Warning: Permanently added '10.128.0.139' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 36.078939] netlink: 8 bytes leftover after parsing attributes in process `syz-executor787'. [ 36.104432] netlink: 8 bytes leftover after parsing attributes in process `syz-executor787'. [ 36.120849] ================================================================== [ 36.128381] BUG: KASAN: use-after-free in rtnl_newlink+0x1530/0x15c0 [ 36.134875] Read of size 1 at addr ffff88809532c7a8 by task syz-executor787/8094 [ 36.142393] [ 36.144015] CPU: 0 PID: 8094 Comm: syz-executor787 Not tainted 4.19.211-syzkaller #0 [ 36.151874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 36.161213] Call Trace: [ 36.163808] dump_stack+0x1fc/0x2ef [ 36.167446] print_address_description.cold+0x54/0x219 [ 36.172709] kasan_report_error.cold+0x8a/0x1b9 [ 36.177371] ? rtnl_newlink+0x1530/0x15c0 [ 36.181636] __asan_report_load1_noabort+0x88/0x90 [ 36.186645] ? rtnl_newlink+0x1530/0x15c0 [ 36.190789] rtnl_newlink+0x1530/0x15c0 [ 36.194770] ? rtnl_getlink+0x620/0x620 [ 36.198751] ? get_reg+0x1f0/0x1f0 [ 36.202274] ? unwind_next_frame+0xeee/0x1400 [ 36.206856] ? __save_stack_trace+0x72/0x190 [ 36.211246] ? deref_stack_reg+0x134/0x1d0 [ 36.215465] ? get_reg+0x176/0x1f0 [ 36.218992] ? mark_held_locks+0xf0/0xf0 [ 36.223046] ? unwind_next_frame+0xeee/0x1400 [ 36.227700] ? __lock_acquire+0x6de/0x3ff0 [ 36.231924] ? get_reg+0x1f0/0x1f0 [ 36.235449] ? is_bpf_text_address+0xd5/0x1b0 [ 36.239930] ? mark_held_locks+0xf0/0xf0 [ 36.243972] ? unwind_next_frame+0xeee/0x1400 [ 36.248468] ? __save_stack_trace+0x72/0x190 [ 36.252858] ? deref_stack_reg+0x134/0x1d0 [ 36.257079] ? get_reg+0x176/0x1f0 [ 36.260614] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 36.266523] ? deref_stack_reg+0x1d0/0x1d0 [ 36.270750] ? __lock_acquire+0x6de/0x3ff0 [ 36.274987] ? __lock_acquire+0x6de/0x3ff0 [ 36.279235] ? mark_held_locks+0xf0/0xf0 [ 36.283282] ? get_reg+0x1f0/0x1f0 [ 36.286806] ? unwind_next_frame+0xeee/0x1400 [ 36.291319] ? mutex_trylock+0x1a0/0x1a0 [ 36.295371] ? rtnl_getlink+0x620/0x620 [ 36.299528] rtnetlink_rcv_msg+0x453/0xb80 [ 36.303750] ? rtnl_calcit.isra.0+0x430/0x430 [ 36.308313] ? __netlink_lookup+0x3fc/0x730 [ 36.312621] ? lock_downgrade+0x720/0x720 [ 36.316851] ? check_preemption_disabled+0x41/0x280 [ 36.321868] netlink_rcv_skb+0x160/0x440 [ 36.325927] ? rtnl_calcit.isra.0+0x430/0x430 [ 36.330436] ? netlink_ack+0xae0/0xae0 [ 36.334328] netlink_unicast+0x4d5/0x690 [ 36.338381] ? netlink_sendskb+0x110/0x110 [ 36.342606] ? _copy_from_iter_full+0x229/0x7c0 [ 36.347264] ? __phys_addr_symbol+0x2c/0x70 [ 36.351574] ? __check_object_size+0x17b/0x3e0 [ 36.356146] netlink_sendmsg+0x6c3/0xc50 [ 36.360333] ? aa_af_perm+0x230/0x230 [ 36.364125] ? nlmsg_notify+0x1f0/0x1f0 [ 36.368127] ? kernel_recvmsg+0x220/0x220 [ 36.372278] ? nlmsg_notify+0x1f0/0x1f0 [ 36.376243] sock_sendmsg+0xc3/0x120 [ 36.379947] ___sys_sendmsg+0x7bb/0x8e0 [ 36.383916] ? copy_msghdr_from_user+0x440/0x440 [ 36.388685] ? do_wp_page+0x2dc/0x2210 [ 36.392560] ? finish_mkwrite_fault+0x640/0x640 [ 36.397313] ? __handle_mm_fault+0x15f6/0x41c0 [ 36.401908] ? mark_held_locks+0xf0/0xf0 [ 36.405984] ? __handle_mm_fault+0xf34/0x41c0 [ 36.410498] ? errseq_sample+0x56/0x70 [ 36.414383] ? vm_insert_page+0x9c0/0x9c0 [ 36.418534] ? __do_page_fault+0x6d1/0xd60 [ 36.422763] ? __fdget+0x1a0/0x230 [ 36.426310] __x64_sys_sendmsg+0x132/0x220 [ 36.430627] ? __sys_sendmsg+0x1b0/0x1b0 [ 36.434794] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 36.440152] ? trace_hardirqs_off_caller+0x6e/0x210 [ 36.445161] ? do_syscall_64+0x21/0x620 [ 36.449134] do_syscall_64+0xf9/0x620 [ 36.452926] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.458100] RIP: 0033:0x7fe5ec064ff9 [ 36.461792] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 36.480774] RSP: 002b:00007ffc8f3d6ff8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 36.488727] RAX: ffffffffffffffda RBX: 0000000000008ce8 RCX: 00007fe5ec064ff9 [ 36.496025] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 36.503302] RBP: 0000000000000000 R08: 00007ffc8f3d7198 R09: 00007ffc8f3d7198 [ 36.510569] R10: 00007ffc8f3d7198 R11: 0000000000000246 R12: 00007ffc8f3d700c [ 36.517831] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 36.525182] [ 36.526794] Allocated by task 8094: [ 36.530414] __kmalloc_node+0x4c/0x70 [ 36.534205] kvmalloc_node+0xb4/0xf0 [ 36.537903] alloc_netdev_mqs+0x97/0xd50 [ 36.541945] rtnl_create_link+0x1d4/0xa40 [ 36.546075] rtnl_newlink+0xf45/0x15c0 [ 36.549945] rtnetlink_rcv_msg+0x453/0xb80 [ 36.554161] netlink_rcv_skb+0x160/0x440 [ 36.558226] netlink_unicast+0x4d5/0x690 [ 36.562266] netlink_sendmsg+0x6c3/0xc50 [ 36.566312] sock_sendmsg+0xc3/0x120 [ 36.570006] ___sys_sendmsg+0x7bb/0x8e0 [ 36.573964] __x64_sys_sendmsg+0x132/0x220 [ 36.578199] do_syscall_64+0xf9/0x620 [ 36.581992] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.587154] [ 36.588766] Freed by task 8094: [ 36.592048] kfree+0xcc/0x210 [ 36.595140] kvfree+0x59/0x60 [ 36.598227] free_netdev+0x364/0x410 [ 36.601942] device_release+0x76/0x210 [ 36.605830] kobject_put+0x28b/0x5d0 [ 36.609660] device_unregister+0x35/0xc0 [ 36.613719] register_netdevice+0x901/0x10f0 [ 36.618115] nsim_newlink+0x162/0x1c0 [ 36.621902] rtnl_newlink+0x1030/0x15c0 [ 36.625864] rtnetlink_rcv_msg+0x453/0xb80 [ 36.630086] netlink_rcv_skb+0x160/0x440 [ 36.634138] netlink_unicast+0x4d5/0x690 [ 36.638188] netlink_sendmsg+0x6c3/0xc50 [ 36.642236] sock_sendmsg+0xc3/0x120 [ 36.645929] ___sys_sendmsg+0x7bb/0x8e0 [ 