Warning: Permanently added '10.128.0.13' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
syzkaller login: [  549.836334][ T6808] netlink: 26 bytes leftover after parsing attributes in process `syz-executor982'.
[  549.842720][ T6813] netlink: 26 bytes leftover after parsing attributes in process `syz-executor982'.
[  549.854262][ T6814] netlink: 26 bytes leftover after parsing attributes in process `syz-executor982'.
[  549.856687][ T6815] netlink: 26 bytes leftover after parsing attributes in process `syz-executor982'.
[  549.865594][ T6816] netlink: 26 bytes leftover after parsing attributes in process `syz-executor982'.
executing program
executing program
[  549.876283][ T6813] netlink: 'syz-executor982': attribute type 6 has an invalid length.
[  549.885055][ T6817] netlink: 26 bytes leftover after parsing attributes in process `syz-executor982'.
[  549.895636][ T6815] netlink: 'syz-executor982': attribute type 6 has an invalid length.
[  549.902212][ T6814] netlink: 'syz-executor982': attribute type 6 has an invalid length.
[  549.911125][ T6808] netlink: 'syz-executor982': attribute type 6 has an invalid length.
[  549.918695][ T6817] netlink: 'syz-executor982': attribute type 6 has an invalid length.
[  549.935353][ T6816] ==================================================================
[  549.943725][ T6816] BUG: KASAN: use-after-free in nla_memcpy+0x9c/0xa0
[  549.950399][ T6816] Read of size 2 at addr ffff8880a0ca8414 by task syz-executor982/6816
[  549.958612][ T6816] 
[  549.960926][ T6816] CPU: 0 PID: 6816 Comm: syz-executor982 Not tainted 5.8.0-rc2-syzkaller #0
[  549.969591][ T6816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  549.979695][ T6816] Call Trace:
[  549.982972][ T6816]  dump_stack+0x18f/0x20d
[  549.987328][ T6816]  ? nla_memcpy+0x9c/0xa0
[  549.991636][ T6816]  ? nla_memcpy+0x9c/0xa0
[  549.996037][ T6816]  print_address_description.constprop.0.cold+0xae/0x436
[  550.003123][ T6816]  ? vprintk_func+0x97/0x1a6
[  550.007705][ T6816]  ? nla_memcpy+0x9c/0xa0
[  550.012016][ T6816]  kasan_report.cold+0x1f/0x37
[  550.016762][ T6816]  ? nla_memcpy+0x9c/0xa0
[  550.021075][ T6816]  nla_memcpy+0x9c/0xa0
[  550.025343][ T6816]  __cfg802154_wpan_dev_from_attrs+0x3e0/0x510
[  550.031552][ T6816]  ? lock_acquire+0x1f1/0xad0
[  550.036253][ T6816]  ? nl802154_post_doit+0x1f0/0x1f0
[  550.041432][ T6816]  ? lock_release+0x8d0/0x8d0
[  550.046148][ T6816]  ? genl_rcv+0x24/0x40
[  550.050281][ T6816]  ? netlink_unicast+0x533/0x7d0
[  550.055201][ T6816]  ? netlink_sendmsg+0x856/0xd90
[  550.060134][ T6816]  nl802154_prepare_wpan_dev_dump.constprop.0+0xf9/0x490
[  550.067137][ T6816]  nl802154_dump_llsec_dev+0xc0/0xb10
[  550.072529][ T6816]  ? __mutex_lock+0x626/0x10d0
[  550.077272][ T6816]  ? genl_lock_dumpit+0x5b/0xb0
[  550.082113][ T6816]  ? nl802154_get_interface+0x230/0x230
[  550.087662][ T6816]  ? mutex_lock_io_nested+0xf60/0xf60
[  550.093037][ T6816]  ? check_preemption_disabled+0x38/0x220
[  550.098780][ T6816]  ? rcu_read_lock_sched_held+0x3a/0xb0
[  550.104304][ T6816]  ? kmem_cache_alloc_node_trace+0x3b0/0x400
[  550.110270][ T6816]  ? __kmalloc_node_track_caller+0x38/0x60
