4fa/0x5e0
[   75.172302]  [<ffffffff8507f9c0>] ? mld_dad_start_timer+0x80/0x80
[   75.178508]  [<ffffffff85040338>] ? icmp6_dst_alloc+0x378/0x560
[   75.184538]  [<ffffffff8503ffc0>] ? ip6_blackhole_route+0x5c0/0x5c0
[   75.190930]  [<ffffffff85084f98>] mld_sendpack+0x5f8/0xb80
[   75.196542]  [<ffffffff85084b07>] ? mld_sendpack+0x167/0xb80
[   75.202326]  [<ffffffff85085d7c>] ? add_grec+0x85c/0xcb0
[   75.207762]  [<ffffffff850849a0>] ? igmp6_mcf_seq_next+0x420/0x420
[   75.214062]  [<ffffffff850868f3>] ? mld_ifc_timer_expire+0x353/0x710
[   75.220530]  [<ffffffff814357fd>] ? trace_hardirqs_on+0xd/0x10
[   75.226486]  [<ffffffff813533a7>] ? __local_bh_enable_ip+0xa7/0x1a0
[   75.232865]  [<ffffffff85086900>] mld_ifc_timer_expire+0x360/0x710
[   75.239158]  [<ffffffff814a04b9>] ? call_timer_fn+0xc9/0x620
[   75.244932]  [<ffffffff814a053e>] call_timer_fn+0x14e/0x620
[   75.250612]  [<ffffffff814a04b9>] ? call_timer_fn+0xc9/0x620
[   75.256382]  [<ffffffff850865a0>] ? mld_dad_timer_expire+0xb0/0xb0
[   75.262683]  [<ffffffff814a03f0>] ? timer_fixup_init+0x30/0x30
[   75.268628]  [<ffffffff814a1007>] run_timer_softirq+0x5f7/0x9c0
[   75.274700]  [<ffffffff814c6a26>] ? clockevents_program_event+0xe6/0x300
[   75.281531]  [<ffffffff850865a0>] ? mld_dad_timer_expire+0xb0/0xb0
[   75.287839]  [<ffffffff814a0a10>] ? call_timer_fn+0x620/0x620
[   75.293726]  [<ffffffff813dcf42>] ? sched_clock_cpu+0x152/0x1e0
[   75.299760]  [<ffffffff85b7302c>] __do_softirq+0x2cc/0xa06
[   75.305377]  [<ffffffff811f5681>] ? sched_clock+0x31/0x40
[   75.310898]  [<ffffffff81355107>] irq_exit+0x157/0x190
[   75.316202]  [<ffffffff85b727bb>] smp_apic_timer_interrupt+0x7b/0xa0
[   75.322681]  [<ffffffff85b70afc>] apic_timer_interrupt+0x8c/0xa0
[   75.328810]  <EOI>  [<ffffffff81739f74>] ? kfree+0x154/0x460
[   75.334780]  [<ffffffff8155ff59>] ? __acct_update_integrals+0x79/0x2a0
[   75.341464]  [<ffffffff85b6f3fc>] ? _raw_read_unlock+0x2c/0x50
[   75.347420]  [<ffffffff817a8b6a>] free_bprm+0x17a/0x1e0
[   75.352768]  [<ffffffff817aeeee>] do_execveat_common.isra.42+0x138e/0x1d60
[   75.359760]  [<ffffffff817aec03>] ? do_execveat_common.isra.42+0x10a3/0x1d60
[   75.366924]  [<ffffffff817adb60>] ? prepare_bprm_creds+0x100/0x100
[   75.373337]  [<ffffffff813aa74e>] ? commit_creds+0x9ee/0xf20
[   75.379123]  [<ffffffff8173f8a6>] ? memcpy+0x36/0x40
[   75.384257]  [<ffffffff817af8e7>] do_execve+0x27/0x30
[   75.389424]  [<ffffffff81384067>] call_usermodehelper_exec_async+0x287/0x420
[   75.396636]  [<ffffffff85b700d2>] ret_from_fork+0x22/0x50
[   75.402147] Memory state around the buggy address:
[   75.407046]  ffff8801a785f080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   75.414378]  ffff8801a785f100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   75.421711] >ffff8801a785f180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   75.429043]                    ^
[   75.432382]  ffff8801a785f200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   75.439713]  ffff8801a785f280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   75.447058] ==================================================================
[   75.454540] ==================================================================
[   75.461892] BUG: KASAN: use-after-free in validate_xmit_skb.isra.107.part.108+0x831/0xa20 at addr ffff8801a785f182
[   75.472353] Read of size 2 by task modprobe/7753
