IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready ================================================================== IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready BUG: KASAN: slab-out-of-bounds in __get_unaligned_cpu32 include/linux/unaligned/packed_struct.h:19 [inline] at addr ffff8800ae6c4d01 BUG: KASAN: slab-out-of-bounds in mc_hash drivers/net/macvlan.c:225 [inline] at addr ffff8800ae6c4d01 BUG: KASAN: slab-out-of-bounds in macvlan_broadcast+0x48f/0x5b0 drivers/net/macvlan.c:251 at addr ffff8800ae6c4d01 Read of size 4 by task syz-executor.2/7685 CPU: 0 PID: 7685 Comm: syz-executor.2 Not tainted 4.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 1ffffffff0dd577e ffff8800ae7e7878 ffffffff82c7f386 ffff8800ae6c4cff ffff8800ae7e7908 ffff8800ae6c4940 ffff88012bc00700 ffff8800ae7e78f8 ffffffff81740207 ffff8800ae720900 0000000000000286 0000000000000286 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xe6/0x120 lib/dump_stack.c:51 [] object_err mm/kasan/report.c:139 [inline] [] print_address_description mm/kasan/report.c:179 [inline] [] kasan_report_error+0x1e7/0x5c0 mm/kasan/report.c:275 [] kasan_report mm/kasan/report.c:297 [inline] [] __asan_report_load_n_noabort+0x3a/0x40 mm/kasan/report.c:328 [] __get_unaligned_cpu32 include/linux/unaligned/packed_struct.h:19 [inline] [] mc_hash drivers/net/macvlan.c:225 [inline] [] macvlan_broadcast+0x48f/0x5b0 drivers/net/macvlan.c:251 IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready device veth0_vlan entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [] macvlan_queue_xmit drivers/net/macvlan.c:482 [inline] [] macvlan_start_xmit+0x316/0x610 drivers/net/macvlan.c:525 [] __netdev_start_xmit include/linux/netdevice.h:3928 [inline] [] netdev_start_xmit include/linux/netdevice.h:3937 [inline] [] packet_direct_xmit+0x429/0x610 net/packet/af_packet.c:271 [] packet_snd net/packet/af_packet.c:2938 [inline] [] packet_sendmsg+0x1f94/0x4eb0 net/packet/af_packet.c:2963 device veth1_vlan entered promiscuous mode [] sock_sendmsg_nosec net/socket.c:612 [inline] [] sock_sendmsg+0xb5/0xf0 net/socket.c:622 [] SYSC_sendto+0x1c9/0x300 net/socket.c:1648 [] SyS_sendto+0x9/0x10 net/socket.c:1616 [] entry_SYSCALL_64_fastpath+0x23/0xc1 Object at ffff8800ae6c4940, in cache kmalloc-1024 Object allocated with size 704 bytes. Allocation: PID = 7371 [] save_stack_trace+0x26/0x50 arch/x86/kernel/stacktrace.c:67 [] save_stack+0x46/0xd0 mm/kasan/kasan.c:450 [] set_track mm/kasan/kasan.c:462 [inline] [] kasan_kmalloc+0xc9/0xe0 mm/kasan/kasan.c:532 [] __do_kmalloc mm/slab.c:3545 [inline] [] __kmalloc+0x169/0x6d0 mm/slab.c:3554 [] kmalloc include/linux/slab.h:483 [inline] [] kzalloc include/linux/slab.h:622 [inline] [] neigh_alloc net/core/neighbour.c:285 [inline] [] __neigh_create+0x1ea/0x19f0 net/core/neighbour.c:457 [] ip6_finish_output2+0x841/0x1b90 net/ipv6/ip6_output.c:111 [] ip6_finish_output+0x353/0x700 net/ipv6/ip6_output.c:131 [] NF_HOOK_COND include/linux/netfilter.h:233 [inline] [] ip6_output+0x167/0x530 net/ipv6/ip6_output.c:145 [] dst_output include/net/dst.h:504 [inline] [] NF_HOOK_THRESH.constprop.24+0xc9/0x290 include/linux/netfilter.h:219 [] NF_HOOK include/linux/netfilter.h:242 [inline] [] ndisc_send_skb+0x7a4/0x1010 net/ipv6/ndisc.c:471 [] ndisc_send_rs+0x116/0x3d0 net/ipv6/ndisc.c:646 [] addrconf_dad_completed+0x419/0x760 net/ipv6/addrconf.c:3877 [] addrconf_dad_work+0x7cb/0x980 net/ipv6/addrconf.c:3800 [] process_one_work+0x69b/0x1570 kernel/workqueue.c:2122 [] worker_thread+0xd7/0xf10 kernel/workqueue.c:2256 [] kthread+0x209/0x2d0 kernel/kthread.c:209 [] ret_from_fork+0x22/0x50 arch/x86/entry/entry_64.S:392 Memory state around the buggy address: ffff8800ae6c4c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff8800ae6c4c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff8800ae6c4d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff8800ae6c4d80: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 ffff8800ae6c4e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ================================================================== IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready ================================================================== BUG: KASAN: slab-out-of-bounds in __get_unaligned_cpu32 include/linux/unaligned/packed_struct.h:19 [inline] at addr ffff8800ae6c5ac1 BUG: KASAN: slab-out-of-bounds in mc_hash drivers/net/macvlan.c:225 [inline] at addr ffff8800ae6c5ac1 BUG: KASAN: slab-out-of-bounds in macvlan_broadcast+0x48f/0x5b0 drivers/net/macvlan.c:251 at addr ffff8800ae6c5ac1 Read of size 4 by task syz-executor.2/7728 CPU: 1 PID: 7728 Comm: syz-executor.2 Tainted: G B 4.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 1ffffffff0dd577e ffff8800ae7a7878 ffffffff82c7f386 ffff8800ae6c5abf ffff8800ae7a7908 ffff8800ae6c56c0 ffff88012bc00700 ffff8800ae7a78f8 ffffffff81740207 ffffffff816afd26 0000000000000286 0000000000000286 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xe6/0x120 lib/dump_stack.c:51 [] object_err mm/kasan/report.c:139 [inline] [] print_address_description mm/kasan/report.c:179 [inline] [] kasan_report_error+0x1e7/0x5c0 mm/kasan/report.c:275 [] kasan_report mm/kasan/report.c:297 [inline] [] __asan_report_load_n_noabort+0x3a/0x40 mm/kasan/report.c:328 [] __get_unaligned_cpu32 include/linux/unaligned/packed_struct.h:19 [inline] [] mc_hash drivers/net/macvlan.c:225 [inline] [] macvlan_broadcast+0x48f/0x5b0 drivers/net/macvlan.c:251 [] macvlan_queue_xmit drivers/net/macvlan.c:482 [inline] [] macvlan_start_xmit+0x316/0x610 