[ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.43' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 67.740738][ T8413] ================================================================== [ 67.748971][ T8413] BUG: KASAN: global-out-of-bounds in netlink_policy_dump_add_policy+0x3b6/0x440 [ 67.758153][ T8413] Read of size 1 at addr ffffffff89cc61d0 by task syz-executor181/8413 [ 67.766397][ T8413] [ 67.768727][ T8413] CPU: 0 PID: 8413 Comm: syz-executor181 Not tainted 5.11.0-rc6-next-20210205-syzkaller #0 [ 67.778781][ T8413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.788830][ T8413] Call Trace: [ 67.792114][ T8413] dump_stack+0x107/0x163 [ 67.796449][ T8413] ? netlink_policy_dump_add_policy+0x3b6/0x440 [ 67.802682][ T8413] ? netlink_policy_dump_add_policy+0x3b6/0x440 [ 67.808929][ T8413] print_address_description.constprop.0.cold+0x5/0x2f8 [ 67.815858][ T8413] ? netlink_policy_dump_add_policy+0x3b6/0x440 [ 67.822100][ T8413] ? netlink_policy_dump_add_policy+0x3b6/0x440 [ 67.828330][ T8413] kasan_report.cold+0x7c/0xd8 [ 67.833101][ T8413] ? netlink_policy_dump_add_policy+0x3b6/0x440 [ 67.839345][ T8413] netlink_policy_dump_add_policy+0x3b6/0x440 [ 67.845403][ T8413] ? __netlink_policy_dump_write_attr+0xb00/0xb00 [ 67.851822][ T8413] ? __radix_tree_lookup+0x211/0x2a0 [ 67.857121][ T8413] ctrl_dumppolicy_start+0x3e1/0x760 [ 67.862397][ T8413] ? ctrl_getfamily+0x5a0/0x5a0 [ 67.867234][ T8413] ? vdpa_nl_cmd_mgmtdev_get_dumpit+0x280/0x280 [ 67.873476][ T8413] ? vdpa_mgmtdev_fill+0x420/0x420 [ 67.878585][ T8413] ? kasan_unpoison+0x2c/0x50 [ 67.883252][ T8413] ? ctrl_getfamily+0x5a0/0x5a0 [ 67.888100][ T8413] genl_start+0x3cc/0x670 [ 67.892437][ T8413] __netlink_dump_start+0x584/0x900 [ 67.897778][ T8413] ? genl_family_rcv_msg_doit+0x320/0x320 [ 67.903502][ T8413] ? ctrl_dumppolicy_prep+0x3f0/0x3f0 [ 67.909075][ T8413] genl_family_rcv_msg_dumpit+0x2af/0x310 [ 67.914830][ T8413] ? genl_rcv+0x40/0x40 [ 67.918974][ T8413] ? mutex_lock_io_nested+0xf60/0xf60 [ 67.924338][ T8413] ? __lock_acquire+0x2506/0x54c0 [ 67.929353][ T8413] ? genl_family_rcv_msg_doit+0x320/0x320 [ 67.935059][ T8413] ? genl_unlock+0x20/0x20 [ 67.939460][ T8413] ? genl_parallel_done+0xc0/0xc0 [ 67.944733][ T8413] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 67.950961][ T8413] ? __radix_tree_lookup+0x211/0x2a0 [ 67.956232][ T8413] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 67.962456][ T8413] ? genl_get_cmd+0x3cf/0x480 [ 67.967159][ T8413] genl_rcv_msg+0x434/0x580 [ 67.971656][ T8413] ? genl_get_cmd+0x480/0x480 [ 67.976320][ T8413] ? ctrl_getfamily+0x5a0/0x5a0 [ 67.981155][ T8413] ? ctrl_dumppolicy_prep+0x3f0/0x3f0 [ 67.986510][ T8413] ? lockdep_genl_is_held+0x30/0x30 [ 67.991735][ T8413] ? lock_release+0x710/0x710 [ 67.996412][ T8413] netlink_rcv_skb+0x153/0x420 [ 68.001162][ T8413] ? genl_get_cmd+0x480/0x480 [ 68.005826][ T8413] ? netlink_ack+0xaa0/0xaa0 [ 68.010447][ T8413] ? _copy_from_iter_full+0x2fa/0x1120 [ 68.015897][ T8413] genl_rcv+0x24/0x40 [ 68.019864][ T8413] netlink_unicast+0x533/0x7d0 [ 68.024618][ T8413] ? netlink_attachskb+0x870/0x870 [ 68.029715][ T8413] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 68.035941][ T8413] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 68.042180][ T8413] ? __phys_addr_symbol+0x2c/0x70 [ 68.047189][ T8413] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 68.052893][ T8413] ? __check_object_size+0x171/0x3f0 [ 68.058169][ T8413] netlink_sendmsg+0x856/0xd90 [ 68.062926][ T8413] ? netlink_unicast+0x7d0/0x7d0 [ 68.067869][ T8413] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 68.074097][ T8413] ? netlink_unicast+0x7d0/0x7d0 [ 68.079034][ T8413] sock_sendmsg+0xcf/0x120 [ 68.083437][ T8413] ____sys_sendmsg+0x6e8/0x810 [ 68.088188][ T8413] ? kernel_sendmsg+0x50/0x50 [ 68.092847][ T8413] ? do_recvmmsg+0x6c0/0x6c0 [ 68.097422][ T8413] ? do_huge_pmd_anonymous_page+0x123b/0x2310 [ 68.103473][ T8413] ? lock_downgrade+0x6d0/0x6d0 [ 68.108311][ T8413] ___sys_sendmsg+0xf3/0x170 [ 68.112905][ T8413] ? sendmsg_copy_msghdr+0x160/0x160 [ 68.118180][ T8413] ? do_huge_pmd_anonymous_page+0x930/0x2310 [ 68.124148][ T8413] ? lock_chain_count+0x20/0x20 [ 68.128985][ T8413] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 68.135226][ T8413] ? __handle_mm_fault+0x93c/0x4e20 [ 68.140435][ T8413] ? find_held_lock+0x2d/0x110 [ 68.145183][ T8413] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 68.151407][ T8413] ? __fget_light+0x215/0x280 [ 68.156071][ T8413] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 68.162298][ T8413] __sys_sendmsg+0xe5/0x1b0 [ 68.166805][ T8413] ? __sys_sendmsg_sock+0xb0/0xb0 [ 68.171815][ T8413] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 68.178049][ T8413] ? syscall_enter_from_user_mode+0x1d/0x50 [ 68.183949][ T8413] do_syscall_64+0x2d/0x70 [ 68.188349][ T8413] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 68.194228][ T8413] RIP: 0033:0x43ef29 [ 68.198109][ T8413] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 68.217699][ T8413] RSP: 002b:00007ffc75c06108 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 68.226185][ T8413] RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043ef29 [ 68.234139][ T8413] RDX: 0000000000000000 RSI: 00000000200029c0 RDI: 0000000000000003 [ 68.242093][ T8413] RBP: 0000000000402f10 R08: 00000000004ac018 R09: 0000000000400488 [ 68.250057][ T8413] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402fa0 [ 68.258011][ T8413] R13: 0000000000000000 R14: 00000000004ac018 R15: 0000000000400488 [ 68.265980][ T8413] [ 68.268286][ T8413] The buggy address belongs to the variable: [ 68.274237][ T8413] vdpa_nl_policy+0x90/0x3a00 [ 68.278923][ T8413] [ 68.281239][ T8413] Memory state around the buggy address: [ 68.286857][ T8413] ffffffff89cc6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 68.294898][ T8413] ffffffff89cc6100: 00 00 00 00 f9 f9 f9 f9 00 00 00 00 00 00 00 00 [ 68.302956][ T8413] >ffffffff89cc6180: 