[   75.477085] page:ffffea00069e17c0 count:0 mapcount:0 mapping:          (null) index:0x0
[   75.485429] flags: 0x57ffe0000000000()
[   75.489290] page dumped because: kasan: bad access detected
[   75.494978] CPU: 0 PID: 7753 Comm: modprobe Tainted: G    B           4.6.0-syzkaller #0
[   75.503183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   75.512517]  1ffffffff0d9577e ffff88012c007590 ffffffff82c4dd46 ffff8800aff43ac0
[   75.520542]  ffff88012c007620 ffff8801a785f182 0000000000000000 ffff88012c007610
[   75.528546]  ffffffff817405ba ffff88012c007648 ffffffff8495006e 0000000000000286
[   75.536547] Call Trace:
[   75.539103]  <IRQ>  [<ffffffff82c4dd46>] dump_stack+0xe6/0x120
[   75.545190]  [<ffffffff817405ba>] kasan_report_error+0x59a/0x5c0
[   75.551309]  [<ffffffff8495006e>] ? netif_skb_features+0x30e/0x7d0
[   75.557600]  [<ffffffff8494fd60>] ? __skb_gso_segment+0x3c0/0x3c0
[   75.563804]  [<ffffffff8174065e>] __asan_report_load2_noabort+0x3e/0x40
[   75.570530]  [<ffffffff84950d61>] ? validate_xmit_skb.isra.107.part.108+0x831/0xa20
[   75.578318]  [<ffffffff84950d61>] validate_xmit_skb.isra.107.part.108+0x831/0xa20
[   75.585909]  [<ffffffff8495407d>] __dev_queue_xmit+0x1c5d/0x1f40
[   75.592039]  [<ffffffff849525d9>] ? __dev_queue_xmit+0x1b9/0x1f40
[   75.598241]  [<ffffffff84952420>] ? netdev_pick_tx+0x2a0/0x2a0
[   75.604199]  [<ffffffff8173f8a6>] ? memcpy+0x36/0x40
[   75.609274]  [<ffffffff8495436b>] dev_queue_xmit+0xb/0x10
[   75.614785]  [<ffffffff849748c8>] neigh_resolve_output+0x488/0x7d0
[   75.621093]  [<ffffffff84ffaefb>] ? ip6_finish_output2+0x98b/0x1b90
[   75.627481]  [<ffffffff84ffaefb>] ip6_finish_output2+0x98b/0x1b90
[   75.633686]  [<ffffffff84ffa73c>] ? ip6_finish_output2+0x1cc/0x1b90
[   75.640069]  [<ffffffff84ffa570>] ? ip6_copy_metadata+0x7e0/0x7e0
[   75.646275]  [<ffffffff85035360>] ? ip6_mtu+0xc0/0x2c0
[   75.651524]  [<ffffffff8503546d>] ? ip6_mtu+0x1cd/0x2c0
[   75.656877]  [<ffffffff85004813>] ip6_finish_output+0x353/0x700
[   75.662910]  [<ffffffff85004d27>] ip6_output+0x167/0x530
[   75.668337]  [<ffffffff85004bc0>] ? ip6_finish_output+0x700/0x700
[   75.674561]  [<ffffffff850044c0>] ? ip6_fragment+0x3940/0x3940
[   75.680505]  [<ffffffff85082c89>] NF_HOOK_THRESH.constprop.38+0xc9/0x290
[   75.687317]  [<ffffffff85082bc0>] ? ip6_mc_add_src+0xb30/0xb30
[   75.693277]  [<ffffffff8504031d>] ? icmp6_dst_alloc+0x35d/0x560
[   75.699322]  [<ffffffff8143570a>] ? trace_hardirqs_on_caller+0x4fa/0x5e0
[   75.706138]  [<ffffffff8507f9c0>] ? mld_dad_start_timer+0x80/0x80
[   75.712343]  [<ffffffff85040338>] ? icmp6_dst_alloc+0x378/0x560
[   75.718371]  [<ffffffff8503ffc0>] ? ip6_blackhole_route+0x5c0/0x5c0
[   75.724752]  [<ffffffff85084f98>] mld_sendpack+0x5f8/0xb80
[   75.730348]  [<ffffffff85084b07>] ? mld_sendpack+0x167/0xb80
[   75.736131]  [<ffffffff85085d7c>] ? add_grec+0x85c/0xcb0
[   75.741564]  [<ffffffff850849a0>] ? igmp6_mcf_seq_next+0x420/0x420
[   75.747857]  [<ffffffff850868f3>] ? mld_ifc_timer_expire+0x353/0x710
[   75.754326]  [<ffffffff814357fd>] ? trace_hardirqs_on+0xd/0x10
[   75.760271]  [<ffffffff813533a7>] ? __local_bh_enable_ip+0xa7/0x1a0
[   75.766662]  [<ffffffff85086900>] mld_ifc_timer_expire+0x360/0x710
[   75.772969]  [<ffffffff814a04b9>] ? call_timer_fn+0xc9/0x620
[   75.778759]  [<ffffffff814a053e>] call_timer_fn+0x14e/0x620
[   75.784488]  [<ffffffff814a04b9>] ? call_timer_fn+0xc9/0x620