drivers/net/macvlan.c:525 [] __netdev_start_xmit include/linux/netdevice.h:3928 [inline] [] netdev_start_xmit include/linux/netdevice.h:3937 [inline] [] packet_direct_xmit+0x429/0x610 net/packet/af_packet.c:271 [] packet_snd net/packet/af_packet.c:2938 [inline] [] packet_sendmsg+0x1f94/0x4eb0 net/packet/af_packet.c:2963 [] sock_sendmsg_nosec net/socket.c:612 [inline] [] sock_sendmsg+0xb5/0xf0 net/socket.c:622 [] SYSC_sendto+0x1c9/0x300 net/socket.c:1648 [] SyS_sendto+0x9/0x10 net/socket.c:1616 [] entry_SYSCALL_64_fastpath+0x23/0xc1 Object at ffff8800ae6c56c0, in cache kmalloc-1024 Object allocated with size 704 bytes. Allocation: PID = 7371 [] save_stack_trace+0x26/0x50 arch/x86/kernel/stacktrace.c:67 [] save_stack+0x46/0xd0 mm/kasan/kasan.c:450 [] set_track mm/kasan/kasan.c:462 [inline] [] kasan_kmalloc+0xc9/0xe0 mm/kasan/kasan.c:532 [] __do_kmalloc mm/slab.c:3545 [inline] [] __kmalloc+0x169/0x6d0 mm/slab.c:3554 [] kmalloc include/linux/slab.h:483 [inline] [] kzalloc include/linux/slab.h:622 [inline] [] neigh_alloc net/core/neighbour.c:285 [inline] [] __neigh_create+0x1ea/0x19f0 net/core/neighbour.c:457 [] ip6_finish_output2+0x841/0x1b90 net/ipv6/ip6_output.c:111 [] ip6_finish_output+0x353/0x700 net/ipv6/ip6_output.c:131 [] NF_HOOK_COND include/linux/netfilter.h:233 [inline] [] ip6_output+0x167/0x530 net/ipv6/ip6_output.c:145 [] dst_output include/net/dst.h:504 [inline] [] NF_HOOK_THRESH.constprop.24+0xc9/0x290 include/linux/netfilter.h:219 [] NF_HOOK include/linux/netfilter.h:242 [inline] [] ndisc_send_skb+0x7a4/0x1010 net/ipv6/ndisc.c:471 [] ndisc_send_rs+0x116/0x3d0 net/ipv6/ndisc.c:646 [] addrconf_dad_completed+0x419/0x760 net/ipv6/addrconf.c:3877 [] addrconf_dad_begin net/ipv6/addrconf.c:3687 [inline] [] addrconf_dad_work+0x30b/0x980 net/ipv6/addrconf.c:3768 [] process_one_work+0x69b/0x1570 kernel/workqueue.c:2122 [] worker_thread+0xd7/0xf10 kernel/workqueue.c:2256 [] kthread+0x209/0x2d0 kernel/kthread.c:209 [] ret_from_fork+0x22/0x50 arch/x86/entry/entry_64.S:392 Memory state around the buggy address: ffff8800ae6c5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff8800ae6c5a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff8800ae6c5a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff8800ae6c5b00: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 ffff8800ae6c5b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ================================================================== ================================================================== BUG: KASAN: use-after-free in __get_unaligned_cpu32 include/linux/unaligned/packed_struct.h:19 [inline] at addr ffff880127aaa581 BUG: KASAN: use-after-free in mc_hash drivers/net/macvlan.c:225 [inline] at addr ffff880127aaa581 BUG: KASAN: use-after-free in macvlan_broadcast+0x48f/0x5b0 drivers/net/macvlan.c:251 at addr ffff880127aaa581 Read of size 4 by task syz-executor.1/7760 page:ffffea00049eaa80 count:0 mapcount:0 mapping: (null) index:0x0 flags: 0x17ffe0000000000() page dumped because: kasan: bad access detected CPU: 0 PID: 7760 Comm: syz-executor.1 Tainted: G B 4.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 1ffffffff0dd577e ffff8800ae1a7878 ffffffff82c7f386 ffff880127aaa57f ffff8800ae1a7908 ffff880127aaa581 ffff8800b224a600 ffff8800ae1a78f8 ffffffff817405ba ffffffff816afd26 0000000000000286 0000000000000286 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xe6/0x120 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:190 [inline] [] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275 [] kasan_report mm/kasan/report.c:297 [inline] [] __asan_report_load_n_noabort+0x3a/0x40 mm/kasan/report.c:328 [] __get_unaligned_cpu32 include/linux/unaligned/packed_struct.h:19 [inline] [] mc_hash drivers/net/macvlan.c:225 [inline] [] macvlan_broadcast+0x48f/0x5b0 drivers/net/macvlan.c:251 [] macvlan_queue_xmit drivers/net/macvlan.c:482 [inline] [] macvlan_start_xmit+0x316/0x610 drivers/net/macvlan.c:525 [] __netdev_start_xmit include/linux/netdevice.h:3928 [inline] [] netdev_start_xmit include/linux/netdevice.h:3937 [inline] [] packet_direct_xmit+0x429/0x610 net/packet/af_packet.c:271 [] packet_snd net/packet/af_packet.c:2938 [inline] [] packet_sendmsg+0x1f94/0x4eb0 net/packet/af_packet.c:2963 [] sock_sendmsg_nosec net/socket.c:612 [inline] [] sock_sendmsg+0xb5/0xf0 net/socket.c:622 [] SYSC_sendto+0x1c9/0x300 net/socket.c:1648 [] SyS_sendto+0x9/0x10 net/socket.c:1616 [] entry_SYSCALL_64_fastpath+0x23/0xc1 Memory state around the buggy address: ffff880127aaa480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff880127aaa500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff880127aaa580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff880127aaa600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff880127aaa680: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ================================================================== ================================================================== BUG: KASAN: use-after-free in __get_unaligned_cpu32 include/linux/unaligned/packed_struct.h:19 [inline] at addr ffff880127aaaa81 BUG: KASAN: use-after-free in mc_hash drivers/net/macvlan.c:225 [inline] at addr ffff880127aaaa81 BUG: KASAN: use-after-free in macvlan_broadcast+0x48f/0x5b0 drivers/net/macvlan.c:251 at addr ffff880127aaaa81 Read of size 4 by task syz-executor.4/7761 page:ffffea00049eaa80 count:0 mapcount:0 mapping: (null) index:0x0 flags: 0x17ffe0000000000() page dumped because: kasan: bad access detected CPU: 0 PID: 7761 Comm: syz-executor.4 Tainted: G B 4.