Warning: Permanently added '10.128.10.63' (ECDSA) to the list of known hosts. syzkaller login: [ 50.267932] IPVS: ftp: loaded support on port[0] = 21 executing program [ 50.340156] netlink: 20 bytes leftover after parsing attributes in process `syz-executor170'. executing program [ 50.435423] netlink: 20 bytes leftover after parsing attributes in process `syz-executor170'. [ 50.487699] ================================================================== [ 50.495156] BUG: KASAN: slab-out-of-bounds in netif_napi_del+0x301/0x380 [ 50.501987] Read of size 8 at addr ffff8880afc68798 by task syz-executor170/8155 [ 50.509504] [ 50.511126] CPU: 0 PID: 8155 Comm: syz-executor170 Not tainted 4.19.211-syzkaller #0 [ 50.518992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 50.528336] Call Trace: [ 50.530921] dump_stack+0x1fc/0x2ef [ 50.534535] print_address_description.cold+0x54/0x219 [ 50.539802] kasan_report_error.cold+0x8a/0x1b9 [ 50.544467] ? netif_napi_del+0x301/0x380 [ 50.548601] __asan_report_load8_noabort+0x88/0x90 [ 50.553515] ? netif_napi_del+0x301/0x380 [ 50.557648] netif_napi_del+0x301/0x380 [ 50.561607] free_netdev+0x21f/0x410 [ 50.565304] netdev_run_todo+0x89b/0xab0 [ 50.569349] ? default_device_exit_batch+0x3c0/0x3c0 [ 50.574437] ? rtnl_newlink+0x15c0/0x15c0 [ 50.578571] rtnetlink_rcv_msg+0x460/0xb80 [ 50.582788] ? rtnl_calcit.isra.0+0x430/0x430 [ 50.587271] ? __netlink_lookup+0x3fc/0x730 [ 50.591583] ? lock_downgrade+0x720/0x720 [ 50.595723] ? check_preemption_disabled+0x41/0x280 [ 50.600726] netlink_rcv_skb+0x160/0x440 [ 50.604774] ? rtnl_calcit.isra.0+0x430/0x430 [ 50.609259] ? netlink_ack+0xae0/0xae0 [ 50.613148] netlink_unicast+0x4d5/0x690 [ 50.617202] ? netlink_sendskb+0x110/0x110 [ 50.621430] ? _copy_from_iter_full+0x229/0x7c0 [ 50.626098] ? __phys_addr_symbol+0x2c/0x70 [ 50.630414] ? __check_object_size+0x17b/0x3e0 [ 50.634987] netlink_sendmsg+0x6c3/0xc50 [ 50.639033] ? aa_af_perm+0x230/0x230 [ 50.642820] ? nlmsg_notify+0x1f0/0x1f0 [ 50.646783] ? kernel_recvmsg+0x220/0x220 [ 50.650928] ? nlmsg_notify+0x1f0/0x1f0 [ 50.654885] sock_sendmsg+0xc3/0x120 [ 50.658583] ___sys_sendmsg+0x7bb/0x8e0 [ 50.662555] ? copy_msghdr_from_user+0x440/0x440 [ 50.667301] ? __fget+0x32f/0x510 [ 50.670743] ? lock_downgrade+0x720/0x720 [ 50.674877] ? check_preemption_disabled+0x41/0x280 [ 50.679881] ? check_preemption_disabled+0x41/0x280 [ 50.684881] ? __fget+0x356/0x510 [ 50.688319] ? do_dup2+0x450/0x450 [ 50.691851] ? lock_downgrade+0x720/0x720 [ 50.695986] ? check_preemption_disabled+0x41/0x280 [ 50.700986] ? __fdget+0x1d0/0x230 [ 50.704513] __x64_sys_sendmsg+0x132/0x220 [ 50.708728] ? __sys_sendmsg+0x1b0/0x1b0 [ 50.712773] ? __se_sys_futex+0x298/0x3b0 [ 50.716909] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 50.722262] ? trace_hardirqs_off_caller+0x6e/0x210 [ 50.727262] ? do_syscall_64+0x21/0x620 [ 50.731220] do_syscall_64+0xf9/0x620 [ 50.735006] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 50.740175] RIP: 0033:0x7fbe7639ddb9 [ 50.743870] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 50.762756] RSP: 002b:00007fbe7634f308 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 50.770451] RAX: ffffffffffffffda RBX: 00007fbe76427428 RCX: 00007fbe7639ddb9 [ 50.777703] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000004 [ 50.784952] RBP: 00007fbe76427420 R08: 0000000000000000 R09: 0000000000000000 [ 50.792205] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbe7642742c [ 50.799457] R13: 00007fbe763f41a4 R14: 74656e2f7665642f R15: 0000000000022000 [ 50.806713] [ 50.808323] Allocated by task 8160: [ 50.811936] __kmalloc_node+0x4c/0x70 [ 50.815719] kvmalloc_node+0xb4/0xf0 [ 50.819412] alloc_netdev_mqs+0x97/0xd50 [ 50.823496] __tun_chr_ioctl.isra.0+0x2184/0x3d00 [ 50.828322] do_vfs_ioctl+0xcdb/0x12e0 [ 50.832190] ksys_ioctl+0x9b/0xc0 [ 50.835625] __x64_sys_ioctl+0x6f/0xb0 [ 50.839494] do_syscall_64+0xf9/0x620 [ 50.843279] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 50.848444] [ 50.850059] Freed by task 0: [ 50.853052] (stack is not available) [ 50.856742] [ 50.858353] The buggy address belongs to the object at ffff8880afc68840 [ 50.858353] which belongs to the cache kmalloc-16384 of size 16384 [ 50.871340] The buggy address is located 168 bytes to the left of [ 50.871340] 16384-byte region [ffff8880afc68840, ffff8880afc6c840) [ 