[   75.790267]  [<ffffffff850865a0>] ? mld_dad_timer_expire+0xb0/0xb0
[   75.796563]  [<ffffffff814a03f0>] ? timer_fixup_init+0x30/0x30
[   75.802556]  [<ffffffff814a1007>] run_timer_softirq+0x5f7/0x9c0
[   75.808592]  [<ffffffff814c6a26>] ? clockevents_program_event+0xe6/0x300
[   75.815411]  [<ffffffff850865a0>] ? mld_dad_timer_expire+0xb0/0xb0
[   75.821771]  [<ffffffff814a0a10>] ? call_timer_fn+0x620/0x620
[   75.827654]  [<ffffffff813dcf42>] ? sched_clock_cpu+0x152/0x1e0
[   75.833701]  [<ffffffff85b7302c>] __do_softirq+0x2cc/0xa06
[   75.839333]  [<ffffffff811f5681>] ? sched_clock+0x31/0x40
[   75.844878]  [<ffffffff81355107>] irq_exit+0x157/0x190
[   75.850286]  [<ffffffff85b727bb>] smp_apic_timer_interrupt+0x7b/0xa0
[   75.856767]  [<ffffffff85b70afc>] apic_timer_interrupt+0x8c/0xa0
[   75.862893]  <EOI>  [<ffffffff81739f74>] ? kfree+0x154/0x460
[   75.868824]  [<ffffffff8155ff59>] ? __acct_update_integrals+0x79/0x2a0
[   75.875476]  [<ffffffff85b6f3fc>] ? _raw_read_unlock+0x2c/0x50
[   75.881439]  [<ffffffff817a8b6a>] free_bprm+0x17a/0x1e0
[   75.886835]  [<ffffffff817aeeee>] do_execveat_common.isra.42+0x138e/0x1d60
[   75.893843]  [<ffffffff817aec03>] ? do_execveat_common.isra.42+0x10a3/0x1d60
[   75.901031]  [<ffffffff817adb60>] ? prepare_bprm_creds+0x100/0x100
[   75.907340]  [<ffffffff813aa74e>] ? commit_creds+0x9ee/0xf20
[   75.913131]  [<ffffffff8173f8a6>] ? memcpy+0x36/0x40
[   75.918229]  [<ffffffff817af8e7>] do_execve+0x27/0x30
[   75.923405]  [<ffffffff81384067>] call_usermodehelper_exec_async+0x287/0x420
[   75.930578]  [<ffffffff85b700d2>] ret_from_fork+0x22/0x50
[   75.936097] Memory state around the buggy address:
[   75.941005]  ffff8801a785f080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   75.948344]  ffff8801a785f100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   75.955685] >ffff8801a785f180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   75.963040]                    ^
[   75.966423]  ffff8801a785f200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   75.973767]  ffff8801a785f280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   75.981097] ==================================================================
[   75.988628] ==================================================================
[   75.995980] BUG: KASAN: use-after-free in skb_release_data+0x39f/0x470 at addr ffff8801a785f180
[   76.004789] Read of size 1 by task modprobe/7753
[   76.009520] page:ffffea00069e17c0 count:0 mapcount:0 mapping:          (null) index:0x0
[   76.017831] flags: 0x57ffe0000000000()
[   76.021693] page dumped because: kasan: bad access detected
[   76.027382] CPU: 0 PID: 7753 Comm: modprobe Tainted: G    B           4.6.0-syzkaller #0
[   76.035587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   76.044920]  1ffffffff0d9577e ffff88012c007330 ffffffff82c4dd46 ffff8800aff43ac0
[   76.052978]  ffff88012c0073c0 ffff8801a785f180 ffff8800b420e180 ffff88012c0073b0
[   76.061019]  ffffffff817405ba 0000000000000000 ffffffff848f05c0 0000000000000286
[   76.069028] Call Trace:
[   76.071595]  <IRQ>  [<ffffffff82c4dd46>] dump_stack+0xe6/0x120
[   76.077682]  [<ffffffff817405ba>] kasan_report_error+0x59a/0x5c0
[   76.083799]  [<ffffffff848f05c0>] ? sock_def_wakeup+0x1b0/0x1b0
[   76.089829]  [<ffffffff848f0694>] ? sock_def_write_space+0xd4/0x460
[   76.096208]  [<ffffffff8174061e>] __asan_report_load1_noabort+0x3e/0x40
[   76.102940]  [<ffffffff848fffbf>] ? skb_release_data+0x39f/0x470