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 1ffffffff0dd577e ffff8800ae00f878 ffffffff82c7f386 ffff880127aaaa7f ffff8800ae00f908 ffff880127aaaa81 ffff880127882440 ffff8800ae00f8f8 ffffffff817405ba ffffffff816afd26 0000000000000286 0000000000000286 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xe6/0x120 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:190 [inline] [] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275 [] kasan_report mm/kasan/report.c:297 [inline] [] __asan_report_load_n_noabort+0x3a/0x40 mm/kasan/report.c:328 [] __get_unaligned_cpu32 include/linux/unaligned/packed_struct.h:19 [inline] [] mc_hash drivers/net/macvlan.c:225 [inline] [] macvlan_broadcast+0x48f/0x5b0 drivers/net/macvlan.c:251 [] macvlan_queue_xmit drivers/net/macvlan.c:482 [inline] [] macvlan_start_xmit+0x316/0x610 drivers/net/macvlan.c:525 [] __netdev_start_xmit include/linux/netdevice.h:3928 [inline] [] netdev_start_xmit include/linux/netdevice.h:3937 [inline] [] packet_direct_xmit+0x429/0x610 net/packet/af_packet.c:271 [] packet_snd net/packet/af_packet.c:2938 [inline] [] packet_sendmsg+0x1f94/0x4eb0 net/packet/af_packet.c:2963 [] sock_sendmsg_nosec net/socket.c:612 [inline] [] sock_sendmsg+0xb5/0xf0 net/socket.c:622 [] SYSC_sendto+0x1c9/0x300 net/socket.c:1648 [] SyS_sendto+0x9/0x10 net/socket.c:1616 [] entry_SYSCALL_64_fastpath+0x23/0xc1 Memory state around the buggy address: ffff880127aaa980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff880127aaaa00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff880127aaaa80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff880127aaab00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff880127aaab80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ================================================================== IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready device veth0_vlan entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready device veth0_vlan entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready device veth1_vlan entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready device veth1_vlan entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready device veth0_vlan entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready device veth1_vlan entered promiscuous mode ================================================================== BUG: KASAN: use-after-free in __get_unaligned_cpu32 include/linux/unaligned/packed_struct.h:19 [inline] at addr ffff8800ae0bdcc1 BUG: KASAN: use-after-free in mc_hash drivers/net/macvlan.c:225 [inline] at addr ffff8800ae0bdcc1 BUG: KASAN: use-after-free in macvlan_broadcast+0x48f/0x5b0 drivers/net/macvlan.c:251 at addr ffff8800ae0bdcc1 Read of size 4 by task syz-executor.0/7840 page:ffffea0002b82f40 count:0 mapcount:0 mapping: (null) index:0x0 flags: 0xfffe0000000000() page dumped because: kasan: bad access detected CPU: 0 PID: 7840 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 1ffffffff0dd577e ffff8800ae10f878 ffffffff82c7f386 ffff8800ae0bdcbf ffff8800ae10f908 ffff8800ae0bdcc1 ffff8800ae526740 ffff8800ae10f8f8 ffffffff817405ba ffffffff816afd26 0000000000000286 0000000000000286 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xe6/0x120 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:190 [inline] [] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275 [] kasan_report mm/kasan/report.c:297 [inline] [] __asan_report_load_n_noabort+0x3a/0x40 mm/kasan/report.c:328 [] __get_unaligned_cpu32 include/linux/unaligned/packed_struct.h:19 [inline] [] mc_hash drivers/net/macvlan.c:225 [inline] [] macvlan_broadcast+0x48f/0x5b0 drivers/net/macvlan.c:251 [] macvlan_queue_xmit drivers/net/macvlan.c:482 [inline] [] macvlan_start_xmit+0x316/0x610 drivers/net/macvlan.c:525 [] __netdev_start_xmit include/linux/netdevice.h:3928 [inline] [] netdev_start_xmit include/linux/netdevice.h:3937 [inline] [] packet_direct_xmit+0x429/0x610 net/packet/af_packet.c:271 [] packet_snd net/packet/af_packet.c:2938 [inline] [] packet_sendmsg+0x1f94/0x4eb0 net/packet/af_packet.c:2963 [] sock_sendmsg_nosec net/socket.c:612 [inline] [] sock_sendmsg+0xb5/0xf0 net/socket.c:622 [] SYSC_sendto+0x1c9/0x300 net/socket.c:1648 [] SyS_sendto+0x9/0x10 net/socket.c:1616 [] entry_SYSCALL_64_fastpath+0x23/0xc1 Memory state around the buggy address: ffff8800ae0bdb80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff8800ae0bdc00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff8800ae0bdc80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff8800ae0bdd00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff8800ae0bdd80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ================================================================== ================================================================== BUG: KASAN: use-after-free in __get_unaligned_cpu32 include/linux/unaligned/packed_struct.h:19 [inline] at addr ffff8800ae6c4581 BUG: KASAN: use-after-free in mc_hash drivers/net/macvlan.c:225 [inline] at addr ffff8800ae6c4581 BUG: KASAN: use-after-free in macvlan_broadcast+0x48f/0x5b0 drivers/net/macvlan.c:251 at addr ffff8800ae6c4581 Read of size 4 by task syz-executor.4/7858 page:ffffea0002b9b100 count:0 mapcount:0 mapping: (null) index:0x0 flags: 0xfffe0000000000() page dumped because: kasan: bad access detected CPU: 0 PID: 7858 Comm: syz-executor.4 Tainted: G B 4.