36.649887] __x64_sys_sendmsg+0x132/0x220 [ 36.654103] do_syscall_64+0xf9/0x620 [ 36.657890] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.663573] [ 36.665184] The buggy address belongs to the object at ffff88809532c240 [ 36.665184] which belongs to the cache kmalloc-8192 of size 8192 [ 36.678015] The buggy address is located 1384 bytes inside of [ 36.678015] 8192-byte region [ffff88809532c240, ffff88809532e240) [ 36.690063] The buggy address belongs to the page: [ 36.694983] page:ffffea000254cb00 count:1 mapcount:0 mapping:ffff88813bff2080 index:0x0 compound_mapcount: 0 [ 36.704937] flags: 0xfff00000008100(slab|head) [ 36.709507] raw: 00fff00000008100 ffffea0002c56008 ffff88813bff1b48 ffff88813bff2080 [ 36.717370] raw: 0000000000000000 ffff88809532c240 0000000100000001 0000000000000000 [ 36.725238] page dumped because: kasan: bad access detected [ 36.730954] [ 36.732687] Memory state around the buggy address: [ 36.737610] ffff88809532c680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.744957] ffff88809532c700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.752312] >ffff88809532c780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.759651] ^ [ 36.764328] ffff88809532c800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.771685] ffff88809532c880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.779023] ================================================================== [ 36.786371] Disabling lock debugging due to kernel taint [ 36.792076] Kernel panic - not syncing: panic_on_warn set ... [ 36.792076] [ 36.799445] CPU: 0 PID: 8094 Comm: syz-executor787 Tainted: G B 4.19.211-syzkaller #0 [ 36.808710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 36.818063] Call Trace: [ 36.820652] dump_stack+0x1fc/0x2ef [ 36.824287] panic+0x26a/0x50e [ 36.827484] ? __warn_printk+0xf3/0xf3 [ 36.831376] ? preempt_schedule_common+0x45/0xc0 [ 36.836131] ? ___preempt_schedule+0x16/0x18 [ 36.840538] ? trace_hardirqs_on+0x55/0x210 [ 36.844846] kasan_end_report+0x43/0x49 [ 36.848807] kasan_report_error.cold+0xa7/0x1b9 [ 36.853471] ? rtnl_newlink+0x1530/0x15c0 [ 36.857611] __asan_report_load1_noabort+0x88/0x90 [ 36.862526] ? rtnl_newlink+0x1530/0x15c0 [ 36.866655] rtnl_newlink+0x1530/0x15c0 [ 36.870640] ? rtnl_getlink+0x620/0x620 [ 36.874628] ? get_reg+0x1f0/0x1f0 [ 36.878148] ? unwind_next_frame+0xeee/0x1400 [ 36.882640] ? __save_stack_trace+0x72/0x190 [ 36.887031] ? deref_stack_reg+0x134/0x1d0 [ 36.891268] ? get_reg+0x176/0x1f0 [ 36.894788] ? mark_held_locks+0xf0/0xf0 [ 36.898832] ? unwind_next_frame+0xeee/0x1400 [ 36.903309] ? __lock_acquire+0x6de/0x3ff0 [ 36.907561] ? get_reg+0x1f0/0x1f0 [ 36.911099] ? is_bpf_text_address+0xd5/0x1b0 [ 36.915575] ? mark_held_locks+0xf0/0xf0 [ 36.919616] ? unwind_next_frame+0xeee/0x1400 [ 