[[0;32m  OK  [0m] Started Getty on tty2.
[[0;32m  OK  [0m] Started Serial Getty on ttyS0.
[[0;32m  OK  [0m] Started Getty on tty1.
[[0;32m  OK  [0m] Started getty on tty2-tty6 if dbus and logind are not available.
[[0;32m  OK  [0m] Started OpenBSD Secure Shell server.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.18' (ECDSA) to the list of known hosts.
syzkaller login: [   61.838215][ T6810] IPVS: ftp: loaded support on port[0] = 21
[   61.849482][ T6804] IPVS: ftp: loaded support on port[0] = 21
[   61.853327][ T6812] IPVS: ftp: loaded support on port[0] = 21
[   61.864743][ T6809] IPVS: ftp: loaded support on port[0] = 21
[   61.873458][ T6807] IPVS: ftp: loaded support on port[0] = 21
[   61.882043][ T6811] IPVS: ftp: loaded support on port[0] = 21
executing program
executing program
executing program
[   62.006985][ T6885] netlink: 'syz-executor459': attribute type 3 has an invalid length.
[   62.021459][ T6885] netlink: 'syz-executor459': attribute type 8 has an invalid length.
[   62.037545][ T6908] netlink: 'syz-executor459': attribute type 3 has an invalid length.
executing program
executing program
executing program
[   62.049668][ T6885] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor459'.
[   62.064011][ T6919] netlink: 'syz-executor459': attribute type 3 has an invalid length.
[   62.077854][ T6926] netlink: 'syz-executor459': attribute type 3 has an invalid length.
[   62.083797][ T6937] netlink: 'syz-executor459': attribute type 3 has an invalid length.
[   62.086565][ T6908] netlink: 'syz-executor459': attribute type 8 has an invalid length.
executing program
[   62.097623][ T6938] netlink: 'syz-executor459': attribute type 3 has an invalid length.
[   62.105188][ T6919] netlink: 'syz-executor459': attribute type 8 has an invalid length.
[   62.111470][ T6938] netlink: 'syz-executor459': attribute type 8 has an invalid length.
[   62.122124][ T6926] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor459'.
[   62.129718][ T6937] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor459'.
[   62.140990][ T6939] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor459'.
executing program
executing program
executing program
[   62.148167][ T6938] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor459'.
[   62.156951][ T6908] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor459'.
[   62.175551][ T6940] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor459'.
[   62.176931][ T6919] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor459'.
[   62.189190][ T6941] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor459'.
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   62.207014][ T6942] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor459'.
[   62.243564][ T6942] ==================================================================
[   62.251773][ T6942] BUG: KASAN: vmalloc-out-of-bounds in nl802154_dump_wpan_phy+0x98e/0x9c0
[   62.260253][ T6942] Read of size 4 at addr ffffc900021dd018 by task syz-executor459/6942
[   62.268462][ T6942] 
[   62.270798][ T6942] CPU: 0 PID: 6942 Comm: syz-executor459 Not tainted 5.8.0-rc2-syzkaller #0
[   62.279437][ T6942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   62.289556][ T6942] Call Trace:
[   62.292837][ T6942]  dump_stack+0x18f/0x20d
[   62.297148][ T6942]  ? nl802154_dump_wpan_phy+0x98e/0x9c0
[   62.302676][ T6942]  ? nl802154_dump_wpan_phy+0x98e/0x9c0
[   62.308199][ T6942]  print_address_description.constprop.0.cold+0x5/0x436
[   62.315236][ T6942]  ? check_preemption_disabled+0x38/0x220
