Warning: Permanently added '10.128.0.138' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program [ 61.843510][ T6799] netlink: 'syz-executor962': attribute type 3 has an invalid length. [ 61.850312][ T6806] netlink: 'syz-executor962': attribute type 3 has an invalid length. [ 61.859638][ T6808] netlink: 'syz-executor962': attribute type 3 has an invalid length. [ 61.861854][ T6806] netlink: 'syz-executor962': attribute type 8 has an invalid length. [ 61.872132][ T6807] netlink: 'syz-executor962': attribute type 3 has an invalid length. [ 61.879141][ T6809] netlink: 'syz-executor962': attribute type 3 has an invalid length. executing program [ 61.888056][ T6810] netlink: 'syz-executor962': attribute type 3 has an invalid length. [ 61.894701][ T6806] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor962'. [ 61.904042][ T6799] netlink: 'syz-executor962': attribute type 8 has an invalid length. [ 61.912601][ T6809] netlink: 'syz-executor962': attribute type 8 has an invalid length. [ 61.921824][ T6807] netlink: 'syz-executor962': attribute type 8 has an invalid length. executing program executing program executing program [ 61.929614][ T6809] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor962'. [ 61.938569][ T6808] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor962'. [ 61.955439][ T6810] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor962'. [ 61.960415][ T6799] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor962'. [ 61.969708][ T6807] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor962'. executing program [ 61.983603][ T6818] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor962'. [ 62.007899][ T6821] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor962'. [ 62.008645][ T6822] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor962'. [ 62.020867][ T6825] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor962'. [ 62.035598][ T6822] ================================================================== [ 62.045480][ T6822] BUG: KASAN: vmalloc-out-of-bounds in nl802154_dump_wpan_phy+0x98e/0x9c0 [ 62.054067][ T6822] Read of size 4 at addr ffffc90005ffe018 by task syz-executor962/6822 [ 62.062433][ T6822] [ 62.064765][ T6822] CPU: 1 PID: 6822 Comm: syz-executor962 Not tainted 5.8.0-rc1-syzkaller #0 [ 62.073739][ T6822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.084424][ T6822] Call Trace: [ 62.087713][ T6822] dump_stack+0x18f/0x20d [ 62.092596][ T6822] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 62.098212][ T6822] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 62.104410][ T6822] print_address_description.constprop.0.cold+0x5/0x436 [ 62.111405][ T6822] ? check_preemption_disabled+0x38/0x220 [ 62.117175][ T6822] ? vprintk_func+0x97/0x1a6 [ 62.121882][ T6822] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 62.127422][ T6822] kasan_report.cold+0x1f/0x37 [ 62.132884][ T6822] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 62.138433][ T6822] nl802154_dump_wpan_phy+0x98e/0x9c0 [ 62.144174][ T6822] ? kmem_cache_alloc_node_trace+0x3b0/0x400 [ 62.150157][ T6822] ? __kmalloc_node_track_caller+0x38/0x60 [ 62.155987][ T6822] ? nl802154_send_wpan_phy.constprop.0+0x21d0/0x21d0 [ 62.162938][ T6822] ? __phys_addr+0x9a/0x110 [ 62.167980][ T6822] ? memset+0x20/0x40 [ 62.172086][ T6822] genl_lock_dumpit+0x7f/0xb0 [ 62.176774][ T6822] netlink_dump+0x4cd/0xf60 [ 62.181375][ T6822] ? netlink_insert+0x1670/0x1670 [ 62.186629][ T6822] ? __mutex_unlock_slowpath+0xe2/0x610 [ 62.192279][ T6822] ? genl_start+0x45a/0x6e0 [ 62.197139][ T6822] __netlink_dump_start+0x643/0x900 [ 62.202453][ T6822] ? genl_rcv_msg+0x9e0/0x9e0 [ 62.207123][ T6822] ? nl802154_send_wpan_phy.constprop.0+0x21d0/0x21d0 [ 62.213879][ T6822] genl_family_rcv_msg_dumpit+0x2ac/0x310 [ 62.219713][ T6822] ? genl_rcv+0x40/0x40 [ 62.223974][ T6822] ? mutex_lock_io_nested+0xf60/0xf60 [ 62.229587][ T6822] ? mark_lock+0xbc/0x1710 [ 62.233997][ T6822] ? genl_rcv_msg+0x9e0/0x9e0 [ 62.238657][ T6822] ? genl_unlock+0x20/0x20 [ 62.243051][ T6822] ? genl_parallel_done+0x170/0x170 [ 