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 1ffffffff0dd577e ffff8800ae10f878 ffffffff82c7f386 ffff8800ae6c457f ffff8800ae10f908 ffff8800ae6c4581 ffff880127882440 ffff8800ae10f8f8 ffffffff817405ba ffffffff816afd26 0000000000000286 0000000000000286 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xe6/0x120 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:190 [inline] [] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275 [] kasan_report mm/kasan/report.c:297 [inline] [] __asan_report_load_n_noabort+0x3a/0x40 mm/kasan/report.c:328 [] __get_unaligned_cpu32 include/linux/unaligned/packed_struct.h:19 [inline] [] mc_hash drivers/net/macvlan.c:225 [inline] [] macvlan_broadcast+0x48f/0x5b0 drivers/net/macvlan.c:251 [] macvlan_queue_xmit drivers/net/macvlan.c:482 [inline] [] macvlan_start_xmit+0x316/0x610 drivers/net/macvlan.c:525 [] __netdev_start_xmit include/linux/netdevice.h:3928 [inline] [] netdev_start_xmit include/linux/netdevice.h:3937 [inline] [] packet_direct_xmit+0x429/0x610 net/packet/af_packet.c:271 [] packet_snd net/packet/af_packet.c:2938 [inline] [] packet_sendmsg+0x1f94/0x4eb0 net/packet/af_packet.c:2963 [] sock_sendmsg_nosec net/socket.c:612 [inline] [] sock_sendmsg+0xb5/0xf0 net/socket.c:622 [] SYSC_sendto+0x1c9/0x300 net/socket.c:1648 [] SyS_sendto+0x9/0x10 net/socket.c:1616 [] entry_SYSCALL_64_fastpath+0x23/0xc1 Memory state around the buggy address: ffff8800ae6c4480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff8800ae6c4500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff8800ae6c4580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff8800ae6c4600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff8800ae6c4680: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ================================================================== ================================================================== BUG: KASAN: use-after-free in __get_unaligned_cpu32 include/linux/unaligned/packed_struct.h:19 [inline] at addr ffff8800ae6c4a81 BUG: KASAN: use-after-free in mc_hash drivers/net/macvlan.c:225 [inline] at addr ffff8800ae6c4a81 BUG: KASAN: use-after-free in macvlan_broadcast+0x48f/0x5b0 drivers/net/macvlan.c:251 at addr ffff8800ae6c4a81 Read of size 4 by task syz-executor.5/7885 page:ffffea0002b9b100 count:0 mapcount:0 mapping: (null) index:0x0 flags: 0xfffe0000000000() page dumped because: kasan: bad access detected CPU: 1 PID: 7885 Comm: syz-executor.5 Tainted: G B 4.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 1ffffffff0dd577e ffff8800ae0c7878 ffffffff82c7f386 ffff8800ae6c4a7f ffff8800ae0c7908 ffff8800ae6c4a81 ffff8800ae4326c0 ffff8800ae0c78f8 ffffffff817405ba ffffffff816afd26 0000000000000286 0000000000000286 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xe6/0x120 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:190 [inline] [] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275 [] kasan_report mm/kasan/report.c:297 [inline] [] __asan_report_load_n_noabort+0x3a/0x40 mm/kasan/report.c:328 [] __get_unaligned_cpu32 include/linux/unaligned/packed_struct.h:19 [inline] [] mc_hash drivers/net/macvlan.c:225 [inline] [] macvlan_broadcast+0x48f/0x5b0 drivers/net/macvlan.c:251 [] macvlan_queue_xmit drivers/net/macvlan.c:482 [inline] [] macvlan_start_xmit+0x316/0x610 drivers/net/macvlan.c:525 [] __netdev_start_xmit include/linux/netdevice.h:3928 [inline] [] netdev_start_xmit include/linux/netdevice.h:3937 [inline] [] packet_direct_xmit+0x429/0x610 net/packet/af_packet.c:271 [] packet_snd net/packet/af_packet.c:2938 [inline] [] packet_sendmsg+0x1f94/0x4eb0 net/packet/af_packet.c:2963 [] sock_sendmsg_nosec net/socket.c:612 [inline] [] sock_sendmsg+0xb5/0xf0 net/socket.c:622 [] SYSC_sendto+0x1c9/0x300 net/socket.c:1648 [] SyS_sendto+0x9/0x10 net/socket.c:1616 [] entry_SYSCALL_64_fastpath+0x23/0xc1 Memory state around the buggy address: ffff8800ae6c4980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff8800ae6c4a00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff8800ae6c4a80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff8800ae6c4b00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff8800ae6c4b80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ================================================================== ================================================================== BUG: KASAN: use-after-free in __get_unaligned_cpu32 include/linux/unaligned/packed_struct.h:19 [inline] at addr ffff880127a5e041 BUG: KASAN: use-after-free in mc_hash drivers/net/macvlan.c:225 [inline] at addr ffff880127a5e041 BUG: KASAN: use-after-free in macvlan_broadcast+0x48f/0x5b0 drivers/net/macvlan.c:251 at addr ffff880127a5e041 Read of size 4 by task syz-executor.4/7893 page:ffffea00049e9780 count:0 mapcount:0 mapping: (null) index:0x0 flags: 0x17ffe0000000000() page dumped because: kasan: bad access detected CPU: 0 PID: 7893 Comm: syz-executor.4 Tainted: G B 4.