[   37.607691] audit: type=1800 audit(1578342327.440:28): pid=7084 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.
[   38.156792] audit: type=1800 audit(1578342327.990:29): pid=7084 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   38.178737] audit: type=1800 audit(1578342328.010:30): pid=7084 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   51.200339] IPVS: Creating netns size=2712 id=1
[   51.205504] IPVS: ftp: loaded support on port[0] = 21
Warning: Permanently added '10.128.10.37' (ECDSA) to the list of known hosts.
2020/01/06 20:25:48 parsed 1 programs
2020/01/06 20:25:49 executed programs: 0
[   59.247359] IPv6: ADDRCONF(NETDEV_CHANGE): nr2: link becomes ready
[   59.259802] IPv6: ADDRCONF(NETDEV_CHANGE): nr4: link becomes ready
[   59.268757] IPv6: ADDRCONF(NETDEV_CHANGE): nr1: link becomes ready
[   59.281320] IPv6: ADDRCONF(NETDEV_CHANGE): nr5: link becomes ready
[   59.291757] IPv6: ADDRCONF(NETDEV_CHANGE): nr3: link becomes ready
[   59.299951] IPv6: ADDRCONF(NETDEV_CHANGE): nr0: link becomes ready
[   59.319106] IPVS: Creating netns size=2712 id=2
[   59.324384] IPVS: ftp: loaded support on port[0] = 21
[   59.398434] IPVS: Creating netns size=2712 id=3
[   59.403493] IPVS: ftp: loaded support on port[0] = 21
[   59.564065] chnl_net:caif_netlink_parms(): no params data found
[   59.575547] IPVS: Creating netns size=2712 id=4
[   59.580488] IPVS: ftp: loaded support on port[0] = 21
[   59.796769] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.803602] bridge0: port 1(bridge_slave_0) entered disabled state
[   59.813237] device bridge_slave_0 entered promiscuous mode
[   59.827212] chnl_net:caif_netlink_parms(): no params data found
[   59.841443] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.848232] bridge0: port 2(bridge_slave_1) entered disabled state
[   59.857394] device bridge_slave_1 entered promiscuous mode
[   59.922291] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   59.935617] IPVS: Creating netns size=2712 id=5
[   59.944729] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   59.963312] IPVS: ftp: loaded support on port[0] = 21
[   60.158291] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   60.198675] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   60.207007] chnl_net:caif_netlink_parms(): no params data found
[   60.271365] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.278113] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.287195] device bridge_slave_0 entered promiscuous mode
[   60.323882] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.330303] bridge0: port 2(bridge_slave_1) entered disabled state
[   60.339987] device bridge_slave_1 entered promiscuous mode
[   60.398256] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   60.405901] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   60.415470] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   60.428437] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   60.440064] IPVS: Creating netns size=2712 id=6
[   60.445921] IPVS: ftp: loaded support on port[0] = 21
[   60.690237] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.696880] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.705869] device bridge_slave_0 entered promiscuous mode
[   60.719740] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   60.737862] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.745024] bridge0: port 2(bridge_slave_1) entered disabled state
[   60.754828] device bridge_slave_1 entered promiscuous mode
[   60.769571] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   60.958284] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   60.968021] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   60.996522] IPVS: Creating netns size=2712 id=7
[   61.001500] IPVS: ftp: loaded support on port[0] = 21
[   61.015694] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   61.025146] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   61.044112] chnl_net:caif_netlink_parms(): no params data found
[   61.361677] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   61.396992] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   61.405308] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   61.466140] chnl_net:caif_netlink_parms(): no params data found
[   61.562088] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.569904] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.578981] device bridge_slave_0 entered promiscuous mode
[   61.597493] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.604156] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.613865] device bridge_slave_1 entered promiscuous mode
[   61.684716] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   61.741360] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   61.750467] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   61.849575] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   61.920915] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   62.056411] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   62.064235] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.070795] bridge0: port 1(bridge_slave_0) entered disabled state
[   62.080081] device bridge_slave_0 entered promiscuous mode
[   62.105195] chnl_net:caif_netlink_parms(): no params data found
[   62.125749] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   62.188002] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.195262] bridge0: port 2(bridge_slave_1) entered disabled state
[   62.204961] device bridge_slave_1 entered promiscuous mode
[   62.286595] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   62.350554] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   62.360413] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   62.376618] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   62.429445] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.527178] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   62.557399] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.565102] bridge0: port 1(bridge_slave_0) entered disabled state
[   62.575172] device bridge_slave_0 entered promiscuous mode
[   62.610963] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.619410] bridge0: port 2(bridge_slave_1) entered disabled state
[   62.628920] device bridge_slave_1 entered promiscuous mode
[   62.641160] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   62.697588] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   62.708686] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   62.809504] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   62.827146] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.860475] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   62.870747] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   62.881062] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   62.910920] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   62.922129] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   62.986994] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   63.029021] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   63.039865] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.048367] bridge0: port 1(bridge_slave_0) entered forwarding state
[   63.113715] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   63.156863] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   63.183074] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   63.190827] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.197305] bridge0: port 2(bridge_slave_1) entered forwarding state
[   63.214905] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   63.246129] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   63.254856] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.261316] bridge0: port 1(bridge_slave_0) entered forwarding state
[   63.268560] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   63.276394] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.282803] bridge0: port 2(bridge_slave_1) entered forwarding state
[   63.290146] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   63.321721] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   63.368760] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   63.405922] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   63.427787] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   63.437280] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   63.451666] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   63.464284] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   63.499927] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   63.526453] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   63.585842] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   63.594700] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   63.603969] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   63.713837] 8021q: adding VLAN 0 to HW filter on device bond0
[   63.751065] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   63.812167] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   63.829864] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   63.882994] 8021q: adding VLAN 0 to HW filter on device bond0
[   63.907153] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   63.953849] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   63.962313] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.968763] bridge0: port 1(bridge_slave_0) entered forwarding state
[   64.011910] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   64.021987] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   64.031176] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.037592] bridge0: port 2(bridge_slave_1) entered forwarding state
[   64.045099] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   64.092197] 8021q: adding VLAN 0 to HW filter on device batadv0
[   64.123353] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   64.167994] 8021q: adding VLAN 0 to HW filter on device bond0
[   64.211126] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   64.220777] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   64.231811] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.238243] bridge0: port 1(bridge_slave_0) entered forwarding state
[   64.245362] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   64.254102] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.260471] bridge0: port 2(bridge_slave_1) entered forwarding state
[   64.270700] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   64.287966] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   64.336781] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   64.346718] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   64.362447] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   64.380410] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   64.411889] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   64.443621] 8021q: adding VLAN 0 to HW filter on device bond0
[   64.465362] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   64.495256] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   64.509808] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   64.537262] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   64.548879] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.555321] bridge0: port 1(bridge_slave_0) entered forwarding state
[   64.579575] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready
[   64.597604] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   64.606375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   64.630207] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   64.648025] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   64.658353] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.665207] bridge0: port 2(bridge_slave_1) entered forwarding state
[   64.685106] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready
[   64.746595] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   64.756666] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.765066] bridge0: port 1(bridge_slave_0) entered forwarding state
[   64.773894] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   64.791795] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   64.814495] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   64.830618] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   64.841074] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.847704] bridge0: port 2(bridge_slave_1) entered forwarding state
[   64.860450] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready
[   64.867542] device veth0_vlan entered promiscuous mode
[   64.873721] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready
[   64.880885] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready
[   64.909270] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   64.941545] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready
[   64.949154] device veth0_vlan entered promiscuous mode
[   64.956685] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready
[   64.964035] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready
[   64.981432] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   65.017375] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   65.026469] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   65.035290] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   65.043719] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   65.062096] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   65.078295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   65.114557] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   65.123394] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   65.138568] device veth1_vlan entered promiscuous mode
[   65.156412] device veth1_vlan entered promiscuous mode
[   65.177258] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   65.245788] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   65.277383] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   65.504540] ==================================================================
[   65.510659] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready
[   65.519653] BUG: KASAN: slab-out-of-bounds in macvlan_broadcast+0x48f/0x5b0 at addr ffff8800ae6c4d01
[   65.529113] Read of size 4 by task syz-executor.2/7685
[   65.535019] CPU: 0 PID: 7685 Comm: syz-executor.2 Not tainted 4.6.0-syzkaller #0
[   65.543329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   65.553051]  1ffffffff0dd577e ffff8800ae7e7878 ffffffff82c7f386 ffff8800ae6c4cff
[   65.561139]  ffff8800ae7e7908 ffff8800ae6c4940 ffff88012bc00700 ffff8800ae7e78f8
[   65.568991] 
[   65.571016]  ffffffff81740207 ffff8800ae720900 0000000000000286 0000000000000286
[   65.579397] Call Trace:
[   65.581983]  [<ffffffff82c7f386>] dump_stack+0xe6/0x120
[   65.587662]  [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0
[   65.594390]  [<ffffffff816afd51>] ? __might_fault+0xf1/0x1b0
[   65.600181]  [<ffffffff8174089a>] __asan_report_load_n_noabort+0x3a/0x40
[   65.607360]  [<ffffffff838f393f>] ? macvlan_broadcast+0x48f/0x5b0
[   65.613678]  [<ffffffff838f393f>] macvlan_broadcast+0x48f/0x5b0
[   65.619902]  [<ffffffff8497c43e>] ? netif_skb_features+0x30e/0x7d0
[   65.623456] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready
[   65.623525] device veth0_vlan entered promiscuous mode
[   65.624195] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready
[   65.624849] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready
[   65.651302]  [<ffffffff838f5206>] macvlan_start_xmit+0x316/0x610
[   65.657829]  [<ffffffff8518c379>] packet_direct_xmit+0x429/0x610
[   65.664176]  [<ffffffff851977b4>] packet_sendmsg+0x1f94/0x4eb0
[   65.671135]  [<ffffffff813c89bf>] ? try_to_wake_up+0x5f/0xd00
[   65.677198]  [<ffffffff81436160>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   65.684294]  [<ffffffff813c9702>] ? wake_up_q+0x82/0xe0
[   65.689847]  [<ffffffff85195820>] ? packet_cached_dev_get+0x1a0/0x1a0
[   65.696802]  [<ffffffff817f0402>] ? __fget+0x1c2/0x320
[   65.702160]  [<ffffffff817f041f>] ? __fget+0x1df/0x320
[   65.704416] device veth1_vlan entered promiscuous mode
[   65.712705]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   65.718013]  [<ffffffff817f05f9>] ? __fget_light+0x79/0x200
[   65.723729]  [<ffffffff85195820>] ? packet_cached_dev_get+0x1a0/0x1a0
[   65.730303]  [<ffffffff8490e2a5>] sock_sendmsg+0xb5/0xf0
[   65.735749]  [<ffffffff8490f279>] SYSC_sendto+0x1c9/0x300
[   65.741632]  [<ffffffff8490f0b0>] ? SYSC_connect+0x2a0/0x2a0
[   65.747428]  [<ffffffff851a0c06>] ? packet_do_bind.part.61+0x4e6/0xad0
[   65.754094]  [<ffffffff8147fc27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   65.760843]  [<ffffffff851a1496>] ? packet_bind+0x156/0x1d0
[   65.766755]  [<ffffffff8147fc27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   65.773587]  [<ffffffff816afdc1>] ? __might_fault+0x161/0x1b0
[   65.779838]  [<ffffffff816afd26>] ? __might_fault+0xc6/0x1b0
[   65.785631]  [<ffffffff8143565c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
[   65.792553]  [<ffffffff8100401b>] ? trace_hardirqs_on_thunk+0x1b/0x1d
[   65.799225]  [<ffffffff84911569>] SyS_sendto+0x9/0x10
[   65.805195]  [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   65.811853] Object at ffff8800ae6c4940, in cache kmalloc-1024
[   65.817829] Object allocated with size 704 bytes.
