Warning: Permanently added '10.128.0.164' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
[   27.669949] netlink: 24 bytes leftover after parsing attributes in process `syz-executor371'.
[   27.689227] netlink: 24 bytes leftover after parsing attributes in process `syz-executor371'.
[   27.703897] netlink: 24 bytes leftover after parsing attributes in process `syz-executor371'.
[   27.721031] netlink: 24 bytes leftover after parsing attributes in process `syz-executor371'.
[   27.741467] netlink: 24 bytes leftover after parsing attributes in process `syz-executor371'.
[   27.777520] netlink: 24 bytes leftover after parsing attributes in process `syz-executor371'.
[   27.847115] netlink: 4 bytes leftover after parsing attributes in process `syz-executor371'.
[   27.892212] netlink: 4 bytes leftover after parsing attributes in process `syz-executor371'.
[   27.940877] netlink: 4 bytes leftover after parsing attributes in process `syz-executor371'.
[   28.014456] netlink: 4 bytes leftover after parsing attributes in process `syz-executor371'.
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   28.653061] ==================================================================
[   28.660570] BUG: KASAN: use-after-free in macvlan_dev_get_iflink+0x5f/0x70
[   28.667582] Read of size 4 at addr ffff888094ab6cc8 by task syz-executor371/8209
[   28.675112] 
[   28.676740] CPU: 0 PID: 8209 Comm: syz-executor371 Not tainted 4.14.281-syzkaller #0
[   28.684613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   28.693967] Call Trace:
[   28.696562]  dump_stack+0x1b2/0x281
[   28.700192]  print_address_description.cold+0x54/0x1d3
[   28.705471]  kasan_report_error.cold+0x8a/0x191
[   28.710148]  ? macvlan_dev_get_iflink+0x5f/0x70
[   28.714821]  __asan_report_load4_noabort+0x68/0x70
[   28.719756]  ? macvlan_dev_get_iflink+0x5f/0x70
[   28.724432]  macvlan_dev_get_iflink+0x5f/0x70
[   28.728934]  ? macvlan_dev_poll_controller+0x10/0x10
[   28.734038]  dev_get_iflink+0x73/0xe0
[   28.737842]  rfc2863_policy+0x163/0x1b0
[   28.741861]  linkwatch_do_dev+0x1b/0x100
[   28.745933]  linkwatch_forget_dev+0x15c/0x1f0
[   28.750435]  netdev_run_todo+0x284/0xad0
[   28.754938]  ? dev_set_mtu+0x3c0/0x3c0
[   28.758834]  ? rtnl_dellink+0x6a0/0x6a0
[   28.762810]  rtnetlink_rcv_msg+0x3cb/0xb10
[   28.767046]  ? rtnl_calcit.isra.0+0x3a0/0x3a0
[   28.771555]  ? __netlink_lookup+0x345/0x5d0
[   28.775876]  netlink_rcv_skb+0x125/0x390
[   28.779926]  ? rtnl_calcit.isra.0+0x3a0/0x3a0
[   28.784400]  ? netlink_ack+0x9a0/0x9a0
[   28.788273]  netlink_unicast+0x437/0x610
[   28.792315]  ? netlink_sendskb+0xd0/0xd0
[   28.796359]  ? __check_object_size+0x179/0x230
[   28.800923]  netlink_sendmsg+0x648/0xbc0
[   28.804973]  ? nlmsg_notify+0x1b0/0x1b0
[   28.808924]  ? kernel_recvmsg+0x210/0x210
[   28.813054]  ? security_socket_sendmsg+0x83/0xb0
[   28.817800]  ? nlmsg_notify+0x1b0/0x1b0
[   28.821755]  sock_sendmsg+0xb5/0x100
[   28.825465]  ___sys_sendmsg+0x6c8/0x800
[   28.829427]  ? copy_msghdr_from_user+0x3b0/0x3b0
[   28.834163]  ? trace_hardirqs_on+0x10/0x10
[   28.838382]  ? do_futex+0x127/0x1570
[   28.842079]  ? __fget+0x23e/0x3e0
[   28.845511]  ? lock_acquire+0x170/0x3f0
[   28.849463]  ? lock_downgrade+0x740/0x740
[   28.853593]  ? __fget+0x265/0x3e0
[   28.857027]  ? __fdget+0x19b/0x1f0
[   28.860545]  ? sockfd_lookup_light+0xb2/0x160
[   28.865021]  __sys_sendmsg+0xa3/0x120
[   28.868799]  ? SyS_shutdown+0x160/0x160
[   28.872755]  ? up_read+0x17/0x30
[   28.876104]  ? __do_page_fault+0x159/0xad0
[   28.880317]  SyS_sendmsg+0x27/0x40
[   28.883845]  ? __sys_sendmsg+0x120/0x120