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 1ffffffff0dd577e ffff880127b6f878 ffffffff82c7f386 ffff880127a5e03f ffff880127b6f908 ffff880127a5e041 ffff880127882440 ffff880127b6f8f8 ffffffff817405ba ffffffff816afd26 0000000000000286 0000000000000286 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xe6/0x120 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:190 [inline] [] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275 [] kasan_report mm/kasan/report.c:297 [inline] [] __asan_report_load_n_noabort+0x3a/0x40 mm/kasan/report.c:328 [] __get_unaligned_cpu32 include/linux/unaligned/packed_struct.h:19 [inline] [] mc_hash drivers/net/macvlan.c:225 [inline] [] macvlan_broadcast+0x48f/0x5b0 drivers/net/macvlan.c:251 [] macvlan_queue_xmit drivers/net/macvlan.c:482 [inline] [] macvlan_start_xmit+0x316/0x610 drivers/net/macvlan.c:525 [] __netdev_start_xmit include/linux/netdevice.h:3928 [inline] [] netdev_start_xmit include/linux/netdevice.h:3937 [inline] [] packet_direct_xmit+0x429/0x610 net/packet/af_packet.c:271 [] packet_snd net/packet/af_packet.c:2938 [inline] [] packet_sendmsg+0x1f94/0x4eb0 net/packet/af_packet.c:2963 [] sock_sendmsg_nosec net/socket.c:612 [inline] [] sock_sendmsg+0xb5/0xf0 net/socket.c:622 [] SYSC_sendto+0x1c9/0x300 net/socket.c:1648 [] SyS_sendto+0x9/0x10 net/socket.c:1616 [] entry_SYSCALL_64_fastpath+0x23/0xc1 Memory state around the buggy address: ffff880127a5df00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff880127a5df80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff880127a5e000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff880127a5e080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff880127a5e100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ================================================================== ================================================================== BUG: KASAN: use-after-free in __get_unaligned_cpu32 include/linux/unaligned/packed_struct.h:19 [inline] at addr ffff880127a5e541 BUG: KASAN: use-after-free in mc_hash drivers/net/macvlan.c:225 [inline] at addr ffff880127a5e541 BUG: KASAN: use-after-free in macvlan_broadcast+0x48f/0x5b0 drivers/net/macvlan.c:251 at addr ffff880127a5e541 Read of size 4 by task syz-executor.5/7908 page:ffffea00049e9780 count:0 mapcount:0 mapping: (null) index:0x0 flags: 0x17ffe0000000000() page dumped because: kasan: bad access detected CPU: 0 PID: 7908 Comm: syz-executor.5 Tainted: G B 4.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 1ffffffff0dd577e ffff8800ae07f878 ffffffff82c7f386 ffff880127a5e53f ffff8800ae07f908 ffff880127a5e541 ffff8800ae4326c0 ffff8800ae07f8f8 ffffffff817405ba ffffffff816afd26 0000000000000286 0000000000000286 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xe6/0x120 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:190 [inline] [] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275 [] kasan_report mm/kasan/report.c:297 [inline] [] __asan_report_load_n_noabort+0x3a/0x40 mm/kasan/report.c:328 [] __get_unaligned_cpu32 include/linux/unaligned/packed_struct.h:19 [inline] [] mc_hash drivers/net/macvlan.c:225 [inline] [] macvlan_broadcast+0x48f/0x5b0 drivers/net/macvlan.c:251 [] macvlan_queue_xmit drivers/net/macvlan.c:482 [inline] [] macvlan_start_xmit+0x316/0x610 drivers/net/macvlan.c:525 [] __netdev_start_xmit include/linux/netdevice.h:3928 [inline] [] netdev_start_xmit include/linux/netdevice.h:3937 [inline] [] packet_direct_xmit+0x429/0x610 net/packet/af_packet.c:271 [] packet_snd net/packet/af_packet.c:2938 [inline] [] packet_sendmsg+0x1f94/0x4eb0 net/packet/af_packet.c:2963 [] sock_sendmsg_nosec net/socket.c:612 [inline] [] sock_sendmsg+0xb5/0xf0 net/socket.c:622 [] SYSC_sendto+0x1c9/0x300 net/socket.c:1648 [] SyS_sendto+0x9/0x10 net/socket.c:1616 [] entry_SYSCALL_64_fastpath+0x23/0xc1 Memory state around the buggy address: ffff880127a5e400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff880127a5e480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff880127a5e500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff880127a5e580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff880127a5e600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ================================================================== ================================================================== BUG: KASAN: use-after-free in __get_unaligned_cpu32 include/linux/unaligned/packed_struct.h:19 [inline] at addr ffff880127a5e541 BUG: KASAN: use-after-free in mc_hash drivers/net/macvlan.c:225 [inline] at addr ffff880127a5e541 BUG: KASAN: use-after-free in macvlan_broadcast+0x48f/0x5b0 drivers/net/macvlan.c:251 at addr ffff880127a5e541 Read of size 4 by task syz-executor.1/7926 page:ffffea00049e9780 count:0 mapcount:0 mapping: (null) index:0x0 flags: 0x17ffe0000000000() page dumped because: kasan: bad access detected CPU: 1 PID: 7926 Comm: syz-executor.1 Tainted: G B 4.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 1ffffffff0dd577e ffff880127ac7878 ffffffff82c7f386 ffff880127a5e53f ffff880127ac7908 ffff880127a5e541 ffff8800b224a600 ffff880127ac78f8 ffffffff817405ba ffffffff816afd26 0000000000000286 0000000000000286 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xe6/0x120 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:190 [inline] [] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275 [] kasan_report mm/kasan/report.c:297 [inline] [] __asan_report_load_n_noabort+0x3a/0x40 mm/kasan/report.c:328 [] __get_unaligned_cpu32 include/linux/unaligned/packed_struct.h:19 [inline] [] mc_hash drivers/net/macvlan.c:225 [inline] [] macvlan_broadcast+0x48f/0x5b0 drivers/net/macvlan.c:251 [] macvlan_queue_xmit drivers/net/macvlan.c:482 [inline] [] macvlan_start_xmit+0x316/0x610 drivers/net/macvlan.c:525 [] __netdev_start_xmit include/linux/netdevice.h:3928 [inline] [] netdev_start_xmit include/linux/netdevice.h:3937 [inline] [] packet_direct_xmit+0x429/0x610 net/packet/af_packet.c:271 [] packet_snd net/packet/af_packet.c:2938 [inline] [] packet_sendmsg+0x1f94/0x4eb0 net/packet/af_packet.c:2963 [] sock_sendmsg_nosec net/socket.c:612 [inline] [] sock_sendmsg+0xb5/0xf0 net/socket.c:622 [] SYSC_sendto+0x1c9/0x300 net/socket.c:1648 [] SyS_sendto+0x9/0x10 net/socket.c:1616 [] entry_SYSCALL_64_fastpath+0x23/0xc1 Memory state around the buggy address: ffff880127a5e400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff880127a5e480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff880127a5e500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff880127a5e580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff880127a5e600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ================================================================== ================================================================== BUG: KASAN: use-after-free in __get_unaligned_cpu32 include/linux/unaligned/packed_struct.h:19 [inline] at addr ffff880127a5e541 BUG: KASAN: use-after-free in mc_hash drivers/net/macvlan.c:225 [inline] at addr ffff880127a5e541 BUG: KASAN: use-after-free in macvlan_broadcast+0x48f/0x5b0 drivers/net/macvlan.c:251 at addr ffff880127a5e541 Read of size 4 by task syz-executor.5/7937 page:ffffea00049e9780 count:0 mapcount:0 mapping: (null) index:0x0 flags: 0x17ffe0000000000() page dumped because: kasan: bad access detected CPU: 0 PID: 7937 Comm: syz-executor.5 Tainted: G B 4.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 1ffffffff0dd577e ffff8800ae157878 ffffffff82c7f386 ffff880127a5e53f ffff8800ae157908 ffff880127a5e541 ffff8800ae4326c0 ffff8800ae1578f8 ffffffff817405ba ffffffff816afd26 0000000000000286 0000000000000286 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xe6/0x120 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:190 [inline] [] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275 [] kasan_report mm/kasan/report.c:297 [inline] [] __asan_report_load_n_noabort+0x3a/0x40 mm/kasan/report.c:328 [] __get_unaligned_cpu32 include/linux/unaligned/packed_struct.h:19 [inline] [] mc_hash drivers/net/macvlan.c:225 [inline] [] macvlan_broadcast+0x48f/0x5b0 drivers/net/macvlan.c:251 [] macvlan_queue_xmit drivers/net/macvlan.c:482 [inline] [] macvlan_start_xmit+0x316/0x610 drivers/net/macvlan.c:525 [] __netdev_start_xmit include/linux/netdevice.h:3928 [inline] [] netdev_start_xmit include/linux/netdevice.h:3937 [inline] [] packet_direct_xmit+0x429/0x610 net/packet/af_packet.c:271 [] packet_snd net/packet/af_packet.c:2938 [inline] [] packet_sendmsg+0x1f94/0x4eb0 net/packet/af_packet.c:2963 [] sock_sendmsg_nosec net/socket.c:612 [inline] [] sock_sendmsg+0xb5/0xf0 net/socket.c:622 [] SYSC_sendto+0x1c9/0x300 net/socket.c:1648 [] SyS_sendto+0x9/0x10 net/socket.c:1616 [] entry_SYSCALL_64_fastpath+0x23/0xc1 Memory state around the buggy address: ffff880127a5e400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff880127a5e480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff880127a5e500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff880127a5e580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff880127a5e600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ================================================================== ================================================================== BUG: KASAN: use-after-free in __get_unaligned_cpu32 include/linux/unaligned/packed_struct.h:19 [inline] at addr ffff880127a08001 BUG: KASAN: use-after-free in mc_hash drivers/net/macvlan.c:225 [inline] at addr ffff880127a08001 BUG: KASAN: use-after-free in macvlan_broadcast+0x48f/0x5b0 drivers/net/macvlan.c:251 at addr ffff880127a08001 Read of size 4 by task syz-executor.2/7948 page:ffffea00049e8200 count:0 mapcount:-127 mapping: (null) index:0x0 flags: 0x17ffe0000000000() page dumped because: kasan: bad access detected CPU: 0 PID: 7948 Comm: syz-executor.2 Tainted: G B 4.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 1ffffffff0dd577e ffff880127a6f878 ffffffff82c7f386 ffff880127a07fff ffff880127a6f908 ffff880127a08001 ffff8800b36f2140 ffff880127a6f8f8 ffffffff817405ba ffffffff816afd26 0000000000000286 0000000000000286 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xe6/0x120 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:190 [inline] [] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275 [] kasan_report mm/kasan/report.c:297 [inline] [] __asan_report_load_n_noabort+0x3a/0x40 mm/kasan/report.c:328 [] __get_unaligned_cpu32 include/linux/unaligned/packed_struct.h:19 [inline] [] mc_hash drivers/net/macvlan.c:225 [inline] [] macvlan_broadcast+0x48f/0x5b0 drivers/net/macvlan.c:251 [] macvlan_queue_xmit drivers/net/macvlan.c:482 [inline] [] macvlan_start_xmit+0x316/0x610 drivers/net/macvlan.c:525 [] __netdev_start_xmit include/linux/netdevice.h:3928 [inline] [] netdev_start_xmit include/linux/netdevice.h:3937 [inline] [] packet_direct_xmit+0x429/0x610 net/packet/af_packet.c:271 [] packet_snd net/packet/af_packet.c:2938 [inline] [] packet_sendmsg+0x1f94/0x4eb0 net/packet/af_packet.c:2963 [] sock_sendmsg_nosec net/socket.c:612 [inline] [] sock_sendmsg+0xb5/0xf0 net/socket.c:622 [] SYSC_sendto+0x1c9/0x300 net/socket.c:1648 [] SyS_sendto+0x9/0x10 net/socket.c:1616 [] entry_SYSCALL_64_fastpath+0x23/0xc1 Memory state around the buggy address: ffff880127a07f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff880127a07f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff880127a08000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff880127a08080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff880127a08100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ================================================================== ================================================================== BUG: KASAN: use-after-free in __get_unaligned_cpu32 include/linux/unaligned/packed_struct.h:19 [inline] at addr ffff8800ae6c4301 BUG: KASAN: use-after-free in mc_hash drivers/net/macvlan.c:225 [inline] at addr ffff8800ae6c4301 BUG: KASAN: use-after-free in macvlan_broadcast+0x48f/0x5b0 drivers/net/macvlan.c:251 at addr ffff8800ae6c4301 Read of size 4 by task syz-executor.3/7946 page:ffffea0002b9b100 count:0 mapcount:0 mapping: (null) index:0x0 flags: 0xfffe0000000000() page dumped because: kasan: bad access detected CPU: 1 PID: 7946 Comm: syz-executor.3 Tainted: G B 4.