[   62.320951][ T6942]  ? vprintk_func+0x97/0x1a6
[   62.325518][ T6942]  ? nl802154_dump_wpan_phy+0x98e/0x9c0
[   62.331038][ T6942]  kasan_report.cold+0x1f/0x37
[   62.335777][ T6942]  ? nl802154_dump_wpan_phy+0x98e/0x9c0
[   62.341311][ T6942]  nl802154_dump_wpan_phy+0x98e/0x9c0
[   62.346669][ T6942]  ? kmem_cache_alloc_node_trace+0x3b0/0x400
[   62.352627][ T6942]  ? __kmalloc_node_track_caller+0x38/0x60
[   62.358412][ T6942]  ? nl802154_send_wpan_phy.constprop.0+0x21d0/0x21d0
[   62.365149][ T6942]  ? __phys_addr+0x9a/0x110
[   62.369628][ T6942]  ? memset+0x20/0x40
[   62.373601][ T6942]  genl_lock_dumpit+0x7f/0xb0
[   62.378263][ T6942]  netlink_dump+0x4cd/0xf60
[   62.382754][ T6942]  ? netlink_insert+0x1670/0x1670
[   62.387753][ T6942]  ? __mutex_unlock_slowpath+0xe2/0x610
[   62.393279][ T6942]  ? genl_start+0x45a/0x6e0
[   62.397767][ T6942]  __netlink_dump_start+0x643/0x900
[   62.402945][ T6942]  ? genl_rcv_msg+0x9e0/0x9e0
[   62.407600][ T6942]  ? nl802154_send_wpan_phy.constprop.0+0x21d0/0x21d0
[   62.414345][ T6942]  genl_family_rcv_msg_dumpit+0x2ac/0x310
[   62.420062][ T6942]  ? genl_rcv+0x40/0x40
[   62.424190][ T6942]  ? mutex_lock_io_nested+0xf60/0xf60
[   62.429547][ T6942]  ? mark_lock+0xbc/0x1710
[   62.433947][ T6942]  ? genl_rcv_msg+0x9e0/0x9e0
[   62.438597][ T6942]  ? genl_unlock+0x20/0x20
[   62.442999][ T6942]  ? genl_parallel_done+0x170/0x170
[   62.448184][ T6942]  ? __radix_tree_lookup+0x1f3/0x290
[   62.453479][ T6942]  genl_rcv_msg+0x797/0x9e0
[   62.457977][ T6942]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x310/0x310
[   62.464887][ T6942]  ? lock_acquire+0x1f1/0xad0
[   62.469538][ T6942]  ? genl_rcv+0x15/0x40
[   62.473671][ T6942]  ? lock_release+0x8d0/0x8d0
[   62.478360][ T6942]  netlink_rcv_skb+0x15a/0x430
[   62.483112][ T6942]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x310/0x310
[   62.490043][ T6942]  ? netlink_ack+0xa10/0xa10
[   62.494638][ T6942]  genl_rcv+0x24/0x40
[   62.498593][ T6942]  netlink_unicast+0x533/0x7d0
[   62.503350][ T6942]  ? netlink_attachskb+0x810/0x810
[   62.508441][ T6942]  ? _copy_from_iter_full+0x247/0x890
[   62.513787][ T6942]  ? __phys_addr_symbol+0x2c/0x70
[   62.518785][ T6942]  ? __check_object_size+0x171/0x3e4
[   62.524046][ T6942]  netlink_sendmsg+0x856/0xd90
[   62.528789][ T6942]  ? netlink_unicast+0x7d0/0x7d0
[   62.533712][ T6942]  ? netlink_unicast+0x7d0/0x7d0
[   62.538660][ T6942]  sock_sendmsg+0xcf/0x120
[   62.543055][ T6942]  ____sys_sendmsg+0x6e8/0x810
[   62.547903][ T6942]  ? kernel_sendmsg+0x50/0x50
[   62.552591][ T6942]  ? do_recvmmsg+0x6d0/0x6d0
[   62.557166][ T6942]  ? release_pages+0x641/0x17a0
[   62.561998][ T6942]  ___sys_sendmsg+0xf3/0x170
[   62.566566][ T6942]  ? sendmsg_copy_msghdr+0x160/0x160
[   62.571836][ T6942]  ? do_huge_pmd_anonymous_page+0x1b94/0x2230
[   62.577886][ T6942]  ? check_preemption_disabled+0x38/0x220
[   62.583593][ T6942]  ? do_huge_pmd_anonymous_page+0x8ef/0x2230
[   62.589556][ T6942]  ? handle_mm_fault+0xad9/0x4420
[   62.594559][ T6942]  ? __fget_light+0x215/0x280
[   62.599232][ T6942]  __sys_sendmsg+0xe5/0x1b0
[   62.603735][ T6942]  ? __sys_sendmsg_sock+0xb0/0xb0
[   62.608751][ T6942]  ? check_preemption_disabled+0x38/0x220
[   62.614462][ T6942]  ? do_syscall_64+0x1c/0xe0
[   62.619030][ T6942]  ? lockdep_hardirqs_on_prepare+0x3a2/0x590
[   62.624986][ T6942]  do_syscall_64+0x60/0xe0
[   62.629396][ T6942]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   62.635269][ T6942] RIP: 0033:0x441409
[   62.639139][ T6942] Code: Bad RIP value.
