[ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.224' (ECDSA) to the list of known hosts. syzkaller login: [ 68.234762][ T6823] IPVS: ftp: loaded support on port[0] = 21 [ 68.249525][ T6822] IPVS: ftp: loaded support on port[0] = 21 [ 68.250444][ T6825] IPVS: ftp: loaded support on port[0] = 21 [ 68.259102][ T6817] IPVS: ftp: loaded support on port[0] = 21 [ 68.272248][ T6820] IPVS: ftp: loaded support on port[0] = 21 [ 68.282541][ T6824] IPVS: ftp: loaded support on port[0] = 21 executing program executing program [ 68.357549][ T6866] netlink: 'syz-executor958': attribute type 3 has an invalid length. [ 68.369173][ T6866] netlink: 'syz-executor958': attribute type 8 has an invalid length. [ 68.382210][ T6866] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor958'. executing program [ 68.405541][ T6901] netlink: 'syz-executor958': attribute type 3 has an invalid length. [ 68.416174][ T6901] netlink: 'syz-executor958': attribute type 8 has an invalid length. [ 68.427817][ T6901] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor958'. [ 68.445138][ T6921] netlink: 'syz-executor958': attribute type 3 has an invalid length. executing program executing program executing program [ 68.457037][ T6921] netlink: 'syz-executor958': attribute type 8 has an invalid length. [ 68.467716][ T6921] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor958'. [ 68.485918][ T6941] netlink: 'syz-executor958': attribute type 3 has an invalid length. [ 68.498930][ T6944] netlink: 'syz-executor958': attribute type 3 has an invalid length. executing program executing program executing program [ 68.504748][ T6952] netlink: 'syz-executor958': attribute type 3 has an invalid length. [ 68.512366][ T6951] netlink: 'syz-executor958': attribute type 3 has an invalid length. [ 68.520247][ T6953] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor958'. [ 68.526879][ T6941] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor958'. [ 68.537001][ T6954] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor958'. executing program executing program executing program [ 68.544652][ T6944] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor958'. [ 68.561973][ T6955] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor958'. [ 68.564382][ T6951] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor958'. [ 68.575284][ T6956] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor958'. [ 68.586272][ T6944] ================================================================== [ 68.599796][ T6944] BUG: KASAN: vmalloc-out-of-bounds in nl802154_dump_wpan_phy+0x98e/0x9c0 [ 68.608367][ T6944] Read of size 4 at addr ffffc90001e19018 by task syz-executor958/6944 [ 68.616571][ T6944] [ 68.618892][ T6944] CPU: 0 PID: 6944 Comm: syz-executor958 Not tainted 5.8.0-rc2-syzkaller #0 [ 68.627545][ T6944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.637577][ T6944] Call Trace: [ 68.640849][ T6944] dump_stack+0x18f/0x20d [ 68.645158][ T6944] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 68.650683][ T6944] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 68.656211][ T6944] print_address_description.constprop.0.cold+0x5/0x436 [ 68.663130][ T6944] ? check_preemption_disabled+0x38/0x220 [ 68.668839][ T6944] ? vprintk_func+0x97/0x1a6 [ 68.673415][ T6944] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 68.678955][ T6944] kasan_report.cold+0x1f/0x37 [ 68.683714][ T6944] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 68.689248][ T6944] nl802154_dump_wpan_phy+0x98e/0x9c0 [ 68.694604][ T6944] ? kmem_cache_alloc_node_trace+0x3b0/0x400 [ 68.700561][ T6944] ? __kmalloc_node_track_caller+0x38/0x60 [ 68.706344][ T6944] ? nl802154_send_wpan_phy.constprop.0+0x21d0/0x21d0 [ 68.713098][ T6944] ? __phys_addr+0x9a/0x110 [ 68.717601][ T6944] ? memset+0x20/0x40 [ 68.721576][ T6944] genl_lock_dumpit+0x7f/0xb0 [ 68.726253][ T6944] netlink_dump+0x4cd/0xf60 [ 68.730761][ T6944] ? netlink_insert+0x1670/0x1670 [ 68.735774][ T6944] ? __mutex_unlock_slowpath+0xe2/0x610 [ 68.741301][ T6944] ? genl_start+0x45a/0x6e0 [ 68.745793][ T6944] __netlink_dump_start+0x643/0x900 [ 68.750981][ T6944] ? genl_rcv_msg+0x9e0/0x9e0 [ 68.755648][ T6944] ? nl802154_send_wpan_phy.constprop.0+0x21d0/0x21d0 [ 68.762399][ T6944] genl_family_rcv_msg_dumpit+0x2ac/0x310 [ 68.768101][ T6944] ? genl_rcv+0x40/0x40 [ 68.772235][ T6944] ? mutex_lock_io_nested+0xf60/0xf60 [ 68.777589][ T6944] ? mark_lock+0xbc/0x1710 [ 68.781992][ T6944] ? genl_rcv_msg+0x9e0/0x9e0 [ 68.786650][ T6944] ? genl_unlock+0x20/0x20 [ 68.791045][ T6944] ? genl_parallel_done+0x170/0x170 [ 68.796229][ T6944] ? __radix_tree_lookup+0x1f3/0x290 [ 68.801505][ T6944] genl_rcv_msg+0x797/0x9e0 [ 68.805993][ T6944] ? genl_family_rcv_msg_attrs_parse.isra.0+0x310/0x310 [ 68.812918][ T6944] ? lock_acquire+0x1f1/0xad0 [ 68.817578][ T6944] ? genl_rcv+0x15/0x40 [ 68.821736][ T6944] ? lock_release+0x8d0/0x8d0 [ 68.826396][ T6944] netlink_rcv_skb+0x15a/0x430 [ 68.831156][ T6944] ? genl_family_rcv_msg_attrs_parse.isra.0+0x310/0x310 [ 68.838078][ T6944] ? netlink_ack+0xa10/0xa10 [ 68.842658][ T6944] genl_rcv+0x24/0x40 [ 68.846616][ T6944] netlink_unicast+0x533/0x7d0 [ 68.851358][ T6944] ? netlink_attachskb+0x810/0x810 [ 68.856452][ T6944] ? _copy_from_iter_full+0x247/0x890 [ 68.861813][ T6944] ? __phys_addr_symbol+0x2c/0x70 [ 68.866825][ T6944] ? __check_object_size+0x171/0x3e4 [ 68.872115][ T6944] netlink_sendmsg+0x856/0xd90 [ 68.876860][ T6944] ? netlink_unicast+0x7d0/0x7d0 [ 68.881781][ T6944] ? netlink_unicast+0x7d0/0x7d0 [ 68.886695][ T6944] sock_sendmsg+0xcf/0x120 [ 68.891086][ T6944] ____sys_sendmsg+0x6e8/0x810 [ 68.895826][ T6944] ? kernel_sendmsg+0x50/0x50 [ 68.900480][ T6944] ? do_recvmmsg+0x6d0/0x6d0 [ 68.905093][ T6944] ? release_pages+0x641/0x17a0 [ 68.909931][ T6944] ___sys_sendmsg+0xf3/0x170 [ 68.914499][ T6944] ? sendmsg_copy_msghdr+0x160/0x160 [ 68.919765][ T6944] ? do_huge_pmd_anonymous_page+0x1b94/0x2230 [ 68.925806][ T6944] ? check_preemption_disabled+0x38/0x220 [ 68.931503][ T6944] ? do_huge_pmd_anonymous_page+0x8ef/0x2230 [ 68.937471][ T6944] ? handle_mm_fault+0xad9/0x4420 [ 68.942473][ T6944] ? __fget_light+0x215/0x280 [ 68.947147][ T6944] __sys_sendmsg+0xe5/0x1b0 [ 68.951628][ T6944] ? __sys_sendmsg_sock+0xb0/0xb0 [ 68.956628][ T6944] ? check_preemption_disabled+0x38/0x220 [ 68.962349][ T6944] ? do_syscall_64+0x1c/0xe0 [ 68.966932][ T6944] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 68.972888][ T6944] do_syscall_64+0x60/0xe0 [ 68.977307][ T6944] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 68.983177][ T6944] RIP: 0033:0x441409 [ 68.987042][ T6944] Code: Bad RIP value. [ 68.991080][ T6944] RSP: 002b:00007ffdc7fdb3f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 68.999467][ T6944] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441409 [ 69.007421][ T6944] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 69.015371][ T6944] RBP: 0000000000010b37 R08: 0000000100000000 R09: 0000000100000000 [ 69.023317][ T6944] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402220 [ 69.031265][ T6944] R13: 00000000004022b0 R14: 0000000000000000 R15: 0000000000000000 [ 69.039219][ T6944] [ 69.041519][ T6944] [ 69.043831][ T6944] Memory state around the buggy address: [ 69.049441][ T6944] ffffc90001e18f00: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 69.057476][ T6944] ffffc90001e18f80: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 69.065524][ T6944] >ffffc90001e19000: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 69.073584][ T6944] ^ [ 69.078408][ T6944] ffffc90001e19080: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 69.086442][ T6944] ffffc90001e19100: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 69.094509][ T6944] ================================================================== [ 69.102554][ T6944] Disabling lock debugging due to kernel taint [ 69.108923][ T6944] Kernel panic - not syncing: panic_on_warn set ... [ 69.115510][ T6944] CPU: 0 PID: 6944 Comm: syz-executor958 Tainted: G B 5.8.0-rc2-syzkaller #0 [ 69.125556][ T6944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.135599][ T6944] Call Trace: [ 69.138894][ T6944] dump_stack+0x18f/0x20d [ 69.143220][ T6944] ? nl802154_dump_wpan_phy+0x910/0x9c0 [ 69.148754][ T6944] panic+0x2e3/0x75c [ 69.152629][ T6944] ? __warn_printk+0xf3/0xf3 [ 69.157192][ T6944] ? preempt_schedule_common+0x59/0xc0 [ 69.162622][ T6944] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 69.168143][ T6944] ? preempt_schedule_thunk+0x16/0x18 [ 69.173492][ T6944] ? trace_hardirqs_on+0x55/0x220 [ 69.178515][ T6944] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 69.184055][ T6944] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 69.189591][ T6944] end_report+0x4d/0x53 [ 69.193733][ T6944] kasan_report.cold+0xd/0x37 [ 69.198471][ T6944] ? nl802154_dump_wpan_phy+0x98e/0x9c0 [ 69.203989][ T6944] nl802154_dump_wpan_phy+0x98e/0x9c0 [ 69.209344][ T6944] ? kmem_cache_alloc_node_trace+0x3b0/0x400 [ 69.215321][ T6944] ? __kmalloc_node_track_caller+0x38/0x60 [ 69.221099][ T6944] ? nl802154_send_wpan_phy.constprop.0+0x21d0/0x21d0 [ 69.227834][ T6944] ? __phys_addr+0x9a/0x110 [ 69.232316][ T6944] ? memset+0x20/0x40 [ 69.236284][ T6944] genl_lock_dumpit+0x7f/0xb0 [ 69.240937][ T6944] netlink_dump+0x4cd/0xf60 [ 69.245413][ T6944] ? netlink_insert+0x1670/0x1670 [ 69.250409][ T6944] ? __mutex_unlock_slowpath+0xe2/0x610 [ 69.255947][ T6944] ? genl_start+0x45a/0x6e0 [ 69.260434][ T6944] __netlink_dump_start+0x643/0x900 [ 69.265606][ T6944] ? genl_rcv_msg+0x9e0/0x9e0 [ 69.270255][ T6944] ? nl802154_send_wpan_phy.constprop.0+0x21d0/0x21d0 [ 69.277007][ T6944] genl_family_rcv_msg_dumpit+0x2ac/0x310 [ 69.282702][ T6944] ? genl_rcv+0x40/0x40 [ 69.286831][ T6944] ? mutex_lock_io_nested+0xf60/0xf60 [ 69.292174][ T6944] ? mark_lock+0xbc/0x1710 [ 69.296569][ T6944] ? genl_rcv_msg+0x9e0/0x9e0 [ 69.301218][ T6944] ? genl_unlock+0x20/0x20 [ 69.305605][ T6944] ? genl_parallel_done+0x170/0x170 [ 69.310777][ T6944] ? __radix_tree_lookup+0x1f3/0x290 [ 69.316038][ T6944] genl_rcv_msg+0x797/0x9e0 [ 69.320531][ T6944] ? genl_family_rcv_msg_attrs_parse.isra.0+0x310/0x310 [ 69.327448][ T6944] ? lock_acquire+0x1f1/0xad0 [ 69.332185][ T6944] ? genl_rcv+0x15/0x40 [ 69.336319][ T6944] ? lock_release+0x8d0/0x8d0 [ 69.340979][ T6944] netlink_rcv_skb+0x15a/0x430 [ 69.345719][ T6944] ? genl_family_rcv_msg_attrs_parse.isra.0+0x310/0x310 [ 69.352632][ T6944] ? netlink_ack+0xa10/0xa10 [ 69.357214][ T6944] genl_rcv+0x24/0x40 [ 69.361175][ T6944] netlink_unicast+0x533/0x7d0 [ 69.365914][ T6944] ? netlink_attachskb+0x810/0x810 [ 69.370998][ T6944] ? _copy_from_iter_full+0x247/0x890 [ 69.376340][ T6944] ? __phys_addr_symbol+0x2c/0x70 [ 69.381338][ T6944] ? __check_object_size+0x171/0x3e4 [ 69.386594][ T6944] netlink_sendmsg+0x856/0xd90 [ 69.391335][ T6944] ? netlink_unicast+0x7d0/0x7d0 [ 69.396246][ T6944] ? netlink_unicast+0x7d0/0x7d0 [ 69.401161][ T6944] sock_sendmsg+0xcf/0x120 [ 69.405557][ T6944] ____sys_sendmsg+0x6e8/0x810 [ 69.410292][ T6944] ? kernel_sendmsg+0x50/0x50 [ 69.414938][ T6944] ? do_recvmmsg+0x6d0/0x6d0 [ 69.419513][ T6944] ? release_pages+0x641/0x17a0 [ 69.424355][ T6944] ___sys_sendmsg+0xf3/0x170 [ 69.428916][ T6944] ? sendmsg_copy_msghdr+0x160/0x160 [ 69.434173][ T6944] ? do_huge_pmd_anonymous_page+0x1b94/0x2230 [ 69.440230][ T6944] ? check_preemption_disabled+0x38/0x220 [ 69.445935][ T6944] ? do_huge_pmd_anonymous_page+0x8ef/0x2230 [ 69.451891][ T6944] ? handle_mm_fault+0xad9/0x4420 [ 69.456891][ T6944] ? __fget_light+0x215/0x280 [ 69.461546][ T6944] __sys_sendmsg+0xe5/0x1b0 [ 69.466030][ T6944] ? __sys_sendmsg_sock+0xb0/0xb0 [ 69.471029][ T6944] ? check_preemption_disabled+0x38/0x220 [ 69.476738][ T6944] ? do_syscall_64+0x1c/0xe0 [ 69.481307][ T6944] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 69.487262][ T6944] do_syscall_64+0x60/0xe0 [ 69.491657][ T6944] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 69.497518][ T6944] RIP: 0033:0x441409 [ 69.501384][ T6944] Code: Bad RIP value. [ 69.505429][ T6944] RSP: 002b:00007ffdc7fdb3f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 69.513915][ T6944] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441409 [ 69.521867][ T6944] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 69.529846][ T6944] RBP: 0000000000010b37 R08: 0000000100000000 R09: 0000000100000000 [ 69.537795][ T6944] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402220 [ 69.545743][ T6944] R13: 00000000004022b0 R14: 0000000000000000 R15: 0000000000000000 [ 69.554691][ T6944] Kernel Offset: disabled [ 69.559003][ T6944] Rebooting in 86400 seconds..