[   28.887893]  do_syscall_64+0x1d5/0x640
[   28.891768]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   28.896936] RIP: 0033:0x7f660c6d8dd9
[   28.900628] RSP: 002b:00007f660c68a308 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   28.908316] RAX: ffffffffffffffda RBX: 00007f660c760428 RCX: 00007f660c6d8dd9
[   28.915566] RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000006
[   28.922815] RBP: 00007f660c760420 R08: 0000000000000000 R09: 0000000000000000
[   28.930063] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f660c76042c
[   28.937309] R13: 00007f660c72e074 R14: 00f0ffffffffffff R15: 0000000000022000
[   28.944567] 
[   28.946180] Allocated by task 8209:
[   28.949810]  kasan_kmalloc+0xeb/0x160
[   28.953592]  __kmalloc_node+0x4c/0x70
[   28.957369]  kvmalloc_node+0x46/0xd0
[   28.961062]  alloc_netdev_mqs+0x76/0xb70
[   28.965102]  rtnl_create_link+0x1ab/0x890
[   28.969230]  rtnl_newlink+0xe7a/0x1830
[   28.973105]  rtnetlink_rcv_msg+0x3be/0xb10
[   28.977318]  netlink_rcv_skb+0x125/0x390
[   28.981355]  netlink_unicast+0x437/0x610
[   28.985398]  netlink_sendmsg+0x648/0xbc0
[   28.989438]  sock_sendmsg+0xb5/0x100
[   28.993149]  ___sys_sendmsg+0x6c8/0x800
[   28.997103]  __sys_sendmsg+0xa3/0x120
[   29.000883]  SyS_sendmsg+0x27/0x40
[   29.004400]  do_syscall_64+0x1d5/0x640
[   29.008269]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   29.013432] 
[   29.015040] Freed by task 8243:
[   29.018297]  kasan_slab_free+0xc3/0x1a0
[   29.022248]  kfree+0xc9/0x250
[   29.025333]  kvfree+0x45/0x50
[   29.028417]  device_release+0x15f/0x1a0
[   29.032372]  kobject_put+0x251/0x550
[   29.036063]  netdev_run_todo+0x747/0xad0
[   29.040101]  rtnetlink_rcv_msg+0x3cb/0xb10
[   29.044315]  netlink_rcv_skb+0x125/0x390
[   29.048354]  netlink_unicast+0x437/0x610
[   29.052435]  netlink_sendmsg+0x648/0xbc0
[   29.056472]  sock_sendmsg+0xb5/0x100
[   29.060164]  ___sys_sendmsg+0x6c8/0x800
[   29.064115]  __sys_sendmsg+0xa3/0x120
[   29.067892]  SyS_sendmsg+0x27/0x40
[   29.071413]  do_syscall_64+0x1d5/0x640
[   29.075295]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   29.080463] 
[   29.082075] The buggy address belongs to the object at ffff888094ab6bc0
[   29.082075]  which belongs to the cache kmalloc-4096 of size 4096
[   29.094893] The buggy address is located 264 bytes inside of
[   29.094893]  4096-byte region [ffff888094ab6bc0, ffff888094ab7bc0)
[   29.106946] The buggy address belongs to the page:
[   29.111855] page:ffffea000252ad80 count:1 mapcount:0 mapping:ffff888094ab6bc0 index:0x0 compound_mapcount: 0
[   29.121812] flags: 0xfff00000008100(slab|head)
[   29.126378] raw: 00fff00000008100 ffff888094ab6bc0 0000000000000000 0000000100000001
[   29.134241] raw: ffffea000252ae20 ffffea0002bd63a0 ffff88813fe74dc0 0000000000000000
[   29.142184] page dumped because: kasan: bad access detected
[   29.147868] 
[   29.149474] Memory state around the buggy address:
[   29.154383]  ffff888094ab6b80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   29.161718]  ffff888094ab6c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   29.169053] >ffff888094ab6c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   29.176387]                                               ^
[   29.182075]  ffff888094ab6d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   29.189424]  ffff888094ab6d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   29.196793] ==================================================================
[   29.204140] Disabling lock debugging due to kernel taint
executing program
[   30.057919] Kernel panic - not syncing: panic_on_warn set ...