[   65.823126] Allocation:
[   65.825697] PID = 7371
[   65.828185]  [<ffffffff81205056>] save_stack_trace+0x26/0x50
[   65.834664]  [<ffffffff8173f3e6>] save_stack+0x46/0xd0
[   65.840195]  [<ffffffff8173f7a9>] kasan_kmalloc+0xc9/0xe0
[   65.846414]  [<ffffffff8173bb09>] __kmalloc+0x169/0x6d0
[   65.852545]  [<ffffffff849a4aea>] __neigh_create+0x1ea/0x19f0
[   65.858592]  [<ffffffff8502ccc1>] ip6_finish_output2+0x841/0x1b90
[   65.864949]  [<ffffffff85036723>] ip6_finish_output+0x353/0x700
[   65.871227]  [<ffffffff85036c37>] ip6_output+0x167/0x530
[   65.876825]  [<ffffffff8508ac79>] NF_HOOK_THRESH.constprop.24+0xc9/0x290
[   65.883881]  [<ffffffff8508b7c4>] ndisc_send_skb+0x7a4/0x1010
[   65.890022]  [<ffffffff85090046>] ndisc_send_rs+0x116/0x3d0
[   65.895999]  [<ffffffff85055709>] addrconf_dad_completed+0x419/0x760
[   65.902649]  [<ffffffff8505621b>] addrconf_dad_work+0x7cb/0x980
[   65.909076]  [<ffffffff8139210b>] process_one_work+0x69b/0x1570
[   65.915304]  [<ffffffff813930b7>] worker_thread+0xd7/0xf10
[   65.921230]  [<ffffffff813a3a09>] kthread+0x209/0x2d0
[   65.926989]  [<ffffffff85bb8312>] ret_from_fork+0x22/0x50
[   65.933339] Memory state around the buggy address:
[   65.938265]  ffff8800ae6c4c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   65.946230]  ffff8800ae6c4c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   65.953593] >ffff8800ae6c4d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   65.960971]                    ^
[   65.964339]  ffff8800ae6c4d80: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   65.972055]  ffff8800ae6c4e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   65.979525] ==================================================================
[   65.986881] Disabling lock debugging due to kernel taint
2020/01/06 20:25:55 executed programs: 6
[   66.004612] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   66.014233] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   66.021631] ==================================================================
[   66.021641] BUG: KASAN: slab-out-of-bounds in macvlan_broadcast+0x48f/0x5b0 at addr ffff8800ae6c5ac1
[   66.021644] Read of size 4 by task syz-executor.2/7728
[   66.021650] CPU: 1 PID: 7728 Comm: syz-executor.2 Tainted: G    B           4.6.0-syzkaller #0
[   66.021652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   66.021658]  1ffffffff0dd577e ffff8800ae7a7878 ffffffff82c7f386 ffff8800ae6c5abf
[   66.021662]  ffff8800ae7a7908 ffff8800ae6c56c0 ffff88012bc00700 ffff8800ae7a78f8
[   66.021665]  ffffffff81740207 ffffffff816afd26 0000000000000286 0000000000000286
[   66.021666] Call Trace:
[   66.021671]  [<ffffffff82c7f386>] dump_stack+0xe6/0x120
[   66.021677]  [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0
[   66.021682]  [<ffffffff816afd26>] ? __might_fault+0xc6/0x1b0
[   66.021685]  [<ffffffff816afd51>] ? __might_fault+0xf1/0x1b0
[   66.021690]  [<ffffffff8174089a>] __asan_report_load_n_noabort+0x3a/0x40
[   66.021693]  [<ffffffff838f393f>] ? macvlan_broadcast+0x48f/0x5b0
[   66.021696]  [<ffffffff838f393f>] macvlan_broadcast+0x48f/0x5b0
[   66.021700]  [<ffffffff8497c43e>] ? netif_skb_features+0x30e/0x7d0
[   66.021704]  [<ffffffff838f5206>] macvlan_start_xmit+0x316/0x610
[   66.021709]  [<ffffffff8518c379>] packet_direct_xmit+0x429/0x610
[   66.021713]  [<ffffffff851977b4>] packet_sendmsg+0x1f94/0x4eb0
[   66.021720]  [<ffffffff813c89bf>] ? try_to_wake_up+0x5f/0xd00
[   66.021724]  [<ffffffff82c8aa59>] ? plist_del+0xe9/0x1d0
[   66.021730]  [<ffffffff81436160>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   66.021733]  [<ffffffff813c9702>] ? wake_up_q+0x82/0xe0
[   66.021738]  [<ffffffff85195820>] ? packet_cached_dev_get+0x1a0/0x1a0
[   66.021741]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   66.021744]  [<ffffffff817f0402>] ? __fget+0x1c2/0x320
[   66.021747]  [<ffffffff817f041f>] ? __fget+0x1df/0x320
[   66.021750]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   66.021753]  [<ffffffff849c8b38>] ? dev_ioctl+0x538/0xc70
[   66.021757]  [<ffffffff817f05f9>] ? __fget_light+0x79/0x200
[   66.021760]  [<ffffffff85195820>] ? packet_cached_dev_get+0x1a0/0x1a0
[   66.021764]  [<ffffffff8490e2a5>] sock_sendmsg+0xb5/0xf0
[   66.021768]  [<ffffffff8490f279>] SYSC_sendto+0x1c9/0x300
[   66.021772]  [<ffffffff8490f0b0>] ? SYSC_connect+0x2a0/0x2a0
[   66.021775]  [<ffffffff849091a4>] ? sock_do_ioctl+0x84/0xa0
[   66.021780]  [<ffffffff816afdc1>] ? __might_fault+0x161/0x1b0
[   66.021783]  [<ffffffff816afd26>] ? __might_fault+0xc6/0x1b0
[   66.021788]  [<ffffffff814ae682>] ? SyS_clock_gettime+0x132/0x180
[   66.021791]  [<ffffffff814ae550>] ? SyS_clock_settime+0x1b0/0x1b0
[   66.021798]  [<ffffffff8100401b>] ? trace_hardirqs_on_thunk+0x1b/0x1d
[   66.021801]  [<ffffffff84911569>] SyS_sendto+0x9/0x10
[   66.021805]  [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   66.021808] Object at ffff8800ae6c56c0, in cache kmalloc-1024
[   66.021810] Object allocated with size 704 bytes.
[   66.021811] Allocation:
[   66.021812] PID = 7371
[   66.021819]  [<ffffffff81205056>] save_stack_trace+0x26/0x50
[   66.021822]  [<ffffffff8173f3e6>] save_stack+0x46/0xd0
[   66.021826]  [<ffffffff8173f7a9>] kasan_kmalloc+0xc9/0xe0
[   66.021830]  [<ffffffff8173bb09>] __kmalloc+0x169/0x6d0
[   66.021835]  [<ffffffff849a4aea>] __neigh_create+0x1ea/0x19f0
[   66.021840]  [<ffffffff8502ccc1>] ip6_finish_output2+0x841/0x1b90
[   66.021843]  [<ffffffff85036723>] ip6_finish_output+0x353/0x700
[   66.021846]  [<ffffffff85036c37>] ip6_output+0x167/0x530
[   66.021852]  [<ffffffff8508ac79>] NF_HOOK_THRESH.constprop.24+0xc9/0x290
[   66.021855]  [<ffffffff8508b7c4>] ndisc_send_skb+0x7a4/0x1010
[   66.021859]  [<ffffffff85090046>] ndisc_send_rs+0x116/0x3d0
[   66.021863]  [<ffffffff85055709>] addrconf_dad_completed+0x419/0x760
[   66.021867]  [<ffffffff85055d5b>] addrconf_dad_work+0x30b/0x980
[   66.021871]  [<ffffffff8139210b>] process_one_work+0x69b/0x1570
[   66.021875]  [<ffffffff813930b7>] worker_thread+0xd7/0xf10
[   66.021879]  [<ffffffff813a3a09>] kthread+0x209/0x2d0
[   66.021883]  [<ffffffff85bb8312>] ret_from_fork+0x22/0x50
[   66.021884] Memory state around the buggy address:
[   66.021887]  ffff8800ae6c5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   66.021889]  ffff8800ae6c5a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   66.021891] >ffff8800ae6c5a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   66.021893]                                            ^
[   66.021895]  ffff8800ae6c5b00: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   66.021897]  ffff8800ae6c5b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   66.021898] ==================================================================
[   66.266934] ==================================================================
[   66.266944] BUG: KASAN: use-after-free in macvlan_broadcast+0x48f/0x5b0 at addr ffff880127aaa581
[   66.266947] Read of size 4 by task syz-executor.1/7760
[   66.266953] page:ffffea00049eaa80 count:0 mapcount:0 mapping:          (null) index:0x0
[   66.266955] flags: 0x17ffe0000000000()
[   66.266957] page dumped because: kasan: bad access detected
[   66.266961] CPU: 0 PID: 7760 Comm: syz-executor.1 Tainted: G    B           4.6.0-syzkaller #0
[   66.266962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   66.266967]  1ffffffff0dd577e ffff8800ae1a7878 ffffffff82c7f386 ffff880127aaa57f
[   66.266970]  ffff8800ae1a7908 ffff880127aaa581 ffff8800b224a600 ffff8800ae1a78f8
[   66.266974]  ffffffff817405ba ffffffff816afd26 0000000000000286 0000000000000286
[   66.266975] Call Trace:
[   66.266981]  [<ffffffff82c7f386>] dump_stack+0xe6/0x120
[   66.266987]  [<ffffffff817405ba>] kasan_report_error+0x59a/0x5c0
[   66.266992]  [<ffffffff816afd26>] ? __might_fault+0xc6/0x1b0
[   66.266996]  [<ffffffff816afd51>] ? __might_fault+0xf1/0x1b0
[   66.267000]  [<ffffffff8174089a>] __asan_report_load_n_noabort+0x3a/0x40
[   66.267003]  [<ffffffff838f393f>] ? macvlan_broadcast+0x48f/0x5b0
[   66.267006]  [<ffffffff838f393f>] macvlan_broadcast+0x48f/0x5b0
[   66.267010]  [<ffffffff8497c43e>] ? netif_skb_features+0x30e/0x7d0
[   66.267014]  [<ffffffff838f5206>] macvlan_start_xmit+0x316/0x610
[   66.267020]  [<ffffffff8518c379>] packet_direct_xmit+0x429/0x610
[   66.267024]  [<ffffffff851977b4>] packet_sendmsg+0x1f94/0x4eb0
[   66.267029]  [<ffffffff813c89bf>] ? try_to_wake_up+0x5f/0xd00
[   66.267034]  [<ffffffff82c8aa59>] ? plist_del+0xe9/0x1d0
[   66.267040]  [<ffffffff81436160>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   66.267043]  [<ffffffff813c9702>] ? wake_up_q+0x82/0xe0
[   66.267048]  [<ffffffff85195820>] ? packet_cached_dev_get+0x1a0/0x1a0
[   66.267052]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   66.267054]  [<ffffffff817f0402>] ? __fget+0x1c2/0x320
[   66.267056]  [<ffffffff817f041f>] ? __fget+0x1df/0x320
[   66.267058]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   66.267060]  [<ffffffff817f05f9>] ? __fget_light+0x79/0x200
[   66.267064]  [<ffffffff85195820>] ? packet_cached_dev_get+0x1a0/0x1a0
[   66.267069]  [<ffffffff8490e2a5>] sock_sendmsg+0xb5/0xf0
[   66.267072]  [<ffffffff8490f279>] SYSC_sendto+0x1c9/0x300
[   66.267076]  [<ffffffff8490f0b0>] ? SYSC_connect+0x2a0/0x2a0
[   66.267080]  [<ffffffff851a0c06>] ? packet_do_bind.part.61+0x4e6/0xad0
[   66.267083]  [<ffffffff851a1496>] ? packet_bind+0x156/0x1d0
[   66.267088]  [<ffffffff816afdc1>] ? __might_fault+0x161/0x1b0
[   66.267091]  [<ffffffff816afd26>] ? __might_fault+0xc6/0x1b0
[   66.267096]  [<ffffffff814ae682>] ? SyS_clock_gettime+0x132/0x180
[   66.267099]  [<ffffffff814ae550>] ? SyS_clock_settime+0x1b0/0x1b0
[   66.267104]  [<ffffffff8100401b>] ? trace_hardirqs_on_thunk+0x1b/0x1d
[   66.267107]  [<ffffffff84911569>] SyS_sendto+0x9/0x10
[   66.267111]  [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   66.267113] Memory state around the buggy address:
[   66.267116]  ffff880127aaa480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   66.267118]  ffff880127aaa500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   66.267120] >ffff880127aaa580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   66.267122]                    ^
[   66.267124]  ffff880127aaa600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   66.267126]  ffff880127aaa680: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   66.267127] ==================================================================
[   66.267395] ==================================================================
[   66.267400] BUG: KASAN: use-after-free in macvlan_broadcast+0x48f/0x5b0 at addr ffff880127aaaa81
[   66.267401] Read of size 4 by task syz-executor.4/7761
[   66.267405] page:ffffea00049eaa80 count:0 mapcount:0 mapping:          (null) index:0x0
[   66.267406] flags: 0x17ffe0000000000()
[   66.267407] page dumped because: kasan: bad access detected
[   66.267410] CPU: 0 PID: 7761 Comm: syz-executor.4 Tainted: G    B           4.6.0-syzkaller #0
[   66.267411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   66.267415]  1ffffffff0dd577e ffff8800ae00f878 ffffffff82c7f386 ffff880127aaaa7f
[   66.267418]  ffff8800ae00f908 ffff880127aaaa81 ffff880127882440 ffff8800ae00f8f8
[   66.267421]  ffffffff817405ba ffffffff816afd26 0000000000000286 0000000000000286