[   76.109080]  [<ffffffff848fffbf>] skb_release_data+0x39f/0x470
[   76.115036]  [<ffffffff8519bcd6>] ? br_flood+0x236/0x350
[   76.120460]  [<ffffffff849000cd>] skb_release_all+0x3d/0x50
[   76.126144]  [<ffffffff849000ed>] __kfree_skb+0xd/0x20
[   76.131407]  [<ffffffff84900190>] kfree_skb+0x90/0x2f0
[   76.136657]  [<ffffffff8519bcd6>] br_flood+0x236/0x350
[   76.141907]  [<ffffffff8519c790>] ? __br_forward+0x4b0/0x4b0
[   76.147677]  [<ffffffff8519d046>] br_flood_deliver+0x16/0x20
[   76.153446]  [<ffffffff85192c70>] br_dev_xmit+0x680/0xbc0
[   76.158956]  [<ffffffff851926e0>] ? br_dev_xmit+0xf0/0xbc0
[   76.164551]  [<ffffffff851925f0>] ? br_get_stats64+0x350/0x350
[   76.170496]  [<ffffffff85b60000>] ? __schedule+0x9d0/0x1c00
[   76.176178]  [<ffffffff8174048d>] ? kasan_report_error+0x46d/0x5c0
[   76.182473]  [<ffffffff84951609>] dev_hard_start_xmit+0x6b9/0x1140
[   76.188763]  [<ffffffff84953fa5>] __dev_queue_xmit+0x1b85/0x1f40
[   76.194880]  [<ffffffff849525d9>] ? __dev_queue_xmit+0x1b9/0x1f40
[   76.201082]  [<ffffffff84952420>] ? netdev_pick_tx+0x2a0/0x2a0
[   76.207027]  [<ffffffff8173f8a6>] ? memcpy+0x36/0x40
[   76.212116]  [<ffffffff8495436b>] dev_queue_xmit+0xb/0x10
[   76.217638]  [<ffffffff849748c8>] neigh_resolve_output+0x488/0x7d0
[   76.223931]  [<ffffffff84ffaefb>] ? ip6_finish_output2+0x98b/0x1b90
[   76.230308]  [<ffffffff84ffaefb>] ip6_finish_output2+0x98b/0x1b90
[   76.236509]  [<ffffffff84ffa73c>] ? ip6_finish_output2+0x1cc/0x1b90
[   76.242887]  [<ffffffff84ffa570>] ? ip6_copy_metadata+0x7e0/0x7e0
[   76.249097]  [<ffffffff85035360>] ? ip6_mtu+0xc0/0x2c0
[   76.254359]  [<ffffffff8503546d>] ? ip6_mtu+0x1cd/0x2c0
[   76.259692]  [<ffffffff85004813>] ip6_finish_output+0x353/0x700
[   76.265723]  [<ffffffff85004d27>] ip6_output+0x167/0x530
[   76.271156]  [<ffffffff85004bc0>] ? ip6_finish_output+0x700/0x700
[   76.277380]  [<ffffffff850044c0>] ? ip6_fragment+0x3940/0x3940
[   76.283329]  [<ffffffff85082c89>] NF_HOOK_THRESH.constprop.38+0xc9/0x290
[   76.290145]  [<ffffffff85082bc0>] ? ip6_mc_add_src+0xb30/0xb30
[   76.296089]  [<ffffffff8504031d>] ? icmp6_dst_alloc+0x35d/0x560
[   76.302137]  [<ffffffff8143570a>] ? trace_hardirqs_on_caller+0x4fa/0x5e0
[   76.308951]  [<ffffffff8507f9c0>] ? mld_dad_start_timer+0x80/0x80
[   76.315154]  [<ffffffff85040338>] ? icmp6_dst_alloc+0x378/0x560
[   76.321187]  [<ffffffff8503ffc0>] ? ip6_blackhole_route+0x5c0/0x5c0
[   76.327567]  [<ffffffff85084f98>] mld_sendpack+0x5f8/0xb80
[   76.333165]  [<ffffffff85084b07>] ? mld_sendpack+0x167/0xb80
[   76.338950]  [<ffffffff85085d7c>] ? add_grec+0x85c/0xcb0
[   76.344372]  [<ffffffff850849a0>] ? igmp6_mcf_seq_next+0x420/0x420
[   76.350662]  [<ffffffff850868f3>] ? mld_ifc_timer_expire+0x353/0x710
[   76.357129]  [<ffffffff814357fd>] ? trace_hardirqs_on+0xd/0x10
[   76.363161]  [<ffffffff813533a7>] ? __local_bh_enable_ip+0xa7/0x1a0
[   76.369541]  [<ffffffff85086900>] mld_ifc_timer_expire+0x360/0x710
[   76.375846]  [<ffffffff814a04b9>] ? call_timer_fn+0xc9/0x620
[   76.381620]  [<ffffffff814a053e>] call_timer_fn+0x14e/0x620
[   76.387309]  [<ffffffff814a04b9>] ? call_timer_fn+0xc9/0x620
[   76.393103]  [<ffffffff850865a0>] ? mld_dad_timer_expire+0xb0/0xb0
[   76.399473]  [<ffffffff814a03f0>] ? timer_fixup_init+0x30/0x30
[   76.405429]  [<ffffffff814a1007>] run_timer_softirq+0x5f7/0x9c0
[   76.411467]  [<ffffffff814c6a26>] ? clockevents_program_event+0xe6/0x300