[  550.116064][ T6816]  ? kasan_unpoison_shadow+0x33/0x40
[  550.121399][ T6816]  ? __phys_addr+0x9a/0x110
[  550.125903][ T6816]  ? memset+0x20/0x40
[  550.129886][ T6816]  genl_lock_dumpit+0x7f/0xb0
[  550.134601][ T6816]  netlink_dump+0x4cd/0xf60
[  550.139099][ T6816]  ? netlink_insert+0x1670/0x1670
[  550.144101][ T6816]  ? __mutex_unlock_slowpath+0xe2/0x610
[  550.149638][ T6816]  ? genl_start+0x45a/0x6e0
[  550.154128][ T6816]  __netlink_dump_start+0x643/0x900
[  550.159316][ T6816]  ? genl_rcv_msg+0x9e0/0x9e0
[  550.163989][ T6816]  ? nl802154_get_interface+0x230/0x230
[  550.169521][ T6816]  genl_family_rcv_msg_dumpit+0x2ac/0x310
[  550.175271][ T6816]  ? genl_rcv+0x40/0x40
[  550.179448][ T6816]  ? mutex_lock_io_nested+0xf60/0xf60
[  550.184908][ T6816]  ? apparmor_capable+0x1d8/0x460
[  550.189914][ T6816]  ? genl_rcv_msg+0x9e0/0x9e0
[  550.194566][ T6816]  ? genl_unlock+0x20/0x20
[  550.198960][ T6816]  ? genl_parallel_done+0x170/0x170
[  550.204192][ T6816]  ? ns_capable+0xde/0x100
[  550.208602][ T6816]  genl_rcv_msg+0x797/0x9e0
[  550.213134][ T6816]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x310/0x310
[  550.220051][ T6816]  ? lock_acquire+0x1f1/0xad0
[  550.224703][ T6816]  ? genl_rcv+0x15/0x40
[  550.228838][ T6816]  ? lock_release+0x8d0/0x8d0
[  550.233500][ T6816]  netlink_rcv_skb+0x15a/0x430
[  550.238244][ T6816]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x310/0x310
[  550.245156][ T6816]  ? netlink_ack+0xa10/0xa10
[  550.249733][ T6816]  genl_rcv+0x24/0x40
[  550.253699][ T6816]  netlink_unicast+0x533/0x7d0
[  550.258458][ T6816]  ? netlink_attachskb+0x810/0x810
[  550.263856][ T6816]  ? _copy_from_iter_full+0x247/0x890
[  550.269206][ T6816]  ? __phys_addr+0x9a/0x110
[  550.273688][ T6816]  ? __phys_addr_symbol+0x2c/0x70
[  550.278782][ T6816]  ? __check_object_size+0x171/0x3e4
[  550.284049][ T6816]  netlink_sendmsg+0x856/0xd90
[  550.289489][ T6816]  ? netlink_unicast+0x7d0/0x7d0
[  550.294424][ T6816]  ? netlink_unicast+0x7d0/0x7d0
[  550.299449][ T6816]  sock_sendmsg+0xcf/0x120
[  550.303847][ T6816]  ____sys_sendmsg+0x6e8/0x810
[  550.308590][ T6816]  ? kernel_sendmsg+0x50/0x50
[  550.313250][ T6816]  ? do_recvmmsg+0x6d0/0x6d0
[  550.317861][ T6816]  ? release_pages+0x641/0x17a0
[  550.322699][ T6816]  ___sys_sendmsg+0xf3/0x170
[  550.327975][ T6816]  ? sendmsg_copy_msghdr+0x160/0x160
[  550.333325][ T6816]  ? do_huge_pmd_anonymous_page+0x1b94/0x2230
[  550.339390][ T6816]  ? check_preemption_disabled+0x38/0x220
[  550.345112][ T6816]  ? do_huge_pmd_anonymous_page+0x8ef/0x2230
[  550.351150][ T6816]  ? handle_mm_fault+0xad9/0x4420
[  550.356176][ T6816]  ? __fget_light+0x215/0x280
[  550.360839][ T6816]  __sys_sendmsg+0xe5/0x1b0
[  550.365322][ T6816]  ? __sys_sendmsg_sock+0xb0/0xb0
[  550.370328][ T6816]  ? check_preemption_disabled+0x38/0x220
[  550.376047][ T6816]  ? do_syscall_64+0x1c/0xe0
[  550.380625][ T6816]  ? lockdep_hardirqs_on_prepare+0x3a2/0x590
[  550.386586][ T6816]  do_syscall_64+0x60/0xe0
[  550.390989][ T6816]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  550.396869][ T6816] RIP: 0033:0x4413c9
[  550.400751][ T6816] Code: Bad RIP value.