[   66.267422] Call Trace:
[   66.267425]  [<ffffffff82c7f386>] dump_stack+0xe6/0x120
[   66.267428]  [<ffffffff817405ba>] kasan_report_error+0x59a/0x5c0
[   66.267431]  [<ffffffff816afd26>] ? __might_fault+0xc6/0x1b0
[   66.267434]  [<ffffffff816afd51>] ? __might_fault+0xf1/0x1b0
[   66.267438]  [<ffffffff8174089a>] __asan_report_load_n_noabort+0x3a/0x40
[   66.267441]  [<ffffffff838f393f>] ? macvlan_broadcast+0x48f/0x5b0
[   66.267444]  [<ffffffff838f393f>] macvlan_broadcast+0x48f/0x5b0
[   66.267447]  [<ffffffff8497c43e>] ? netif_skb_features+0x30e/0x7d0
[   66.267450]  [<ffffffff838f5206>] macvlan_start_xmit+0x316/0x610
[   66.267454]  [<ffffffff8518c379>] packet_direct_xmit+0x429/0x610
[   66.267457]  [<ffffffff851977b4>] packet_sendmsg+0x1f94/0x4eb0
[   66.267463]  [<ffffffff814d2f50>] ? futex_wait_setup+0x2c0/0x2c0
[   66.267467]  [<ffffffff814d18b0>] ? futex_lock_pi_atomic+0x1e0/0x1e0
[   66.267471]  [<ffffffff81436160>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   66.267481]  [<ffffffff85195820>] ? packet_cached_dev_get+0x1a0/0x1a0
[   66.267484]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   66.267487]  [<ffffffff817f0402>] ? __fget+0x1c2/0x320
[   66.267489]  [<ffffffff817f041f>] ? __fget+0x1df/0x320
[   66.267492]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   66.267495]  [<ffffffff817f05f9>] ? __fget_light+0x79/0x200
[   66.267499]  [<ffffffff85195820>] ? packet_cached_dev_get+0x1a0/0x1a0
[   66.267502]  [<ffffffff8490e2a5>] sock_sendmsg+0xb5/0xf0
[   66.267506]  [<ffffffff8490f279>] SYSC_sendto+0x1c9/0x300
[   66.267509]  [<ffffffff8490f0b0>] ? SYSC_connect+0x2a0/0x2a0
[   66.267513]  [<ffffffff851a0c06>] ? packet_do_bind.part.61+0x4e6/0xad0
[   66.267517]  [<ffffffff851a1496>] ? packet_bind+0x156/0x1d0
[   66.267521]  [<ffffffff816afdc1>] ? __might_fault+0x161/0x1b0
[   66.267524]  [<ffffffff816afd26>] ? __might_fault+0xc6/0x1b0
[   66.267528]  [<ffffffff814ae682>] ? SyS_clock_gettime+0x132/0x180
[   66.267531]  [<ffffffff814ae550>] ? SyS_clock_settime+0x1b0/0x1b0
[   66.267535]  [<ffffffff8100401b>] ? trace_hardirqs_on_thunk+0x1b/0x1d
[   66.267538]  [<ffffffff84911569>] SyS_sendto+0x9/0x10
[   66.267541]  [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   66.267543] Memory state around the buggy address:
[   66.267546]  ffff880127aaa980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   66.267548]  ffff880127aaaa00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   66.267550] >ffff880127aaaa80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   66.267551]                    ^
[   66.267553]  ffff880127aaab00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   66.267556]  ffff880127aaab80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   66.267557] ==================================================================
[   67.242027] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   67.253852] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   67.296960] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready
[   67.354053] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   67.373864] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready
[   67.399215] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   67.443957] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready
[   67.450533] device veth0_vlan entered promiscuous mode
[   67.456888] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready
[   67.464393] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready
[   67.480879] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready
[   67.497193] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready
[   67.506088] device veth0_vlan entered promiscuous mode
[   67.511890] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready
[   67.518540] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready
[   67.525440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   67.533668] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   67.540841] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   67.665324] device veth1_vlan entered promiscuous mode
[   67.674807] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   67.683987] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   67.695427] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   67.703884] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   67.727843] device veth1_vlan entered promiscuous mode
[   67.746184] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready
[   67.753528] device veth0_vlan entered promiscuous mode
[   67.759189] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready
[   67.766361] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready
[   67.795209] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   67.816585] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   67.825231] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   67.839891] device veth1_vlan entered promiscuous mode
[   68.004251] ==================================================================
[   68.011819] BUG: KASAN: use-after-free in macvlan_broadcast+0x48f/0x5b0 at addr ffff8800ae0bdcc1
[   68.021024] Read of size 4 by task syz-executor.0/7840
[   68.026285] page:ffffea0002b82f40 count:0 mapcount:0 mapping:          (null) index:0x0
[   68.035267] flags: 0xfffe0000000000()
[   68.039384] page dumped because: kasan: bad access detected
[   68.045078] CPU: 0 PID: 7840 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
[   68.054072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   68.063735]  1ffffffff0dd577e ffff8800ae10f878 ffffffff82c7f386 ffff8800ae0bdcbf
[   68.071880]  ffff8800ae10f908 ffff8800ae0bdcc1 ffff8800ae526740 ffff8800ae10f8f8
[   68.080108]  ffffffff817405ba ffffffff816afd26 0000000000000286 0000000000000286
[   68.088203] Call Trace:
[   68.090884]  [<ffffffff82c7f386>] dump_stack+0xe6/0x120
[   68.096903]  [<ffffffff817405ba>] kasan_report_error+0x59a/0x5c0
[   68.103039]  [<ffffffff816afd26>] ? __might_fault+0xc6/0x1b0
[   68.108994]  [<ffffffff816afd51>] ? __might_fault+0xf1/0x1b0
[   68.115208]  [<ffffffff8174089a>] __asan_report_load_n_noabort+0x3a/0x40
[   68.123136]  [<ffffffff838f393f>] ? macvlan_broadcast+0x48f/0x5b0
[   68.130178]  [<ffffffff838f393f>] macvlan_broadcast+0x48f/0x5b0
[   68.136317]  [<ffffffff8497c43e>] ? netif_skb_features+0x30e/0x7d0
[   68.142748]  [<ffffffff838f5206>] macvlan_start_xmit+0x316/0x610
[   68.148903]  [<ffffffff8518c379>] packet_direct_xmit+0x429/0x610
[   68.155043]  [<ffffffff851977b4>] packet_sendmsg+0x1f94/0x4eb0
[   68.160995]  [<ffffffff813c89bf>] ? try_to_wake_up+0x5f/0xd00
[   68.166912]  [<ffffffff82c8aa59>] ? plist_del+0xe9/0x1d0
[   68.172476]  [<ffffffff81436160>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   68.179627]  [<ffffffff813c9702>] ? wake_up_q+0x82/0xe0
[   68.185184]  [<ffffffff85195820>] ? packet_cached_dev_get+0x1a0/0x1a0
[   68.191787]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   68.197053]  [<ffffffff817f0402>] ? __fget+0x1c2/0x320
[   68.202463]  [<ffffffff817f041f>] ? __fget+0x1df/0x320
[   68.207762]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   68.218070]  [<ffffffff817f05f9>] ? __fget_light+0x79/0x200
[   68.223926]  [<ffffffff85195820>] ? packet_cached_dev_get+0x1a0/0x1a0
[   68.230878]  [<ffffffff8490e2a5>] sock_sendmsg+0xb5/0xf0
[   68.236424]  [<ffffffff8490f279>] SYSC_sendto+0x1c9/0x300
[   68.242150]  [<ffffffff8490f0b0>] ? SYSC_connect+0x2a0/0x2a0
[   68.247936]  [<ffffffff851a0c06>] ? packet_do_bind.part.61+0x4e6/0xad0
[   68.255021]  [<ffffffff851a1496>] ? packet_bind+0x156/0x1d0
[   68.260717]  [<ffffffff816afdc1>] ? __might_fault+0x161/0x1b0
[   68.266678]  [<ffffffff816afd26>] ? __might_fault+0xc6/0x1b0
[   68.272477]  [<ffffffff814ae682>] ? SyS_clock_gettime+0x132/0x180
[   68.278700]  [<ffffffff814ae550>] ? SyS_clock_settime+0x1b0/0x1b0
[   68.284923]  [<ffffffff8100401b>] ? trace_hardirqs_on_thunk+0x1b/0x1d
[   68.291714]  [<ffffffff84911569>] SyS_sendto+0x9/0x10
[   68.297012]  [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   68.303691] Memory state around the buggy address:
[   68.308704]  ffff8800ae0bdb80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   68.316138]  ffff8800ae0bdc00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   68.323483] >ffff8800ae0bdc80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   68.330829]                                            ^
[   68.336275]  ffff8800ae0bdd00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   68.343631]  ffff8800ae0bdd80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   68.351366] ==================================================================
[   68.612910] ==================================================================
[   68.620645] BUG: KASAN: use-after-free in macvlan_broadcast+0x48f/0x5b0 at addr ffff8800ae6c4581
[   68.629682] Read of size 4 by task syz-executor.4/7858
[   68.634944] page:ffffea0002b9b100 count:0 mapcount:0 mapping:          (null) index:0x0
[   68.643300] flags: 0xfffe0000000000()
[   68.647074] page dumped because: kasan: bad access detected
[   68.653114] CPU: 0 PID: 7858 Comm: syz-executor.4 Tainted: G    B           4.6.0-syzkaller #0
[   68.661953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   68.671308]  1ffffffff0dd577e ffff8800ae10f878 ffffffff82c7f386 ffff8800ae6c457f
[   68.679369]  ffff8800ae10f908 ffff8800ae6c4581 ffff880127882440 ffff8800ae10f8f8
[   68.687428]  ffffffff817405ba ffffffff816afd26 0000000000000286 0000000000000286
[   68.695612] Call Trace:
[   68.698184]  [<ffffffff82c7f386>] dump_stack+0xe6/0x120
[   68.703548]  [<ffffffff817405ba>] kasan_report_error+0x59a/0x5c0
[   68.709863]  [<ffffffff816afd26>] ? __might_fault+0xc6/0x1b0
[   68.715858]  [<ffffffff816afd51>] ? __might_fault+0xf1/0x1b0
[   68.721801]  [<ffffffff8174089a>] __asan_report_load_n_noabort+0x3a/0x40
[   68.728884]  [<ffffffff838f393f>] ? macvlan_broadcast+0x48f/0x5b0
[   68.735358]  [<ffffffff838f393f>] macvlan_broadcast+0x48f/0x5b0
[   68.742042]  [<ffffffff8497c43e>] ? netif_skb_features+0x30e/0x7d0
[   68.748345]  [<ffffffff838f5206>] macvlan_start_xmit+0x316/0x610
[   68.754767]  [<ffffffff8518c379>] packet_direct_xmit+0x429/0x610
[   68.761330]  [<ffffffff851977b4>] packet_sendmsg+0x1f94/0x4eb0
[   68.767868]  [<ffffffff814d2f50>] ? futex_wait_setup+0x2c0/0x2c0
[   68.774086]  [<ffffffff82c8aa59>] ? plist_del+0xe9/0x1d0
[   68.779556]  [<ffffffff81436160>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   68.786556]  [<ffffffff813c9702>] ? wake_up_q+0x82/0xe0
[   68.791905]  [<ffffffff85195820>] ? packet_cached_dev_get+0x1a0/0x1a0
[   68.798521]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   68.803821]  [<ffffffff817f0402>] ? __fget+0x1c2/0x320
[   68.809107]  [<ffffffff817f041f>] ? __fget+0x1df/0x320
[   68.816369]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   68.821703]  [<ffffffff817f05f9>] ? __fget_light+0x79/0x200
[   68.827423]  [<ffffffff85195820>] ? packet_cached_dev_get+0x1a0/0x1a0
[   68.834080]  [<ffffffff8490e2a5>] sock_sendmsg+0xb5/0xf0
[   68.839512]  [<ffffffff8490f279>] SYSC_sendto+0x1c9/0x300
[   68.845073]  [<ffffffff8490f0b0>] ? SYSC_connect+0x2a0/0x2a0
[   68.851554]  [<ffffffff851a0c06>] ? packet_do_bind.part.61+0x4e6/0xad0