[   62.643176][ T6942] RSP: 002b:00007ffc49bb0c48 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   62.651565][ T6942] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441409
[   62.659520][ T6942] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[   62.667482][ T6942] RBP: 000000000000f2ba R08: 0000000100000000 R09: 0000000100000000
[   62.675431][ T6942] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402220
[   62.683375][ T6942] R13: 00000000004022b0 R14: 0000000000000000 R15: 0000000000000000
[   62.691330][ T6942] 
[   62.693633][ T6942] 
[   62.695934][ T6942] Memory state around the buggy address:
[   62.701540][ T6942]  ffffc900021dcf00: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
executing program
executing program
executing program
[   62.709587][ T6942]  ffffc900021dcf80: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
[   62.717629][ T6942] >ffffc900021dd000: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
[   62.725673][ T6942]                             ^
[   62.730508][ T6942]  ffffc900021dd080: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
[   62.738539][ T6942]  ffffc900021dd100: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
[   62.746569][ T6942] ==================================================================
[   62.754601][ T6942] Disabling lock debugging due to kernel taint
[   62.761725][ T6942] Kernel panic - not syncing: panic_on_warn set ...
[   62.768315][ T6942] CPU: 0 PID: 6942 Comm: syz-executor459 Tainted: G    B             5.8.0-rc2-syzkaller #0
[   62.778362][ T6942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   62.788404][ T6942] Call Trace:
[   62.791684][ T6942]  dump_stack+0x18f/0x20d
[   62.796003][ T6942]  ? nl802154_dump_wpan_phy+0x910/0x9c0
[   62.801577][ T6942]  panic+0x2e3/0x75c
[   62.805442][ T6942]  ? __warn_printk+0xf3/0xf3
[   62.810010][ T6942]  ? preempt_schedule_common+0x59/0xc0
[   62.815437][ T6942]  ? nl802154_dump_wpan_phy+0x98e/0x9c0
[   62.820998][ T6942]  ? preempt_schedule_thunk+0x16/0x18
[   62.826378][ T6942]  ? trace_hardirqs_on+0x55/0x220
[   62.831374][ T6942]  ? nl802154_dump_wpan_phy+0x98e/0x9c0
[   62.836979][ T6942]  ? nl802154_dump_wpan_phy+0x98e/0x9c0
[   62.842500][ T6942]  end_report+0x4d/0x53
[   62.846626][ T6942]  kasan_report.cold+0xd/0x37
[   62.851281][ T6942]  ? nl802154_dump_wpan_phy+0x98e/0x9c0
[   62.856816][ T6942]  nl802154_dump_wpan_phy+0x98e/0x9c0
[   62.862177][ T6942]  ? kmem_cache_alloc_node_trace+0x3b0/0x400
[   62.868139][ T6942]  ? __kmalloc_node_track_caller+0x38/0x60
[   62.873912][ T6942]  ? nl802154_send_wpan_phy.constprop.0+0x21d0/0x21d0
[   62.880645][ T6942]  ? __phys_addr+0x9a/0x110
[   62.885128][ T6942]  ? memset+0x20/0x40
[   62.889087][ T6942]  genl_lock_dumpit+0x7f/0xb0
[   62.893734][ T6942]  netlink_dump+0x4cd/0xf60
[   62.898210][ T6942]  ? netlink_insert+0x1670/0x1670
[   62.903241][ T6942]  ? __mutex_unlock_slowpath+0xe2/0x610
[   62.908761][ T6942]  ? genl_start+0x45a/0x6e0
[   62.913236][ T6942]  __netlink_dump_start+0x643/0x900
[   62.918404][ T6942]  ? genl_rcv_msg+0x9e0/0x9e0
[   62.923064][ T6942]  ? nl802154_send_wpan_phy.constprop.0+0x21d0/0x21d0