62.248238][ T6822] ? __radix_tree_lookup+0x1f3/0x290 [ 62.253615][ T6822] genl_rcv_msg+0x797/0x9e0 [ 62.258125][ T6822] ? genl_family_rcv_msg_attrs_parse.isra.0+0x310/0x310 [ 62.265143][ T6822] ? lock_acquire+0x1f1/0xad0 [ 62.269897][ T6822] ? genl_rcv+0x15/0x40 [ 62.274050][ T6822] ? lock_release+0x8d0/0x8d0 [ 62.278839][ T6822] netlink_rcv_skb+0x15a/0x430 [ 62.283603][ T6822] ? genl_family_rcv_msg_attrs_parse.isra.0+0x310/0x310 [ 62.290843][ T6822] ? netlink_ack+0xa10/0xa10 [ 62.295455][ T6822] genl_rcv+0x24/0x40 [ 62.299422][ T6822] netlink_unicast+0x533/0x7d0 [ 62.304640][ T6822] ? netlink_attachskb+0x810/0x810 [ 62.309760][ T6822] ? _copy_from_iter_full+0x247/0x890 [ 62.315118][ T6822] ? __phys_addr_symbol+0x2c/0x70 [ 62.320529][ T6822] ? __check_object_size+0x171/0x3e4 [ 62.326174][ T6822] netlink_sendmsg+0x856/0xd90 [ 62.333268][ T6822] ? netlink_unicast+0x7d0/0x7d0 [ 62.338285][ T6822] ? netlink_unicast+0x7d0/0x7d0 [ 62.343402][ T6822] sock_sendmsg+0xcf/0x120 [ 62.347808][ T6822] ____sys_sendmsg+0x6e8/0x810 [ 62.352583][ T6822] ? kernel_sendmsg+0x50/0x50 [ 62.357650][ T6822] ? do_recvmmsg+0x6d0/0x6d0 [ 62.362340][ T6822] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 62.368421][ T6822] ___sys_sendmsg+0xf3/0x170 [ 62.373008][ T6822] ? sendmsg_copy_msghdr+0x160/0x160 [ 62.378295][ T6822] ? __fget_files+0x272/0x400 [ 62.382981][ T6822] ? lock_downgrade+0x820/0x820 [ 62.387862][ T6822] ? check_preemption_disabled+0x38/0x220 [ 62.393568][ T6822] ? check_preemption_disabled+0x38/0x220 [ 62.399393][ T6822] ? __fget_files+0x294/0x400 [ 62.404076][ T6822] ? __fget_light+0xea/0x280 [ 62.408658][ T6822] __sys_sendmsg+0xe5/0x1b0 [ 62.413158][ T6822] ? __sys_sendmsg_sock+0xb0/0xb0 [ 62.418321][ T6822] ? check_preemption_disabled+0x38/0x220 [ 62.424214][ T6822] ? do_syscall_64+0x1c/0xe0 [ 62.428834][ T6822] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 62.434815][ T6822] do_syscall_64+0x60/0xe0 [ 62.439458][ T6822] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 62.445333][ T6822] RIP: 0033:0x446889 [ 62.449218][ T6822] Code: Bad RIP value. [ 62.453259][ T6822] RSP: 002b:00007f160fe46d98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 62.461672][ T6822] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 0000000000446889 [ 62.469641][ T6822] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 62.477711][ T6822] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000 [ 62.485671][ T6822] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 62.493639][ T6822] R13: 4003001060fc2401 R14: 0d94638c64805ad2 R15: 6b35001a0000480a [ 62.501621][ T6822] [ 62.503933][ T6822] [ 62.506252][ T6822] Memory state around the buggy address: [ 62.511862][ T6822] ffffc90005ffdf00: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 62.520093][ T6822] ffffc90005ffdf80: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 62.528153][ T6822] >ffffc90005ffe000: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 62.536185][ T6822] ^ executing program [ 62.541010][ T6822] ffffc90005ffe080: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 62.549547][ T6822] ffffc90005ffe100: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 62.557795][ T6822] ================================================================== [ 62.565866][ T6822] Disabling lock debugging due to kernel taint [ 62.573814][ T6822] Kernel panic - not syncing: panic_on_warn set ... [ 62.581819][ T6822] CPU: 1 PID: 6822 Comm: syz-executor962 Tainted: G B 5.8.0-rc1-syzkaller #0 [ 62.593786][ T6822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.604192][ T6822] Call Trace: [ 62.607528][ T6822] dump_stack+0x18f/0x20d [ 62.611963][ T6822] ? nl802154_dump_wpan_phy+0x940/0x9c0 [ 62.617505][ T6822] panic+0x2e3/0x75c [ 62.621408][ T6822] ? __warn_printk+0xf3/0xf3 [ 62.625984][ T6822] ? preempt_schedule_common+0x59/0xc0 [ 62.631421][ T6822] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 62.636945][ T6822] ? preempt_schedule_thunk+0x16/0x18 [ 62.642379][ T6822] ? trace_hardirqs_on+0x55/0x220 [ 62.647384][ T6822] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 62.652920][ T6822] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 62.658634][ T6822] end_report+0x4d/0x53 [ 62.662789][ T6822] kasan_report.cold+0xd/0x37 [ 62.667580][ T6822] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 62.673200][ T6822] nl802154_dump_wpan_phy+0x98e/0x9c0 [ 62.679442][ T6822] ? kmem_cache_alloc_node_trace+0x3b0/0x400 [ 62.685414][ T6822] ? __kmalloc_node_track_caller+0x38/0x60 [ 62.691243][ T6822] ? nl802154_send_wpan_phy.constprop.0+0x21d0/0x21d0 [ 62.698566][ T6822] ? __phys_addr+0x9a/0x110 [ 62.703552][ T6822] ? memset+0x20/0x40 [ 62.707535][ T6822] genl_lock_dumpit+0x7f/0xb0 [ 62.712196][ T6822] netlink_dump+0x4cd/0xf60 [ 62.716789][ T6822] ? netlink_insert+0x1670/0x1670 [ 62.722075][ T6822] ? __mutex_unlock_slowpath+0xe2/0x610 [ 62.728051][ T6822] ? genl_start+0x45a/0x6e0 [ 62.732552][ T6822] __netlink_dump_start+0x643/0x900 [ 62.737833][ T6822] ? genl_rcv_msg+0x9e0/0x9e0 [ 62.742863][ T6822] ? nl802154_send_wpan_phy.constprop.0+0x21d0/0x21d0 [ 62.749704][ T6822] genl_family_rcv_msg_dumpit+0x2ac/0x310 [ 62.755411][ T6822] ? genl_rcv+0x40/0x40 [ 62.759561][ T6822] ? mutex_lock_io_nested+0xf60/0xf60 [ 62.764997][ T6822] ? mark_lock+0xbc/0x1710 [ 62.769402][ T6822] ? genl_rcv_msg+0x9e0/0x9e0 [ 62.774139][ T6822] ? genl_unlock+0x20/0x20 [ 62.778554][ T6822] ? genl_parallel_done+0x170/0x170 [ 62.783742][ T6822] ? __radix_tree_lookup+0x1f3/0x290 [ 62.789044][ T6822] genl_rcv_msg+0x797/0x9e0 [ 62.793551][ T6822] ? genl_family_rcv_msg_attrs_parse.isra.0+0x310/0x310 [ 62.800481][ T6822] ? lock_acquire+0x1f1/0xad0 [ 62.805138][ T6822] ? genl_rcv+0x15/0x40 [ 62.809288][ T6822] ? lock_release+0x8d0/0x8d0 [ 62.814134][ T6822] netlink_rcv_skb+0x15a/0x430 [ 62.818881][ T6822] ? genl_family_rcv_msg_attrs_parse.isra.0+0x310/0x310 [ 62.825805][ T6822] ? netlink_ack+0xa10/0xa10 [ 62.830387][ T6822] genl_rcv+0x24/0x40 [ 62.834345][ T6822] netlink_unicast+0x533/0x7d0 [ 62.839087][ T6822] ? netlink_attachskb+0x810/0x810 [ 62.844364][ T6822] ? _copy_from_iter_full+0x247/0x890 [ 62.849712][ T6822] ? __phys_addr_symbol+0x2c/0x70 [ 62.855666][ T6822] ? __check_object_size+0x171/0x3e4 [ 62.861291][ T6822] netlink_sendmsg+0x856/0xd90 [ 62.866031][ T6822] ? netlink_unicast+0x7d0/0x7d0 [ 62.870953][ T6822] ? netlink_unicast+0x7d0/0x7d0 [ 62.875878][ T6822] sock_sendmsg+0xcf/0x120 [ 62.880310][ T6822] ____sys_sendmsg+0x6e8/0x810 [ 62.885257][ T6822] ? kernel_sendmsg+0x50/0x50 [ 62.890215][ T6822] ? do_recvmmsg+0x6d0/0x6d0 [ 62.894936][ T6822] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 62.901234][ T6822] ___sys_sendmsg+0xf3/0x170 [ 62.906027][ T6822] ? sendmsg_copy_msghdr+0x160/0x160 [ 62.911378][ T6822] ? __fget_files+0x272/0x400 [ 62.916060][ T6822] ? lock_downgrade+0x820/0x820 [ 62.920996][ T6822] ? check_preemption_disabled+0x38/0x220 [ 62.926809][ T6822] ? check_preemption_disabled+0x38/0x220 [ 62.932527][ T6822] ? __fget_files+0x294/0x400 [ 62.937211][ T6822] ? __fget_light+0xea/0x280 [ 62.941791][ T6822] __sys_sendmsg+0xe5/0x1b0 [ 62.946653][ T6822] ? __sys_sendmsg_sock+0xb0/0xb0 [ 62.951675][ T6822] ? check_preemption_disabled+0x38/0x220 [ 62.957587][ T6822] ? do_syscall_64+0x1c/0xe0 [ 62.962220][ T6822] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 62.968216][ T6822] do_syscall_64+0x60/0xe0 [ 62.973282][ T6822] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 62.979338][ T6822] RIP: 0033:0x446889 [ 62.983362][ T6822] Code: Bad RIP value. [ 62.987518][ T6822] RSP: 002b:00007f160fe46d98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 62.996028][ T6822] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 0000000000446889 [ 63.004098][ T6822] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 63.012053][ T6822] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000 [ 63.020143][ T6822] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 63.028106][ T6822] R13: 4003001060fc2401 R14: 0d94638c64805ad2 R15: 6b35001a0000480a [ 63.037625][ T6822] Kernel Offset: disabled [ 63.042239][ T6822] Rebooting in 86400 seconds..