[  550.404811][ T6816] RSP: 002b:00007fff5b30bca8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  550.413196][ T6816] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004413c9
[  550.421149][ T6816] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[  550.429107][ T6816] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8
[  550.437074][ T6816] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402140
[  550.445124][ T6816] R13: 00000000004021d0 R14: 0000000000000000 R15: 0000000000000000
[  550.453107][ T6816] 
[  550.455476][ T6816] Allocated by task 6815:
[  550.459797][ T6816]  save_stack+0x1b/0x40
[  550.463940][ T6816]  __kasan_kmalloc.constprop.0+0xc2/0xd0
[  550.469565][ T6816]  __alloc_skb+0xae/0x550
[  550.473871][ T6816]  netlink_sendmsg+0x94f/0xd90
[  550.478635][ T6816]  sock_sendmsg+0xcf/0x120
[  550.483037][ T6816]  ____sys_sendmsg+0x6e8/0x810
[  550.487775][ T6816]  ___sys_sendmsg+0xf3/0x170
[  550.492356][ T6816]  __sys_sendmsg+0xe5/0x1b0
[  550.496856][ T6816]  do_syscall_64+0x60/0xe0
[  550.501259][ T6816]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  550.507123][ T6816] 
[  550.509428][ T6816] Freed by task 6815:
[  550.513387][ T6816]  save_stack+0x1b/0x40
[  550.517531][ T6816]  __kasan_slab_free+0xf5/0x140
[  550.522367][ T6816]  kfree+0x103/0x2c0
[  550.526240][ T6816]  skb_release_data+0x6d9/0x910
[  550.531066][ T6816]  consume_skb+0xc2/0x160
[  550.535372][ T6816]  netlink_unicast+0x53b/0x7d0
[  550.540110][ T6816]  netlink_sendmsg+0x856/0xd90
[  550.544865][ T6816]  sock_sendmsg+0xcf/0x120
[  550.549259][ T6816]  ____sys_sendmsg+0x6e8/0x810
[  550.554015][ T6816]  ___sys_sendmsg+0xf3/0x170
[  550.558579][ T6816]  __sys_sendmsg+0xe5/0x1b0
[  550.563075][ T6816]  do_syscall_64+0x60/0xe0
[  550.567468][ T6816]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  550.573328][ T6816] 
[  550.575634][ T6816] The buggy address belongs to the object at ffff8880a0ca8400
[  550.575634][ T6816]  which belongs to the cache kmalloc-512 of size 512
[  550.589662][ T6816] The buggy address is located 20 bytes inside of
[  550.589662][ T6816]  512-byte region [ffff8880a0ca8400, ffff8880a0ca8600)
[  550.602816][ T6816] The buggy address belongs to the page:
[  550.608426][ T6816] page:ffffea0002832a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0
[  550.617514][ T6816] flags: 0xfffe0000000200(slab)
[  550.622371][ T6816] raw: 00fffe0000000200 ffffea00029e1288 ffffea00028ef888 ffff8880aa000a80
[  550.630931][ T6816] raw: 0000000000000000 ffff8880a0ca8000 0000000100000004 0000000000000000
[  550.639503][ T6816] page dumped because: kasan: bad access detected
[  550.645887][ T6816] 
[  550.648189][ T6816] Memory state around the buggy address:
[  550.653797][ T6816]  ffff8880a0ca8300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  550.661833][ T6816]  ffff8880a0ca8380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  550.669887][ T6816] >ffff8880a0ca8400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  550.677918][ T6816]                          ^
[  550.682482][ T6816]  ffff8880a0ca8480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
executing program
[  550.690518][ T6816]  ffff8880a0ca8500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  550.698550][ T6816] ==================================================================
[  550.706581][ T6816] Disabling lock debugging due to kernel taint
[  550.713678][ T6816] Kernel panic - not syncing: panic_on_warn set ...