[   76.418301]  [<ffffffff850865a0>] ? mld_dad_timer_expire+0xb0/0xb0
[   76.424637]  [<ffffffff814a0a10>] ? call_timer_fn+0x620/0x620
[   76.430499]  [<ffffffff813dcf42>] ? sched_clock_cpu+0x152/0x1e0
[   76.436532]  [<ffffffff85b7302c>] __do_softirq+0x2cc/0xa06
[   76.442130]  [<ffffffff811f5681>] ? sched_clock+0x31/0x40
[   76.447695]  [<ffffffff81355107>] irq_exit+0x157/0x190
[   76.452955]  [<ffffffff85b727bb>] smp_apic_timer_interrupt+0x7b/0xa0
[   76.459440]  [<ffffffff85b70afc>] apic_timer_interrupt+0x8c/0xa0
[   76.465562]  <EOI>  [<ffffffff81739f74>] ? kfree+0x154/0x460
[   76.471465]  [<ffffffff8155ff59>] ? __acct_update_integrals+0x79/0x2a0
[   76.478106]  [<ffffffff85b6f3fc>] ? _raw_read_unlock+0x2c/0x50
[   76.484053]  [<ffffffff817a8b6a>] free_bprm+0x17a/0x1e0
[   76.489390]  [<ffffffff817aeeee>] do_execveat_common.isra.42+0x138e/0x1d60
[   76.496377]  [<ffffffff817aec03>] ? do_execveat_common.isra.42+0x10a3/0x1d60
[   76.503542]  [<ffffffff817adb60>] ? prepare_bprm_creds+0x100/0x100
[   76.509836]  [<ffffffff813aa74e>] ? commit_creds+0x9ee/0xf20
[   76.515607]  [<ffffffff8173f8a6>] ? memcpy+0x36/0x40
[   76.520682]  [<ffffffff817af8e7>] do_execve+0x27/0x30
[   76.525861]  [<ffffffff81384067>] call_usermodehelper_exec_async+0x287/0x420
[   76.533023]  [<ffffffff85b700d2>] ret_from_fork+0x22/0x50
[   76.538553] Memory state around the buggy address:
[   76.543458]  ffff8801a785f080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   76.550787]  ffff8801a785f100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   76.558118] >ffff8801a785f180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   76.565449]                    ^
[   76.568785]  ffff8801a785f200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   76.576114]  ffff8801a785f280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   76.583448] ==================================================================
[   76.590815] ==================================================================
[   76.598187] BUG: KASAN: use-after-free in skb_release_data+0x3f0/0x470 at addr ffff8801a785f181
[   76.606997] Read of size 1 by task modprobe/7753
[   76.611731] page:ffffea00069e17c0 count:0 mapcount:0 mapping:          (null) index:0x0
[   76.619967] flags: 0x57ffe0000000000()
[   76.623825] page dumped because: kasan: bad access detected
[   76.629520] CPU: 0 PID: 7753 Comm: modprobe Tainted: G    B           4.6.0-syzkaller #0
[   76.637720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   76.647050]  1ffffffff0d9577e ffff88012c007330 ffffffff82c4dd46 ffff8800aff43ac0
[   76.655050]  ffff88012c0073c0 ffff8801a785f181 ffffed0034f0be30 ffff88012c0073b0
[   76.663047]  ffffffff817405ba 0000000000000010 ffffffff00000000 0000000000000286
[   76.671065] Call Trace:
[   76.673623]  <IRQ>  [<ffffffff82c4dd46>] dump_stack+0xe6/0x120
[   76.679697]  [<ffffffff817405ba>] kasan_report_error+0x59a/0x5c0
[   76.685815]  [<ffffffff848f0694>] ? sock_def_write_space+0xd4/0x460
[   76.692193]  [<ffffffff8174061e>] __asan_report_load1_noabort+0x3e/0x40
[   76.698921]  [<ffffffff84900010>] ? skb_release_data+0x3f0/0x470
[   76.705039]  [<ffffffff84900010>] skb_release_data+0x3f0/0x470
[   76.710986]  [<ffffffff8519bcd6>] ? br_flood+0x236/0x350
[   76.716408]  [<ffffffff849000cd>] skb_release_all+0x3d/0x50
[   76.722122]  [<ffffffff849000ed>] __kfree_skb+0xd/0x20
