[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.190' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 76.385467][ T6813] netlink: 'syz-executor118': attribute type 3 has an invalid length. [ 76.392318][ T6818] netlink: 'syz-executor118': attribute type 3 has an invalid length. [ 76.402325][ T6819] netlink: 'syz-executor118': attribute type 3 has an invalid length. [ 76.403461][ T6820] netlink: 'syz-executor118': attribute type 3 has an invalid length. [ 76.411937][ T6821] netlink: 'syz-executor118': attribute type 3 has an invalid length. [ 76.423115][ T6822] netlink: 'syz-executor118': attribute type 3 has an invalid length. [ 76.427779][ T6813] netlink: 'syz-executor118': attribute type 8 has an invalid length. [ 76.436419][ T6818] netlink: 'syz-executor118': attribute type 8 has an invalid length. [ 76.444189][ T6821] netlink: 'syz-executor118': attribute type 8 has an invalid length. [ 76.456721][ T6820] netlink: 'syz-executor118': attribute type 8 has an invalid length. [ 76.461059][ T6819] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor118'. [ 76.469890][ T6822] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor118'. [ 76.478815][ T6813] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor118'. [ 76.489695][ T6820] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor118'. [ 76.498206][ T6821] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor118'. [ 76.514482][ T6820] ================================================================== [ 76.518483][ T6818] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor118'. executing program [ 76.525671][ T6820] BUG: KASAN: vmalloc-out-of-bounds in nl802154_dump_wpan_phy+0x98e/0x9c0 [ 76.525683][ T6820] Read of size 4 at addr ffffc90005ea1018 by task syz-executor118/6820 [ 76.525688][ T6820] [ 76.525705][ T6820] CPU: 1 PID: 6820 Comm: syz-executor118 Not tainted 5.8.0-rc1-syzkaller #0 [ 76.525713][ T6820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.525726][ T6820] Call Trace: [ 76.576352][ T6820] dump_stack+0x18f/0x20d [ 76.580665][ T6820] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 76.586192][ T6820] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 76.591725][ T6820] print_address_description.constprop.0.cold+0x5/0x436 [ 76.598651][ T6820] ? check_preemption_disabled+0x38/0x220 [ 76.604404][ T6820] ? vprintk_func+0x97/0x1a6 [ 76.608981][ T6820] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 76.614593][ T6820] kasan_report.cold+0x1f/0x37 [ 76.619382][ T6820] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 76.624908][ T6820] nl802154_dump_wpan_phy+0x98e/0x9c0 [ 76.630266][ T6820] ? kmem_cache_alloc_node_trace+0x3b0/0x400 [ 76.636412][ T6820] ? __kmalloc_node_track_caller+0x38/0x60 [ 76.642211][ T6820] ? nl802154_send_wpan_phy.constprop.0+0x21d0/0x21d0 [ 76.648963][ T6820] ? __phys_addr+0x9a/0x110 [ 76.653457][ T6820] ? memset+0x20/0x40 [ 76.657447][ T6820] genl_lock_dumpit+0x7f/0xb0 [ 76.662125][ T6820] netlink_dump+0x4cd/0xf60 [ 76.666615][ T6820] ? netlink_insert+0x1670/0x1670 [ 76.671621][ T6820] ? __mutex_unlock_slowpath+0xe2/0x610 [ 76.677171][ T6820] ? genl_start+0x45a/0x6e0 [ 76.681666][ T6820] __netlink_dump_start+0x643/0x900 [ 76.686853][ T6820] ? genl_rcv_msg+0x9e0/0x9e0 [ 76.691521][ T6820] ? nl802154_send_wpan_phy.constprop.0+0x21d0/0x21d0 [ 76.698275][ T6820] genl_family_rcv_msg_dumpit+0x2ac/0x310 [ 76.703995][ T6820] ? genl_rcv+0x40/0x40 [ 76.708177][ T6820] ? mutex_lock_io_nested+0xf60/0xf60 [ 76.713548][ T6820] ? mark_lock+0xbc/0x1710 [ 76.717952][ T6820] ? genl_rcv_msg+0x9e0/0x9e0 [ 76.722612][ T6820] ? genl_unlock+0x20/0x20 [ 76.727015][ T6820] ? genl_parallel_done+0x170/0x170 [ 76.732200][ T6820] ? __radix_tree_lookup+0x1f3/0x290 [ 76.739640][ T6820] genl_rcv_msg+0x797/0x9e0 [ 76.744156][ T6820] ? genl_family_rcv_msg_attrs_parse.isra.0+0x310/0x310 [ 76.751094][ T6820] ? lock_acquire+0x1f1/0xad0 [ 