[  550.720269][ T6816] CPU: 0 PID: 6816 Comm: syz-executor982 Tainted: G    B             5.8.0-rc2-syzkaller #0
[  550.730317][ T6816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  550.740360][ T6816] Call Trace:
[  550.743644][ T6816]  dump_stack+0x18f/0x20d
[  550.747969][ T6816]  ? nla_memcpy+0x50/0xa0
[  550.752354][ T6816]  panic+0x2e3/0x75c
[  550.756279][ T6816]  ? __warn_printk+0xf3/0xf3
[  550.760861][ T6816]  ? preempt_schedule_common+0x59/0xc0
[  550.766295][ T6816]  ? nla_memcpy+0x9c/0xa0
[  550.770681][ T6816]  ? preempt_schedule_thunk+0x16/0x18
[  550.776058][ T6816]  ? trace_hardirqs_on+0x55/0x220
[  550.781060][ T6816]  ? nla_memcpy+0x9c/0xa0
[  550.785362][ T6816]  ? nla_memcpy+0x9c/0xa0
[  550.789667][ T6816]  end_report+0x4d/0x53
[  550.793798][ T6816]  kasan_report.cold+0xd/0x37
[  550.798449][ T6816]  ? nla_memcpy+0x9c/0xa0
[  550.802770][ T6816]  nla_memcpy+0x9c/0xa0
[  550.806915][ T6816]  __cfg802154_wpan_dev_from_attrs+0x3e0/0x510
[  550.813051][ T6816]  ? lock_acquire+0x1f1/0xad0
[  550.817708][ T6816]  ? nl802154_post_doit+0x1f0/0x1f0
[  550.822879][ T6816]  ? lock_release+0x8d0/0x8d0
[  550.827548][ T6816]  ? genl_rcv+0x24/0x40
[  550.831677][ T6816]  ? netlink_unicast+0x533/0x7d0
[  550.836604][ T6816]  ? netlink_sendmsg+0x856/0xd90
[  550.841530][ T6816]  nl802154_prepare_wpan_dev_dump.constprop.0+0xf9/0x490
[  550.848543][ T6816]  nl802154_dump_llsec_dev+0xc0/0xb10
[  550.853890][ T6816]  ? __mutex_lock+0x626/0x10d0
[  550.858635][ T6816]  ? genl_lock_dumpit+0x5b/0xb0
[  550.863470][ T6816]  ? nl802154_get_interface+0x230/0x230
[  550.868988][ T6816]  ? mutex_lock_io_nested+0xf60/0xf60
[  550.874332][ T6816]  ? check_preemption_disabled+0x38/0x220
[  550.880027][ T6816]  ? rcu_read_lock_sched_held+0x3a/0xb0
[  550.885547][ T6816]  ? kmem_cache_alloc_node_trace+0x3b0/0x400
[  550.891517][ T6816]  ? __kmalloc_node_track_caller+0x38/0x60
[  550.897308][ T6816]  ? kasan_unpoison_shadow+0x33/0x40
[  550.902577][ T6816]  ? __phys_addr+0x9a/0x110
[  550.907084][ T6816]  ? memset+0x20/0x40
[  550.911058][ T6816]  genl_lock_dumpit+0x7f/0xb0
[  550.915709][ T6816]  netlink_dump+0x4cd/0xf60
[  550.920190][ T6816]  ? netlink_insert+0x1670/0x1670
[  550.925205][ T6816]  ? __mutex_unlock_slowpath+0xe2/0x610
[  550.930726][ T6816]  ? genl_start+0x45a/0x6e0
[  550.935207][ T6816]  __netlink_dump_start+0x643/0x900
[  550.940383][ T6816]  ? genl_rcv_msg+0x9e0/0x9e0
[  550.945055][ T6816]  ? nl802154_get_interface+0x230/0x230
[  550.950597][ T6816]  genl_family_rcv_msg_dumpit+0x2ac/0x310
[  550.956290][ T6816]  ? genl_rcv+0x40/0x40
[  550.960425][ T6816]  ? mutex_lock_io_nested+0xf60/0xf60
[  550.966139][ T6816]  ? apparmor_capable+0x1d8/0x460
[  550.971137][ T6816]  ? genl_rcv_msg+0x9e0/0x9e0
[  550.975788][ T6816]  ? genl_unlock+0x20/0x20