[   68.858213]  [<ffffffff851a1496>] ? packet_bind+0x156/0x1d0
[   68.863966]  [<ffffffff816afdc1>] ? __might_fault+0x161/0x1b0
[   68.869879]  [<ffffffff816afd26>] ? __might_fault+0xc6/0x1b0
[   68.876722]  [<ffffffff814ae682>] ? SyS_clock_gettime+0x132/0x180
[   68.882940]  [<ffffffff814ae550>] ? SyS_clock_settime+0x1b0/0x1b0
[   68.889174]  [<ffffffff8100401b>] ? trace_hardirqs_on_thunk+0x1b/0x1d
[   68.895732]  [<ffffffff84911569>] SyS_sendto+0x9/0x10
[   68.900914]  [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   68.907468] Memory state around the buggy address:
[   68.913882]  ffff8800ae6c4480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   68.921324]  ffff8800ae6c4500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   68.929446] >ffff8800ae6c4580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   68.937914]                    ^
[   68.941347]  ffff8800ae6c4600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   68.948697]  ffff8800ae6c4680: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   68.957421] ==================================================================
[   69.194452] ==================================================================
[   69.201833] BUG: KASAN: use-after-free in macvlan_broadcast+0x48f/0x5b0 at addr ffff8800ae6c4a81
[   69.210736] Read of size 4 by task syz-executor.5/7885
[   69.215995] page:ffffea0002b9b100 count:0 mapcount:0 mapping:          (null) index:0x0
[   69.224247] flags: 0xfffe0000000000()
[   69.228021] page dumped because: kasan: bad access detected
[   69.233711] CPU: 1 PID: 7885 Comm: syz-executor.5 Tainted: G    B           4.6.0-syzkaller #0
[   69.242434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   69.251772]  1ffffffff0dd577e ffff8800ae0c7878 ffffffff82c7f386 ffff8800ae6c4a7f
[   69.259777]  ffff8800ae0c7908 ffff8800ae6c4a81 ffff8800ae4326c0 ffff8800ae0c78f8
[   69.267824]  ffffffff817405ba ffffffff816afd26 0000000000000286 0000000000000286
[   69.276086] Call Trace:
[   69.278663]  [<ffffffff82c7f386>] dump_stack+0xe6/0x120
[   69.284010]  [<ffffffff817405ba>] kasan_report_error+0x59a/0x5c0
[   69.290412]  [<ffffffff816afd26>] ? __might_fault+0xc6/0x1b0
[   69.296196]  [<ffffffff816afd51>] ? __might_fault+0xf1/0x1b0
[   69.301986]  [<ffffffff8174089a>] __asan_report_load_n_noabort+0x3a/0x40
[   69.308810]  [<ffffffff838f393f>] ? macvlan_broadcast+0x48f/0x5b0
[   69.315031]  [<ffffffff838f393f>] macvlan_broadcast+0x48f/0x5b0
[   69.321073]  [<ffffffff8497c43e>] ? netif_skb_features+0x30e/0x7d0
[   69.327371]  [<ffffffff838f5206>] macvlan_start_xmit+0x316/0x610
[   69.333613]  [<ffffffff8518c379>] packet_direct_xmit+0x429/0x610
[   69.339753]  [<ffffffff851977b4>] packet_sendmsg+0x1f94/0x4eb0
[   69.345707]  [<ffffffff814d2f50>] ? futex_wait_setup+0x2c0/0x2c0
[   69.351954]  [<ffffffff82c8aa59>] ? plist_del+0xe9/0x1d0
[   69.357426]  [<ffffffff81436160>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   69.364437]  [<ffffffff813c9702>] ? wake_up_q+0x82/0xe0
[   69.369793]  [<ffffffff85195820>] ? packet_cached_dev_get+0x1a0/0x1a0
[   69.376362]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   69.381534]  [<ffffffff817f0402>] ? __fget+0x1c2/0x320
[   69.386807]  [<ffffffff817f041f>] ? __fget+0x1df/0x320
[   69.392073]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   69.397635]  [<ffffffff817f05f9>] ? __fget_light+0x79/0x200
[   69.403338]  [<ffffffff85195820>] ? packet_cached_dev_get+0x1a0/0x1a0
[   69.409908]  [<ffffffff8490e2a5>] sock_sendmsg+0xb5/0xf0
[   69.415345]  [<ffffffff8490f279>] SYSC_sendto+0x1c9/0x300
[   69.421297]  [<ffffffff8490f0b0>] ? SYSC_connect+0x2a0/0x2a0
[   69.427195]  [<ffffffff851a0c06>] ? packet_do_bind.part.61+0x4e6/0xad0
[   69.434038]  [<ffffffff851a1496>] ? packet_bind+0x156/0x1d0
[   69.439847]  [<ffffffff816afdc1>] ? __might_fault+0x161/0x1b0
[   69.445761]  [<ffffffff816afd26>] ? __might_fault+0xc6/0x1b0
[   69.452198]  [<ffffffff814ae682>] ? SyS_clock_gettime+0x132/0x180
[   69.458509]  [<ffffffff814ae550>] ? SyS_clock_settime+0x1b0/0x1b0
[   69.464995]  [<ffffffff8100401b>] ? trace_hardirqs_on_thunk+0x1b/0x1d
[   69.471562]  [<ffffffff84911569>] SyS_sendto+0x9/0x10
[   69.476797]  [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   69.483360] Memory state around the buggy address:
[   69.488269]  ffff8800ae6c4980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   69.495605]  ffff8800ae6c4a00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   69.502940] >ffff8800ae6c4a80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   69.510272]                    ^
[   69.513623]  ffff8800ae6c4b00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   69.520968]  ffff8800ae6c4b80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   69.528305] ==================================================================
[   69.561577] ==================================================================
[   69.568981] BUG: KASAN: use-after-free in macvlan_broadcast+0x48f/0x5b0 at addr ffff880127a5e041
[   69.578241] Read of size 4 by task syz-executor.4/7893
[   69.583497] page:ffffea00049e9780 count:0 mapcount:0 mapping:          (null) index:0x0
[   69.591746] flags: 0x17ffe0000000000()
[   69.595626] page dumped because: kasan: bad access detected
[   69.601342] CPU: 0 PID: 7893 Comm: syz-executor.4 Tainted: G    B           4.6.0-syzkaller #0
[   69.610075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   69.619414]  1ffffffff0dd577e ffff880127b6f878 ffffffff82c7f386 ffff880127a5e03f
[   69.627473]  ffff880127b6f908 ffff880127a5e041 ffff880127882440 ffff880127b6f8f8
[   69.635560]  ffffffff817405ba ffffffff816afd26 0000000000000286 0000000000000286
[   69.643670] Call Trace:
[   69.646239]  [<ffffffff82c7f386>] dump_stack+0xe6/0x120
[   69.651586]  [<ffffffff817405ba>] kasan_report_error+0x59a/0x5c0
[   69.657720]  [<ffffffff816afd26>] ? __might_fault+0xc6/0x1b0
[   69.663511]  [<ffffffff816afd51>] ? __might_fault+0xf1/0x1b0
[   69.669290]  [<ffffffff8174089a>] __asan_report_load_n_noabort+0x3a/0x40
[   69.676123]  [<ffffffff838f393f>] ? macvlan_broadcast+0x48f/0x5b0
[   69.682347]  [<ffffffff838f393f>] macvlan_broadcast+0x48f/0x5b0
[   69.688394]  [<ffffffff8497c43e>] ? netif_skb_features+0x30e/0x7d0
[   69.694781]  [<ffffffff838f5206>] macvlan_start_xmit+0x316/0x610
[   69.700907]  [<ffffffff8518c379>] packet_direct_xmit+0x429/0x610
[   69.707046]  [<ffffffff851977b4>] packet_sendmsg+0x1f94/0x4eb0
[   69.713114]  [<ffffffff814d2f50>] ? futex_wait_setup+0x2c0/0x2c0
[   69.719245]  [<ffffffff82c8aa59>] ? plist_del+0xe9/0x1d0
[   69.724690]  [<ffffffff81436160>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   69.731831]  [<ffffffff813c9702>] ? wake_up_q+0x82/0xe0
[   69.737185]  [<ffffffff85195820>] ? packet_cached_dev_get+0x1a0/0x1a0
[   69.743779]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   69.749048]  [<ffffffff817f0402>] ? __fget+0x1c2/0x320
[   69.754302]  [<ffffffff817f041f>] ? __fget+0x1df/0x320
[   69.759562]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   69.764737]  [<ffffffff817f05f9>] ? __fget_light+0x79/0x200
[   69.770438]  [<ffffffff85195820>] ? packet_cached_dev_get+0x1a0/0x1a0
[   69.777073]  [<ffffffff8490e2a5>] sock_sendmsg+0xb5/0xf0
[   69.782534]  [<ffffffff8490f279>] SYSC_sendto+0x1c9/0x300
[   69.788065]  [<ffffffff8490f0b0>] ? SYSC_connect+0x2a0/0x2a0
[   69.794471]  [<ffffffff851a0c06>] ? packet_do_bind.part.61+0x4e6/0xad0
[   69.801129]  [<ffffffff851a1496>] ? packet_bind+0x156/0x1d0
[   69.807084]  [<ffffffff816afdc1>] ? __might_fault+0x161/0x1b0
[   69.812946]  [<ffffffff816afd26>] ? __might_fault+0xc6/0x1b0
[   69.818984]  [<ffffffff814ae682>] ? SyS_clock_gettime+0x132/0x180
[   69.825199]  [<ffffffff814ae550>] ? SyS_clock_settime+0x1b0/0x1b0
[   69.831513]  [<ffffffff8100401b>] ? trace_hardirqs_on_thunk+0x1b/0x1d
[   69.838097]  [<ffffffff84911569>] SyS_sendto+0x9/0x10
[   69.843270]  [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   69.849823] Memory state around the buggy address:
[   69.854769]  ffff880127a5df00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   69.862137]  ffff880127a5df80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   69.869482] >ffff880127a5e000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   69.876922]                                            ^
[   69.882360]  ffff880127a5e080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   69.889704]  ffff880127a5e100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   69.897037] ==================================================================
[   70.092665] ==================================================================
[   70.100086] BUG: KASAN: use-after-free in macvlan_broadcast+0x48f/0x5b0 at addr ffff880127a5e541
[   70.109003] Read of size 4 by task syz-executor.5/7908
[   70.114268] page:ffffea00049e9780 count:0 mapcount:0 mapping:          (null) index:0x0
[   70.122755] flags: 0x17ffe0000000000()
[   70.126631] page dumped because: kasan: bad access detected
[   70.132506] CPU: 0 PID: 7908 Comm: syz-executor.5 Tainted: G    B           4.6.0-syzkaller #0
[   70.141239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   70.150597]  1ffffffff0dd577e ffff8800ae07f878 ffffffff82c7f386 ffff880127a5e53f
[   70.158651]  ffff8800ae07f908 ffff880127a5e541 ffff8800ae4326c0 ffff8800ae07f8f8
[   70.166659]  ffffffff817405ba ffffffff816afd26 0000000000000286 0000000000000286
[   70.174721] Call Trace:
[   70.177283]  [<ffffffff82c7f386>] dump_stack+0xe6/0x120
[   70.182634]  [<ffffffff817405ba>] kasan_report_error+0x59a/0x5c0
[   70.188774]  [<ffffffff816afd26>] ? __might_fault+0xc6/0x1b0
[   70.194572]  [<ffffffff816afd51>] ? __might_fault+0xf1/0x1b0
[   70.200466]  [<ffffffff8174089a>] __asan_report_load_n_noabort+0x3a/0x40
[   70.207329]  [<ffffffff838f393f>] ? macvlan_broadcast+0x48f/0x5b0
[   70.213711]  [<ffffffff838f393f>] macvlan_broadcast+0x48f/0x5b0
[   70.219801]  [<ffffffff8497c43e>] ? netif_skb_features+0x30e/0x7d0
[   70.226122]  [<ffffffff838f5206>] macvlan_start_xmit+0x316/0x610
[   70.232251]  [<ffffffff8518c379>] packet_direct_xmit+0x429/0x610
[   70.238537]  [<ffffffff851977b4>] packet_sendmsg+0x1f94/0x4eb0
[   70.244621]  [<ffffffff814d2f50>] ? futex_wait_setup+0x2c0/0x2c0
[   70.251038]  [<ffffffff82c8aa59>] ? plist_del+0xe9/0x1d0
[   70.256502]  [<ffffffff81436160>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   70.263505]  [<ffffffff813c9702>] ? wake_up_q+0x82/0xe0
[   70.268853]  [<ffffffff85195820>] ? packet_cached_dev_get+0x1a0/0x1a0
[   70.275419]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   70.280596]  [<ffffffff817f0402>] ? __fget+0x1c2/0x320
[   70.285983]  [<ffffffff817f041f>] ? __fget+0x1df/0x320
[   70.291340]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   70.296530]  [<ffffffff817f05f9>] ? __fget_light+0x79/0x200
[   70.302936]  [<ffffffff85195820>] ? packet_cached_dev_get+0x1a0/0x1a0
[   70.309509]  [<ffffffff8490e2a5>] sock_sendmsg+0xb5/0xf0
[   70.314959]  [<ffffffff8490f279>] SYSC_sendto+0x1c9/0x300
[   70.320493]  [<ffffffff8490f0b0>] ? SYSC_connect+0x2a0/0x2a0
[   70.327253]  [<ffffffff851a0c06>] ? packet_do_bind.part.61+0x4e6/0xad0
[   70.334364]  [<ffffffff851a1496>] ? packet_bind+0x156/0x1d0
[   70.340058]  [<ffffffff816afdc1>] ? __might_fault+0x161/0x1b0
[   70.345940]  [<ffffffff816afd26>] ? __might_fault+0xc6/0x1b0