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 1ffffffff0dd577e ffff8800ae117878 ffffffff82c7f386 ffff8800ae6c42ff ffff8800ae117908 ffff8800ae6c4301 ffff8800ae65a800 ffff8800ae1178f8 ffffffff817405ba ffffffff816afd26 0000000000000286 0000000000000286 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xe6/0x120 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:190 [inline] [] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275 [] kasan_report mm/kasan/report.c:297 [inline] [] __asan_report_load_n_noabort+0x3a/0x40 mm/kasan/report.c:328 [] __get_unaligned_cpu32 include/linux/unaligned/packed_struct.h:19 [inline] [] mc_hash drivers/net/macvlan.c:225 [inline] [] macvlan_broadcast+0x48f/0x5b0 drivers/net/macvlan.c:251 [] macvlan_queue_xmit drivers/net/macvlan.c:482 [inline] [] macvlan_start_xmit+0x316/0x610 drivers/net/macvlan.c:525 [] __netdev_start_xmit include/linux/netdevice.h:3928 [inline] [] netdev_start_xmit include/linux/netdevice.h:3937 [inline] [] packet_direct_xmit+0x429/0x610 net/packet/af_packet.c:271 [] packet_snd net/packet/af_packet.c:2938 [inline] [] packet_sendmsg+0x1f94/0x4eb0 net/packet/af_packet.c:2963 [] sock_sendmsg_nosec net/socket.c:612 [inline] [] sock_sendmsg+0xb5/0xf0 net/socket.c:622 [] SYSC_sendto+0x1c9/0x300 net/socket.c:1648 [] SyS_sendto+0x9/0x10 net/socket.c:1616 [] entry_SYSCALL_64_fastpath+0x23/0xc1 Memory state around the buggy address: ffff8800ae6c4200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff8800ae6c4280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff8800ae6c4300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff8800ae6c4380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff8800ae6c4400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ================================================================== ================================================================== BUG: KASAN: use-after-free in __get_unaligned_cpu32 include/linux/unaligned/packed_struct.h:19 [inline] at addr ffff8800ae12e041 BUG: KASAN: use-after-free in mc_hash drivers/net/macvlan.c:225 [inline] at addr ffff8800ae12e041 BUG: KASAN: use-after-free in macvlan_broadcast+0x48f/0x5b0 drivers/net/macvlan.c:251 at addr ffff8800ae12e041 Read of size 4 by task syz-executor.5/7967 page:ffffea0002b84b80 count:0 mapcount:0 mapping: (null) index:0x0 flags: 0xfffe0000000000() page dumped because: kasan: bad access detected CPU: 0 PID: 7967 Comm: syz-executor.5 Tainted: G B 4.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 1ffffffff0dd577e ffff8800ae1ef878 ffffffff82c7f386 ffff8800ae12e03f ffff8800ae1ef908 ffff8800ae12e041 ffff8800ae4326c0 ffff8800ae1ef8f8 ffffffff817405ba ffffffff816afd26 0000000000000286 0000000000000286 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xe6/0x120 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:190 [inline] [] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275 [] kasan_report mm/kasan/report.c:297 [inline] [] __asan_report_load_n_noabort+0x3a/0x40 mm/kasan/report.c:328 [] __get_unaligned_cpu32 include/linux/unaligned/packed_struct.h:19 [inline] [] mc_hash drivers/net/macvlan.c:225 [inline] [] macvlan_broadcast+0x48f/0x5b0 drivers/net/macvlan.c:251 [] macvlan_queue_xmit drivers/net/macvlan.c:482 [inline] [] macvlan_start_xmit+0x316/0x610 drivers/net/macvlan.c:525 [] __netdev_start_xmit include/linux/netdevice.h:3928 [inline] [] netdev_start_xmit include/linux/netdevice.h:3937 [inline] [] packet_direct_xmit+0x429/0x610 net/packet/af_packet.c:271 [] packet_snd net/packet/af_packet.c:2938 [inline] [] packet_sendmsg+0x1f94/0x4eb0 net/packet/af_packet.c:2963 [] sock_sendmsg_nosec net/socket.c:612 [inline] [] sock_sendmsg+0xb5/0xf0 net/socket.c:622 [] SYSC_sendto+0x1c9/0x300 net/socket.c:1648 [] SyS_sendto+0x9/0x10 net/socket.c:1616 [] entry_SYSCALL_64_fastpath+0x23/0xc1 Memory state around the buggy address: ffff8800ae12df00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff8800ae12df80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff8800ae12e000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff8800ae12e080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff8800ae12e100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ================================================================== ================================================================== BUG: KASAN: use-after-free in __get_unaligned_cpu32 include/linux/unaligned/packed_struct.h:19 [inline] at addr ffff8800ae03f301 BUG: KASAN: use-after-free in mc_hash drivers/net/macvlan.c:225 [inline] at addr ffff8800ae03f301 BUG: KASAN: use-after-free in macvlan_broadcast+0x48f/0x5b0 drivers/net/macvlan.c:251 at addr ffff8800ae03f301 Read of size 4 by task syz-executor.1/7977 page:ffffea0002b80fc0 count:0 mapcount:0 mapping: (null) index:0x0 flags: 0xfffe0000000000() page dumped because: kasan: bad access detected CPU: 0 PID: 7977 Comm: syz-executor.1 Tainted: G B 4.