Warning: Permanently added '10.128.0.192' (ECDSA) to the list of known hosts. [ 61.313304][ T6806] IPVS: ftp: loaded support on port[0] = 21 [ 61.321269][ T6809] IPVS: ftp: loaded support on port[0] = 21 [ 61.333476][ T6807] IPVS: ftp: loaded support on port[0] = 21 [ 61.333495][ T6805] IPVS: ftp: loaded support on port[0] = 21 [ 61.344450][ T6810] IPVS: ftp: loaded support on port[0] = 21 [ 61.350283][ T6808] IPVS: ftp: loaded support on port[0] = 21 executing program executing program executing program executing program [ 61.526308][ T6906] netlink: 'syz-executor021': attribute type 3 has an invalid length. [ 61.529966][ T6893] netlink: 'syz-executor021': attribute type 3 has an invalid length. [ 61.537569][ T6906] netlink: 'syz-executor021': attribute type 8 has an invalid length. [ 61.553115][ T6906] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor021'. [ 61.560767][ T6917] netlink: 'syz-executor021': attribute type 3 has an invalid length. executing program executing program [ 61.587919][ T6929] netlink: 'syz-executor021': attribute type 3 has an invalid length. [ 61.590276][ T6893] netlink: 'syz-executor021': attribute type 8 has an invalid length. [ 61.601832][ T6933] netlink: 'syz-executor021': attribute type 3 has an invalid length. [ 61.609601][ T6917] netlink: 'syz-executor021': attribute type 8 has an invalid length. [ 61.614863][ T6931] netlink: 'syz-executor021': attribute type 3 has an invalid length. executing program executing program [ 61.624687][ T6917] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor021'. [ 61.630385][ T6929] netlink: 'syz-executor021': attribute type 8 has an invalid length. [ 61.639926][ T6893] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor021'. [ 61.650557][ T6933] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor021'. [ 61.669024][ T6938] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor021'. [ 61.669051][ T6937] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor021'. executing program executing program executing program executing program [ 61.681809][ T6931] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor021'. [ 61.689302][ T6929] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor021'. [ 61.708980][ T6939] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor021'. [ 61.715766][ T6940] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor021'. executing program executing program [ 61.736095][ T6929] ================================================================== [ 61.744369][ T6929] BUG: KASAN: vmalloc-out-of-bounds in nl802154_dump_wpan_phy+0x98e/0x9c0 [ 61.752861][ T6929] Read of size 4 at addr ffffc900020ad018 by task syz-executor021/6929 [ 61.761083][ T6929] [ 61.763407][ T6929] CPU: 1 PID: 6929 Comm: syz-executor021 Not tainted 5.8.0-rc2-syzkaller #0 [ 61.772052][ T6929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.782088][ T6929] Call Trace: [ 61.785363][ T6929] dump_stack+0x18f/0x20d [ 61.789691][ T6929] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 61.795247][ T6929] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 61.800806][ T6929] print_address_description.constprop.0.cold+0x5/0x436 [ 61.807739][ T6929] ? check_preemption_disabled+0x38/0x220 [ 61.813444][ T6929] ? vprintk_func+0x97/0x1a6 [ 61.818024][ T6929] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 61.823550][ T6929] kasan_report.cold+0x1f/0x37 [ 61.828299][ T6929] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 61.833834][ T6929] nl802154_dump_wpan_phy+0x98e/0x9c0 [ 61.839203][ T6929] ? kmem_cache_alloc_node_trace+0x3b0/0x400 [ 61.845166][ T6929] ? __kmalloc_node_track_caller+0x38/0x60 [ 61.850959][ T6929] ? nl802154_send_wpan_phy.constprop.0+0x21d0/0x21d0 [ 61.857714][ T6929] ? __phys_addr+0x9a/0x110 [ 61.862220][ T6929] ? memset+0x20/0x40 [ 61.866200][ T6929] genl_lock_dumpit+0x7f/0xb0 [ 61.870878][ T6929] netlink_dump+0x4cd/0xf60 [ 61.875364][ T6929] ? netlink_insert+0x1670/0x1670 [ 61.880381][ T6929] ? __mutex_unlock_slowpath+0xe2/0x610 [ 61.885939][ T6929] ? genl_start+0x45a/0x6e0 [ 61.890454][ T6929] __netlink_dump_start+0x643/0x900 [ 61.895638][ T6929] ? genl_rcv_msg+0x9e0/0x9e0 [ 61.900298][ T6929] ? nl802154_send_wpan_phy.constprop.0+0x21d0/0x21d0 [ 61.907039][ T6929] genl_family_rcv_msg_dumpit+0x2ac/0x310 [ 61.912755][ T6929] ? genl_rcv+0x40/0x40 [ 61.916904][ T6929] ? mutex_lock_io_nested+0xf60/0xf60 [ 61.922273][ T6929] ? mark_lock+0xbc/0x1710 [ 61.926674][ T6929] ? genl_rcv_msg+0x9e0/0x9e0 [ 61.931346][ T6929] ? genl_unlock+0x20/0x20 [ 61.935748][ T6929] ? genl_parallel_done+0x170/0x170 [ 61.940936][ T6929] ? __radix_tree_lookup+0x1f3/0x290 [ 61.946213][ T6929] genl_rcv_msg+0x797/0x9e0 [ 61.950707][ T6929] ? genl_family_rcv_msg_attrs_parse.isra.0+0x310/0x310 [ 61.957627][ T6929] ? lock_acquire+0x1f1/0xad0 [ 61.962284][ T6929] ? genl_rcv+0x15/0x40 [ 61.966422][ T6929] ? lock_release+0x8d0/0x8d0 [ 61.971088][ T6929] netlink_rcv_skb+0x15a/0x430 [ 61.975834][ T6929] ? genl_family_rcv_msg_attrs_parse.isra.0+0x310/0x310 [ 61.982761][ T6929] ? netlink_ack+0xa10/0xa10 [ 61.987353][ T6929] genl_rcv+0x24/0x40 [ 61.991314][ T6929] netlink_unicast+0x533/0x7d0 [ 61.996061][ T6929] ? netlink_attachskb+0x810/0x810 [ 62.001160][ T6929] ? _copy_from_iter_full+0x247/0x890 [ 62.006526][ T6929] ? __phys_addr_symbol+0x2c/0x70 [ 62.011542][ T6929] ? __check_object_size+0x171/0x3e4 [ 62.016829][ T6929] netlink_sendmsg+0x856/0xd90 [ 62.021605][ T6929] ? netlink_unicast+0x7d0/0x7d0 [ 62.026544][ T6929] ? netlink_unicast+0x7d0/0x7d0 [ 62.031475][ T6929] sock_sendmsg+0xcf/0x120 [ 62.035914][ T6929] ____sys_sendmsg+0x6e8/0x810 [ 62.040679][ T6929] ? kernel_sendmsg+0x50/0x50 [ 62.045344][ T6929] ? do_recvmmsg+0x6d0/0x6d0 [ 62.049937][ T6929] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 62.055907][ T6929] ? release_pages+0x641/0x17a0 [ 62.060762][ T6929] ___sys_sendmsg+0xf3/0x170 [ 62.065344][ T6929] ? sendmsg_copy_msghdr+0x160/0x160 [ 62.070619][ T6929] ? lock_downgrade+0x820/0x820 [ 62.075454][ T6929] ? do_huge_pmd_anonymous_page+0x1b94/0x2230 [ 62.081501][ T6929] ? check_preemption_disabled+0x38/0x220 [ 62.087220][ T6929] ? do_huge_pmd_anonymous_page+0x8ef/0x2230 [ 62.093197][ T6929] ? handle_mm_fault+0xad9/0x4420 [ 62.098203][ T6929] ? __fget_light+0x215/0x280 [ 62.102877][ T6929] __sys_sendmsg+0xe5/0x1b0 [ 62.107383][ T6929] ? __sys_sendmsg_sock+0xb0/0xb0 [ 62.112405][ T6929] ? do_fast_syscall_32+0x40/0x120 [ 62.117505][ T6929] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 62.123468][ T6929] do_syscall_32_irqs_on+0x3f/0x60 [ 62.128559][ T6929] do_fast_syscall_32+0x7f/0x120 [ 62.133487][ T6929] entry_SYSENTER_compat+0x6d/0x7c [ 62.138585][ T6929] RIP: 0023:0xf7fb5569 [ 62.142638][ T6929] Code: Bad RIP value. [ 62.146684][ T6929] RSP: 002b:00000000fffaddcc EFLAGS: 00000246 ORIG_RAX: 0000000000000172 [ 62.155075][ T6929] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000000 [ 62.163023][ T6929] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 62.170977][ T6929] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 62.178930][ T6929] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 62.186889][ T6929] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 62.194859][ T6929] [ 62.197162][ T6929] [ 62.199464][ T6929] Memory state around the buggy address: [ 62.205076][ T6929] ffffc900020acf00: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 62.213117][ T6929] ffffc900020acf80: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 62.221167][ T6929] >ffffc900020ad000: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 62.229214][ T6929] ^ executing program [ 62.234159][ T6929] ffffc900020ad080: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 62.242200][ T6929] ffffc900020ad100: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 62.250236][ T6929] ================================================================== [ 62.258275][ T6929] Disabling lock debugging due to kernel taint [ 62.264545][ T6929] Kernel panic - not syncing: panic_on_warn set ... [ 62.271133][ T6929] CPU: 1 PID: 6929 Comm: syz-executor021 Tainted: G B 5.8.0-rc2-syzkaller #0 [ 62.281188][ T6929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.291234][ T6929] Call Trace: [ 62.294525][ T6929] dump_stack+0x18f/0x20d [ 62.298849][ T6929] ? nl802154_dump_wpan_phy+0x910/0x9c0 [ 62.304370][ T6929] panic+0x2e3/0x75c [ 62.308248][ T6929] ? __warn_printk+0xf3/0xf3 [ 62.312827][ T6929] ? preempt_schedule_common+0x59/0xc0 [ 62.318271][ T6929] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 62.323806][ T6929] ? preempt_schedule_thunk+0x16/0x18 [ 62.329161][ T6929] ? trace_hardirqs_on+0x55/0x220 [ 62.334163][ T6929] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 62.339682][ T6929] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 62.345202][ T6929] end_report+0x4d/0x53 [ 62.349334][ T6929] kasan_report.cold+0xd/0x37 [ 62.353985][ T6929] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 62.359504][ T6929] nl802154_dump_wpan_phy+0x98e/0x9c0 [ 62.364863][ T6929] ? kmem_cache_alloc_node_trace+0x3b0/0x400 [ 62.370848][ T6929] ? __kmalloc_node_track_caller+0x38/0x60 [ 62.376630][ T6929] ? nl802154_send_wpan_phy.constprop.0+0x21d0/0x21d0 [ 62.383365][ T6929] ? __phys_addr+0x9a/0x110 [ 62.387845][ T6929] ? memset+0x20/0x40 [ 62.391803][ T6929] genl_lock_dumpit+0x7f/0xb0 [ 62.396452][ T6929] netlink_dump+0x4cd/0xf60 [ 62.400932][ T6929] ? netlink_insert+0x1670/0x1670 [ 62.405934][ T6929] ? __mutex_unlock_slowpath+0xe2/0x610 [ 62.411462][ T6929] ? genl_start+0x45a/0x6e0 [ 62.415958][ T6929] __netlink_dump_start+0x643/0x900 [ 62.421140][ T6929] ? genl_rcv_msg+0x9e0/0x9e0 [ 62.425796][ T6929] ? nl802154_send_wpan_phy.constprop.0+0x21d0/0x21d0 [ 62.432536][ T6929] genl_family_rcv_msg_dumpit+0x2ac/0x310 [ 62.438239][ T6929] ? genl_rcv+0x40/0x40 [ 62.442370][ T6929] ? mutex_lock_io_nested+0xf60/0xf60 [ 62.447716][ T6929] ? mark_lock+0xbc/0x1710 [ 62.452106][ T6929] ? genl_rcv_msg+0x9e0/0x9e0 [ 62.456757][ T6929] ? genl_unlock+0x20/0x20 [ 62.461152][ T6929] ? genl_parallel_done+0x170/0x170 [ 62.466326][ T6929] ? __radix_tree_lookup+0x1f3/0x290 [ 62.471587][ T6929] genl_rcv_msg+0x797/0x9e0 [ 62.476068][ T6929] ? genl_family_rcv_msg_attrs_parse.isra.0+0x310/0x310 [ 62.482977][ T6929] ? lock_acquire+0x1f1/0xad0 [ 62.487628][ T6929] ? genl_rcv+0x15/0x40 [ 62.491759][ T6929] ? lock_release+0x8d0/0x8d0 [ 62.496409][ T6929] netlink_rcv_skb+0x15a/0x430 [ 62.501150][ T6929] ? genl_family_rcv_msg_attrs_parse.isra.0+0x310/0x310 [ 62.508089][ T6929] ? netlink_ack+0xa10/0xa10 [ 62.512672][ T6929] genl_rcv+0x24/0x40 [ 62.516627][ T6929] netlink_unicast+0x533/0x7d0 [ 62.521367][ T6929] ? netlink_attachskb+0x810/0x810 [ 62.526453][ T6929] ? _copy_from_iter_full+0x247/0x890 [ 62.531817][ T6929] ? __phys_addr_symbol+0x2c/0x70 [ 62.536908][ T6929] ? __check_object_size+0x171/0x3e4 [ 62.542167][ T6929] netlink_sendmsg+0x856/0xd90 [ 62.546921][ T6929] ? netlink_unicast+0x7d0/0x7d0 [ 62.551860][ T6929] ? netlink_unicast+0x7d0/0x7d0 [ 62.556782][ T6929] sock_sendmsg+0xcf/0x120 [ 62.561182][ T6929] ____sys_sendmsg+0x6e8/0x810 [ 62.565954][ T6929] ? kernel_sendmsg+0x50/0x50 [ 62.570610][ T6929] ? do_recvmmsg+0x6d0/0x6d0 [ 62.575174][ T6929] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 62.581145][ T6929] ? release_pages+0x641/0x17a0 [ 62.585974][ T6929] ___sys_sendmsg+0xf3/0x170 [ 62.590557][ T6929] ? sendmsg_copy_msghdr+0x160/0x160 [ 62.595817][ T6929] ? lock_downgrade+0x820/0x820 [ 62.600645][ T6929] ? do_huge_pmd_anonymous_page+0x1b94/0x2230 [ 62.606709][ T6929] ? check_preemption_disabled+0x38/0x220 [ 62.612415][ T6929] ? do_huge_pmd_anonymous_page+0x8ef/0x2230 [ 62.618376][ T6929] ? handle_mm_fault+0xad9/0x4420 [ 62.623376][ T6929] ? __fget_light+0x215/0x280 [ 62.628029][ T6929] __sys_sendmsg+0xe5/0x1b0 [ 62.632520][ T6929] ? __sys_sendmsg_sock+0xb0/0xb0 [ 62.637524][ T6929] ? do_fast_syscall_32+0x40/0x120 [ 62.642609][ T6929] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 62.648586][ T6929] do_syscall_32_irqs_on+0x3f/0x60 [ 62.653682][ T6929] do_fast_syscall_32+0x7f/0x120 [ 62.658611][ T6929] entry_SYSENTER_compat+0x6d/0x7c [ 62.663706][ T6929] RIP: 0023:0xf7fb5569 [ 62.667745][ T6929] Code: Bad RIP value. [ 62.671783][ T6929] RSP: 002b:00000000fffaddcc EFLAGS: 00000246 ORIG_RAX: 0000000000000172 [ 62.680169][ T6929] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000000 [ 62.688134][ T6929] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 62.696136][ T6929] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 62.704093][ T6929] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 62.712053][ T6929] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 62.720574][ T6929] Kernel Offset: disabled [ 62.724887][ T6929] Rebooting in 86400 seconds..