[   76.727386]  [<ffffffff84900190>] kfree_skb+0x90/0x2f0
[   76.732634]  [<ffffffff8519bcd6>] br_flood+0x236/0x350
[   76.737884]  [<ffffffff8519c790>] ? __br_forward+0x4b0/0x4b0
[   76.743655]  [<ffffffff8519d046>] br_flood_deliver+0x16/0x20
[   76.749423]  [<ffffffff85192c70>] br_dev_xmit+0x680/0xbc0
[   76.754930]  [<ffffffff851926e0>] ? br_dev_xmit+0xf0/0xbc0
[   76.760524]  [<ffffffff851925f0>] ? br_get_stats64+0x350/0x350
[   76.766490]  [<ffffffff85b60000>] ? __schedule+0x9d0/0x1c00
[   76.772175]  [<ffffffff8174048d>] ? kasan_report_error+0x46d/0x5c0
[   76.778477]  [<ffffffff84951609>] dev_hard_start_xmit+0x6b9/0x1140
[   76.784782]  [<ffffffff84953fa5>] __dev_queue_xmit+0x1b85/0x1f40
[   76.790902]  [<ffffffff849525d9>] ? __dev_queue_xmit+0x1b9/0x1f40
[   76.797110]  [<ffffffff84952420>] ? netdev_pick_tx+0x2a0/0x2a0
[   76.803147]  [<ffffffff8173f8a6>] ? memcpy+0x36/0x40
[   76.808227]  [<ffffffff8495436b>] dev_queue_xmit+0xb/0x10
[   76.813753]  [<ffffffff849748c8>] neigh_resolve_output+0x488/0x7d0
[   76.820043]  [<ffffffff84ffaefb>] ? ip6_finish_output2+0x98b/0x1b90
[   76.826426]  [<ffffffff84ffaefb>] ip6_finish_output2+0x98b/0x1b90
[   76.832630]  [<ffffffff84ffa73c>] ? ip6_finish_output2+0x1cc/0x1b90
[   76.839468]  [<ffffffff84ffa570>] ? ip6_copy_metadata+0x7e0/0x7e0
[   76.845692]  [<ffffffff85035360>] ? ip6_mtu+0xc0/0x2c0
[   76.850948]  [<ffffffff8503546d>] ? ip6_mtu+0x1cd/0x2c0
[   76.856325]  [<ffffffff85004813>] ip6_finish_output+0x353/0x700
[   76.862361]  [<ffffffff85004d27>] ip6_output+0x167/0x530
[   76.867788]  [<ffffffff85004bc0>] ? ip6_finish_output+0x700/0x700
[   76.873996]  [<ffffffff850044c0>] ? ip6_fragment+0x3940/0x3940
[   76.879956]  [<ffffffff85082c89>] NF_HOOK_THRESH.constprop.38+0xc9/0x290
[   76.886783]  [<ffffffff85082bc0>] ? ip6_mc_add_src+0xb30/0xb30
[   76.892727]  [<ffffffff8504031d>] ? icmp6_dst_alloc+0x35d/0x560
[   76.898768]  [<ffffffff8143570a>] ? trace_hardirqs_on_caller+0x4fa/0x5e0
[   76.905589]  [<ffffffff8507f9c0>] ? mld_dad_start_timer+0x80/0x80
[   76.911795]  [<ffffffff85040338>] ? icmp6_dst_alloc+0x378/0x560
[   76.917826]  [<ffffffff8503ffc0>] ? ip6_blackhole_route+0x5c0/0x5c0
[   76.924202]  [<ffffffff85084f98>] mld_sendpack+0x5f8/0xb80
[   76.929798]  [<ffffffff85084b07>] ? mld_sendpack+0x167/0xb80
[   76.935568]  [<ffffffff85085d7c>] ? add_grec+0x85c/0xcb0
[   76.940996]  [<ffffffff850849a0>] ? igmp6_mcf_seq_next+0x420/0x420
[   76.947287]  [<ffffffff850868f3>] ? mld_ifc_timer_expire+0x353/0x710
[   76.953751]  [<ffffffff814357fd>] ? trace_hardirqs_on+0xd/0x10
[   76.959696]  [<ffffffff813533a7>] ? __local_bh_enable_ip+0xa7/0x1a0
[   76.966086]  [<ffffffff85086900>] mld_ifc_timer_expire+0x360/0x710
[   76.972378]  [<ffffffff814a04b9>] ? call_timer_fn+0xc9/0x620
[   76.978168]  [<ffffffff814a053e>] call_timer_fn+0x14e/0x620
[   76.983853]  [<ffffffff814a04b9>] ? call_timer_fn+0xc9/0x620
[   76.989623]  [<ffffffff850865a0>] ? mld_dad_timer_expire+0xb0/0xb0
[   76.995915]  [<ffffffff814a03f0>] ? timer_fixup_init+0x30/0x30
[   77.001860]  [<ffffffff814a1007>] run_timer_softirq+0x5f7/0x9c0
[   77.007893]  [<ffffffff814c6a26>] ? clockevents_program_event+0xe6/0x300
[   77.014726]  [<ffffffff850865a0>] ? mld_dad_timer_expire+0xb0/0xb0
[   77.021031]  [<ffffffff814a0a10>] ? call_timer_fn+0x620/0x620
[   77.026907]  [<ffffffff813dcf42>] ? sched_clock_cpu+0x152/0x1e0
[   77.032960]  [<ffffffff85b7302c>] __do_softirq+0x2cc/0xa06