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 1ffffffff0dd577e ffff880127a6f878 ffffffff82c7f386 ffff8800ae03f2ff ffff880127a6f908 ffff8800ae03f301 ffff8800b224a600 ffff880127a6f8f8 ffffffff817405ba ffffffff816afd26 0000000000000286 0000000000000286 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xe6/0x120 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:190 [inline] [] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275 [] kasan_report mm/kasan/report.c:297 [inline] [] __asan_report_load_n_noabort+0x3a/0x40 mm/kasan/report.c:328 [] __get_unaligned_cpu32 include/linux/unaligned/packed_struct.h:19 [inline] [] mc_hash drivers/net/macvlan.c:225 [inline] [] macvlan_broadcast+0x48f/0x5b0 drivers/net/macvlan.c:251 [] macvlan_queue_xmit drivers/net/macvlan.c:482 [inline] [] macvlan_start_xmit+0x316/0x610 drivers/net/macvlan.c:525 [] __netdev_start_xmit include/linux/netdevice.h:3928 [inline] [] netdev_start_xmit include/linux/netdevice.h:3937 [inline] [] packet_direct_xmit+0x429/0x610 net/packet/af_packet.c:271 [] packet_snd net/packet/af_packet.c:2938 [inline] [] packet_sendmsg+0x1f94/0x4eb0 net/packet/af_packet.c:2963 [] sock_sendmsg_nosec net/socket.c:612 [inline] [] sock_sendmsg+0xb5/0xf0 net/socket.c:622 [] SYSC_sendto+0x1c9/0x300 net/socket.c:1648 [] SyS_sendto+0x9/0x10 net/socket.c:1616 [] entry_SYSCALL_64_fastpath+0x23/0xc1 Memory state around the buggy address: ffff8800ae03f200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff8800ae03f280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff8800ae03f300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff8800ae03f380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff8800ae03f400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ================================================================== ================================================================== BUG: KASAN: use-after-free in __get_unaligned_cpu32 include/linux/unaligned/packed_struct.h:19 [inline] at addr ffff8800ae12e2c1 BUG: KASAN: use-after-free in mc_hash drivers/net/macvlan.c:225 [inline] at addr ffff8800ae12e2c1 BUG: KASAN: use-after-free in macvlan_broadcast+0x48f/0x5b0 drivers/net/macvlan.c:251 at addr ffff8800ae12e2c1 Read of size 4 by task syz-executor.3/7979 page:ffffea0002b84b80 count:0 mapcount:0 mapping: (null) index:0x0 flags: 0xfffe0000000000() page dumped because: kasan: bad access detected CPU: 1 PID: 7979 Comm: syz-executor.3 Tainted: G B 4.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 1ffffffff0dd577e ffff8800ae13f878 ffffffff82c7f386 ffff8800ae12e2bf ffff8800ae13f908 ffff8800ae12e2c1 ffff8800ae65a800 ffff8800ae13f8f8 ffffffff817405ba ffffffff816afd26 0000000000000286 0000000000000286 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xe6/0x120 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:190 [inline] [] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275 [] kasan_report mm/kasan/report.c:297 [inline] [] __asan_report_load_n_noabort+0x3a/0x40 mm/kasan/report.c:328 [] __get_unaligned_cpu32 include/linux/unaligned/packed_struct.h:19 [inline] [] mc_hash drivers/net/macvlan.c:225 [inline] [] macvlan_broadcast+0x48f/0x5b0 drivers/net/macvlan.c:251 [] macvlan_queue_xmit drivers/net/macvlan.c:482 [inline] [] macvlan_start_xmit+0x316/0x610 drivers/net/macvlan.c:525 [] __netdev_start_xmit include/linux/netdevice.h:3928 [inline] [] netdev_start_xmit include/linux/netdevice.h:3937 [inline] [] packet_direct_xmit+0x429/0x610 net/packet/af_packet.c:271 [] packet_snd net/packet/af_packet.c:2938 [inline] [] packet_sendmsg+0x1f94/0x4eb0 net/packet/af_packet.c:2963 [] sock_sendmsg_nosec net/socket.c:612 [inline] [] sock_sendmsg+0xb5/0xf0 net/socket.c:622 [] SYSC_sendto+0x1c9/0x300 net/socket.c:1648 [] SyS_sendto+0x9/0x10 net/socket.c:1616 [] entry_SYSCALL_64_fastpath+0x23/0xc1 Memory state around the buggy address: ffff8800ae12e180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff8800ae12e200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff8800ae12e280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff8800ae12e300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff8800ae12e380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ================================================================== ================================================================== BUG: KASAN: use-after-free in __get_unaligned_cpu32 include/linux/unaligned/packed_struct.h:19 [inline] at addr ffff8800ae12e7c1 BUG: KASAN: use-after-free in mc_hash drivers/net/macvlan.c:225 [inline] at addr ffff8800ae12e7c1 BUG: KASAN: use-after-free in macvlan_broadcast+0x48f/0x5b0 drivers/net/macvlan.c:251 at addr ffff8800ae12e7c1 Read of size 4 by task syz-executor.5/7996 page:ffffea0002b84b80 count:0 mapcount:0 mapping: (null) index:0x0 flags: 0xfffe0000000000() page dumped because: kasan: bad access detected CPU: 0 PID: 7996 Comm: syz-executor.5 Tainted: G B 4.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 1ffffffff0dd577e ffff8800ae15f878 ffffffff82c7f386 ffff8800ae12e7bf ffff8800ae15f908 ffff8800ae12e7c1 ffff8800ae4326c0 ffff8800ae15f8f8 ffffffff817405ba ffffffff816afd26 0000000000000286 0000000000000286 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xe6/0x120 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:190 [inline] [] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275 [] kasan_report mm/kasan/report.c:297 [inline] [] __asan_report_load_n_noabort+0x3a/0x40 mm/kasan/report.c:328 [] __get_unaligned_cpu32 include/linux/unaligned/packed_struct.h:19 [inline] [] mc_hash drivers/net/macvlan.c:225 [inline] [] macvlan_broadcast+0x48f/0x5b0 drivers/net/macvlan.c:251 [] macvlan_queue_xmit drivers/net/macvlan.c:482 [inline] [] macvlan_start_xmit+0x316/0x610 drivers/net/macvlan.c:525 [