[  550.980174][ T6816]  ? genl_parallel_done+0x170/0x170
[  550.985349][ T6816]  ? ns_capable+0xde/0x100
[  550.989741][ T6816]  genl_rcv_msg+0x797/0x9e0
[  550.994223][ T6816]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x310/0x310
[  551.001169][ T6816]  ? lock_acquire+0x1f1/0xad0
[  551.005833][ T6816]  ? genl_rcv+0x15/0x40
[  551.009981][ T6816]  ? lock_release+0x8d0/0x8d0
[  551.014637][ T6816]  netlink_rcv_skb+0x15a/0x430
[  551.019378][ T6816]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x310/0x310
[  551.026284][ T6816]  ? netlink_ack+0xa10/0xa10
[  551.030857][ T6816]  genl_rcv+0x24/0x40
[  551.034821][ T6816]  netlink_unicast+0x533/0x7d0
[  551.039581][ T6816]  ? netlink_attachskb+0x810/0x810
[  551.044691][ T6816]  ? _copy_from_iter_full+0x247/0x890
[  551.050037][ T6816]  ? __phys_addr+0x9a/0x110
[  551.054513][ T6816]  ? __phys_addr_symbol+0x2c/0x70
[  551.059513][ T6816]  ? __check_object_size+0x171/0x3e4
[  551.064796][ T6816]  netlink_sendmsg+0x856/0xd90
[  551.069545][ T6816]  ? netlink_unicast+0x7d0/0x7d0
[  551.074465][ T6816]  ? netlink_unicast+0x7d0/0x7d0
[  551.079385][ T6816]  sock_sendmsg+0xcf/0x120
[  551.083795][ T6816]  ____sys_sendmsg+0x6e8/0x810
[  551.088543][ T6816]  ? kernel_sendmsg+0x50/0x50
[  551.093194][ T6816]  ? do_recvmmsg+0x6d0/0x6d0
[  551.097763][ T6816]  ? release_pages+0x641/0x17a0
[  551.102594][ T6816]  ___sys_sendmsg+0xf3/0x170
[  551.107171][ T6816]  ? sendmsg_copy_msghdr+0x160/0x160
[  551.112430][ T6816]  ? do_huge_pmd_anonymous_page+0x1b94/0x2230
[  551.118471][ T6816]  ? check_preemption_disabled+0x38/0x220
[  551.124164][ T6816]  ? do_huge_pmd_anonymous_page+0x8ef/0x2230
[  551.130122][ T6816]  ? handle_mm_fault+0xad9/0x4420
[  551.135122][ T6816]  ? __fget_light+0x215/0x280
[  551.139777][ T6816]  __sys_sendmsg+0xe5/0x1b0
[  551.144252][ T6816]  ? __sys_sendmsg_sock+0xb0/0xb0
[  551.149872][ T6816]  ? check_preemption_disabled+0x38/0x220
[  551.155568][ T6816]  ? do_syscall_64+0x1c/0xe0
[  551.160144][ T6816]  ? lockdep_hardirqs_on_prepare+0x3a2/0x590
[  551.166173][ T6816]  do_syscall_64+0x60/0xe0
[  551.170572][ T6816]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  551.176442][ T6816] RIP: 0033:0x4413c9
[  551.180325][ T6816] Code: Bad RIP value.
[  551.184362][ T6816] RSP: 002b:00007fff5b30bca8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  551.192760][ T6816] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004413c9
[  551.200705][ T6816] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[  551.208650][ T6816] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8
[  551.216647][ T6816] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402140
[  551.224591][ T6816] R13: 00000000004021d0 R14: 0000000000000000 R15: 0000000000000000
[  551.233719][ T6816] Kernel Offset: disabled
[  551.238050][ T6816] Rebooting in 86400 seconds..