76.755765][ T6820] ? genl_rcv+0x15/0x40 [ 76.759906][ T6820] ? lock_release+0x8d0/0x8d0 [ 76.764586][ T6820] netlink_rcv_skb+0x15a/0x430 [ 76.769356][ T6820] ? genl_family_rcv_msg_attrs_parse.isra.0+0x310/0x310 [ 76.776277][ T6820] ? netlink_ack+0xa10/0xa10 [ 76.780880][ T6820] genl_rcv+0x24/0x40 [ 76.784844][ T6820] netlink_unicast+0x533/0x7d0 [ 76.789700][ T6820] ? netlink_attachskb+0x810/0x810 [ 76.794798][ T6820] ? _copy_from_iter_full+0x247/0x890 [ 76.800180][ T6820] ? __phys_addr_symbol+0x2c/0x70 [ 76.805190][ T6820] ? __check_object_size+0x171/0x3e4 [ 76.810460][ T6820] netlink_sendmsg+0x856/0xd90 [ 76.815225][ T6820] ? netlink_unicast+0x7d0/0x7d0 [ 76.820150][ T6820] ? netlink_unicast+0x7d0/0x7d0 [ 76.825071][ T6820] sock_sendmsg+0xcf/0x120 [ 76.829481][ T6820] ____sys_sendmsg+0x6e8/0x810 [ 76.834284][ T6820] ? kernel_sendmsg+0x50/0x50 [ 76.838942][ T6820] ? do_recvmmsg+0x6d0/0x6d0 [ 76.843536][ T6820] ? release_pages+0x641/0x17a0 [ 76.848399][ T6820] ___sys_sendmsg+0xf3/0x170 [ 76.852972][ T6820] ? sendmsg_copy_msghdr+0x160/0x160 [ 76.858271][ T6820] ? do_huge_pmd_anonymous_page+0x1b94/0x2230 [ 76.864331][ T6820] ? check_preemption_disabled+0x38/0x220 [ 76.870051][ T6820] ? do_huge_pmd_anonymous_page+0x8ef/0x2230 [ 76.876034][ T6820] ? handle_mm_fault+0xad9/0x4420 [ 76.881063][ T6820] ? __fget_light+0x215/0x280 [ 76.885768][ T6820] __sys_sendmsg+0xe5/0x1b0 [ 76.890280][ T6820] ? __sys_sendmsg_sock+0xb0/0xb0 [ 76.895314][ T6820] ? check_preemption_disabled+0x38/0x220 [ 76.901037][ T6820] ? do_syscall_64+0x1c/0xe0 [ 76.905634][ T6820] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 76.911605][ T6820] do_syscall_64+0x60/0xe0 [ 76.916012][ T6820] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 76.921887][ T6820] RIP: 0033:0x441319 [ 76.925757][ T6820] Code: Bad RIP value. [ 76.929808][ T6820] RSP: 002b:00007fff95574ae8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 76.938201][ T6820] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441319 [ 76.946163][ T6820] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 76.954127][ T6820] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8 [ 76.962084][ T6820] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402090 [ 76.970042][ T6820] R13: 0000000000402120 R14: 0000000000000000 R15: 0000000000000000 [ 76.978004][ T6820] [ 76.980309][ T6820] [ 76.982617][ T6820] Memory state around the buggy address: [ 76.988226][ T6820] ffffc90005ea0f00: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 76.996267][ T6820] ffffc90005ea0f80: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 77.004314][ T6820] >ffffc90005ea1000: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 77.012367][ T6820] ^ [ 77.017199][ T6820] ffffc90005ea1080: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 77.025241][ T6820] ffffc90005ea1100: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 77.033281][ T6820] ================================================================== [ 77.041321][ T6820] Disabling lock debugging due to kernel taint [ 77.048121][ T6820] Kernel panic - not syncing: panic_on_warn set ... [ 77.054724][ T6820] CPU: 1 PID: 6820 Comm: syz-executor118 Tainted: G B 5.8.0-rc1-syzkaller #0 [ 77.064779][ T6820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 77.074830][ T6820] Call Trace: [ 77.078102][ T6820] dump_stack+0x18f/0x20d [ 77.082431][ T6820] ? nl802154_dump_wpan_phy+0x940/0x9c0 [ 77.087953][ T6820] panic+0x2e3/0x75c [ 77.091825][ T6820] ? __warn_printk+0xf3/0xf3 [ 77.096399][ T6820] ? preempt_schedule_common+0x59/0xc0 [ 77.101848][ T6820] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 77.107372][ T6820] ? preempt_schedule_thunk+0x16/0x18 [ 77.112755][ T6820] ? trace_hardirqs_on+0x55/0x220 [ 77.117777][ T6820] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 77.123298][ T6820] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 77.128840][ T6820] end_report+0x4d/0x53 [ 77.132973][ T6820] kasan_report.cold+0xd/0x37 [ 77.137629][ T6820] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 77.143166][ T6820] nl802154_dump_wpan_phy+0x98e/0x9c0 [ 77.148531][ T6820] ? kmem_cache_alloc_node_trace+0x3b0/0x400 [ 77.154552][ T6820] ? __kmalloc_node_track_caller+0x38/0x60 [ 77.160345][ T6820] ? nl802154_send_wpan_phy.constprop.0+0x21d0/0x21d0 [ 77.167143][ T6820] ? __phys_addr+0x9a/0x110 [ 77.171638][ T6820] ? memset+0x20/0x40 [ 77.175606][ T6820] genl_lock_dumpit+0x7f/0xb0 [ 77.180386][ T6820] netlink_dump+0x4cd/0xf60 [ 77.184929][ T6820] ? netlink_insert+0x1670/0x1670 [ 77.189935][ T6820] ? __mutex_unlock_slowpath+0xe2/0x610 [ 77.195605][ T6820] ? genl_start+0x45a/0x6e0 [ 77.200090][ T6820] __netlink_dump_start+0x643/0x900 [ 77.205422][ T6820] ? genl_rcv_msg+0x9e0/0x9e0 [ 77.210078][ T6820] ? nl802154_send_wpan_phy.constprop.0+0x21d0/0x21d0 [ 77.216818][ T6820] genl_family_rcv_msg_dumpit+0x2ac/0x310 [ 77.222521][ T6820] ? genl_rcv+0x40/0x40 [ 77.226656][ T6820] ? mutex_lock_io_nested+0xf60/0xf60 [ 77.232011][ T6820] ? mark_lock+0xbc/0x1710 [ 77.236430][ T6820] ? genl_rcv_msg+0x9e0/0x9e0 [ 77.241086][ T6820] ? genl_unlock+0x20/0x20 [ 77.245484][ T6820] ? genl_parallel_done+0x170/0x170 [ 77.250683][ T6820] ? __radix_tree_lookup+0x1f3/0x290 [ 77.255948][ T6820] genl_rcv_msg+0x797/0x9e0 [ 77.260438][ T6820] ? genl_family_rcv_msg_attrs_parse.isra.0+0x310/0x310 [ 77.267371][ T6820] ? lock_acquire+0x1f1/0xad0 [ 77.272026][ T6820] ? genl_rcv+0x15/0x40 [ 77.276160][ T6820] ? lock_release+0x8d0/0x8d0 [ 77.280816][ T6820] netlink_rcv_skb+0x15a/0x430 [ 77.285571][ T6820] ? genl_family_rcv_msg_attrs_parse.isra.0+0x310/0x310 [ 77.292493][ T6820] ? netlink_ack+0xa10/0xa10 [ 77.297063][ T6820] genl_rcv+0x24/0x40 [ 77.301034][ T6820] netlink_unicast+0x533/0x7d0 [ 77.305788][ T6820] ? netlink_attachskb+0x810/0x810 [ 77.310889][ T6820] ? _copy_from_iter_full+0x247/0x890 [ 77.316245][ T6820] ? __phys_addr_symbol+0x2c/0x70 [ 77.321253][ T6820] ? __check_object_size+0x171/0x3e4 [ 77.326524][ T6820] netlink_sendmsg+0x856/0xd90 [ 77.331351][ T6820] ? netlink_unicast+0x7d0/0x7d0 [ 77.336331][ T6820] ? netlink_unicast+0x7d0/0x7d0 [ 77.341253][ T6820] sock_sendmsg+0xcf/0x120 [ 77.345705][ T6820] ____sys_sendmsg+0x6e8/0x810 [ 77.350449][ T6820] ? kernel_sendmsg+0x50/0x50 [ 77.355103][ T6820] ? do_recvmmsg+0x6d0/0x6d0 [ 77.359672][ T6820] ? release_pages+0x641/0x17a0 [ 77.364504][ T6820] ___sys_sendmsg+0xf3/0x170 [ 77.369131][ T6820] ? sendmsg_copy_msghdr+0x160/0x160 [ 77.374397][ T6820] ? do_huge_pmd_anonymous_page+0x1b94/0x2230 [ 77.380447][ T6820] ? check_preemption_disabled+0x38/0x220 [ 77.386149][ T6820] ? do_huge_pmd_anonymous_page+0x8ef/0x2230 [ 77.392113][ T6820] ? handle_mm_fault+0xad9/0x4420 [ 77.397120][ T6820] ? __fget_light+0x215/0x280 [ 77.401779][ T6820] __sys_sendmsg+0xe5/0x1b0 [ 77.406269][ T6820] ? __sys_sendmsg_sock+0xb0/0xb0 [ 77.411282][ T6820] ? check_preemption_disabled+0x38/0x220 [ 77.416994][ T6820] ? do_syscall_64+0x1c/0xe0 [ 77.421568][ T6820] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 77.427597][ T6820] do_syscall_64+0x60/0xe0 [ 77.432145][ T6820] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 77.438025][ T6820] RIP: 0033:0x441319 [ 77.441898][ T6820] Code: Bad RIP value. [ 77.445950][ T6820] RSP: 002b:00007fff95574ae8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 77.454339][ T6820] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441319 [ 77.462293][ T6820] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 77.470242][ T6820] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8 [ 77.478199][ T6820] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402090 [ 77.486157][ T6820] R13: 0000000000402120 R14: 0000000000000000 R15: 0000000000000000 [ 77.495325][ T6820] Kernel Offset: disabled [ 77.499646][ T6820] Rebooting in 86400 seconds..