[   62.929807][ T6942]  genl_family_rcv_msg_dumpit+0x2ac/0x310
[   62.935611][ T6942]  ? genl_rcv+0x40/0x40
[   62.939738][ T6942]  ? mutex_lock_io_nested+0xf60/0xf60
[   62.945082][ T6942]  ? mark_lock+0xbc/0x1710
[   62.949480][ T6942]  ? genl_rcv_msg+0x9e0/0x9e0
[   62.954125][ T6942]  ? genl_unlock+0x20/0x20
[   62.958512][ T6942]  ? genl_parallel_done+0x170/0x170
[   62.963681][ T6942]  ? __radix_tree_lookup+0x1f3/0x290
[   62.968959][ T6942]  genl_rcv_msg+0x797/0x9e0
[   62.973550][ T6942]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x310/0x310
[   62.980454][ T6942]  ? lock_acquire+0x1f1/0xad0
[   62.985105][ T6942]  ? genl_rcv+0x15/0x40
[   62.989233][ T6942]  ? lock_release+0x8d0/0x8d0
[   62.993889][ T6942]  netlink_rcv_skb+0x15a/0x430
[   62.998627][ T6942]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x310/0x310
[   63.005546][ T6942]  ? netlink_ack+0xa10/0xa10
[   63.010124][ T6942]  genl_rcv+0x24/0x40
[   63.014079][ T6942]  netlink_unicast+0x533/0x7d0
[   63.018813][ T6942]  ? netlink_attachskb+0x810/0x810
[   63.023895][ T6942]  ? _copy_from_iter_full+0x247/0x890
[   63.029245][ T6942]  ? __phys_addr_symbol+0x2c/0x70
[   63.034251][ T6942]  ? __check_object_size+0x171/0x3e4
[   63.039509][ T6942]  netlink_sendmsg+0x856/0xd90
[   63.044242][ T6942]  ? netlink_unicast+0x7d0/0x7d0
[   63.049153][ T6942]  ? netlink_unicast+0x7d0/0x7d0
[   63.054063][ T6942]  sock_sendmsg+0xcf/0x120
[   63.058450][ T6942]  ____sys_sendmsg+0x6e8/0x810
[   63.063190][ T6942]  ? kernel_sendmsg+0x50/0x50
[   63.067834][ T6942]  ? do_recvmmsg+0x6d0/0x6d0
[   63.072393][ T6942]  ? release_pages+0x641/0x17a0
[   63.077247][ T6942]  ___sys_sendmsg+0xf3/0x170
[   63.081808][ T6942]  ? sendmsg_copy_msghdr+0x160/0x160
[   63.087063][ T6942]  ? do_huge_pmd_anonymous_page+0x1b94/0x2230
[   63.093114][ T6942]  ? check_preemption_disabled+0x38/0x220
[   63.098804][ T6942]  ? do_huge_pmd_anonymous_page+0x8ef/0x2230
[   63.104771][ T6942]  ? handle_mm_fault+0xad9/0x4420
[   63.109772][ T6942]  ? __fget_light+0x215/0x280
[   63.114435][ T6942]  __sys_sendmsg+0xe5/0x1b0
[   63.118909][ T6942]  ? __sys_sendmsg_sock+0xb0/0xb0
[   63.123920][ T6942]  ? check_preemption_disabled+0x38/0x220
[   63.129611][ T6942]  ? do_syscall_64+0x1c/0xe0
[   63.134172][ T6942]  ? lockdep_hardirqs_on_prepare+0x3a2/0x590
[   63.140119][ T6942]  do_syscall_64+0x60/0xe0
[   63.144506][ T6942]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   63.150375][ T6942] RIP: 0033:0x441409
[   63.154238][ T6942] Code: Bad RIP value.
[   63.158272][ T6942] RSP: 002b:00007ffc49bb0c48 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   63.166649][ T6942] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441409
[   63.174596][ T6942] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[   63.182540][ T6942] RBP: 000000000000f2ba R08: 0000000100000000 R09: 0000000100000000
[   63.190483][ T6942] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402220
[   63.198436][ T6942] R13: 00000000004022b0 R14: 0000000000000000 R15: 0000000000000000
[   63.207673][ T6942] Kernel Offset: disabled
[   63.211983][ T6942] Rebooting in 86400 seconds..