[   30.057919] 
[   30.065303] CPU: 0 PID: 8209 Comm: syz-executor371 Tainted: G    B           4.14.281-syzkaller #0
[   30.074405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   30.083753] Call Trace:
[   30.086341]  dump_stack+0x1b2/0x281
[   30.089965]  panic+0x1f9/0x42d
[   30.093153]  ? add_taint.cold+0x16/0x16
[   30.097126]  ? ___preempt_schedule+0x16/0x18
[   30.101530]  kasan_end_report+0x43/0x49
[   30.105536]  kasan_report_error.cold+0xa7/0x191
[   30.110201]  ? macvlan_dev_get_iflink+0x5f/0x70
[   30.114864]  __asan_report_load4_noabort+0x68/0x70
[   30.119790]  ? macvlan_dev_get_iflink+0x5f/0x70
[   30.124456]  macvlan_dev_get_iflink+0x5f/0x70
[   30.128950]  ? macvlan_dev_poll_controller+0x10/0x10
[   30.134047]  dev_get_iflink+0x73/0xe0
[   30.137848]  rfc2863_policy+0x163/0x1b0
[   30.141821]  linkwatch_do_dev+0x1b/0x100
[   30.145881]  linkwatch_forget_dev+0x15c/0x1f0
[   30.150376]  netdev_run_todo+0x284/0xad0
[   30.154434]  ? dev_set_mtu+0x3c0/0x3c0
[   30.158328]  ? rtnl_dellink+0x6a0/0x6a0
[   30.162299]  rtnetlink_rcv_msg+0x3cb/0xb10
[   30.166544]  ? rtnl_calcit.isra.0+0x3a0/0x3a0
[   30.171035]  ? __netlink_lookup+0x345/0x5d0
[   30.175353]  netlink_rcv_skb+0x125/0x390
[   30.179431]  ? rtnl_calcit.isra.0+0x3a0/0x3a0
[   30.183926]  ? netlink_ack+0x9a0/0x9a0
[   30.187812]  netlink_unicast+0x437/0x610
[   30.191868]  ? netlink_sendskb+0xd0/0xd0
[   30.195924]  ? __check_object_size+0x179/0x230
[   30.200499]  netlink_sendmsg+0x648/0xbc0
[   30.204671]  ? nlmsg_notify+0x1b0/0x1b0
[   30.208638]  ? kernel_recvmsg+0x210/0x210
[   30.212786]  ? security_socket_sendmsg+0x83/0xb0
[   30.217549]  ? nlmsg_notify+0x1b0/0x1b0
[   30.221520]  sock_sendmsg+0xb5/0x100
[   30.225230]  ___sys_sendmsg+0x6c8/0x800
[   30.229203]  ? copy_msghdr_from_user+0x3b0/0x3b0
[   30.233953]  ? trace_hardirqs_on+0x10/0x10
[   30.238181]  ? do_futex+0x127/0x1570
[   30.241965]  ? __fget+0x23e/0x3e0
[   30.245412]  ? lock_acquire+0x170/0x3f0
[   30.249377]  ? lock_downgrade+0x740/0x740
[   30.253521]  ? __fget+0x265/0x3e0
[   30.256969]  ? __fdget+0x19b/0x1f0
[   30.260509]  ? sockfd_lookup_light+0xb2/0x160
[   30.265008]  __sys_sendmsg+0xa3/0x120
[   30.268804]  ? SyS_shutdown+0x160/0x160
[   30.272772]  ? up_read+0x17/0x30
[   30.276134]  ? __do_page_fault+0x159/0xad0
[   30.280361]  SyS_sendmsg+0x27/0x40
[   30.283897]  ? __sys_sendmsg+0x120/0x120
[   30.287951]  do_syscall_64+0x1d5/0x640
[   30.291837]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   30.297019] RIP: 0033:0x7f660c6d8dd9
[   30.300722] RSP: 002b:00007f660c68a308 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   30.308419] RAX: ffffffffffffffda RBX: 00007f660c760428 RCX: 00007f660c6d8dd9
[   30.315683] RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000006
[   30.322946] RBP: 00007f660c760420 R08: 0000000000000000 R09: 0000000000000000
[   30.330209] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f660c76042c
[   30.337474] R13: 00007f660c72e074 R14: 00f0ffffffffffff R15: 0000000000022000
[   30.344940] Kernel Offset: disabled
[   30.348553] Rebooting in 86400 seconds..