Warning: Permanently added '10.128.0.225' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
executing program
syzkaller login: [   40.844136] netlink: 8 bytes leftover after parsing attributes in process `syz-executor467'.
[   40.870824] netlink: 8 bytes leftover after parsing attributes in process `syz-executor467'.
[   40.902019] ==================================================================
[   40.909550] BUG: KASAN: use-after-free in rtnl_newlink+0x1530/0x15c0
[   40.916045] Read of size 1 at addr ffff8880b065c9a8 by task syz-executor467/8104
[   40.923654] 
[   40.925287] CPU: 1 PID: 8104 Comm: syz-executor467 Not tainted 4.19.211-syzkaller #0
[   40.933160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   40.942508] Call Trace:
[   40.945100]  dump_stack+0x1fc/0x2ef
[   40.948738]  print_address_description.cold+0x54/0x219
[   40.954025]  kasan_report_error.cold+0x8a/0x1b9
[   40.958706]  ? rtnl_newlink+0x1530/0x15c0
[   40.962859]  __asan_report_load1_noabort+0x88/0x90
[   40.967794]  ? rtnl_newlink+0x1530/0x15c0
[   40.971950]  rtnl_newlink+0x1530/0x15c0
[   40.975936]  ? rtnl_getlink+0x620/0x620
[   40.979911]  ? __save_stack_trace+0x72/0x190
[   40.984322]  ? deref_stack_reg+0x134/0x1d0
[   40.988570]  ? __lock_acquire+0x6de/0x3ff0
[   40.992839]  ? check_usage+0x19a/0x670
[   40.996733]  ? mark_held_locks+0xf0/0xf0
[   41.001229]  ? __bpf_address_lookup+0x330/0x330
[   41.005908]  ? check_preemption_disabled+0x41/0x280
[   41.010934]  ? mark_held_locks+0xf0/0xf0
[   41.015005]  ? __lock_acquire+0x6de/0x3ff0
[   41.019259]  ? __update_load_avg_se+0x5ec/0xa00
[   41.023935]  ? mark_held_locks+0xf0/0xf0
[   41.028014]  ? __lock_acquire+0x6de/0x3ff0
[   41.032266]  ? mark_held_locks+0xf0/0xf0
[   41.036343]  ? _raw_spin_unlock_irq+0x24/0x80
[   41.040847]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[   41.045437]  ? _raw_spin_unlock_irq+0x5a/0x80
[   41.049944]  ? finish_task_switch+0x146/0x760
[   41.054479]  ? mutex_trylock+0x1a0/0x1a0
[   41.058563]  ? rtnl_getlink+0x620/0x620
[   41.062544]  rtnetlink_rcv_msg+0x453/0xb80
[   41.066787]  ? rtnl_calcit.isra.0+0x430/0x430
[   41.071288]  ? __netlink_lookup+0x3fc/0x730
[   41.075617]  ? lock_downgrade+0x720/0x720
[   41.079770]  ? check_preemption_disabled+0x41/0x280
[   41.084795]  netlink_rcv_skb+0x160/0x440
[   41.088864]  ? rtnl_calcit.isra.0+0x430/0x430
[   41.093367]  ? netlink_ack+0xae0/0xae0
[   41.097273]  netlink_unicast+0x4d5/0x690
[   41.101343]  ? netlink_sendskb+0x110/0x110
[   41.105587]  ? _copy_from_iter_full+0x229/0x7c0
[   41.110261]  ? __phys_addr_symbol+0x2c/0x70
[   41.114589]  ? __check_object_size+0x17b/0x3e0
[   41.119179]  netlink_sendmsg+0x6c3/0xc50
[   41.123255]  ? aa_af_perm+0x230/0x230
[   41.127063]  ? nlmsg_notify+0x1f0/0x1f0
[   41.131033]  ? kernel_recvmsg+0x220/0x220
[   41.135199]  ? nlmsg_notify+0x1f0/0x1f0
[   41.139184]  sock_sendmsg+0xc3/0x120
[   41.142903]  ___sys_sendmsg+0x7bb/0x8e0
[   41.146879]  ? lock_acquire+0x170/0x3c0
[   41.150851]  ? copy_msghdr_from_user+0x440/0x440
[   41.155627]  ? lock_downgrade+0x720/0x720
[   41.159775]  ? lock_acquire+0x170/0x3c0
[   41.163756]  ? debug_object_active_state+0x104/0x330
[   41.168864]  ? mark_held_locks+0xf0/0xf0
[   41.172931]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[   41.177515]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[   41.182640]  ? debug_object_active_state+0x254/0x330
[   41.187749]  ? debug_object_init_on_stack+0x20/0x20
[   41.192770]  ? kfree+0x110/0x210
[   41.196145]  ? __fdget+0x1a0/0x230
[   41.199693]  __x64_sys_sendmsg+0x132/0x220
[   41.203928]  ? __sys_sendmsg+0x1b0/0x1b0
[   41.208009]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   41.213393]  ? trace_hardirqs_off_caller+0x6e/0x210