[   77.038576]  [<ffffffff811f5681>] ? sched_clock+0x31/0x40
[   77.044089]  [<ffffffff81355107>] irq_exit+0x157/0x190
[   77.049336]  [<ffffffff85b727bb>] smp_apic_timer_interrupt+0x7b/0xa0
[   77.055802]  [<ffffffff85b70afc>] apic_timer_interrupt+0x8c/0xa0
[   77.061931]  <EOI>  [<ffffffff81739f74>] ? kfree+0x154/0x460
[   77.067831]  [<ffffffff8155ff59>] ? __acct_update_integrals+0x79/0x2a0
[   77.074528]  [<ffffffff85b6f3fc>] ? _raw_read_unlock+0x2c/0x50
[   77.080488]  [<ffffffff817a8b6a>] free_bprm+0x17a/0x1e0
[   77.085888]  [<ffffffff817aeeee>] do_execveat_common.isra.42+0x138e/0x1d60
[   77.093942]  [<ffffffff817aec03>] ? do_execveat_common.isra.42+0x10a3/0x1d60
[   77.101131]  [<ffffffff817adb60>] ? prepare_bprm_creds+0x100/0x100
[   77.107466]  [<ffffffff813aa74e>] ? commit_creds+0x9ee/0xf20
[   77.113257]  [<ffffffff8173f8a6>] ? memcpy+0x36/0x40
[   77.118335]  [<ffffffff817af8e7>] do_execve+0x27/0x30
[   77.123541]  [<ffffffff81384067>] call_usermodehelper_exec_async+0x287/0x420
[   77.130702]  [<ffffffff85b700d2>] ret_from_fork+0x22/0x50
[   77.136214] Memory state around the buggy address:
[   77.141115]  ffff8801a785f080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   77.148447]  ffff8801a785f100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   77.155829] >ffff8801a785f180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   77.163166]                    ^
[   77.166509]  ffff8801a785f200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   77.173841]  ffff8801a785f280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   77.181173] ==================================================================
[   77.188576] ==================================================================
[   77.195957] BUG: KASAN: use-after-free in skb_release_data+0x3b6/0x470 at addr ffff8801a785f188
[   77.204826] Read of size 8 by task modprobe/7753
[   77.209558] page:ffffea00069e17c0 count:0 mapcount:0 mapping:          (null) index:0x0
[   77.217793] flags: 0x57ffe0000000000()
[   77.221705] page dumped because: kasan: bad access detected
[   77.227396] CPU: 0 PID: 7753 Comm: modprobe Tainted: G    B           4.6.0-syzkaller #0
[   77.235596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   77.245053]  1ffffffff0d9577e ffff88012c007330 ffffffff82c4dd46 ffff8800aff43ac0
[   77.253057]  ffff88012c0073c0 ffff8801a785f188 ffffed0034f0be30 ffff88012c0073b0
[   77.261057]  ffffffff817405ba 0000000000000010 ffffffff00000000 0000000000000286
[   77.269140] Call Trace:
[   77.271695]  <IRQ>  [<ffffffff82c4dd46>] dump_stack+0xe6/0x120
[   77.277775]  [<ffffffff817405ba>] kasan_report_error+0x59a/0x5c0
[   77.283960]  [<ffffffff848f0694>] ? sock_def_write_space+0xd4/0x460
[   77.290340]  [<ffffffff817406de>] __asan_report_load8_noabort+0x3e/0x40
[   77.297080]  [<ffffffff848fffd6>] ? skb_release_data+0x3b6/0x470
[   77.303201]  [<ffffffff848fffd6>] skb_release_data+0x3b6/0x470
[   77.309145]  [<ffffffff8519bcd6>] ? br_flood+0x236/0x350
[   77.314572]  [<ffffffff849000cd>] skb_release_all+0x3d/0x50
[   77.320257]  [<ffffffff849000ed>] __kfree_skb+0xd/0x20
[   77.325507]  [<ffffffff84900190>] kfree_skb+0x90/0x2f0
[   77.330778]  [<ffffffff8519bcd6>] br_flood+0x236/0x350
[   77.336055]  [<ffffffff8519c790>] ? __br_forward+0x4b0/0x4b0
[   77.341827]  [<ffffffff8519d046>] br_flood_deliver+0x16/0x20
[   77.347598]  [<ffffffff85192c70>] br_dev_xmit+0x680/0xbc0
