IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready 8021q: adding VLAN 0 to HW filter on device team0 IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready tpacket_rcv: packet too big, clamped from 76 to 4294967224. macoff=96 ================================================================== BUG: KASAN: use-after-free in prb_run_all_ft_ops net/packet/af_packet.c:984 [inline] BUG: KASAN: use-after-free in prb_fill_curr_block.isra.54+0x4e5/0x5c0 net/packet/af_packet.c:1007 Write of size 2 at addr ffff8801ab78000e by task swapper/1/0 CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.17.0-rc6+ #72 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1b9/0x294 lib/dump_stack.c:113 print_address_description+0x6c/0x20b mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report.cold.7+0x242/0x2fe mm/kasan/report.c:412 __asan_report_store2_noabort+0x17/0x20 mm/kasan/report.c:436 prb_run_all_ft_ops net/packet/af_packet.c:984 [inline] prb_fill_curr_block.isra.54+0x4e5/0x5c0 net/packet/af_packet.c:1007 __packet_lookup_frame_in_block net/packet/af_packet.c:1062 [inline] packet_current_rx_frame net/packet/af_packet.c:1085 [inline] tpacket_rcv+0x1866/0x3340 net/packet/af_packet.c:2250 deliver_skb net/core/dev.c:1925 [inline] dev_queue_xmit_nit+0x30f/0xc50 net/core/dev.c:1981 xmit_one net/core/dev.c:3048 [inline] dev_hard_start_xmit+0x16b/0xc10 net/core/dev.c:3068 sch_direct_xmit+0x472/0x1120 net/sched/sch_generic.c:327 qdisc_restart net/sched/sch_generic.c:390 [inline] __qdisc_run+0x611/0x19e0 net/sched/sch_generic.c:398 qdisc_run include/net/pkt_sched.h:118 [inline] __dev_xmit_skb net/core/dev.c:3247 [inline] __dev_queue_xmit+0x1417/0x3900 net/core/dev.c:3555 dev_queue_xmit+0x17/0x20 net/core/dev.c:3620 neigh_hh_output include/net/neighbour.h:473 [inline] neigh_output include/net/neighbour.h:481 [inline] ip6_finish_output2+0x1345/0x2800 net/ipv6/ip6_output.c:120 ip6_finish_output+0x5fe/0xbc0 net/ipv6/ip6_output.c:154 NF_HOOK_COND include/linux/netfilter.h:276 [inline] ip6_output+0x227/0x9b0 net/ipv6/ip6_output.c:171 dst_output include/net/dst.h:444 [inline] NF_HOOK include/linux/netfilter.h:287 [inline] mld_sendpack+0xaeb/0xfc0 net/ipv6/mcast.c:1658 mld_send_cr net/ipv6/mcast.c:1954 [inline] mld_ifc_timer_expire+0x447/0x820 net/ipv6/mcast.c:2451 call_timer_fn+0x230/0x940 kernel/time/timer.c:1326 expire_timers kernel/time/timer.c:1363 [inline] __run_timers+0x79e/0xc50 kernel/time/timer.c:1666 run_timer_softirq+0x4c/0x70 kernel/time/timer.c:1692 __do_softirq+0x2e0/0xaf5 kernel/softirq.c:285 invoke_softirq kernel/softirq.c:365 [inline] irq_exit+0x1d1/0x200 kernel/softirq.c:405 exiting_irq arch/x86/include/asm/apic.h:525 [inline] smp_apic_timer_interrupt+0x17e/0x710 arch/x86/kernel/apic/apic.c:1052 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:863 RIP: 0010:native_safe_halt+0x6/0x10 arch/x86/include/asm/irqflags.h:54 RSP: 0018:ffff8801d9ae7c38 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 RAX: dffffc0000000000 RBX: 1ffff1003b35cf8a RCX: 0000000000000000 RDX: 1ffffffff11a31b0 RSI: 0000000000000001 RDI: ffffffff88d18d80 RBP: ffff8801d9ae7c38 R08: ffffed003b5e46d3 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001 R13: ffff8801d9ae7cf0 R14: ffffffff897c3a60 R15: 0000000000000000 arch_safe_halt arch/x86/include/asm/paravirt.h:94 [inline] default_idle+0xc2/0x440 arch/x86/kernel/process.c:500 arch_cpu_idle+0x10/0x20 arch/x86/kernel/process.c:491 default_idle_call+0x6d/0x90 kernel/sched/idle.c:93 cpuidle_idle_call kernel/sched/idle.c:153 [inline] do_idle+0x395/0x560 kernel/sched/idle.c:262 cpu_startup_entry+0x104/0x120 kernel/sched/idle.c:368 start_secondary+0x42b/0x5c0 arch/x86/kernel/smpboot.c:272 secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:242 The buggy address belongs to the page: page:ffffea0006ade000 count:0 mapcount:-127 mapping:0000000000000000 index:0x0 flags: 0x2fffc0000000000() raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffff80 raw: ffffea000740f020 ffffea0007414a20 0000000000000003 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8801ab77ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff8801ab77ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff8801ab780000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff8801ab780080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff8801ab780100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ==================================================================