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 [ 68.311008][ T8413] ^ [ 68.317659][ T8413] ffffffff89cc6200: 05 f9 f9 f9 f9 f9 f9 f9 00 00 07 f9 f9 f9 f9 f9 [ 68.325709][ T8413] ffffffff89cc6280: 00 00 00 01 f9 f9 f9 f9 00 07 f9 f9 f9 f9 f9 f9 [ 68.333757][ T8413] ================================================================== [ 68.341807][ T8413] Disabling lock debugging due to kernel taint [ 68.350330][ T8413] Kernel panic - not syncing: panic_on_warn set ... [ 68.356934][ T8413] CPU: 1 PID: 8413 Comm: syz-executor181 Tainted: G B 5.11.0-rc6-next-20210205-syzkaller #0 [ 68.368302][ T8413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.378366][ T8413] Call Trace: [ 68.381629][ T8413] dump_stack+0x107/0x163 [ 68.385945][ T8413] ? netlink_policy_dump_add_policy+0x300/0x440 [ 68.392166][ T8413] panic+0x306/0x73d [ 68.396044][ T8413] ? __warn_printk+0xf3/0xf3 [ 68.400613][ T8413] ? preempt_schedule_common+0x59/0xc0 [ 68.406050][ T8413] ? netlink_policy_dump_add_policy+0x3b6/0x440 [ 68.412309][ T8413] ? preempt_schedule_thunk+0x16/0x18 [ 68.417662][ T8413] ? trace_hardirqs_on+0x38/0x1c0 [ 68.422669][ T8413] ? trace_hardirqs_on+0x51/0x1c0 [ 68.427672][ T8413] ? netlink_policy_dump_add_policy+0x3b6/0x440 [ 68.433890][ T8413] ? netlink_policy_dump_add_policy+0x3b6/0x440 [ 68.440111][ T8413] end_report.cold+0x5a/0x5a [ 68.444678][ T8413] kasan_report.cold+0x6a/0xd8 [ 68.449420][ T8413] ? netlink_policy_dump_add_policy+0x3b6/0x440 [ 68.455685][ T8413] netlink_policy_dump_add_policy+0x3b6/0x440 [ 68.461735][ T8413] ? __netlink_policy_dump_write_attr+0xb00/0xb00 [ 68.468139][ T8413] ? __radix_tree_lookup+0x211/0x2a0 [ 68.473419][ T8413] ctrl_dumppolicy_start+0x3e1/0x760 [ 68.478684][ T8413] ? ctrl_getfamily+0x5a0/0x5a0 [ 68.483520][ T8413] ? vdpa_nl_cmd_mgmtdev_get_dumpit+0x280/0x280 [ 68.489742][ T8413] ? vdpa_mgmtdev_fill+0x420/0x420 [ 68.494830][ T8413] ? kasan_unpoison+0x2c/0x50 [ 68.499486][ T8413] ? ctrl_getfamily+0x5a0/0x5a0 [ 68.504314][ T8413] genl_start+0x3cc/0x670 [ 68.508636][ T8413] __netlink_dump_start+0x584/0x900 [ 68.513827][ T8413] ? genl_family_rcv_msg_doit+0x320/0x320 [ 68.519642][ T8413] ? ctrl_dumppolicy_prep+0x3f0/0x3f0 [ 68.525000][ T8413] genl_family_rcv_msg_dumpit+0x2af/0x310 [ 68.530707][ T8413] ? genl_rcv+0x40/0x40 [ 68.534843][ T8413] ? mutex_lock_io_nested+0xf60/0xf60 [ 68.540234][ T8413] ? __lock_acquire+0x2506/0x54c0 [ 68.545244][ T8413] ? genl_family_rcv_msg_doit+0x320/0x320 [ 68.550944][ T8413] ? genl_unlock+0x20/0x20 [ 68.555338][ T8413] ? genl_parallel_done+0xc0/0xc0 [ 68.560357][ T8413] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 68.566577][ T8413] ? __radix_tree_lookup+0x211/0x2a0 [ 68.571839][ T8413] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 68.578062][ T8413] ? genl_get_cmd+0x3cf/0x480 [ 68.582727][ T8413] genl_rcv_msg+0x434/0x580 [ 68.587224][ T8413] ? genl_get_cmd+0x480/0x480 [ 68.591890][ T8413] ? ctrl_getfamily+0x5a0/0x5a0 [ 68.596740][ T8413] ? ctrl_dumppolicy_prep+0x3f0/0x3f0 [ 68.602097][ T8413] ? lockdep_genl_is_held+0x30/0x30 [ 68.607280][ T8413] ? lock_release+0x710/0x710 [ 68.611990][ T8413] netlink_rcv_skb+0x153/0x420 [ 68.616735][ T8413] ? genl_get_cmd+0x480/0x480 [ 68.621393][ T8413] ? netlink_ack+0xaa0/0xaa0 [ 68.626006][ T8413] ? _copy_from_iter_full+0x2fa/0x1120 [ 68.631449][ T8413] genl_rcv+0x24/0x40 [ 68.635411][ T8413] netlink_unicast+0x533/0x7d0 [ 68.640198][ T8413] ? netlink_attachskb+0x870/0x870 [ 68.645288][ T8413] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 68.651508][ T8413] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 68.657725][ T8413] ? __phys_addr_symbol+0x2c/0x70 [ 68.662778][ T8413] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 68.668477][ T8413] ? __check_object_size+0x171/0x3f0 [ 68.673745][ T8413] netlink_sendmsg+0x856/0xd90 [ 68.678491][ T8413] ? netlink_unicast+0x7d0/0x7d0 [ 68.683414][ T8413] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 68.689773][ T8413] ? netlink_unicast+0x7d0/0x7d0 [ 68.694745][ T8413] sock_sendmsg+0xcf/0x120 [ 68.699186][ T8413] ____sys_sendmsg+0x6e8/0x810 [ 68.703930][ T8413] ? kernel_sendmsg+0x50/0x50 [ 68.708599][ T8413] ? do_recvmmsg+0x6c0/0x6c0 [ 68.713227][ T8413] ? do_huge_pmd_anonymous_page+0x123b/0x2310 [ 68.719292][ T8413] ? lock_downgrade+0x6d0/0x6d0 [ 68.724128][ T8413] ___sys_sendmsg+0xf3/0x170 [ 68.728704][ T8413] ? sendmsg_copy_msghdr+0x160/0x160 [ 68.733971][ T8413] ? do_huge_pmd_anonymous_page+0x930/0x2310 [ 68.739945][ T8413] ? lock_chain_count+0x20/0x20 [ 68.744776][ T8413] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 68.751130][ T8413] ? __handle_mm_fault+0x93c/0x4e20 [ 68.756320][ T8413] ? find_held_lock+0x2d/0x110 [ 68.761062][ T8413] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 68.767293][ T8413] ? __fget_light+0x215/0x280 [ 68.771948][ T8413] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 68.778166][ T8413] __sys_sendmsg+0xe5/0x1b0 [ 68.782651][ T8413] ? __sys_sendmsg_sock+0xb0/0xb0 [ 68.787654][ T8413] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 68.793878][ T8413] ? syscall_enter_from_user_mode+0x1d/0x50 [ 68.799753][ T8413] do_syscall_64+0x2d/0x70 [ 68.804147][ T8413] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 68.810037][ T8413] RIP: 0033:0x43ef29 [ 68.813920][ T8413] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 68.833520][ T8413] RSP: 002b:00007ffc75c06108 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 68.841922][ T8413] RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043ef29 [ 68.849869][ T8413] RDX: 0000000000000000 RSI: 00000000200029c0 RDI: 0000000000000003 [ 68.857820][ T8413] RBP: 0000000000402f10 R08: 00000000004ac018 R09: 0000000000400488 [ 68.865823][ T8413] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402fa0 [ 68.873830][ T8413] R13: 0000000000000000 R14: 00000000004ac018 R15: 0000000000400488 [ 68.882561][ T8413] Kernel Offset: disabled [ 68.886877][ T8413] Rebooting in 86400 seconds..