[   77.353112]  [<ffffffff851926e0>] ? br_dev_xmit+0xf0/0xbc0
[   77.358716]  [<ffffffff851925f0>] ? br_get_stats64+0x350/0x350
[   77.364678]  [<ffffffff85b60000>] ? __schedule+0x9d0/0x1c00
[   77.370413]  [<ffffffff8174048d>] ? kasan_report_error+0x46d/0x5c0
[   77.376715]  [<ffffffff84951609>] dev_hard_start_xmit+0x6b9/0x1140
[   77.383012]  [<ffffffff84953fa5>] __dev_queue_xmit+0x1b85/0x1f40
[   77.389137]  [<ffffffff849525d9>] ? __dev_queue_xmit+0x1b9/0x1f40
[   77.395360]  [<ffffffff84952420>] ? netdev_pick_tx+0x2a0/0x2a0
[   77.401308]  [<ffffffff8173f8a6>] ? memcpy+0x36/0x40
[   77.406383]  [<ffffffff8495436b>] dev_queue_xmit+0xb/0x10
[   77.411893]  [<ffffffff849748c8>] neigh_resolve_output+0x488/0x7d0
[   77.418222]  [<ffffffff84ffaefb>] ? ip6_finish_output2+0x98b/0x1b90
[   77.424639]  [<ffffffff84ffaefb>] ip6_finish_output2+0x98b/0x1b90
[   77.430843]  [<ffffffff84ffa73c>] ? ip6_finish_output2+0x1cc/0x1b90
[   77.437220]  [<ffffffff84ffa570>] ? ip6_copy_metadata+0x7e0/0x7e0
[   77.443425]  [<ffffffff85035360>] ? ip6_mtu+0xc0/0x2c0
[   77.448671]  [<ffffffff8503546d>] ? ip6_mtu+0x1cd/0x2c0
[   77.454104]  [<ffffffff85004813>] ip6_finish_output+0x353/0x700
[   77.460159]  [<ffffffff85004d27>] ip6_output+0x167/0x530
[   77.465598]  [<ffffffff85004bc0>] ? ip6_finish_output+0x700/0x700
[   77.471818]  [<ffffffff850044c0>] ? ip6_fragment+0x3940/0x3940
[   77.477770]  [<ffffffff85082c89>] NF_HOOK_THRESH.constprop.38+0xc9/0x290
[   77.484588]  [<ffffffff85082bc0>] ? ip6_mc_add_src+0xb30/0xb30
[   77.490534]  [<ffffffff8504031d>] ? icmp6_dst_alloc+0x35d/0x560
[   77.496576]  [<ffffffff8143570a>] ? trace_hardirqs_on_caller+0x4fa/0x5e0
[   77.503397]  [<ffffffff8507f9c0>] ? mld_dad_start_timer+0x80/0x80
[   77.509641]  [<ffffffff85040338>] ? icmp6_dst_alloc+0x378/0x560
[   77.515673]  [<ffffffff8503ffc0>] ? ip6_blackhole_route+0x5c0/0x5c0
[   77.522052]  [<ffffffff85084f98>] mld_sendpack+0x5f8/0xb80
[   77.527653]  [<ffffffff85084b07>] ? mld_sendpack+0x167/0xb80
[   77.533470]  [<ffffffff85085d7c>] ? add_grec+0x85c/0xcb0
[   77.538894]  [<ffffffff850849a0>] ? igmp6_mcf_seq_next+0x420/0x420
[   77.545224]  [<ffffffff850868f3>] ? mld_ifc_timer_expire+0x353/0x710
[   77.551690]  [<ffffffff814357fd>] ? trace_hardirqs_on+0xd/0x10
[   77.557636]  [<ffffffff813533a7>] ? __local_bh_enable_ip+0xa7/0x1a0
[   77.564020]  [<ffffffff85086900>] mld_ifc_timer_expire+0x360/0x710
[   77.570313]  [<ffffffff814a04b9>] ? call_timer_fn+0xc9/0x620
[   77.576084]  [<ffffffff814a053e>] call_timer_fn+0x14e/0x620
[   77.581773]  [<ffffffff814a04b9>] ? call_timer_fn+0xc9/0x620
[   77.587545]  [<ffffffff850865a0>] ? mld_dad_timer_expire+0xb0/0xb0
[   77.593836]  [<ffffffff814a03f0>] ? timer_fixup_init+0x30/0x30
[   77.599780]  [<ffffffff814a1007>] run_timer_softirq+0x5f7/0x9c0
[   77.605813]  [<ffffffff814c6a26>] ? clockevents_program_event+0xe6/0x300
[   77.612625]  [<ffffffff850865a0>] ? mld_dad_timer_expire+0xb0/0xb0
[   77.618916]  [<ffffffff814a0a10>] ? call_timer_fn+0x620/0x620
[   77.624776]  [<ffffffff813dcf42>] ? sched_clock_cpu+0x152/0x1e0
[   77.630807]  [<ffffffff85b7302c>] __do_softirq+0x2cc/0xa06
[   77.636405]  [<ffffffff811f5681>] ? sched_clock+0x31/0x40
[   77.641928]  [<ffffffff81355107>] irq_exit+0x157/0x190
[   77.647179]  [<ffffffff85b727bb>] smp_apic_timer_interrupt+0x7b/0xa0
[   77.653644]  [<ffffffff85b70afc>] apic_timer_interrupt+0x8c/0xa0