[   70.351731]  [<ffffffff814ae682>] ? SyS_clock_gettime+0x132/0x180
[   70.357950]  [<ffffffff814ae550>] ? SyS_clock_settime+0x1b0/0x1b0
[   70.364184]  [<ffffffff8100401b>] ? trace_hardirqs_on_thunk+0x1b/0x1d
[   70.370772]  [<ffffffff84911569>] SyS_sendto+0x9/0x10
[   70.376207]  [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   70.382774] Memory state around the buggy address:
[   70.387682]  ffff880127a5e400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   70.395252]  ffff880127a5e480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   70.402715] >ffff880127a5e500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   70.410059]                                            ^
[   70.415646]  ffff880127a5e580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   70.422993]  ffff880127a5e600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   70.430421] ==================================================================
[   70.523258] ==================================================================
[   70.530654] BUG: KASAN: use-after-free in macvlan_broadcast+0x48f/0x5b0 at addr ffff880127a5e541
[   70.540272] Read of size 4 by task syz-executor.1/7926
[   70.545641] page:ffffea00049e9780 count:0 mapcount:0 mapping:          (null) index:0x0
[   70.554080] flags: 0x17ffe0000000000()
[   70.558089] page dumped because: kasan: bad access detected
[   70.563873] CPU: 1 PID: 7926 Comm: syz-executor.1 Tainted: G    B           4.6.0-syzkaller #0
[   70.573009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   70.582861]  1ffffffff0dd577e ffff880127ac7878 ffffffff82c7f386 ffff880127a5e53f
[   70.591194]  ffff880127ac7908 ffff880127a5e541 ffff8800b224a600 ffff880127ac78f8
[   70.599441]  ffffffff817405ba ffffffff816afd26 0000000000000286 0000000000000286
[   70.607614] Call Trace:
[   70.610273]  [<ffffffff82c7f386>] dump_stack+0xe6/0x120
[   70.615635]  [<ffffffff817405ba>] kasan_report_error+0x59a/0x5c0
[   70.621821]  [<ffffffff816afd26>] ? __might_fault+0xc6/0x1b0
[   70.627612]  [<ffffffff816afd51>] ? __might_fault+0xf1/0x1b0
[   70.633491]  [<ffffffff8174089a>] __asan_report_load_n_noabort+0x3a/0x40
[   70.640450]  [<ffffffff838f393f>] ? macvlan_broadcast+0x48f/0x5b0
[   70.646678]  [<ffffffff838f393f>] macvlan_broadcast+0x48f/0x5b0
[   70.652771]  [<ffffffff8497c43e>] ? netif_skb_features+0x30e/0x7d0
[   70.659129]  [<ffffffff838f5206>] macvlan_start_xmit+0x316/0x610
[   70.665316]  [<ffffffff8518c379>] packet_direct_xmit+0x429/0x610
[   70.671545]  [<ffffffff851977b4>] packet_sendmsg+0x1f94/0x4eb0
[   70.677499]  [<ffffffff814d2f50>] ? futex_wait_setup+0x2c0/0x2c0
[   70.683652]  [<ffffffff82c8aa59>] ? plist_del+0xe9/0x1d0
[   70.689088]  [<ffffffff81436160>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   70.696344]  [<ffffffff813c9702>] ? wake_up_q+0x82/0xe0
[   70.701865]  [<ffffffff85195820>] ? packet_cached_dev_get+0x1a0/0x1a0
[   70.708655]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   70.714213]  [<ffffffff817f0402>] ? __fget+0x1c2/0x320
[   70.719856]  [<ffffffff817f041f>] ? __fget+0x1df/0x320
[   70.725113]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   70.730285]  [<ffffffff817f05f9>] ? __fget_light+0x79/0x200
[   70.736412]  [<ffffffff85195820>] ? packet_cached_dev_get+0x1a0/0x1a0
[   70.743168]  [<ffffffff8490e2a5>] sock_sendmsg+0xb5/0xf0
[   70.749028]  [<ffffffff8490f279>] SYSC_sendto+0x1c9/0x300
[   70.754923]  [<ffffffff8490f0b0>] ? SYSC_connect+0x2a0/0x2a0
[   70.760913]  [<ffffffff851a0c06>] ? packet_do_bind.part.61+0x4e6/0xad0
[   70.767579]  [<ffffffff851a1496>] ? packet_bind+0x156/0x1d0
[   70.773376]  [<ffffffff816afdc1>] ? __might_fault+0x161/0x1b0
[   70.780564]  [<ffffffff816afd26>] ? __might_fault+0xc6/0x1b0
[   70.786615]  [<ffffffff814ae682>] ? SyS_clock_gettime+0x132/0x180
[   70.793123]  [<ffffffff814ae550>] ? SyS_clock_settime+0x1b0/0x1b0
[   70.799437]  [<ffffffff8100401b>] ? trace_hardirqs_on_thunk+0x1b/0x1d
[   70.806268]  [<ffffffff84911569>] SyS_sendto+0x9/0x10
[   70.811642]  [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   70.818222] Memory state around the buggy address:
[   70.823229]  ffff880127a5e400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   70.831108]  ffff880127a5e480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   70.838473] >ffff880127a5e500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   70.845831]                                            ^
[   70.851346]  ffff880127a5e580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   70.858768]  ffff880127a5e600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   70.866237] ==================================================================
2020/01/06 20:26:00 executed programs: 32
[   71.072910] ==================================================================
[   71.080326] BUG: KASAN: use-after-free in macvlan_broadcast+0x48f/0x5b0 at addr ffff880127a5e541
[   71.089245] Read of size 4 by task syz-executor.5/7937
[   71.094520] page:ffffea00049e9780 count:0 mapcount:0 mapping:          (null) index:0x0
[   71.102960] flags: 0x17ffe0000000000()
[   71.106821] page dumped because: kasan: bad access detected
[   71.112514] CPU: 0 PID: 7937 Comm: syz-executor.5 Tainted: G    B           4.6.0-syzkaller #0
[   71.121350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   71.130682]  1ffffffff0dd577e ffff8800ae157878 ffffffff82c7f386 ffff880127a5e53f
[   71.138741]  ffff8800ae157908 ffff880127a5e541 ffff8800ae4326c0 ffff8800ae1578f8
[   71.146812]  ffffffff817405ba ffffffff816afd26 0000000000000286 0000000000000286
[   71.154841] Call Trace:
[   71.157410]  [<ffffffff82c7f386>] dump_stack+0xe6/0x120
[   71.162852]  [<ffffffff817405ba>] kasan_report_error+0x59a/0x5c0
[   71.169011]  [<ffffffff816afd26>] ? __might_fault+0xc6/0x1b0
[   71.175048]  [<ffffffff816afd51>] ? __might_fault+0xf1/0x1b0
[   71.181142]  [<ffffffff8174089a>] __asan_report_load_n_noabort+0x3a/0x40
[   71.187994]  [<ffffffff838f393f>] ? macvlan_broadcast+0x48f/0x5b0
[   71.194223]  [<ffffffff838f393f>] macvlan_broadcast+0x48f/0x5b0
[   71.200382]  [<ffffffff8497c43e>] ? netif_skb_features+0x30e/0x7d0
[   71.206808]  [<ffffffff838f5206>] macvlan_start_xmit+0x316/0x610
[   71.213043]  [<ffffffff8518c379>] packet_direct_xmit+0x429/0x610
[   71.219322]  [<ffffffff851977b4>] packet_sendmsg+0x1f94/0x4eb0
[   71.225294]  [<ffffffff814d2f50>] ? futex_wait_setup+0x2c0/0x2c0
[   71.231440]  [<ffffffff82c8aa59>] ? plist_del+0xe9/0x1d0
[   71.236992]  [<ffffffff81436160>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   71.244008]  [<ffffffff813c9702>] ? wake_up_q+0x82/0xe0
[   71.249373]  [<ffffffff85195820>] ? packet_cached_dev_get+0x1a0/0x1a0
[   71.256080]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   71.261259]  [<ffffffff817f0402>] ? __fget+0x1c2/0x320
[   71.266716]  [<ffffffff817f041f>] ? __fget+0x1df/0x320
[   71.271993]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   71.277369]  [<ffffffff817f05f9>] ? __fget_light+0x79/0x200
[   71.283077]  [<ffffffff85195820>] ? packet_cached_dev_get+0x1a0/0x1a0
[   71.289686]  [<ffffffff8490e2a5>] sock_sendmsg+0xb5/0xf0
[   71.295576]  [<ffffffff8490f279>] SYSC_sendto+0x1c9/0x300
[   71.301238]  [<ffffffff8490f0b0>] ? SYSC_connect+0x2a0/0x2a0
[   71.307031]  [<ffffffff851a0c06>] ? packet_do_bind.part.61+0x4e6/0xad0
[   71.313690]  [<ffffffff851a1496>] ? packet_bind+0x156/0x1d0
[   71.319516]  [<ffffffff816afdc1>] ? __might_fault+0x161/0x1b0
[   71.325457]  [<ffffffff816afd26>] ? __might_fault+0xc6/0x1b0
[   71.331426]  [<ffffffff814ae682>] ? SyS_clock_gettime+0x132/0x180
[   71.337760]  [<ffffffff814ae550>] ? SyS_clock_settime+0x1b0/0x1b0
[   71.344128]  [<ffffffff8100401b>] ? trace_hardirqs_on_thunk+0x1b/0x1d
[   71.350829]  [<ffffffff84911569>] SyS_sendto+0x9/0x10
[   71.356013]  [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   71.362868] Memory state around the buggy address:
[   71.368041]  ffff880127a5e400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   71.375517]  ffff880127a5e480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   71.383837] >ffff880127a5e500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   71.392090]                                            ^
[   71.397553]  ffff880127a5e580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   71.405443]  ffff880127a5e600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   71.412785] ==================================================================
[   71.523202] ==================================================================
[   71.530870] BUG: KASAN: use-after-free in macvlan_broadcast+0x48f/0x5b0 at addr ffff880127a08001
[   71.542227] Read of size 4 by task syz-executor.2/7948
[   71.547518] page:ffffea00049e8200 count:0 mapcount:-127 mapping:          (null) index:0x0
[   71.556166] flags: 0x17ffe0000000000()
[   71.560220] page dumped because: kasan: bad access detected
[   71.565928] CPU: 0 PID: 7948 Comm: syz-executor.2 Tainted: G    B           4.6.0-syzkaller #0
[   71.574833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   71.584172]  1ffffffff0dd577e ffff880127a6f878 ffffffff82c7f386 ffff880127a07fff
[   71.592245]  ffff880127a6f908 ffff880127a08001 ffff8800b36f2140 ffff880127a6f8f8
[   71.600296]  ffffffff817405ba ffffffff816afd26 0000000000000286 0000000000000286
[   71.608429] Call Trace:
[   71.611001]  [<ffffffff82c7f386>] dump_stack+0xe6/0x120
[   71.616370]  [<ffffffff817405ba>] kasan_report_error+0x59a/0x5c0
[   71.622694]  [<ffffffff816afd26>] ? __might_fault+0xc6/0x1b0
[   71.628715]  [<ffffffff816afd51>] ? __might_fault+0xf1/0x1b0
[   71.634606]  [<ffffffff8174089a>] __asan_report_load_n_noabort+0x3a/0x40
[   71.641441]  [<ffffffff838f393f>] ? macvlan_broadcast+0x48f/0x5b0
[   71.647680]  [<ffffffff838f393f>] macvlan_broadcast+0x48f/0x5b0
[   71.653721]  [<ffffffff8497c43e>] ? netif_skb_features+0x30e/0x7d0
[   71.660570]  [<ffffffff838f5206>] macvlan_start_xmit+0x316/0x610
[   71.666701]  [<ffffffff8518c379>] packet_direct_xmit+0x429/0x610
[   71.672831]  [<ffffffff851977b4>] packet_sendmsg+0x1f94/0x4eb0
[   71.678812]  [<ffffffff814d2f50>] ? futex_wait_setup+0x2c0/0x2c0
[   71.685646]  [<ffffffff82c8aa59>] ? plist_del+0xe9/0x1d0
[   71.691084]  [<ffffffff81436160>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   71.698080]  [<ffffffff813c9702>] ? wake_up_q+0x82/0xe0
[   71.703427]  [<ffffffff85195820>] ? packet_cached_dev_get+0x1a0/0x1a0
[   71.710164]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   71.715347]  [<ffffffff817f0402>] ? __fget+0x1c2/0x320
[   71.721155]  [<ffffffff817f041f>] ? __fget+0x1df/0x320
[   71.726742]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   71.731916]  [<ffffffff817f05f9>] ? __fget_light+0x79/0x200
[   71.737784]  [<ffffffff85195820>] ? packet_cached_dev_get+0x1a0/0x1a0
[   71.744525]  [<ffffffff8490e2a5>] sock_sendmsg+0xb5/0xf0
[   71.750073]  [<ffffffff8490f279>] SYSC_sendto+0x1c9/0x300
[   71.755683]  [<ffffffff8490f0b0>] ? SYSC_connect+0x2a0/0x2a0
[   71.761650]  [<ffffffff851a0c06>] ? packet_do_bind.part.61+0x4e6/0xad0
[   71.768512]  [<ffffffff851a1496>] ? packet_bind+0x156/0x1d0
[   71.774404]  [<ffffffff816afdc1>] ? __might_fault+0x161/0x1b0
[   71.780283]  [<ffffffff816afd26>] ? __might_fault+0xc6/0x1b0
