Warning: Permanently added '10.128.0.164' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program [ 27.669949] netlink: 24 bytes leftover after parsing attributes in process `syz-executor371'. [ 27.689227] netlink: 24 bytes leftover after parsing attributes in process `syz-executor371'. [ 27.703897] netlink: 24 bytes leftover after parsing attributes in process `syz-executor371'. [ 27.721031] netlink: 24 bytes leftover after parsing attributes in process `syz-executor371'. [ 27.741467] netlink: 24 bytes leftover after parsing attributes in process `syz-executor371'. [ 27.777520] netlink: 24 bytes leftover after parsing attributes in process `syz-executor371'. [ 27.847115] netlink: 4 bytes leftover after parsing attributes in process `syz-executor371'. [ 27.892212] netlink: 4 bytes leftover after parsing attributes in process `syz-executor371'. [ 27.940877] netlink: 4 bytes leftover after parsing attributes in process `syz-executor371'. [ 28.014456] netlink: 4 bytes leftover after parsing attributes in process `syz-executor371'. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 28.653061] ================================================================== [ 28.660570] BUG: KASAN: use-after-free in macvlan_dev_get_iflink+0x5f/0x70 [ 28.667582] Read of size 4 at addr ffff888094ab6cc8 by task syz-executor371/8209 [ 28.675112] [ 28.676740] CPU: 0 PID: 8209 Comm: syz-executor371 Not tainted 4.14.281-syzkaller #0 [ 28.684613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.693967] Call Trace: [ 28.696562] dump_stack+0x1b2/0x281 [ 28.700192] print_address_description.cold+0x54/0x1d3 [ 28.705471] kasan_report_error.cold+0x8a/0x191 [ 28.710148] ? macvlan_dev_get_iflink+0x5f/0x70 [ 28.714821] __asan_report_load4_noabort+0x68/0x70 [ 28.719756] ? macvlan_dev_get_iflink+0x5f/0x70 [ 28.724432] macvlan_dev_get_iflink+0x5f/0x70 [ 28.728934] ? macvlan_dev_poll_controller+0x10/0x10 [ 28.734038] dev_get_iflink+0x73/0xe0 [ 28.737842] rfc2863_policy+0x163/0x1b0 [ 28.741861] linkwatch_do_dev+0x1b/0x100 [ 28.745933] linkwatch_forget_dev+0x15c/0x1f0 [ 28.750435] netdev_run_todo+0x284/0xad0 [ 28.754938] ? dev_set_mtu+0x3c0/0x3c0 [ 28.758834] ? rtnl_dellink+0x6a0/0x6a0 [ 28.762810] rtnetlink_rcv_msg+0x3cb/0xb10 [ 28.767046] ? rtnl_calcit.isra.0+0x3a0/0x3a0 [ 28.771555] ? __netlink_lookup+0x345/0x5d0 [ 28.775876] netlink_rcv_skb+0x125/0x390 [ 28.779926] ? rtnl_calcit.isra.0+0x3a0/0x3a0 [ 28.784400] ? netlink_ack+0x9a0/0x9a0 [ 28.788273] netlink_unicast+0x437/0x610 [ 28.792315] ? netlink_sendskb+0xd0/0xd0 [ 28.796359] ? __check_object_size+0x179/0x230 [ 28.800923] netlink_sendmsg+0x648/0xbc0 [ 28.804973] ? nlmsg_notify+0x1b0/0x1b0 [ 28.808924] ? kernel_recvmsg+0x210/0x210 [ 28.813054] ? security_socket_sendmsg+0x83/0xb0 [ 28.817800] ? nlmsg_notify+0x1b0/0x1b0 [ 28.821755] sock_sendmsg+0xb5/0x100 [ 28.825465] ___sys_sendmsg+0x6c8/0x800 [ 28.829427] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 28.834163] ? trace_hardirqs_on+0x10/0x10 [ 28.838382] ? do_futex+0x127/0x1570 [ 28.842079] ? __fget+0x23e/0x3e0 [ 28.845511] ? lock_acquire+0x170/0x3f0 [ 28.849463] ? lock_downgrade+0x740/0x740 [ 28.853593] ? __fget+0x265/0x3e0 [ 28.857027] ? __fdget+0x19b/0x1f0 [ 28.860545] ? sockfd_lookup_light+0xb2/0x160 [ 28.865021] __sys_sendmsg+0xa3/0x120 [ 28.868799] ? SyS_shutdown+0x160/0x160 [ 28.872755] ? up_read+0x17/0x30 [ 28.876104] ? __do_page_fault+0x159/0xad0 [ 28.880317] SyS_sendmsg+0x27/0x40 [ 28.883845] ? __sys_sendmsg+0x120/0x120 [ 28.887893] do_syscall_64+0x1d5/0x640 [ 28.891768] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.896936] RIP: 0033:0x7f660c6d8dd9 [ 28.900628] RSP: 002b:00007f660c68a308 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 28.908316] RAX: ffffffffffffffda RBX: 00007f660c760428 RCX: 00007f660c6d8dd9 [ 28.915566] RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000006 [ 28.922815] RBP: 00007f660c760420 R08: 0000000000000000 R09: 0000000000000000 [ 28.930063] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f660c76042c [ 28.937309] R13: 00007f660c72e074 R14: 00f0ffffffffffff R15: 0000000000022000 [ 28.944567] [ 28.946180] Allocated by task 8209: [ 28.949810] kasan_kmalloc+0xeb/0x160 [ 28.953592] __kmalloc_node+0x4c/0x70 [ 28.957369] kvmalloc_node+0x46/0xd0 [ 28.961062] alloc_netdev_mqs+0x76/0xb70 [ 28.965102] rtnl_create_link+0x1ab/0x890 [ 28.969230] rtnl_newlink+0xe7a/0x1830 [ 28.973105] rtnetlink_rcv_msg+0x3be/0xb10 [ 28.977318] netlink_rcv_skb+0x125/0x390 [ 28.981355] netlink_unicast+0x437/0x610 [ 28.985398] netlink_sendmsg+0x648/0xbc0 [ 28.989438] sock_sendmsg+0xb5/0x100 [ 28.993149] ___sys_sendmsg+0x6c8/0x800 [ 28.997103] __sys_sendmsg+0xa3/0x120 [ 29.000883] SyS_sendmsg+0x27/0x40 [ 29.004400] do_syscall_64+0x1d5/0x640 [ 29.008269] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.013432] [ 29.015040] Freed by task 8243: [ 29.018297] kasan_slab_free+0xc3/0x1a0 [ 29.022248] kfree+0xc9/0x250 [ 29.025333] kvfree+0x45/0x50 [ 29.028417] device_release+0x15f/0x1a0 [ 29.032372] kobject_put+0x251/0x550 [ 29.036063] netdev_run_todo+0x747/0xad0 [ 29.040101] rtnetlink_rcv_msg+0x3cb/0xb10 [ 29.044315] netlink_rcv_skb+0x125/0x390 [ 29.048354] netlink_unicast+0x437/0x610 [ 29.052435] netlink_sendmsg+0x648/0xbc0 [ 29.056472] sock_sendmsg+0xb5/0x100 [ 29.060164] ___sys_sendmsg+0x6c8/0x800 [ 29.064115] __sys_sendmsg+0xa3/0x120 [ 29.067892] SyS_sendmsg+0x27/0x40 [ 29.071413] do_syscall_64+0x1d5/0x640 [ 29.075295] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.080463] [ 29.082075] The buggy address belongs to the object at ffff888094ab6bc0 [ 29.082075] which belongs to the cache kmalloc-4096 of size 4096 [ 29.094893] The buggy address is located 264 bytes inside of [ 29.094893] 4096-byte region [ffff888094ab6bc0, ffff888094ab7bc0) [ 29.106946] The buggy address belongs to the page: [ 29.111855] page:ffffea000252ad80 count:1 mapcount:0 mapping:ffff888094ab6bc0 index:0x0 compound_mapcount: 0 [ 29.121812] flags: 0xfff00000008100(slab|head) [ 29.126378] raw: 00fff00000008100 ffff888094ab6bc0 0000000000000000 0000000100000001 [ 29.134241] raw: ffffea000252ae20 ffffea0002bd63a0 ffff88813fe74dc0 0000000000000000 [ 29.142184] page dumped because: kasan: bad access detected [ 29.147868] [ 29.149474] Memory state around the buggy address: [ 29.154383] ffff888094ab6b80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 29.161718] ffff888094ab6c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.169053] >ffff888094ab6c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.176387] ^ [ 