36.924094] ? __save_stack_trace+0x72/0x190 [ 36.928479] ? deref_stack_reg+0x134/0x1d0 [ 36.932691] ? get_reg+0x176/0x1f0 [ 36.936212] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 36.942074] ? deref_stack_reg+0x1d0/0x1d0 [ 36.946302] ? __lock_acquire+0x6de/0x3ff0 [ 36.950518] ? __lock_acquire+0x6de/0x3ff0 [ 36.954733] ? mark_held_locks+0xf0/0xf0 [ 36.958774] ? get_reg+0x1f0/0x1f0 [ 36.962311] ? unwind_next_frame+0xeee/0x1400 [ 36.966797] ? mutex_trylock+0x1a0/0x1a0 [ 36.970853] ? rtnl_getlink+0x620/0x620 [ 36.974913] rtnetlink_rcv_msg+0x453/0xb80 [ 36.979156] ? rtnl_calcit.isra.0+0x430/0x430 [ 36.983635] ? __netlink_lookup+0x3fc/0x730 [ 36.987968] ? lock_downgrade+0x720/0x720 [ 36.992117] ? check_preemption_disabled+0x41/0x280 [ 36.997120] netlink_rcv_skb+0x160/0x440 [ 37.001167] ? rtnl_calcit.isra.0+0x430/0x430 [ 37.005642] ? netlink_ack+0xae0/0xae0 [ 37.009623] netlink_unicast+0x4d5/0x690 [ 37.013666] ? netlink_sendskb+0x110/0x110 [ 37.017942] ? _copy_from_iter_full+0x229/0x7c0 [ 37.022606] ? __phys_addr_symbol+0x2c/0x70 [ 37.026991] ? __check_object_size+0x17b/0x3e0 [ 37.031554] netlink_sendmsg+0x6c3/0xc50 [ 37.035605] ? aa_af_perm+0x230/0x230 [ 37.039392] ? nlmsg_notify+0x1f0/0x1f0 [ 37.043468] ? kernel_recvmsg+0x220/0x220 [ 37.047606] ? nlmsg_notify+0x1f0/0x1f0 [ 37.051563] sock_sendmsg+0xc3/0x120 [ 37.055259] ___sys_sendmsg+0x7bb/0x8e0 [ 37.059217] ? copy_msghdr_from_user+0x440/0x440 [ 37.063955] ? do_wp_page+0x2dc/0x2210 [ 37.067823] ? finish_mkwrite_fault+0x640/0x640 [ 37.072471] ? __handle_mm_fault+0x15f6/0x41c0 [ 37.077041] ? mark_held_locks+0xf0/0xf0 [ 37.081086] ? __handle_mm_fault+0xf34/0x41c0 [ 37.085570] ? errseq_sample+0x56/0x70 [ 37.089438] ? vm_insert_page+0x9c0/0x9c0 [ 37.093570] ? __do_page_fault+0x6d1/0xd60 [ 37.097784] ? __fdget+0x1a0/0x230 [ 37.101302] __x64_sys_sendmsg+0x132/0x220 [ 37.105517] ? __sys_sendmsg+0x1b0/0x1b0 [ 37.109584] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 37.114933] ? trace_hardirqs_off_caller+0x6e/0x210 [ 37.119930] ? do_syscall_64+0x21/0x620 [ 37.123884] do_syscall_64+0xf9/0x620 [ 37.127668] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.132833] RIP: 0033:0x7fe5ec064ff9 [ 37.136531] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 37.155415] RSP: 002b:00007ffc8f3d6ff8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 37.163103] RAX: ffffffffffffffda RBX: 0000000000008ce8 RCX: 00007fe5ec064ff9 [ 37.170349] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 37.177611] RBP: 0000000000000000 R08: 00007ffc8f3d7198 R09: 00007ffc8f3d7198 [ 37.184866] R10: 00007ffc8f3d7198 R11: 0000000000000246 R12: 00007ffc8f3d700c [ 37.192138] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 37.199637] Kernel Offset: disabled [ 37.203264] Rebooting in 86400 seconds..