[ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.208' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 64.890477][ T8494] ================================================================== [ 64.898840][ T8494] BUG: KASAN: stack-out-of-bounds in bitmap_from_arr32+0x199/0x1f0 [ 64.906724][ T8494] Write of size 8 at addr ffffc9000161f5b0 by task syz-executor540/8494 [ 64.915047][ T8494] [ 64.917393][ T8494] CPU: 0 PID: 8494 Comm: syz-executor540 Not tainted 5.10.0-rc4-syzkaller #0 [ 64.926153][ T8494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.936211][ T8494] Call Trace: [ 64.939528][ T8494] dump_stack+0x107/0x163 [ 64.943974][ T8494] ? bitmap_from_arr32+0x199/0x1f0 [ 64.949101][ T8494] ? bitmap_from_arr32+0x199/0x1f0 [ 64.954311][ T8494] print_address_description.constprop.0.cold+0x5/0x4c8 [ 64.961266][ T8494] ? _raw_spin_lock_irqsave+0x4e/0x50 [ 64.968907][ T8494] ? vprintk_func+0x95/0x1e0 [ 64.973507][ T8494] ? bitmap_from_arr32+0x199/0x1f0 [ 64.978625][ T8494] ? bitmap_from_arr32+0x199/0x1f0 [ 64.983730][ T8494] kasan_report.cold+0x1f/0x37 [ 64.988480][ T8494] ? bitmap_from_arr32+0x199/0x1f0 [ 64.993593][ T8494] bitmap_from_arr32+0x199/0x1f0 [ 64.998546][ T8494] ethnl_parse_bitset+0x448/0x7a0 [ 65.003665][ T8494] ? ethnl_update_bitset32+0x70/0x70 [ 65.009115][ T8494] ? ethnl_parse_header_dev_get+0x2cd/0x7f0 [ 65.015145][ T8494] ? ____sys_sendmsg+0x6e8/0x810 [ 65.020739][ T8494] ? ___sys_sendmsg+0xf3/0x170 [ 65.025509][ T8494] ? __sys_sendmsg+0xe5/0x1b0 [ 65.030189][ T8494] ? do_syscall_64+0x2d/0x70 [ 65.034830][ T8494] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.041124][ T8494] ethnl_set_features+0x2ac/0xa70 [ 65.046161][ T8494] ? __nla_validate_parse+0x2d3/0x2ae0 [ 65.051640][ T8494] ? features_reply_size+0x140/0x140 [ 65.056932][ T8494] ? nla_get_range_signed+0x520/0x520 [ 65.062303][ T8494] ? __nla_parse+0x3d/0x50 [ 65.066748][ T8494] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x280 [ 65.074116][ T8494] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 65.081537][ T8494] genl_family_rcv_msg_doit+0x228/0x320 [ 65.087074][ T8494] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 65.094466][ T8494] ? ns_capable+0xde/0x100 [ 65.098871][ T8494] genl_rcv_msg+0x328/0x580 [ 65.103367][ T8494] ? genl_get_cmd+0x480/0x480 [ 65.108726][ T8494] ? features_reply_size+0x140/0x140 [ 65.114024][ T8494] ? lock_release+0x710/0x710 [ 65.118723][ T8494] netlink_rcv_skb+0x153/0x420 [ 65.123496][ T8494] ? genl_get_cmd+0x480/0x480 [ 65.128163][ T8494] ? netlink_ack+0xaa0/0xaa0 [ 65.132780][ T8494] genl_rcv+0x24/0x40 [ 65.136748][ T8494] netlink_unicast+0x533/0x7d0 [ 65.141593][ T8494] ? netlink_attachskb+0x810/0x810 [ 65.146710][ T8494] ? __phys_addr_symbol+0x2c/0x70 [ 65.151731][ T8494] ? __check_object_size+0x171/0x3f0 [ 65.157092][ T8494] netlink_sendmsg+0x856/0xd90 [ 65.161844][ T8494] ? netlink_unicast+0x7d0/0x7d0 [ 65.166782][ T8494] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 65.172051][ T8494] ? netlink_unicast+0x7d0/0x7d0 [ 65.177225][ T8494] sock_sendmsg+0xcf/0x120 [ 65.181751][ T8494] ____sys_sendmsg+0x6e8/0x810 [ 65.186539][ T8494] ? kernel_sendmsg+0x50/0x50 [ 65.191224][ T8494] ? do_recvmmsg+0x6c0/0x6c0 [ 65.195828][ T8494] ? stack_trace_save+0x8c/0xc0 [ 65.200677][ T8494] ? stack_trace_consume_entry+0x160/0x160 [ 65.206491][ T8494] ___sys_sendmsg+0xf3/0x170 [ 65.211448][ T8494] ? sendmsg_copy_msghdr+0x160/0x160 [ 65.216733][ T8494] ? exit_to_user_mode_prepare+0x17e/0x1a0 [ 65.222543][ T8494] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.228608][ T8494] ? debug_object_active_state+0x260/0x350 [ 65.234516][ T8494] ? lock_downgrade+0x6d0/0x6d0 [ 65.239384][ T8494] ? _raw_spin_unlock_irqrestore+0x42/0x50 [ 65.245211][ T8494] ? lockdep_hardirqs_on+0x79/0x100 [ 65.250410][ T8494] ? _raw_spin_unlock_irqrestore+0x2f/0x50 [ 65.256314][ T8494] ? debug_object_active_state+0x260/0x350 [ 65.262116][ T8494] ? __fget_light+0x215/0x280 [ 65.266784][ T8494] __sys_sendmsg+0xe5/0x1b0 [ 65.271277][ T8494] ? __sys_sendmsg_sock+0xb0/0xb0 [ 65.276316][ T8494] ? syscall_enter_from_user_mode+0x1d/0x50 [ 65.282261][ T8494] do_syscall_64+0x2d/0x70 [ 65.286738][ T8494] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.292624][ T8494] RIP: 0033:0x440899 [ 65.296519][ T8494] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 11 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 65.316154][ T8494] RSP: 002b:00007ffe4df86e28 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 65.324568][ T8494] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440899 [ 65.332554][ T8494] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000003 [ 65.340525][ T8494] RBP: 00000000006cb018 R08: 0000000000000000 R09: 00000000004002c8 [ 65.348493][ T8494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401e80 [ 65.356461][ T8494] R13: 0000000000401f10 R14: 0000000000000000 R15: 0000000000000000 [ 65.364611][ T8494] [ 65.366944][ T8494] [ 65.369265][ T8494] addr ffffc9000161f5b0 is located in stack of task syz-executor540/8494 at offset 264 in frame: [ 65.379863][ T8494] ethnl_set_features+0x0/0xa70 [ 65.384695][ T8494] [ 65.387020][ T8494] this frame has 9 objects: [ 65.392257][ T8494] [32, 40) 'reply_payload' [ 65.392265][ T8494] [64, 80) 'req_info' [ 65.396793][ T8494] [96, 104) 'wanted_diff_mask' [ 65.400870][ T8494] [128, 136) 'active_diff_mask' [ 65.405706][ T8494] [160, 168) 'old_active' [ 65.410658][ T8494] [192, 200) 'old_wanted' [ 65.415058][ T8494] [224, 232) 'new_active' [ 65.419469][ T8494] [256, 264) 'req_wanted' [ 65.423878][ T8494] [288, 296) 'req_mask' [ 65.428302][ T8494] [ 65.434871][ T8494] Memory state around the buggy address: [ 65.440489][ T8494] ffffc9000161f480: 00 00 00 00 00 f1 f1 f1 f1 00 f2 f2 f2 00 00 f2 [ 65.448540][ T8494] ffffc9000161f500: f2 00 f2 f2 f2 00 f2 f2 f2 00 f2 f2 f2 00 f2 f2 [ 65.456611][ T8494] >ffffc9000161f580: f2 00 f2 f2 f2 00 f2 f2 f2 00 f3 f3 f3 00 00 00 [ 65.464662][ T8494] ^ [ 65.470295][ T8494] ffffc9000161f600: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1 [ 65.478378][ T8494] ffffc9000161f680: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 00 00 [ 65.486447][ T8494] ================================================================== [ 65.494509][ T8494] Disabling lock debugging due to kernel taint [ 65.501358][ T8494] Kernel panic - not syncing: panic_on_warn set ... [ 65.507964][ T8494] CPU: 0 PID: 8494 Comm: syz-executor540 Tainted: G B 5.10.0-rc4-syzkaller #0 [ 65.518112][ T8494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.528192][ T8494] Call Trace: [ 65.531516][ T8494] dump_stack+0x107/0x163 [ 65.535862][ T8494] ? bitmap_from_arr32+0xc0/0x1f0 [ 65.540901][ T8494] panic+0x306/0x73d [ 65.544803][ T8494] ? __warn_printk+0xf3/0xf3 [ 65.549395][ T8494] ? preempt_schedule_common+0x59/0xc0 [ 65.554834][ T8494] ? bitmap_from_arr32+0x199/0x1f0 [ 65.559947][ T8494] ? preempt_schedule_thunk+0x16/0x18 [ 65.565309][ T8494] ? trace_hardirqs_on+0x51/0x1c0 [ 65.570330][ T8494] ? bitmap_from_arr32+0x199/0x1f0 [ 65.575431][ T8494] ? bitmap_from_arr32+0x199/0x1f0 [ 65.581051][ T8494] end_report+0x58/0x5e [ 65.585311][ T8494] kasan_report.cold+0xd/0x37 [ 65.589977][ T8494] ? bitmap_from_arr32+0x199/0x1f0 [ 65.595159][ T8494] bitmap_from_arr32+0x199/0x1f0 [ 65.600105][ T8494] ethnl_parse_bitset+0x448/0x7a0 [ 65.605130][ T8494] ? ethnl_update_bitset32+0x70/0x70 [ 65.610425][ T8494] ? ethnl_parse_header_dev_get+0x2cd/0x7f0 [ 65.616323][ T8494] ? ____sys_sendmsg+0x6e8/0x810 [ 65.621244][ T8494] ? ___sys_sendmsg+0xf3/0x170 [ 65.625987][ T8494] ? __sys_sendmsg+0xe5/0x1b0 [ 65.631172][ T8494] ? do_syscall_64+0x2d/0x70 [ 65.635750][ T8494] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.641845][ T8494] ethnl_set_features+0x2ac/0xa70 [ 65.646865][ T8494] ? __nla_validate_parse+0x2d3/0x2ae0 [ 65.652315][ T8494] ? features_reply_size+0x140/0x140 [ 65.657601][ T8494] ? nla_get_range_signed+0x520/0x520 [ 65.663124][ T8494] ? __nla_parse+0x3d/0x50 [ 65.667697][ T8494] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x280 [ 65.675170][ T8494] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 65.682454][ T8494] genl_family_rcv_msg_doit+0x228/0x320 [ 65.687989][ T8494] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 65.695524][ T8494] ? ns_capable+0xde/0x100 [ 65.699944][ T8494] genl_rcv_msg+0x328/0x580 [ 65.704442][ T8494] ? genl_get_cmd+0x480/0x480 [ 65.709188][ T8494] ? features_reply_size+0x140/0x140 [ 65.714464][ T8494] ? lock_release+0x710/0x710 [ 65.719132][ T8494] netlink_rcv_skb+0x153/0x420 [ 65.723984][ T8494] ? genl_get_cmd+0x480/0x480 [ 65.729336][ T8494] ? netlink_ack+0xaa0/0xaa0 [ 65.733916][ T8494] genl_rcv+0x24/0x40 [ 65.737881][ T8494] netlink_unicast+0x533/0x7d0 [ 65.742639][ T8494] ? netlink_attachskb+0x810/0x810 [ 65.747742][ T8494] ? __phys_addr_symbol+0x2c/0x70 [ 65.752762][ T8494] ? __check_object_size+0x171/0x3f0 [ 65.758050][ T8494] netlink_sendmsg+0x856/0xd90 [ 65.762810][ T8494] ? netlink_unicast+0x7d0/0x7d0 [ 65.768184][ T8494] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 65.773452][ T8494] ? netlink_unicast+0x7d0/0x7d0 [ 65.778365][ T8494] sock_sendmsg+0xcf/0x120 [ 65.782780][ T8494] ____sys_sendmsg+0x6e8/0x810 [ 65.787534][ T8494] ? kernel_sendmsg+0x50/0x50 [ 65.792192][ T8494] ? do_recvmmsg+0x6c0/0x6c0 [ 65.796960][ T8494] ? stack_trace_save+0x8c/0xc0 [ 65.801806][ T8494] ? stack_trace_consume_entry+0x160/0x160 [ 65.807590][ T8494] ___sys_sendmsg+0xf3/0x170 [ 65.812176][ T8494] ? sendmsg_copy_msghdr+0x160/0x160 [ 65.817449][ T8494] ? exit_to_user_mode_prepare+0x17e/0x1a0 [ 65.823242][ T8494] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.829298][ T8494] ? debug_object_active_state+0x260/0x350 [ 65.835558][ T8494] ? lock_downgrade+0x6d0/0x6d0 [ 65.840396][ T8494] ? _raw_spin_unlock_irqrestore+0x42/0x50 [ 65.846204][ T8494] ? lockdep_hardirqs_on+0x79/0x100 [ 65.851391][ T8494] ? _raw_spin_unlock_irqrestore+0x2f/0x50 [ 65.857193][ T8494] ? debug_object_active_state+0x260/0x350 [ 65.862980][ T8494] ? __fget_light+0x215/0x280 [ 65.867645][ T8494] __sys_sendmsg+0xe5/0x1b0 [ 65.872141][ T8494] ? __sys_sendmsg_sock+0xb0/0xb0 [ 65.877160][ T8494] ? syscall_enter_from_user_mode+0x1d/0x50 [ 65.883033][ T8494] do_syscall_64+0x2d/0x70 [ 65.887559][ T8494] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.893442][ T8494] RIP: 0033:0x440899 [ 65.897938][ T8494] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 11 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 65.917622][ T8494] RSP: 002b:00007ffe4df86e28 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 65.926087][ T8494] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440899 [ 65.934227][ T8494] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000003 [ 65.942189][ T8494] RBP: 00000000006cb018 R08: 0000000000000000 R09: 00000000004002c8 [ 65.950151][ T8494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401e80 [ 65.958119][ T8494] R13: 0000000000401f10 R14: 0000000000000000 R15: 0000000000000000 [ 65.966831][ T8494] Kernel Offset: disabled [ 65.971160][ T8494] Rebooting in 86400 seconds..