[   71.786086]  [<ffffffff814ae682>] ? SyS_clock_gettime+0x132/0x180
[   71.792299]  [<ffffffff814ae550>] ? SyS_clock_settime+0x1b0/0x1b0
[   71.798543]  [<ffffffff8100401b>] ? trace_hardirqs_on_thunk+0x1b/0x1d
[   71.805286]  [<ffffffff84911569>] SyS_sendto+0x9/0x10
[   71.810476]  [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   71.817038] Memory state around the buggy address:
[   71.821951]  ffff880127a07f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   71.829290]  ffff880127a07f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   71.836649] >ffff880127a08000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   71.844006]                    ^
[   71.847363]  ffff880127a08080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   71.854824]  ffff880127a08100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   71.862715] ==================================================================
[   71.870070] ==================================================================
[   71.877471] BUG: KASAN: use-after-free in macvlan_broadcast+0x48f/0x5b0 at addr ffff8800ae6c4301
[   71.886801] Read of size 4 by task syz-executor.3/7946
[   71.892291] page:ffffea0002b9b100 count:0 mapcount:0 mapping:          (null) index:0x0
[   71.900917] flags: 0xfffe0000000000()
[   71.904923] page dumped because: kasan: bad access detected
[   71.910759] CPU: 1 PID: 7946 Comm: syz-executor.3 Tainted: G    B           4.6.0-syzkaller #0
[   71.919510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   71.928967]  1ffffffff0dd577e ffff8800ae117878 ffffffff82c7f386 ffff8800ae6c42ff
[   71.937532]  ffff8800ae117908 ffff8800ae6c4301 ffff8800ae65a800 ffff8800ae1178f8
[   71.945894]  ffffffff817405ba ffffffff816afd26 0000000000000286 0000000000000286
[   71.954076] Call Trace:
[   71.956660]  [<ffffffff82c7f386>] dump_stack+0xe6/0x120
[   71.964980]  [<ffffffff817405ba>] kasan_report_error+0x59a/0x5c0
[   71.971116]  [<ffffffff816afd26>] ? __might_fault+0xc6/0x1b0
[   71.976944]  [<ffffffff816afd51>] ? __might_fault+0xf1/0x1b0
[   71.982858]  [<ffffffff8174089a>] __asan_report_load_n_noabort+0x3a/0x40
[   71.989707]  [<ffffffff838f393f>] ? macvlan_broadcast+0x48f/0x5b0
[   71.995929]  [<ffffffff838f393f>] macvlan_broadcast+0x48f/0x5b0
[   72.002126]  [<ffffffff8497c43e>] ? netif_skb_features+0x30e/0x7d0
[   72.008452]  [<ffffffff838f5206>] macvlan_start_xmit+0x316/0x610
[   72.014710]  [<ffffffff8518c379>] packet_direct_xmit+0x429/0x610
[   72.020853]  [<ffffffff851977b4>] packet_sendmsg+0x1f94/0x4eb0
[   72.026823]  [<ffffffff814d2f50>] ? futex_wait_setup+0x2c0/0x2c0
[   72.034841]  [<ffffffff82c8aa59>] ? plist_del+0xe9/0x1d0
[   72.040288]  [<ffffffff81436160>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   72.047555]  [<ffffffff813c9702>] ? wake_up_q+0x82/0xe0
[   72.052926]  [<ffffffff85195820>] ? packet_cached_dev_get+0x1a0/0x1a0
[   72.059545]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   72.064721]  [<ffffffff817f0402>] ? __fget+0x1c2/0x320
[   72.070152]  [<ffffffff817f041f>] ? __fget+0x1df/0x320
[   72.075430]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   72.080616]  [<ffffffff817f05f9>] ? __fget_light+0x79/0x200
[   72.086332]  [<ffffffff85195820>] ? packet_cached_dev_get+0x1a0/0x1a0
[   72.092991]  [<ffffffff8490e2a5>] sock_sendmsg+0xb5/0xf0
[   72.098423]  [<ffffffff8490f279>] SYSC_sendto+0x1c9/0x300
[   72.104611]  [<ffffffff8490f0b0>] ? SYSC_connect+0x2a0/0x2a0
[   72.110498]  [<ffffffff851a0c06>] ? packet_do_bind.part.61+0x4e6/0xad0
[   72.118830]  [<ffffffff851a1496>] ? packet_bind+0x156/0x1d0
[   72.128732]  [<ffffffff816afdc1>] ? __might_fault+0x161/0x1b0
[   72.134645]  [<ffffffff816afd26>] ? __might_fault+0xc6/0x1b0
[   72.140443]  [<ffffffff814ae682>] ? SyS_clock_gettime+0x132/0x180
[   72.147396]  [<ffffffff814ae550>] ? SyS_clock_settime+0x1b0/0x1b0
[   72.153908]  [<ffffffff8100401b>] ? trace_hardirqs_on_thunk+0x1b/0x1d
[   72.160491]  [<ffffffff84911569>] SyS_sendto+0x9/0x10
[   72.165684]  [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   72.172263] Memory state around the buggy address:
[   72.177298]  ffff8800ae6c4200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   72.185457]  ffff8800ae6c4280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   72.193111] >ffff8800ae6c4300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   72.200891]                    ^
[   72.204314]  ffff8800ae6c4380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   72.211692]  ffff8800ae6c4400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   72.219155] ==================================================================
[   72.393437] ==================================================================
[   72.401619] BUG: KASAN: use-after-free in macvlan_broadcast+0x48f/0x5b0 at addr ffff8800ae12e041
[   72.410567] Read of size 4 by task syz-executor.5/7967
[   72.416273] page:ffffea0002b84b80 count:0 mapcount:0 mapping:          (null) index:0x0
[   72.425099] flags: 0xfffe0000000000()
[   72.429098] page dumped because: kasan: bad access detected
[   72.435075] CPU: 0 PID: 7967 Comm: syz-executor.5 Tainted: G    B           4.6.0-syzkaller #0
[   72.444196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   72.453690]  1ffffffff0dd577e ffff8800ae1ef878 ffffffff82c7f386 ffff8800ae12e03f
[   72.461918]  ffff8800ae1ef908 ffff8800ae12e041 ffff8800ae4326c0 ffff8800ae1ef8f8
[   72.470259]  ffffffff817405ba ffffffff816afd26 0000000000000286 0000000000000286
[   72.479365] Call Trace:
[   72.481944]  [<ffffffff82c7f386>] dump_stack+0xe6/0x120
[   72.487465]  [<ffffffff817405ba>] kasan_report_error+0x59a/0x5c0
[   72.493640]  [<ffffffff816afd26>] ? __might_fault+0xc6/0x1b0
[   72.499434]  [<ffffffff816afd51>] ? __might_fault+0xf1/0x1b0
[   72.505319]  [<ffffffff8174089a>] __asan_report_load_n_noabort+0x3a/0x40
[   72.512438]  [<ffffffff838f393f>] ? macvlan_broadcast+0x48f/0x5b0
[   72.518667]  [<ffffffff838f393f>] macvlan_broadcast+0x48f/0x5b0
[   72.524706]  [<ffffffff8497c43e>] ? netif_skb_features+0x30e/0x7d0
[   72.531013]  [<ffffffff838f5206>] macvlan_start_xmit+0x316/0x610
[   72.537143]  [<ffffffff8518c379>] packet_direct_xmit+0x429/0x610
[   72.543272]  [<ffffffff851977b4>] packet_sendmsg+0x1f94/0x4eb0
[   72.549237]  [<ffffffff814d2f50>] ? futex_wait_setup+0x2c0/0x2c0
[   72.555372]  [<ffffffff82c8aa59>] ? plist_del+0xe9/0x1d0
[   72.560827]  [<ffffffff81436160>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   72.568710]  [<ffffffff813c9702>] ? wake_up_q+0x82/0xe0
[   72.574206]  [<ffffffff85195820>] ? packet_cached_dev_get+0x1a0/0x1a0
[   72.580865]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   72.586055]  [<ffffffff817f0402>] ? __fget+0x1c2/0x320
[   72.591327]  [<ffffffff817f041f>] ? __fget+0x1df/0x320
[   72.596589]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   72.601799]  [<ffffffff817f05f9>] ? __fget_light+0x79/0x200
[   72.607505]  [<ffffffff85195820>] ? packet_cached_dev_get+0x1a0/0x1a0
[   72.614067]  [<ffffffff8490e2a5>] sock_sendmsg+0xb5/0xf0
[   72.619509]  [<ffffffff8490f279>] SYSC_sendto+0x1c9/0x300
[   72.625027]  [<ffffffff8490f0b0>] ? SYSC_connect+0x2a0/0x2a0
[   72.630899]  [<ffffffff851a0c06>] ? packet_do_bind.part.61+0x4e6/0xad0
[   72.638366]  [<ffffffff851a1496>] ? packet_bind+0x156/0x1d0
[   72.644316]  [<ffffffff816afdc1>] ? __might_fault+0x161/0x1b0
[   72.650378]  [<ffffffff816afd26>] ? __might_fault+0xc6/0x1b0
[   72.656162]  [<ffffffff814ae682>] ? SyS_clock_gettime+0x132/0x180
[   72.662504]  [<ffffffff814ae550>] ? SyS_clock_settime+0x1b0/0x1b0
[   72.668933]  [<ffffffff8100401b>] ? trace_hardirqs_on_thunk+0x1b/0x1d
[   72.676222]  [<ffffffff84911569>] SyS_sendto+0x9/0x10
[   72.681409]  [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   72.687971] Memory state around the buggy address:
[   72.693040]  ffff8800ae12df00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   72.700490]  ffff8800ae12df80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   72.707831] >ffff8800ae12e000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   72.715175]                                            ^
[   72.720659]  ffff8800ae12e080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   72.727996]  ffff8800ae12e100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   72.735338] ==================================================================
[   72.853870] ==================================================================
[   72.861772] BUG: KASAN: use-after-free in macvlan_broadcast+0x48f/0x5b0 at addr ffff8800ae03f301
[   72.870683] Read of size 4 by task syz-executor.1/7977
[   72.875966] page:ffffea0002b80fc0 count:0 mapcount:0 mapping:          (null) index:0x0
[   72.884717] flags: 0xfffe0000000000()
[   72.888499] page dumped because: kasan: bad access detected
[   72.894194] CPU: 0 PID: 7977 Comm: syz-executor.1 Tainted: G    B           4.6.0-syzkaller #0
[   72.903027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   72.912392]  1ffffffff0dd577e ffff880127a6f878 ffffffff82c7f386 ffff8800ae03f2ff
[   72.920751]  ffff880127a6f908 ffff8800ae03f301 ffff8800b224a600 ffff880127a6f8f8
[   72.928885]  ffffffff817405ba ffffffff816afd26 0000000000000286 0000000000000286
[   72.937057] Call Trace:
[   72.939644]  [<ffffffff82c7f386>] dump_stack+0xe6/0x120
[   72.944995]  [<ffffffff817405ba>] kasan_report_error+0x59a/0x5c0
[   72.951883]  [<ffffffff816afd26>] ? __might_fault+0xc6/0x1b0
[   72.957750]  [<ffffffff816afd51>] ? __might_fault+0xf1/0x1b0
[   72.963642]  [<ffffffff8174089a>] __asan_report_load_n_noabort+0x3a/0x40
[   72.971455]  [<ffffffff838f393f>] ? macvlan_broadcast+0x48f/0x5b0
[   72.977771]  [<ffffffff838f393f>] macvlan_broadcast+0x48f/0x5b0
[   72.983812]  [<ffffffff8497c43e>] ? netif_skb_features+0x30e/0x7d0
[   72.990115]  [<ffffffff838f5206>] macvlan_start_xmit+0x316/0x610
[   72.996527]  [<ffffffff8518c379>] packet_direct_xmit+0x429/0x610
[   73.002741]  [<ffffffff851977b4>] packet_sendmsg+0x1f94/0x4eb0
[   73.008700]  [<ffffffff814d2f50>] ? futex_wait_setup+0x2c0/0x2c0
[   73.014842]  [<ffffffff82c8aa59>] ? plist_del+0xe9/0x1d0
[   73.020280]  [<ffffffff81436160>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   73.027307]  [<ffffffff813c9702>] ? wake_up_q+0x82/0xe0
[   73.032664]  [<ffffffff85195820>] ? packet_cached_dev_get+0x1a0/0x1a0
[   73.039355]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   73.044749]  [<ffffffff817f0402>] ? __fget+0x1c2/0x320
[   73.050112]  [<ffffffff817f041f>] ? __fget+0x1df/0x320
[   73.055375]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   73.060635]  [<ffffffff817f05f9>] ? __fget_light+0x79/0x200
[   73.066329]  [<ffffffff85195820>] ? packet_cached_dev_get+0x1a0/0x1a0
[   73.072936]  [<ffffffff8490e2a5>] sock_sendmsg+0xb5/0xf0
[   73.078397]  [<ffffffff8490f279>] SYSC_sendto+0x1c9/0x300
[   73.083932]  [<ffffffff8490f0b0>] ? SYSC_connect+0x2a0/0x2a0
[   73.089733]  [<ffffffff851a0c06>] ? packet_do_bind.part.61+0x4e6/0xad0
[   73.096383]  [<ffffffff851a1496>] ? packet_bind+0x156/0x1d0
[   73.102081]  [<ffffffff816afdc1>] ? __might_fault+0x161/0x1b0
[   73.108218]  [<ffffffff816afd26>] ? __might_fault+0xc6/0x1b0
[   73.114011]  [<ffffffff814ae682>] ? SyS_clock_gettime+0x132/0x180
[   73.120225]  [<ffffffff814ae550>] ? SyS_clock_settime+0x1b0/0x1b0
