Warning: Permanently added '10.128.1.17' (ECDSA) to the list of known hosts. syzkaller login: [ 60.721465][ T6820] IPVS: ftp: loaded support on port[0] = 21 [ 60.724136][ T6823] IPVS: ftp: loaded support on port[0] = 21 [ 60.739269][ T6825] IPVS: ftp: loaded support on port[0] = 21 [ 60.740499][ T6817] IPVS: ftp: loaded support on port[0] = 21 [ 60.757753][ T6824] IPVS: ftp: loaded support on port[0] = 21 [ 60.766090][ T6822] IPVS: ftp: loaded support on port[0] = 21 executing program executing program executing program executing program executing program [ 60.891206][ T6913] netlink: 'syz-executor735': attribute type 3 has an invalid length. [ 60.902414][ T6913] netlink: 'syz-executor735': attribute type 8 has an invalid length. [ 60.920188][ T6912] netlink: 'syz-executor735': attribute type 3 has an invalid length. [ 60.930124][ T6913] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor735'. executing program [ 60.947736][ T6940] netlink: 'syz-executor735': attribute type 3 has an invalid length. [ 60.948751][ T6946] netlink: 'syz-executor735': attribute type 3 has an invalid length. [ 60.958052][ T6944] netlink: 'syz-executor735': attribute type 3 has an invalid length. [ 60.969079][ T6951] netlink: 'syz-executor735': attribute type 3 has an invalid length. [ 60.973366][ T6912] netlink: 'syz-executor735': attribute type 8 has an invalid length. [ 60.981813][ T6951] netlink: 'syz-executor735': attribute type 8 has an invalid length. executing program executing program [ 60.996584][ T6940] netlink: 'syz-executor735': attribute type 8 has an invalid length. [ 60.998827][ T6946] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor735'. [ 61.010476][ T6952] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor735'. [ 61.016769][ T6951] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor735'. [ 61.026790][ T6944] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor735'. executing program executing program executing program executing program executing program executing program executing program [ 61.043677][ T6953] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor735'. [ 61.046583][ T6940] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor735'. [ 61.058210][ T6954] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor735'. [ 61.066192][ T6912] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor735'. [ 61.082778][ T6955] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor735'. executing program [ 61.105460][ T6955] ================================================================== [ 61.113697][ T6955] BUG: KASAN: vmalloc-out-of-bounds in nl802154_dump_wpan_phy+0x98e/0x9c0 [ 61.122190][ T6955] Read of size 4 at addr ffffc90002153018 by task syz-executor735/6955 [ 61.130416][ T6955] [ 61.132827][ T6955] CPU: 1 PID: 6955 Comm: syz-executor735 Not tainted 5.8.0-rc2-next-20200626-syzkaller #0 [ 61.142860][ T6955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.152918][ T6955] Call Trace: [ 61.156213][ T6955] dump_stack+0x18f/0x20d [ 61.160546][ T6955] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 61.166078][ T6955] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 61.171614][ T6955] print_address_description.constprop.0.cold+0x5/0x436 [ 61.178540][ T6955] ? lock_is_held_type+0xb0/0xe0 [ 61.183466][ T6955] ? lockdep_hardirqs_off+0x66/0xa0 [ 61.188653][ T6955] ? vprintk_func+0x97/0x1a6 [ 61.193241][ T6955] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 61.198773][ T6955] kasan_report.cold+0x1f/0x37 [ 61.203533][ T6955] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 61.209075][ T6955] nl802154_dump_wpan_phy+0x98e/0x9c0 [ 61.214593][ T6955] ? rcu_read_lock_sched_held+0x3a/0xb0 [ 61.220248][ T6955] ? __kmalloc_node_track_caller+0x38/0x60 [ 61.226269][ T6955] ? nl802154_send_wpan_phy.constprop.0+0x21d0/0x21d0 [ 61.233037][ T6955] ? __phys_addr+0x9a/0x110 [ 61.237545][ T6955] ? memset+0x20/0x40 [ 61.241526][ T6955] genl_lock_dumpit+0x7f/0xb0 [ 61.246387][ T6955] netlink_dump+0x4cd/0xf60 [ 61.250968][ T6955] ? netlink_insert+0x1670/0x1670 [ 61.255985][ T6955] ? __mutex_unlock_slowpath+0xe2/0x610 [ 61.261826][ T6955] ? genl_start+0x45a/0x6e0 [ 61.266333][ T6955] __netlink_dump_start+0x643/0x900 [ 61.271531][ T6955] ? genl_rcv_msg+0x9e0/0x9e0 [ 61.276431][ T6955] ? nl802154_send_wpan_phy.constprop.0+0x21d0/0x21d0 [ 61.283184][ T6955] genl_family_rcv_msg_dumpit+0x2ac/0x310 [ 61.288996][ T6955] ? genl_rcv+0x40/0x40 [ 61.293145][ T6955] ? mutex_lock_io_nested+0xf60/0xf60 [ 61.298645][ T6955] ? mark_lock+0xbc/0x1710 [ 61.303067][ T6955] ? genl_rcv_msg+0x9e0/0x9e0 [ 61.307740][ T6955] ? genl_unlock+0x20/0x20 [ 61.312159][ T6955] ? genl_parallel_done+0x170/0x170 [ 61.317488][ T6955] ? __radix_tree_lookup+0x1f3/0x290 [ 61.322828][ T6955] genl_rcv_msg+0x797/0x9e0 [ 61.327388][ T6955] ? genl_family_rcv_msg_attrs_parse.isra.0+0x310/0x310 [ 61.334403][ T6955] ? lock_acquire+0x1f1/0xad0 [ 61.339068][ T6955] ? genl_rcv+0x15/0x40 [ 61.343217][ T6955] ? lock_release+0x8d0/0x8d0 [ 61.347887][ T6955] netlink_rcv_skb+0x15a/0x430 [ 61.352643][ T6955] ? genl_family_rcv_msg_attrs_parse.isra.0+0x310/0x310 [ 61.359719][ T6955] ? netlink_ack+0xa10/0xa10 [ 61.364307][ T6955] genl_rcv+0x24/0x40 [ 61.368290][ T6955] netlink_unicast+0x533/0x7d0 [ 61.373047][ T6955] ? netlink_attachskb+0x810/0x810 [ 61.378285][ T6955] ? _copy_from_iter_full+0x247/0x890 [ 61.383652][ T6955] ? __phys_addr_symbol+0x2c/0x70 [ 61.388675][ T6955] ? __check_object_size+0x171/0x3e4 [ 61.394039][ T6955] netlink_sendmsg+0x856/0xd90 [ 61.398794][ T6955] ? netlink_unicast+0x7d0/0x7d0 [ 61.403764][ T6955] ? netlink_unicast+0x7d0/0x7d0 [ 61.408699][ T6955] sock_sendmsg+0xcf/0x120 [ 61.413106][ T6955] ____sys_sendmsg+0x6e8/0x810 [ 61.417860][ T6955] ? kernel_sendmsg+0x50/0x50 [ 61.422588][ T6955] ? do_recvmmsg+0x6d0/0x6d0 [ 61.427173][ T6955] ? lock_acquire+0x1f1/0xad0 [ 61.431848][ T6955] ? do_huge_pmd_anonymous_page+0x120d/0x2230 [ 61.437918][ T6955] ? find_held_lock+0x2d/0x110 [ 61.442675][ T6955] ___sys_sendmsg+0xf3/0x170 [ 61.447261][ T6955] ? sendmsg_copy_msghdr+0x160/0x160 [ 61.452650][ T6955] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 61.458626][ T6955] ? do_huge_pmd_anonymous_page+0x8ef/0x2230 [ 61.464621][ T6955] ? handle_mm_fault+0xad9/0x43f0 [ 61.469646][ T6955] ? find_held_lock+0x2d/0x110 [ 61.474398][ T6955] ? __fget_light+0x215/0x280 [ 61.479074][ T6955] __sys_sendmsg+0xe5/0x1b0 [ 61.483575][ T6955] ? __sys_sendmsg_sock+0xb0/0xb0 [ 61.488595][ T6955] ? do_syscall_64+0x1c/0xe0 [ 61.493180][ T6955] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 61.499154][ T6955] do_syscall_64+0x60/0xe0 [ 61.503679][ T6955] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 61.509694][ T6955] RIP: 0033:0x441409 [ 61.513662][ T6955] Code: Bad RIP value. [ 61.517722][ T6955] RSP: 002b:00007fff9e86df88 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 61.526206][ T6955] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441409 [ 61.534166][ T6955] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 61.542212][ T6955] RBP: 000000000000ee7c R08: 0000000100000000 R09: 0000000100000000 [ 61.550265][ T6955] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402220 [ 61.558467][ T6955] R13: 00000000004022b0 R14: 0000000000000000 R15: 0000000000000000 [ 61.566438][ T6955] [ 61.568750][ T6955] [ 61.571061][ T6955] Memory state around the buggy address: [ 61.576680][ T6955] ffffc90002152f00: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 61.584731][ T6955] ffffc90002152f80: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 61.592778][ T6955] >ffffc90002153000: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 61.601072][ T6955] ^ executing program executing program [ 61.605913][ T6955] ffffc90002153080: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 61.614133][ T6955] ffffc90002153100: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 61.622176][ T6955] ================================================================== [ 61.630351][ T6955] Disabling lock debugging due to kernel taint [ 61.638200][ T6955] Kernel panic - not syncing: panic_on_warn set ... [ 61.644811][ T6955] CPU: 1 PID: 6955 Comm: syz-executor735 Tainted: G B 5.8.0-rc2-next-20200626-syzkaller #0 executing program [ 61.656176][ T6955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.666370][ T6955] Call Trace: [ 61.669805][ T6955] dump_stack+0x18f/0x20d [ 61.674227][ T6955] ? nl802154_dump_wpan_phy+0x920/0x9c0 [ 61.679920][ T6955] panic+0x2e3/0x75c [ 61.683929][ T6955] ? __warn_printk+0xf3/0xf3 [ 61.688746][ T6955] ? preempt_schedule_common+0x59/0xc0 [ 61.694197][ T6955] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 61.699730][ T6955] ? preempt_schedule_thunk+0x16/0x18 [ 61.705085][ T6955] ? trace_hardirqs_on+0x55/0x220 [ 61.710093][ T6955] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 61.715623][ T6955] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 61.721158][ T6955] end_report+0x4d/0x53 [ 61.725296][ T6955] kasan_report.cold+0xd/0x37 [ 61.729960][ T6955] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 61.735613][ T6955] nl802154_dump_wpan_phy+0x98e/0x9c0 [ 61.740986][ T6955] ? rcu_read_lock_sched_held+0x3a/0xb0 [ 61.746673][ T6955] ? __kmalloc_node_track_caller+0x38/0x60 [ 61.752480][ T6955] ? nl802154_send_wpan_phy.constprop.0+0x21d0/0x21d0 [ 61.759231][ T6955] ? __phys_addr+0x9a/0x110 [ 61.763718][ T6955] ? memset+0x20/0x40 [ 61.767693][ T6955] genl_lock_dumpit+0x7f/0xb0 [ 61.772353][ T6955] netlink_dump+0x4cd/0xf60 [ 61.776841][ T6955] ? netlink_insert+0x1670/0x1670 [ 61.781851][ T6955] ? __mutex_unlock_slowpath+0xe2/0x610 [ 61.787385][ T6955] ? genl_start+0x45a/0x6e0 [ 61.791875][ T6955] __netlink_dump_start+0x643/0x900 [ 61.797146][ T6955] ? genl_rcv_msg+0x9e0/0x9e0 [ 61.801921][ T6955] ? nl802154_send_wpan_phy.constprop.0+0x21d0/0x21d0 [ 61.808671][ T6955] genl_family_rcv_msg_dumpit+0x2ac/0x310 [ 61.814378][ T6955] ? genl_rcv+0x40/0x40 [ 61.818611][ T6955] ? mutex_lock_io_nested+0xf60/0xf60 [ 61.823970][ T6955] ? mark_lock+0xbc/0x1710 [ 61.828447][ T6955] ? genl_rcv_msg+0x9e0/0x9e0 [ 61.833108][ T6955] ? genl_unlock+0x20/0x20 [ 61.837513][ T6955] ? genl_parallel_done+0x170/0x170 [ 61.842697][ T6955] ? __radix_tree_lookup+0x1f3/0x290 [ 61.847969][ T6955] genl_rcv_msg+0x797/0x9e0 [ 61.852460][ T6955] ? genl_family_rcv_msg_attrs_parse.isra.0+0x310/0x310 [ 61.859382][ T6955] ? lock_acquire+0x1f1/0xad0 [ 61.864044][ T6955] ? genl_rcv+0x15/0x40 [ 61.868186][ T6955] ? lock_release+0x8d0/0x8d0 [ 61.872848][ T6955] netlink_rcv_skb+0x15a/0x430 [ 61.877612][ T6955] ? genl_family_rcv_msg_attrs_parse.isra.0+0x310/0x310 [ 61.884542][ T6955] ? netlink_ack+0xa10/0xa10 [ 61.889120][ T6955] genl_rcv+0x24/0x40 [ 61.893086][ T6955] netlink_unicast+0x533/0x7d0 [ 61.897849][ T6955] ? netlink_attachskb+0x810/0x810 [ 61.902947][ T6955] ? _copy_from_iter_full+0x247/0x890 [ 61.908303][ T6955] ? __phys_addr_symbol+0x2c/0x70 [ 61.913341][ T6955] ? __check_object_size+0x171/0x3e4 [ 61.918620][ T6955] netlink_sendmsg+0x856/0xd90 [ 61.923380][ T6955] ? netlink_unicast+0x7d0/0x7d0 [ 61.928314][ T6955] ? netlink_unicast+0x7d0/0x7d0 [ 61.933305][ T6955] sock_sendmsg+0xcf/0x120 [ 61.937778][ T6955] ____sys_sendmsg+0x6e8/0x810 [ 61.942531][ T6955] ? kernel_sendmsg+0x50/0x50 [ 61.947283][ T6955] ? do_recvmmsg+0x6d0/0x6d0 [ 61.951867][ T6955] ? lock_acquire+0x1f1/0xad0 [ 61.956537][ T6955] ? do_huge_pmd_anonymous_page+0x120d/0x2230 [ 61.962596][ T6955] ? find_held_lock+0x2d/0x110 [ 61.967610][ T6955] ___sys_sendmsg+0xf3/0x170 [ 61.972188][ T6955] ? sendmsg_copy_msghdr+0x160/0x160 [ 61.977460][ T6955] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 61.983429][ T6955] ? do_huge_pmd_anonymous_page+0x8ef/0x2230 [ 61.989395][ T6955] ? handle_mm_fault+0xad9/0x43f0 [ 61.994584][ T6955] ? find_held_lock+0x2d/0x110 [ 61.999493][ T6955] ? __fget_light+0x215/0x280 [ 62.004165][ T6955] __sys_sendmsg+0xe5/0x1b0 [ 62.008659][ T6955] ? __sys_sendmsg_sock+0xb0/0xb0 [ 62.013688][ T6955] ? do_syscall_64+0x1c/0xe0 [ 62.018372][ T6955] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 62.024455][ T6955] do_syscall_64+0x60/0xe0 [ 62.028998][ T6955] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 62.034875][ T6955] RIP: 0033:0x441409 [ 62.038752][ T6955] Code: Bad RIP value. [ 62.042801][ T6955] RSP: 002b:00007fff9e86df88 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 62.051200][ T6955] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441409 [ 62.059303][ T6955] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 62.067279][ T6955] RBP: 000000000000ee7c R08: 0000000100000000 R09: 0000000100000000 [ 62.075239][ T6955] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402220 [ 62.083201][ T6955] R13: 00000000004022b0 R14: 0000000000000000 R15: 0000000000000000 [ 62.092693][ T6955] Kernel Offset: disabled [ 62.097020][ T6955] Rebooting in 86400 seconds..