29.182075] ffff888094ab6d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.189424] ffff888094ab6d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.196793] ================================================================== [ 29.204140] Disabling lock debugging due to kernel taint executing program [ 30.057919] Kernel panic - not syncing: panic_on_warn set ... [ 30.057919] [ 30.065303] CPU: 0 PID: 8209 Comm: syz-executor371 Tainted: G B 4.14.281-syzkaller #0 [ 30.074405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.083753] Call Trace: [ 30.086341] dump_stack+0x1b2/0x281 [ 30.089965] panic+0x1f9/0x42d [ 30.093153] ? add_taint.cold+0x16/0x16 [ 30.097126] ? ___preempt_schedule+0x16/0x18 [ 30.101530] kasan_end_report+0x43/0x49 [ 30.105536] kasan_report_error.cold+0xa7/0x191 [ 30.110201] ? macvlan_dev_get_iflink+0x5f/0x70 [ 30.114864] __asan_report_load4_noabort+0x68/0x70 [ 30.119790] ? macvlan_dev_get_iflink+0x5f/0x70 [ 30.124456] macvlan_dev_get_iflink+0x5f/0x70 [ 30.128950] ? macvlan_dev_poll_controller+0x10/0x10 [ 30.134047] dev_get_iflink+0x73/0xe0 [ 30.137848] rfc2863_policy+0x163/0x1b0 [ 30.141821] linkwatch_do_dev+0x1b/0x100 [ 30.145881] linkwatch_forget_dev+0x15c/0x1f0 [ 30.150376] netdev_run_todo+0x284/0xad0 [ 30.154434] ? dev_set_mtu+0x3c0/0x3c0 [ 30.158328] ? rtnl_dellink+0x6a0/0x6a0 [ 30.162299] rtnetlink_rcv_msg+0x3cb/0xb10 [ 30.166544] ? rtnl_calcit.isra.0+0x3a0/0x3a0 [ 30.171035] ? __netlink_lookup+0x345/0x5d0 [ 30.175353] netlink_rcv_skb+0x125/0x390 [ 30.179431] ? rtnl_calcit.isra.0+0x3a0/0x3a0 [ 30.183926] ? netlink_ack+0x9a0/0x9a0 [ 30.187812] netlink_unicast+0x437/0x610 [ 30.191868] ? netlink_sendskb+0xd0/0xd0 [ 30.195924] ? __check_object_size+0x179/0x230 [ 30.200499] netlink_sendmsg+0x648/0xbc0 [ 30.204671] ? nlmsg_notify+0x1b0/0x1b0 [ 30.208638] ? kernel_recvmsg+0x210/0x210 [ 30.212786] ? security_socket_sendmsg+0x83/0xb0 [ 30.217549] ? nlmsg_notify+0x1b0/0x1b0 [ 30.221520] sock_sendmsg+0xb5/0x100 [ 30.225230] ___sys_sendmsg+0x6c8/0x800 [ 30.229203] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 30.233953] ? trace_hardirqs_on+0x10/0x10 [ 30.238181] ? do_futex+0x127/0x1570 [ 30.241965] ? __fget+0x23e/0x3e0 [ 30.245412] ? lock_acquire+0x170/0x3f0 [ 30.249377] ? lock_downgrade+0x740/0x740 [ 30.253521] ? __fget+0x265/0x3e0 [ 30.256969] ? __fdget+0x19b/0x1f0 [ 30.260509] ? sockfd_lookup_light+0xb2/0x160 [ 30.265008] __sys_sendmsg+0xa3/0x120 [ 30.268804] ? SyS_shutdown+0x160/0x160 [ 30.272772] ? up_read+0x17/0x30 [ 30.276134] ? __do_page_fault+0x159/0xad0 [ 30.280361] SyS_sendmsg+0x27/0x40 [ 30.283897] ? __sys_sendmsg+0x120/0x120 [ 30.287951] do_syscall_64+0x1d5/0x640 [ 30.291837] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 30.297019] RIP: 0033:0x7f660c6d8dd9 [ 30.300722] RSP: 002b:00007f660c68a308 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 30.308419] RAX: ffffffffffffffda RBX: 00007f660c760428 RCX: 00007f660c6d8dd9 [ 30.315683] RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000006 [ 30.322946] RBP: 00007f660c760420 R08: 0000000000000000 R09: 0000000000000000 [ 30.330209] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f660c76042c [ 30.337474] R13: 00007f660c72e074 R14: 00f0ffffffffffff R15: 0000000000022000 [ 30.344940] Kernel Offset: disabled [ 30.348553] Rebooting in 86400 seconds..