[   41.218416]  ? do_syscall_64+0x21/0x620
[   41.222400]  do_syscall_64+0xf9/0x620
[   41.226214]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   41.231402] RIP: 0033:0x7f3ed255dbc9
[   41.235117] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   41.254022] RSP: 002b:00007ffe4ce02188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   41.261736] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f3ed255dbc9
[   41.269010] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004
[   41.276282] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001
[   41.283553] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3ed2520e20
[   41.290826] R13: 0000000000000000 R14: 00007ffe4ce021b0 R15: 00007ffe4ce021a0
[   41.298107] 
[   41.299730] Allocated by task 8104:
[   41.303367]  __kmalloc_node+0x4c/0x70
[   41.307175]  kvmalloc_node+0xb4/0xf0
[   41.310894]  alloc_netdev_mqs+0x97/0xd50
[   41.314958]  rtnl_create_link+0x1d4/0xa40
[   41.319108]  rtnl_newlink+0xf45/0x15c0
[   41.322999]  rtnetlink_rcv_msg+0x453/0xb80
[   41.327241]  netlink_rcv_skb+0x160/0x440
[   41.331304]  netlink_unicast+0x4d5/0x690
[   41.335366]  netlink_sendmsg+0x6c3/0xc50
[   41.339429]  sock_sendmsg+0xc3/0x120
[   41.343142]  ___sys_sendmsg+0x7bb/0x8e0
[   41.347118]  __x64_sys_sendmsg+0x132/0x220
[   41.351362]  do_syscall_64+0xf9/0x620
[   41.355163]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   41.360347] 
[   41.361966] Freed by task 8104:
[   41.365508]  kfree+0xcc/0x210
[   41.368619]  kvfree+0x59/0x60
[   41.371723]  free_netdev+0x364/0x410
[   41.375436]  device_release+0x76/0x210
[   41.379326]  kobject_put+0x28b/0x5d0
[   41.383036]  device_unregister+0x35/0xc0
[   41.387086]  register_netdevice+0x901/0x10f0
[   41.391482]  nsim_newlink+0x162/0x1c0
[   41.395272]  rtnl_newlink+0x1030/0x15c0
[   41.399237]  rtnetlink_rcv_msg+0x453/0xb80
[   41.403450]  netlink_rcv_skb+0x160/0x440
[   41.407488]  netlink_unicast+0x4d5/0x690
[   41.411529]  netlink_sendmsg+0x6c3/0xc50
[   41.415571]  sock_sendmsg+0xc3/0x120
[   41.419262]  ___sys_sendmsg+0x7bb/0x8e0
[   41.423219]  __x64_sys_sendmsg+0x132/0x220
[   41.427492]  do_syscall_64+0xf9/0x620
[   41.431271]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   41.436443] 
[   41.438059] The buggy address belongs to the object at ffff8880b065c440
[   41.438059]  which belongs to the cache kmalloc-8192 of size 8192
[   41.450877] The buggy address is located 1384 bytes inside of
[   41.450877]  8192-byte region [ffff8880b065c440, ffff8880b065e440)
[   41.462909] The buggy address belongs to the page:
[   41.467818] page:ffffea0002c19700 count:1 mapcount:0 mapping:ffff88813bff2080 index:0x0 compound_mapcount: 0
[   41.477761] flags: 0xfff00000008100(slab|head)
[   41.482335] raw: 00fff00000008100 ffffea0002539c08 ffff88813bff1b48 ffff88813bff2080
[   41.490197] raw: 0000000000000000 ffff8880b065c440 0000000100000001 0000000000000000
[   41.498054] page dumped because: kasan: bad access detected
[   41.503740] 
[   41.505356] Memory state around the buggy address:
[   41.510268]  ffff8880b065c880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   41.517665]  ffff8880b065c900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   41.525023] >ffff8880b065c980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   41.532369]                                   ^
[   41.537018]  ffff8880b065ca00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   41.544357]  ffff8880b065ca80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   41.551697] ==================================================================
[   41.559052] Disabling lock debugging due to kernel taint
[   41.568095] Kernel panic - not syncing: panic_on_warn set ...