[   73.126444]  [<ffffffff8100401b>] ? trace_hardirqs_on_thunk+0x1b/0x1d
[   73.133103]  [<ffffffff84911569>] SyS_sendto+0x9/0x10
[   73.138629]  [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   73.145371] Memory state around the buggy address:
[   73.151162]  ffff8800ae03f200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   73.159409]  ffff8800ae03f280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   73.167114] >ffff8800ae03f300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   73.174544]                    ^
[   73.177895]  ffff8800ae03f380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   73.185325]  ffff8800ae03f400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   73.193450] ==================================================================
[   73.201268] ==================================================================
[   73.208883] BUG: KASAN: use-after-free in macvlan_broadcast+0x48f/0x5b0 at addr ffff8800ae12e2c1
[   73.217817] Read of size 4 by task syz-executor.3/7979
[   73.223464] page:ffffea0002b84b80 count:0 mapcount:0 mapping:          (null) index:0x0
[   73.231720] flags: 0xfffe0000000000()
[   73.235595] page dumped because: kasan: bad access detected
[   73.241444] CPU: 1 PID: 7979 Comm: syz-executor.3 Tainted: G    B           4.6.0-syzkaller #0
[   73.250177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   73.261198]  1ffffffff0dd577e ffff8800ae13f878 ffffffff82c7f386 ffff8800ae12e2bf
[   73.269262]  ffff8800ae13f908 ffff8800ae12e2c1 ffff8800ae65a800 ffff8800ae13f8f8
[   73.277458]  ffffffff817405ba ffffffff816afd26 0000000000000286 0000000000000286
[   73.286160] Call Trace:
[   73.288796]  [<ffffffff82c7f386>] dump_stack+0xe6/0x120
[   73.294498]  [<ffffffff817405ba>] kasan_report_error+0x59a/0x5c0
[   73.300665]  [<ffffffff816afd26>] ? __might_fault+0xc6/0x1b0
[   73.306489]  [<ffffffff816afd51>] ? __might_fault+0xf1/0x1b0
[   73.312301]  [<ffffffff8174089a>] __asan_report_load_n_noabort+0x3a/0x40
[   73.319430]  [<ffffffff838f393f>] ? macvlan_broadcast+0x48f/0x5b0
[   73.325853]  [<ffffffff838f393f>] macvlan_broadcast+0x48f/0x5b0
[   73.331919]  [<ffffffff8497c43e>] ? netif_skb_features+0x30e/0x7d0
[   73.338321]  [<ffffffff838f5206>] macvlan_start_xmit+0x316/0x610
[   73.344486]  [<ffffffff8518c379>] packet_direct_xmit+0x429/0x610
[   73.350976]  [<ffffffff851977b4>] packet_sendmsg+0x1f94/0x4eb0
[   73.357320]  [<ffffffff814d2f50>] ? futex_wait_setup+0x2c0/0x2c0
[   73.363649]  [<ffffffff82c8aa59>] ? plist_del+0xe9/0x1d0
[   73.370766]  [<ffffffff81436160>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   73.378061]  [<ffffffff813c9702>] ? wake_up_q+0x82/0xe0
[   73.383433]  [<ffffffff85195820>] ? packet_cached_dev_get+0x1a0/0x1a0
[   73.390184]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   73.395348]  [<ffffffff817f0402>] ? __fget+0x1c2/0x320
[   73.400599]  [<ffffffff817f041f>] ? __fget+0x1df/0x320
[   73.405886]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   73.411060]  [<ffffffff817f05f9>] ? __fget_light+0x79/0x200
[   73.416759]  [<ffffffff85195820>] ? packet_cached_dev_get+0x1a0/0x1a0
[   73.423941]  [<ffffffff8490e2a5>] sock_sendmsg+0xb5/0xf0
[   73.429590]  [<ffffffff8490f279>] SYSC_sendto+0x1c9/0x300
[   73.435384]  [<ffffffff8490f0b0>] ? SYSC_connect+0x2a0/0x2a0
[   73.441197]  [<ffffffff851a0c06>] ? packet_do_bind.part.61+0x4e6/0xad0
[   73.447987]  [<ffffffff851a1496>] ? packet_bind+0x156/0x1d0
[   73.453689]  [<ffffffff816afdc1>] ? __might_fault+0x161/0x1b0
[   73.459588]  [<ffffffff816afd26>] ? __might_fault+0xc6/0x1b0
[   73.465485]  [<ffffffff814ae682>] ? SyS_clock_gettime+0x132/0x180
[   73.471986]  [<ffffffff814ae550>] ? SyS_clock_settime+0x1b0/0x1b0
[   73.478710]  [<ffffffff8100401b>] ? trace_hardirqs_on_thunk+0x1b/0x1d
[   73.485580]  [<ffffffff84911569>] SyS_sendto+0x9/0x10
[   73.490840]  [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   73.497418] Memory state around the buggy address:
[   73.502347]  ffff8800ae12e180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   73.509895]  ffff8800ae12e200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   73.517342] >ffff8800ae12e280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   73.524906]                                            ^
[   73.530345]  ffff8800ae12e300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   73.537805]  ffff8800ae12e380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   73.545143] ==================================================================
[   73.694186] ==================================================================
[   73.702116] BUG: KASAN: use-after-free in macvlan_broadcast+0x48f/0x5b0 at addr ffff8800ae12e7c1
[   73.711338] Read of size 4 by task syz-executor.5/7996
[   73.716677] page:ffffea0002b84b80 count:0 mapcount:0 mapping:          (null) index:0x0
[   73.725170] flags: 0xfffe0000000000()
[   73.729034] page dumped because: kasan: bad access detected
[   73.734938] CPU: 0 PID: 7996 Comm: syz-executor.5 Tainted: G    B           4.6.0-syzkaller #0
[   73.744497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   73.754349]  1ffffffff0dd577e ffff8800ae15f878 ffffffff82c7f386 ffff8800ae12e7bf
[   73.762673]  ffff8800ae15f908 ffff8800ae12e7c1 ffff8800ae4326c0 ffff8800ae15f8f8
[   73.771200]  ffffffff817405ba ffffffff816afd26 0000000000000286 0000000000000286
[   73.779524] Call Trace:
[   73.782091]  [<ffffffff82c7f386>] dump_stack+0xe6/0x120
[   73.787440]  [<ffffffff817405ba>] kasan_report_error+0x59a/0x5c0
[   73.793610]  [<ffffffff816afd26>] ? __might_fault+0xc6/0x1b0
[   73.799438]  [<ffffffff816afd51>] ? __might_fault+0xf1/0x1b0
[   73.805500]  [<ffffffff8174089a>] __asan_report_load_n_noabort+0x3a/0x40
[   73.812940]  [<ffffffff838f393f>] ? macvlan_broadcast+0x48f/0x5b0
[   73.819360]  [<ffffffff838f393f>] macvlan_broadcast+0x48f/0x5b0
[   73.825806]  [<ffffffff8497c43e>] ? netif_skb_features+0x30e/0x7d0
[   73.832501]  [<ffffffff838f5206>] macvlan_start_xmit+0x316/0x610
[   73.838812]  [<ffffffff8518c379>] packet_direct_xmit+0x429/0x610
[   73.845081]  [<ffffffff851977b4>] packet_sendmsg+0x1f94/0x4eb0
[   73.851324]  [<ffffffff814d2f50>] ? futex_wait_setup+0x2c0/0x2c0
[   73.857476]  [<ffffffff82c8aa59>] ? plist_del+0xe9/0x1d0
[   73.862927]  [<ffffffff81436160>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   73.869925]  [<ffffffff813c9702>] ? wake_up_q+0x82/0xe0
[   73.875283]  [<ffffffff85195820>] ? packet_cached_dev_get+0x1a0/0x1a0
[   73.881938]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   73.887286]  [<ffffffff817f0402>] ? __fget+0x1c2/0x320
[   73.893137]  [<ffffffff817f041f>] ? __fget+0x1df/0x320
[   73.898523]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   73.903800]  [<ffffffff817f05f9>] ? __fget_light+0x79/0x200
[   73.909531]  [<ffffffff85195820>] ? packet_cached_dev_get+0x1a0/0x1a0
[   73.916121]  [<ffffffff8490e2a5>] sock_sendmsg+0xb5/0xf0
[   73.921590]  [<ffffffff8490f279>] SYSC_sendto+0x1c9/0x300
[   73.927303]  [<ffffffff8490f0b0>] ? SYSC_connect+0x2a0/0x2a0
[   73.933313]  [<ffffffff851a0c06>] ? packet_do_bind.part.61+0x4e6/0xad0
[   73.940590]  [<ffffffff851a1496>] ? packet_bind+0x156/0x1d0
[   73.946564]  [<ffffffff816afdc1>] ? __might_fault+0x161/0x1b0
[   73.952715]  [<ffffffff816afd26>] ? __might_fault+0xc6/0x1b0
[   73.958768]  [<ffffffff814ae682>] ? SyS_clock_gettime+0x132/0x180
[   73.964993]  [<ffffffff814ae550>] ? SyS_clock_settime+0x1b0/0x1b0
[   73.971520]  [<ffffffff8100401b>] ? trace_hardirqs_on_thunk+0x1b/0x1d
[   73.978190]  [<ffffffff84911569>] SyS_sendto+0x9/0x10
[   73.983533]  [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   73.990526] Memory state around the buggy address:
[   73.995795]  ffff8800ae12e680: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   74.003641]  ffff8800ae12e700: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   74.010995] >ffff8800ae12e780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   74.018613]                                            ^
[   74.024296]  ffff8800ae12e800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   74.031642]  ffff8800ae12e880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   74.039066] ==================================================================
[   74.183103] ==================================================================
[   74.190794] BUG: KASAN: slab-out-of-bounds in macvlan_broadcast+0x48f/0x5b0 at addr ffff8800ae74f5c1
[   74.200813] Read of size 4 by task syz-executor.2/8009
[   74.206318] CPU: 1 PID: 8009 Comm: syz-executor.2 Tainted: G    B           4.6.0-syzkaller #0
[   74.215657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   74.225133]  1ffffffff0dd577e ffff8800ae157878 ffffffff82c7f386 ffff8800ae74f5bf
[   74.234680]  ffff8800ae157908 ffff8800ae74f200 ffff88012bc00700 ffff8800ae1578f8
[   74.243055]  ffffffff81740207 ffffffff816afd26 0000000000000286 0000000000000286
[   74.251359] Call Trace:
[   74.253989]  [<ffffffff82c7f386>] dump_stack+0xe6/0x120
[   74.259586]  [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0
[   74.265839]  [<ffffffff816afd26>] ? __might_fault+0xc6/0x1b0
[   74.271782]  [<ffffffff816afd51>] ? __might_fault+0xf1/0x1b0
[   74.277670]  [<ffffffff8174089a>] __asan_report_load_n_noabort+0x3a/0x40
[   74.284789]  [<ffffffff838f393f>] ? macvlan_broadcast+0x48f/0x5b0
[   74.291125]  [<ffffffff838f393f>] macvlan_broadcast+0x48f/0x5b0
[   74.297337]  [<ffffffff8497c43e>] ? netif_skb_features+0x30e/0x7d0
[   74.303936]  [<ffffffff838f5206>] macvlan_start_xmit+0x316/0x610
[   74.310073]  [<ffffffff8518c379>] packet_direct_xmit+0x429/0x610
[   74.316214]  [<ffffffff851977b4>] packet_sendmsg+0x1f94/0x4eb0
[   74.322180]  [<ffffffff814d2f50>] ? futex_wait_setup+0x2c0/0x2c0
[   74.328588]  [<ffffffff82c8aa59>] ? plist_del+0xe9/0x1d0
[   74.334122]  [<ffffffff81436160>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   74.341243]  [<ffffffff813c9702>] ? wake_up_q+0x82/0xe0
[   74.346658]  [<ffffffff85195820>] ? packet_cached_dev_get+0x1a0/0x1a0
[   74.354062]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   74.359323]  [<ffffffff817f0402>] ? __fget+0x1c2/0x320
[   74.364594]  [<ffffffff817f041f>] ? __fget+0x1df/0x320
[   74.369996]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   74.375177]  [<ffffffff817f05f9>] ? __fget_light+0x79/0x200
[   74.381102]  [<ffffffff85195820>] ? packet_cached_dev_get+0x1a0/0x1a0
[   74.387696]  [<ffffffff8490e2a5>] sock_sendmsg+0xb5/0xf0
[   74.393153]  [<ffffffff8490f279>] SYSC_sendto+0x1c9/0x300
[   74.398893]  [<ffffffff8490f0b0>] ? SYSC_connect+0x2a0/0x2a0
[   74.404691]  [<ffffffff851a0c06>] ? packet_do_bind.part.61+0x4e6/0xad0
[   74.411368]  [<ffffffff851a1496>] ? packet_bind+0x156/0x1d0
[   74.417068]  [<ffffffff816afdc1>] ? __might_fault+0x161/0x1b0
[   74.422937]  [<ffffffff816afd26>] ? __might_fault+0xc6/0x1b0
[   74.428822]  [<ffffffff814ae682>] ? SyS_clock_gettime+0x132/0x180
[   74.435444]  [<ffffffff814ae550>] ? SyS_clock_settime+0x1b0/0x1b0
[   74.441870]  [<ffffffff8100401b>] ? trace_hardirqs_on_thunk+0x1b/0x1d
[   74.448480]  [<ffffffff84911569>] SyS_sendto+0x9/0x10
[   74.453791]  [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   74.460537] Object at ffff8800ae74f200, in cache kmalloc-1024
[   74.466469] Object allocated with size 704 bytes.