50.883809] The buggy address belongs to the page: [ 50.888721] page:ffffea0002bf1a00 count:1 mapcount:0 mapping:ffff88813bff2200 index:0x0 compound_mapcount: 0 [ 50.898672] flags: 0xfff00000008100(slab|head) [ 50.903241] raw: 00fff00000008100 ffffea000253f808 ffff88813bff1c48 ffff88813bff2200 [ 50.911107] raw: 0000000000000000 ffff8880afc68840 0000000100000001 0000000000000000 [ 50.918964] page dumped because: kasan: bad access detected [ 50.924650] [ 50.926255] Memory state around the buggy address: [ 50.931164] ffff8880afc68680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 50.938505] ffff8880afc68700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 50.945846] >ffff8880afc68780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 50.953182] ^ [ 50.957310] ffff8880afc68800: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 50.964649] ffff8880afc68880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 50.971987] ================================================================== [ 50.979340] Disabling lock debugging due to kernel taint [ 50.988033] Kernel panic - not syncing: panic_on_warn set ... [ 50.988033] [ 50.995415] CPU: 0 PID: 8155 Comm: syz-executor170 Tainted: G B 4.19.211-syzkaller #0 [ 51.004680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 51.014033] Call Trace: [ 51.016614] dump_stack+0x1fc/0x2ef [ 51.020224] panic+0x26a/0x50e [ 51.023400] ? __warn_printk+0xf3/0xf3 [ 51.027267] ? preempt_schedule_common+0x45/0xc0 [ 51.032005] ? ___preempt_schedule+0x16/0x18 [ 51.036395] ? trace_hardirqs_on+0x55/0x210 [ 51.040694] kasan_end_report+0x43/0x49 [ 51.044647] kasan_report_error.cold+0xa7/0x1b9 [ 51.049305] ? netif_napi_del+0x301/0x380 [ 51.053429] __asan_report_load8_noabort+0x88/0x90 [ 51.058336] ? netif_napi_del+0x301/0x380 [ 51.062466] netif_napi_del+0x301/0x380 [ 51.066418] free_netdev+0x21f/0x410 [ 51.070114] netdev_run_todo+0x89b/0xab0 [ 51.074157] ? default_device_exit_batch+0x3c0/0x3c0 [ 51.080031] ? rtnl_newlink+0x15c0/0x15c0 [ 51.084159] rtnetlink_rcv_msg+0x460/0xb80 [ 51.088375] ? rtnl_calcit.isra.0+0x430/0x430 [ 51.092849] ? __netlink_lookup+0x3fc/0x730 [ 51.097155] ? lock_downgrade+0x720/0x720 [ 51.101283] ? check_preemption_disabled+0x41/0x280 [ 51.106285] netlink_rcv_skb+0x160/0x440 [ 51.110331] ? rtnl_calcit.isra.0+0x430/0x430 [ 51.114809] ? netlink_ack+0xae0/0xae0 [ 51.118687] netlink_unicast+0x4d5/0x690 [ 51.122728] ? netlink_sendskb+0x110/0x110 [ 51.126940] ? _copy_from_iter_full+0x229/0x7c0 [ 51.131587] ? __phys_addr_symbol+0x2c/0x70 [ 51.135891] ? __check_object_size+0x17b/0x3e0 [ 51.140456] netlink_sendmsg+0x6c3/0xc50 [ 51.144499] ? aa_af_perm+0x230/0x230 [ 51.148279] ? nlmsg_notify+0x1f0/0x1f0 [ 51.152232] ? kernel_recvmsg+0x220/0x220 [ 51.156361] ? nlmsg_notify+0x1f0/0x1f0 [ 51.160315] sock_sendmsg+0xc3/0x120 [ 51.164007] ___sys_sendmsg+0x7bb/0x8e0 [ 51.167959] ? copy_msghdr_from_user+0x440/0x440 [ 51.172692] ? __fget+0x32f/0x510 [ 51.176131] ? lock_downgrade+0x720/0x720 [ 51.180267] ? check_preemption_disabled+0x41/0x280 [ 51.185263] ? check_preemption_disabled+0x41/0x280 [ 51.190266] ? __fget+0x356/0x510 [ 51.193702] ? do_dup2+0x450/0x450 [ 51.197220] ? lock_downgrade+0x720/0x720 [ 51.201355] ? check_preemption_disabled+0x41/0x280 [ 51.206354] ? __fdget+0x1d0/0x230 [ 51.209875] __x64_sys_sendmsg+0x132/0x220 [ 51.214092] ? __sys_sendmsg+0x1b0/0x1b0 [ 51.218141] ? __se_sys_futex+0x298/0x3b0 [ 51.222271] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 51.227615] ? trace_hardirqs_off_caller+0x6e/0x210 [ 51.232620] ? do_syscall_64+0x21/0x620 [ 51.236589] do_syscall_64+0xf9/0x620 [ 51.240377] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 51.245551] RIP: 0033:0x7fbe7639ddb9 [ 51.249250] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 51.268134] RSP: 002b:00007fbe7634f308 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 51.275822] RAX: ffffffffffffffda RBX: 00007fbe76427428 RCX: 00007fbe7639ddb9 [ 51.283080] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000004 [ 51.290359] RBP: 00007fbe76427420 R08: 0000000000000000 R09: 0000000000000000 [ 51.297785] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbe7642742c [ 51.305171] R13: 00007fbe763f41a4 R14: 74656e2f7665642f R15: 0000000000022000 [ 51.312587] Kernel Offset: disabled [ 51.316197] Rebooting in 86400 seconds..