Warning: Permanently added '10.128.0.121' (ECDSA) to the list of known hosts. syzkaller login: [ 57.527813][ T6785] IPVS: ftp: loaded support on port[0] = 21 [ 57.531098][ T6789] IPVS: ftp: loaded support on port[0] = 21 [ 57.544598][ T6791] IPVS: ftp: loaded support on port[0] = 21 [ 57.554613][ T6793] IPVS: ftp: loaded support on port[0] = 21 [ 57.564976][ T6790] IPVS: ftp: loaded support on port[0] = 21 [ 57.574289][ T6792] IPVS: ftp: loaded support on port[0] = 21 executing program executing program [ 57.669678][ T6848] netlink: 'syz-executor475': attribute type 3 has an invalid length. [ 57.679703][ T6848] netlink: 'syz-executor475': attribute type 8 has an invalid length. [ 57.691959][ T6848] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor475'. executing program [ 57.717810][ T6875] netlink: 'syz-executor475': attribute type 3 has an invalid length. [ 57.728280][ T6875] netlink: 'syz-executor475': attribute type 8 has an invalid length. [ 57.740267][ T6875] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor475'. executing program executing program executing program [ 57.767646][ T6904] netlink: 'syz-executor475': attribute type 3 has an invalid length. [ 57.779054][ T6904] netlink: 'syz-executor475': attribute type 8 has an invalid length. [ 57.785580][ T6911] netlink: 'syz-executor475': attribute type 3 has an invalid length. [ 57.787330][ T6904] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor475'. [ 57.798082][ T6908] netlink: 'syz-executor475': attribute type 3 has an invalid length. executing program executing program executing program [ 57.809948][ T6905] netlink: 'syz-executor475': attribute type 3 has an invalid length. [ 57.826391][ T6919] netlink: 'syz-executor475': attribute type 3 has an invalid length. [ 57.826539][ T6918] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor475'. [ 57.835024][ T6911] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor475'. [ 57.849798][ T6905] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor475'. executing program executing program executing program executing program executing program executing program executing program executing program [ 57.855284][ T6908] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor475'. [ 57.867571][ T6922] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor475'. [ 57.874162][ T6919] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor475'. [ 57.893051][ T6923] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor475'. executing program [ 57.914416][ T6925] ================================================================== [ 57.922617][ T6925] BUG: KASAN: vmalloc-out-of-bounds in nl802154_dump_wpan_phy+0x98e/0x9c0 [ 57.931104][ T6925] Read of size 4 at addr ffffc90002199018 by task syz-executor475/6925 [ 57.939318][ T6925] [ 57.941640][ T6925] CPU: 0 PID: 6925 Comm: syz-executor475 Not tainted 5.8.0-rc3-syzkaller #0 [ 57.950282][ T6925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.960319][ T6925] Call Trace: [ 57.963601][ T6925] dump_stack+0x18f/0x20d [ 57.967911][ T6925] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 57.973436][ T6925] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 57.979009][ T6925] print_address_description.constprop.0.cold+0x5/0x436 [ 57.985924][ T6925] ? lockdep_hardirqs_off+0x66/0xa0 [ 57.991109][ T6925] ? vprintk_func+0x97/0x1a6 [ 57.995706][ T6925] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 58.001254][ T6925] kasan_report.cold+0x1f/0x37 [ 58.006010][ T6925] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 58.011533][ T6925] nl802154_dump_wpan_phy+0x98e/0x9c0 [ 58.016898][ T6925] ? kmem_cache_alloc_node_trace+0x3b0/0x400 [ 58.022865][ T6925] ? __kmalloc_node_track_caller+0x38/0x60 [ 58.028650][ T6925] ? nl802154_send_wpan_phy.constprop.0+0x21d0/0x21d0 [ 58.035439][ T6925] ? __phys_addr+0x9a/0x110 [ 58.039947][ T6925] ? memset+0x20/0x40 [ 58.043928][ T6925] genl_lock_dumpit+0x7f/0xb0 [ 58.048608][ T6925] netlink_dump+0x4cd/0xf60 [ 58.053130][ T6925] ? netlink_insert+0x1670/0x1670 [ 58.058164][ T6925] ? __mutex_unlock_slowpath+0xe2/0x610 [ 58.063689][ T6925] ? genl_start+0x45a/0x6e0 [ 58.068170][ T6925] __netlink_dump_start+0x643/0x900 [ 58.073344][ T6925] ? genl_rcv_msg+0x9e0/0x9e0 [ 58.077999][ T6925] ? nl802154_send_wpan_phy.constprop.0+0x21d0/0x21d0 [ 58.084744][ T6925] genl_family_rcv_msg_dumpit+0x2ac/0x310 [ 58.090473][ T6925] ? genl_rcv+0x40/0x40 [ 58.094616][ T6925] ? mutex_lock_io_nested+0xf60/0xf60 [ 58.099971][ T6925] ? mark_lock+0xbc/0x1710 [ 58.104377][ T6925] ? genl_rcv_msg+0x9e0/0x9e0 [ 58.109044][ T6925] ? genl_unlock+0x20/0x20 [ 58.113444][ T6925] ? genl_parallel_done+0x170/0x170 [ 58.118621][ T6925] ? __radix_tree_lookup+0x1f3/0x290 [ 58.123897][ T6925] genl_rcv_msg+0x797/0x9e0 [ 58.128409][ T6925] ? genl_family_rcv_msg_attrs_parse.isra.0+0x310/0x310 [ 58.135346][ T6925] ? lock_acquire+0x1f1/0xad0 [ 58.140001][ T6925] ? genl_rcv+0x15/0x40 [ 58.144154][ T6925] ? lock_release+0x8d0/0x8d0 [ 58.148826][ T6925] netlink_rcv_skb+0x15a/0x430 [ 58.153567][ T6925] ? genl_family_rcv_msg_attrs_parse.isra.0+0x310/0x310 [ 58.160487][ T6925] ? netlink_ack+0xa10/0xa10 [ 58.165069][ T6925] genl_rcv+0x24/0x40 [ 58.169031][ T6925] netlink_unicast+0x533/0x7d0 [ 58.173797][ T6925] ? netlink_attachskb+0x810/0x810 [ 58.178908][ T6925] ? _copy_from_iter_full+0x247/0x890 [ 58.184300][ T6925] ? __phys_addr_symbol+0x2c/0x70 [ 58.189304][ T6925] ? __check_object_size+0x171/0x3e4 [ 58.194566][ T6925] netlink_sendmsg+0x856/0xd90 [ 58.199309][ T6925] ? netlink_unicast+0x7d0/0x7d0 [ 58.204228][ T6925] ? netlink_unicast+0x7d0/0x7d0 [ 58.209159][ T6925] sock_sendmsg+0xcf/0x120 [ 58.213563][ T6925] ____sys_sendmsg+0x6e8/0x810 [ 58.218314][ T6925] ? kernel_sendmsg+0x50/0x50 [ 58.222975][ T6925] ? do_recvmmsg+0x6d0/0x6d0 [ 58.227549][ T6925] ? lock_acquire+0x1f1/0xad0 [ 58.232223][ T6925] ? do_huge_pmd_anonymous_page+0x120d/0x2230 [ 58.238287][ T6925] ? find_held_lock+0x2d/0x110 [ 58.243060][ T6925] ___sys_sendmsg+0xf3/0x170 [ 58.247626][ T6925] ? sendmsg_copy_msghdr+0x160/0x160 [ 58.252903][ T6925] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.258866][ T6925] ? do_huge_pmd_anonymous_page+0x8ef/0x2230 [ 58.264828][ T6925] ? handle_mm_fault+0xad9/0x43f0 [ 58.269844][ T6925] ? find_held_lock+0x2d/0x110 [ 58.274596][ T6925] ? __fget_light+0x215/0x280 [ 58.279291][ T6925] __sys_sendmsg+0xe5/0x1b0 [ 58.283795][ T6925] ? __sys_sendmsg_sock+0xb0/0xb0 [ 58.288844][ T6925] ? do_syscall_64+0x1c/0xe0 [ 58.293410][ T6925] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.299375][ T6925] do_syscall_64+0x60/0xe0 [ 58.303783][ T6925] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 58.309664][ T6925] RIP: 0033:0x441409 [ 58.313531][ T6925] Code: Bad RIP value. [ 58.317573][ T6925] RSP: 002b:00007ffd613d9108 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 58.325956][ T6925] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441409 [ 58.333902][ T6925] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 58.341849][ T6925] RBP: 000000000000e1e3 R08: 0000000100000000 R09: 0000000100000000 [ 58.349796][ T6925] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402220 [ 58.357757][ T6925] R13: 00000000004022b0 R14: 0000000000000000 R15: 0000000000000000 [ 58.365711][ T6925] [ 58.368017][ T6925] [ 58.370319][ T6925] Memory state around the buggy address: [ 58.375943][ T6925] ffffc90002198f00: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 58.383994][ T6925] ffffc90002198f80: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 58.392037][ T6925] >ffffc90002199000: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 58.400085][ T6925] ^ [ 58.404915][ T6925] ffffc90002199080: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 58.412952][ T6925] ffffc90002199100: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 executing program [ 58.420991][ T6925] ================================================================== [ 58.429056][ T6925] Disabling lock debugging due to kernel taint [ 58.435315][ T6925] Kernel panic - not syncing: panic_on_warn set ... [ 58.441900][ T6925] CPU: 0 PID: 6925 Comm: syz-executor475 Tainted: G B 5.8.0-rc3-syzkaller #0 [ 58.451950][ T6925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.461993][ T6925] Call Trace: [ 58.465286][ T6925] dump_stack+0x18f/0x20d [ 58.469616][ T6925] ? nl802154_dump_wpan_phy+0x8b0/0x9c0 [ 58.475150][ T6925] panic+0x2e3/0x75c [ 58.479020][ T6925] ? __warn_printk+0xf3/0xf3 [ 58.483585][ T6925] ? preempt_schedule_common+0x59/0xc0 [ 58.489033][ T6925] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 58.494553][ T6925] ? preempt_schedule_thunk+0x16/0x18 [ 58.499907][ T6925] ? trace_hardirqs_on+0x55/0x220 [ 58.504920][ T6925] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 58.510457][ T6925] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 58.515986][ T6925] end_report+0x4d/0x53 [ 58.520157][ T6925] kasan_report.cold+0xd/0x37 [ 58.524813][ T6925] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 58.530333][ T6925] nl802154_dump_wpan_phy+0x98e/0x9c0 [ 58.535682][ T6925] ? kmem_cache_alloc_node_trace+0x3b0/0x400 [ 58.541666][ T6925] ? __kmalloc_node_track_caller+0x38/0x60 [ 58.547444][ T6925] ? nl802154_send_wpan_phy.constprop.0+0x21d0/0x21d0 [ 58.554216][ T6925] ? __phys_addr+0x9a/0x110 [ 58.558694][ T6925] ? memset+0x20/0x40 [ 58.562664][ T6925] genl_lock_dumpit+0x7f/0xb0 [ 58.567312][ T6925] netlink_dump+0x4cd/0xf60 [ 58.571788][ T6925] ? netlink_insert+0x1670/0x1670 [ 58.576796][ T6925] ? __mutex_unlock_slowpath+0xe2/0x610 [ 58.582328][ T6925] ? genl_start+0x45a/0x6e0 [ 58.586834][ T6925] __netlink_dump_start+0x643/0x900 [ 58.592005][ T6925] ? genl_rcv_msg+0x9e0/0x9e0 [ 58.596679][ T6925] ? nl802154_send_wpan_phy.constprop.0+0x21d0/0x21d0 [ 58.603448][ T6925] genl_family_rcv_msg_dumpit+0x2ac/0x310 [ 58.609153][ T6925] ? genl_rcv+0x40/0x40 [ 58.613296][ T6925] ? mutex_lock_io_nested+0xf60/0xf60 [ 58.618641][ T6925] ? mark_lock+0xbc/0x1710 [ 58.623044][ T6925] ? genl_rcv_msg+0x9e0/0x9e0 [ 58.627690][ T6925] ? genl_unlock+0x20/0x20 [ 58.632088][ T6925] ? genl_parallel_done+0x170/0x170 [ 58.637274][ T6925] ? __radix_tree_lookup+0x1f3/0x290 [ 58.642532][ T6925] genl_rcv_msg+0x797/0x9e0 [ 58.647027][ T6925] ? genl_family_rcv_msg_attrs_parse.isra.0+0x310/0x310 [ 58.653946][ T6925] ? lock_acquire+0x1f1/0xad0 [ 58.658621][ T6925] ? genl_rcv+0x15/0x40 [ 58.662780][ T6925] ? lock_release+0x8d0/0x8d0 [ 58.667462][ T6925] netlink_rcv_skb+0x15a/0x430 [ 58.672201][ T6925] ? genl_family_rcv_msg_attrs_parse.isra.0+0x310/0x310 [ 58.679239][ T6925] ? netlink_ack+0xa10/0xa10 [ 58.683827][ T6925] genl_rcv+0x24/0x40 [ 58.687800][ T6925] netlink_unicast+0x533/0x7d0 [ 58.692539][ T6925] ? netlink_attachskb+0x810/0x810 [ 58.697623][ T6925] ? _copy_from_iter_full+0x247/0x890 [ 58.702968][ T6925] ? __phys_addr_symbol+0x2c/0x70 [ 58.707993][ T6925] ? __check_object_size+0x171/0x3e4 [ 58.713263][ T6925] netlink_sendmsg+0x856/0xd90 [ 58.718013][ T6925] ? netlink_unicast+0x7d0/0x7d0 [ 58.722936][ T6925] ? netlink_unicast+0x7d0/0x7d0 [ 58.727856][ T6925] sock_sendmsg+0xcf/0x120 [ 58.732247][ T6925] ____sys_sendmsg+0x6e8/0x810 [ 58.737000][ T6925] ? kernel_sendmsg+0x50/0x50 [ 58.741649][ T6925] ? do_recvmmsg+0x6d0/0x6d0 [ 58.746214][ T6925] ? lock_acquire+0x1f1/0xad0 [ 58.750888][ T6925] ? do_huge_pmd_anonymous_page+0x120d/0x2230 [ 58.756939][ T6925] ? find_held_lock+0x2d/0x110 [ 58.761675][ T6925] ___sys_sendmsg+0xf3/0x170 [ 58.766237][ T6925] ? sendmsg_copy_msghdr+0x160/0x160 [ 58.771503][ T6925] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.777467][ T6925] ? do_huge_pmd_anonymous_page+0x8ef/0x2230 [ 58.783422][ T6925] ? handle_mm_fault+0xad9/0x43f0 [ 58.788421][ T6925] ? find_held_lock+0x2d/0x110 [ 58.793159][ T6925] ? __fget_light+0x215/0x280 [ 58.797809][ T6925] __sys_sendmsg+0xe5/0x1b0 [ 58.802283][ T6925] ? __sys_sendmsg_sock+0xb0/0xb0 [ 58.807295][ T6925] ? do_syscall_64+0x1c/0xe0 [ 58.811869][ T6925] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.817820][ T6925] do_syscall_64+0x60/0xe0 [ 58.822216][ T6925] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 58.828094][ T6925] RIP: 0033:0x441409 [ 58.832006][ T6925] Code: Bad RIP value. [ 58.836061][ T6925] RSP: 002b:00007ffd613d9108 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 58.844441][ T6925] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441409 [ 58.852386][ T6925] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 58.860375][ T6925] RBP: 000000000000e1e3 R08: 0000000100000000 R09: 0000000100000000 [ 58.868319][ T6925] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402220 [ 58.876272][ T6925] R13: 00000000004022b0 R14: 0000000000000000 R15: 0000000000000000 [ 58.885104][ T6925] Kernel Offset: disabled [ 58.889414][ T6925] Rebooting in 86400 seconds..