[   41.568095] 
[   41.575479] CPU: 0 PID: 8104 Comm: syz-executor467 Tainted: G    B             4.19.211-syzkaller #0
[   41.584745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   41.594091] Call Trace:
[   41.596700]  dump_stack+0x1fc/0x2ef
[   41.600329]  panic+0x26a/0x50e
[   41.603519]  ? __warn_printk+0xf3/0xf3
[   41.607404]  ? preempt_schedule_common+0x45/0xc0
[   41.612137]  ? ___preempt_schedule+0x16/0x18
[   41.616524]  ? trace_hardirqs_on+0x55/0x210
[   41.620916]  kasan_end_report+0x43/0x49
[   41.624868]  kasan_report_error.cold+0xa7/0x1b9
[   41.629516]  ? rtnl_newlink+0x1530/0x15c0
[   41.633642]  __asan_report_load1_noabort+0x88/0x90
[   41.638553]  ? rtnl_newlink+0x1530/0x15c0
[   41.642677]  rtnl_newlink+0x1530/0x15c0
[   41.646630]  ? rtnl_getlink+0x620/0x620
[   41.650595]  ? __save_stack_trace+0x72/0x190
[   41.654980]  ? deref_stack_reg+0x134/0x1d0
[   41.659204]  ? __lock_acquire+0x6de/0x3ff0
[   41.663417]  ? check_usage+0x19a/0x670
[   41.667289]  ? mark_held_locks+0xf0/0xf0
[   41.671338]  ? __bpf_address_lookup+0x330/0x330
[   41.675995]  ? check_preemption_disabled+0x41/0x280
[   41.680990]  ? mark_held_locks+0xf0/0xf0
[   41.685030]  ? __lock_acquire+0x6de/0x3ff0
[   41.689253]  ? __update_load_avg_se+0x5ec/0xa00
[   41.693899]  ? mark_held_locks+0xf0/0xf0
[   41.697982]  ? __lock_acquire+0x6de/0x3ff0
[   41.702207]  ? mark_held_locks+0xf0/0xf0
[   41.706262]  ? _raw_spin_unlock_irq+0x24/0x80
[   41.710757]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[   41.715345]  ? _raw_spin_unlock_irq+0x5a/0x80
[   41.719821]  ? finish_task_switch+0x146/0x760
[   41.724319]  ? mutex_trylock+0x1a0/0x1a0
[   41.728362]  ? rtnl_getlink+0x620/0x620
[   41.732328]  rtnetlink_rcv_msg+0x453/0xb80
[   41.736552]  ? rtnl_calcit.isra.0+0x430/0x430
[   41.741025]  ? __netlink_lookup+0x3fc/0x730
[   41.745328]  ? lock_downgrade+0x720/0x720
[   41.749453]  ? check_preemption_disabled+0x41/0x280
[   41.754443]  netlink_rcv_skb+0x160/0x440
[   41.758486]  ? rtnl_calcit.isra.0+0x430/0x430
[   41.762961]  ? netlink_ack+0xae0/0xae0
[   41.766830]  netlink_unicast+0x4d5/0x690
[   41.770868]  ? netlink_sendskb+0x110/0x110
[   41.775165]  ? _copy_from_iter_full+0x229/0x7c0
[   41.779839]  ? __phys_addr_symbol+0x2c/0x70
[   41.784156]  ? __check_object_size+0x17b/0x3e0
[   41.788808]  netlink_sendmsg+0x6c3/0xc50
[   41.792852]  ? aa_af_perm+0x230/0x230
[   41.796796]  ? nlmsg_notify+0x1f0/0x1f0
[   41.800763]  ? kernel_recvmsg+0x220/0x220
[   41.804912]  ? nlmsg_notify+0x1f0/0x1f0
[   41.808980]  sock_sendmsg+0xc3/0x120
[   41.812701]  ___sys_sendmsg+0x7bb/0x8e0
[   41.816660]  ? lock_acquire+0x170/0x3c0
[   41.820620]  ? copy_msghdr_from_user+0x440/0x440
[   41.829039]  ? lock_downgrade+0x720/0x720
[   41.833170]  ? lock_acquire+0x170/0x3c0
[   41.837121]  ? debug_object_active_state+0x104/0x330
[   41.842199]  ? mark_held_locks+0xf0/0xf0
[   41.846236]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[   41.850798]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[   41.855878]  ? debug_object_active_state+0x254/0x330
[   41.860955]  ? debug_object_init_on_stack+0x20/0x20
[   41.865948]  ? kfree+0x110/0x210
[   41.869377]  ? __fdget+0x1a0/0x230
[   41.872895]  __x64_sys_sendmsg+0x132/0x220
[   41.877127]  ? __sys_sendmsg+0x1b0/0x1b0
[   41.881258]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   41.886600]  ? trace_hardirqs_off_caller+0x6e/0x210
[   41.891594]  ? do_syscall_64+0x21/0x620
[   41.895545]  do_syscall_64+0xf9/0x620
[   41.899326]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   41.904493] RIP: 0033:0x7f3ed255dbc9
[   41.908185] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   41.927068] RSP: 002b:00007ffe4ce02188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   41.934752] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f3ed255dbc9
[   41.942008] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004
[   41.949253] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001
[   41.956628] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3ed2520e20
[   41.963886] R13: 0000000000000000 R14: 00007ffe4ce021b0 R15: 00007ffe4ce021a0
[   41.971339] Kernel Offset: disabled
[   41.974966] Rebooting in 86400 seconds..