[   74.471314] Allocation:
[   74.473882] PID = 7937
[   74.476356]  [<ffffffff81205056>] save_stack_trace+0x26/0x50
[   74.482340]  [<ffffffff8173f3e6>] save_stack+0x46/0xd0
[   74.488116]  [<ffffffff8173f7a9>] kasan_kmalloc+0xc9/0xe0
[   74.493801]  [<ffffffff8173bb09>] __kmalloc+0x169/0x6d0
[   74.499374]  [<ffffffff849a4aea>] __neigh_create+0x1ea/0x19f0
[   74.505738]  [<ffffffff8502ccc1>] ip6_finish_output2+0x841/0x1b90
[   74.512177]  [<ffffffff85036723>] ip6_finish_output+0x353/0x700
[   74.518392]  [<ffffffff85036c37>] ip6_output+0x167/0x530
[   74.524072]  [<ffffffff8508ac79>] NF_HOOK_THRESH.constprop.24+0xc9/0x290
[   74.542936]  [<ffffffff8508b7c4>] ndisc_send_skb+0x7a4/0x1010
[   74.549033]  [<ffffffff85090046>] ndisc_send_rs+0x116/0x3d0
[   74.555042]  [<ffffffff8505516a>] addrconf_rs_timer+0x28a/0x410
[   74.561215]  [<ffffffff814a053e>] call_timer_fn+0x14e/0x620
[   74.567054]  [<ffffffff814a1007>] run_timer_softirq+0x5f7/0x9c0
[   74.573513]  [<ffffffff85bbb26c>] __do_softirq+0x2cc/0xa06
[   74.579464] Memory state around the buggy address:
[   74.584421]  ffff8800ae74f480: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   74.592184]  ffff8800ae74f500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   74.599856] >ffff8800ae74f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   74.607429]                                            ^
[   74.613068]  ffff8800ae74f600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   74.620617]  ffff8800ae74f680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   74.628125] ==================================================================
[   74.782903] ==================================================================
[   74.790300] BUG: KASAN: slab-out-of-bounds in macvlan_broadcast+0x48f/0x5b0 at addr ffff8800ae74f5c1
[   74.799671] Read of size 4 by task syz-executor.0/8026
[   74.805661] CPU: 1 PID: 8026 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
[   74.814669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   74.824011]  1ffffffff0dd577e ffff880127ac7878 ffffffff82c7f386 ffff8800ae74f5bf
[   74.832432]  ffff880127ac7908 ffff8800ae74f200 ffff88012bc00700 ffff880127ac78f8
[   74.840820]  ffffffff81740207 ffffffff816afd26 0000000000000286 0000000000000286
[   74.849184] Call Trace:
[   74.851755]  [<ffffffff82c7f386>] dump_stack+0xe6/0x120
[   74.857210]  [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0
[   74.863716]  [<ffffffff816afd26>] ? __might_fault+0xc6/0x1b0
[   74.869649]  [<ffffffff816afd51>] ? __might_fault+0xf1/0x1b0
[   74.876002]  [<ffffffff8174089a>] __asan_report_load_n_noabort+0x3a/0x40
[   74.883039]  [<ffffffff838f393f>] ? macvlan_broadcast+0x48f/0x5b0
[   74.889945]  [<ffffffff838f393f>] macvlan_broadcast+0x48f/0x5b0
[   74.896283]  [<ffffffff8497c43e>] ? netif_skb_features+0x30e/0x7d0
[   74.902713]  [<ffffffff838f5206>] macvlan_start_xmit+0x316/0x610
[   74.908861]  [<ffffffff8518c379>] packet_direct_xmit+0x429/0x610
[   74.915001]  [<ffffffff851977b4>] packet_sendmsg+0x1f94/0x4eb0
[   74.921454]  [<ffffffff814d2f50>] ? futex_wait_setup+0x2c0/0x2c0
[   74.927683]  [<ffffffff82c8aa59>] ? plist_del+0xe9/0x1d0
[   74.933562]  [<ffffffff81436160>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   74.941003]  [<ffffffff813c9702>] ? wake_up_q+0x82/0xe0
[   74.946370]  [<ffffffff85195820>] ? packet_cached_dev_get+0x1a0/0x1a0
[   74.952936]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   74.958205]  [<ffffffff817f0402>] ? __fget+0x1c2/0x320
[   74.963469]  [<ffffffff817f041f>] ? __fget+0x1df/0x320
[   74.968878]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   74.974048]  [<ffffffff817f05f9>] ? __fget_light+0x79/0x200
[   74.980187]  [<ffffffff85195820>] ? packet_cached_dev_get+0x1a0/0x1a0
[   74.987047]  [<ffffffff8490e2a5>] sock_sendmsg+0xb5/0xf0
[   74.992486]  [<ffffffff8490f279>] SYSC_sendto+0x1c9/0x300
[   75.000100]  [<ffffffff8490f0b0>] ? SYSC_connect+0x2a0/0x2a0
[   75.006187]  [<ffffffff851a0c06>] ? packet_do_bind.part.61+0x4e6/0xad0
[   75.014309]  [<ffffffff851a1496>] ? packet_bind+0x156/0x1d0
[   75.020094]  [<ffffffff816afdc1>] ? __might_fault+0x161/0x1b0
[   75.026338]  [<ffffffff816afd26>] ? __might_fault+0xc6/0x1b0
[   75.032644]  [<ffffffff814ae682>] ? SyS_clock_gettime+0x132/0x180
[   75.038880]  [<ffffffff814ae550>] ? SyS_clock_settime+0x1b0/0x1b0
[   75.045117]  [<ffffffff8100401b>] ? trace_hardirqs_on_thunk+0x1b/0x1d
[   75.052166]  [<ffffffff84911569>] SyS_sendto+0x9/0x10
[   75.057795]  [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   75.064771] Object at ffff8800ae74f200, in cache kmalloc-1024
[   75.071153] Object allocated with size 704 bytes.
[   75.076197] Allocation:
[   75.078775] PID = 7937
[   75.081268]  [<ffffffff81205056>] save_stack_trace+0x26/0x50
[   75.087175]  [<ffffffff8173f3e6>] save_stack+0x46/0xd0
[   75.092745]  [<ffffffff8173f7a9>] kasan_kmalloc+0xc9/0xe0
[   75.098615]  [<ffffffff8173bb09>] __kmalloc+0x169/0x6d0
[   75.104207]  [<ffffffff849a4aea>] __neigh_create+0x1ea/0x19f0
[   75.110389]  [<ffffffff8502ccc1>] ip6_finish_output2+0x841/0x1b90
[   75.116881]  [<ffffffff85036723>] ip6_finish_output+0x353/0x700
[   75.123534]  [<ffffffff85036c37>] ip6_output+0x167/0x530
[   75.129213]  [<ffffffff8508ac79>] NF_HOOK_THRESH.constprop.24+0xc9/0x290
[   75.136431]  [<ffffffff8508b7c4>] ndisc_send_skb+0x7a4/0x1010
[   75.143131]  [<ffffffff85090046>] ndisc_send_rs+0x116/0x3d0
[   75.149051]  [<ffffffff8505516a>] addrconf_rs_timer+0x28a/0x410
[   75.155311]  [<ffffffff814a053e>] call_timer_fn+0x14e/0x620
[   75.161739]  [<ffffffff814a1007>] run_timer_softirq+0x5f7/0x9c0
[   75.168258]  [<ffffffff85bbb26c>] __do_softirq+0x2cc/0xa06
[   75.174374] Memory state around the buggy address:
[   75.179490]  ffff8800ae74f480: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   75.186841]  ffff8800ae74f500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   75.194181] >ffff8800ae74f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   75.201625]                                            ^
[   75.207098]  ffff8800ae74f600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   75.214456]  ffff8800ae74f680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   75.221971] ==================================================================
[   75.293208] ==================================================================
[   75.300628] BUG: KASAN: slab-out-of-bounds in macvlan_broadcast+0x48f/0x5b0 at addr ffff8800ae74f0c1
[   75.309881] Read of size 4 by task syz-executor.1/8034
[   75.315224] CPU: 1 PID: 8034 Comm: syz-executor.1 Tainted: G    B           4.6.0-syzkaller #0
[   75.323964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   75.333318]  1ffffffff0dd577e ffff8800ae747878 ffffffff82c7f386 ffff8800ae74f0bf
[   75.341455]  ffff8800ae747908 ffff8800ae74ed80 ffff88012bc00700 ffff8800ae7478f8
[   75.349552]  ffffffff81740207 ffffffff816afd26 0000000000000286 0000000000000286
[   75.357602] Call Trace:
[   75.360264]  [<ffffffff82c7f386>] dump_stack+0xe6/0x120
[   75.365617]  [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0
[   75.371752]  [<ffffffff816afd26>] ? __might_fault+0xc6/0x1b0
[   75.377535]  [<ffffffff816afd51>] ? __might_fault+0xf1/0x1b0
[   75.383426]  [<ffffffff8174089a>] __asan_report_load_n_noabort+0x3a/0x40
[   75.390243]  [<ffffffff838f393f>] ? macvlan_broadcast+0x48f/0x5b0
[   75.396452]  [<ffffffff838f393f>] macvlan_broadcast+0x48f/0x5b0
[   75.402494]  [<ffffffff8497c43e>] ? netif_skb_features+0x30e/0x7d0
[   75.408793]  [<ffffffff838f5206>] macvlan_start_xmit+0x316/0x610
[   75.414986]  [<ffffffff8518c379>] packet_direct_xmit+0x429/0x610
[   75.421132]  [<ffffffff851977b4>] packet_sendmsg+0x1f94/0x4eb0
[   75.427086]  [<ffffffff814d2f50>] ? futex_wait_setup+0x2c0/0x2c0
[   75.433226]  [<ffffffff82c8aa59>] ? plist_del+0xe9/0x1d0
[   75.438667]  [<ffffffff81436160>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   75.445661]  [<ffffffff813c9702>] ? wake_up_q+0x82/0xe0
[   75.451016]  [<ffffffff85195820>] ? packet_cached_dev_get+0x1a0/0x1a0
[   75.457591]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   75.462972]  [<ffffffff817f0402>] ? __fget+0x1c2/0x320
[   75.468239]  [<ffffffff817f041f>] ? __fget+0x1df/0x320
[   75.473509]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   75.478692]  [<ffffffff817f05f9>] ? __fget_light+0x79/0x200
[   75.484393]  [<ffffffff85195820>] ? packet_cached_dev_get+0x1a0/0x1a0
[   75.490966]  [<ffffffff8490e2a5>] sock_sendmsg+0xb5/0xf0
[   75.496404]  [<ffffffff8490f279>] SYSC_sendto+0x1c9/0x300
[   75.501919]  [<ffffffff8490f0b0>] ? SYSC_connect+0x2a0/0x2a0
[   75.507709]  [<ffffffff851a0c06>] ? packet_do_bind.part.61+0x4e6/0xad0
[   75.514359]  [<ffffffff851a1496>] ? packet_bind+0x156/0x1d0
[   75.520065]  [<ffffffff816afdc1>] ? __might_fault+0x161/0x1b0
[   75.525931]  [<ffffffff816afd26>] ? __might_fault+0xc6/0x1b0
[   75.531721]  [<ffffffff814ae682>] ? SyS_clock_gettime+0x132/0x180
[   75.537944]  [<ffffffff814ae550>] ? SyS_clock_settime+0x1b0/0x1b0