[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.53' (ECDSA) to the list of known hosts. syzkaller login: [ 42.941404][ T6992] IPVS: ftp: loaded support on port[0] = 21 [ 42.949960][ T6998] IPVS: ftp: loaded support on port[0] = 21 [ 42.957228][ T6996] IPVS: ftp: loaded support on port[0] = 21 [ 42.960855][ T6999] IPVS: ftp: loaded support on port[0] = 21 [ 42.971279][ T7000] IPVS: ftp: loaded support on port[0] = 21 [ 42.974348][ T6997] IPVS: ftp: loaded support on port[0] = 21 executing program executing program [ 43.075860][ T7061] netlink: 'syz-executor433': attribute type 3 has an invalid length. [ 43.087653][ T7061] netlink: 'syz-executor433': attribute type 8 has an invalid length. [ 43.098923][ T7061] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor433'. executing program executing program executing program executing program [ 43.130365][ T7100] netlink: 'syz-executor433': attribute type 3 has an invalid length. [ 43.143508][ T7101] netlink: 'syz-executor433': attribute type 3 has an invalid length. [ 43.155124][ T7100] netlink: 'syz-executor433': attribute type 8 has an invalid length. [ 43.166364][ T7101] netlink: 'syz-executor433': attribute type 8 has an invalid length. executing program [ 43.170569][ T7116] netlink: 'syz-executor433': attribute type 3 has an invalid length. [ 43.181269][ T7125] netlink: 'syz-executor433': attribute type 3 has an invalid length. [ 43.186336][ T7124] netlink: 'syz-executor433': attribute type 3 has an invalid length. [ 43.193280][ T7125] netlink: 'syz-executor433': attribute type 8 has an invalid length. [ 43.199438][ T7100] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor433'. [ 43.210842][ T7101] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor433'. executing program executing program [ 43.217641][ T7116] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor433'. [ 43.230197][ T7127] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor433'. [ 43.237011][ T7124] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor433'. [ 43.246789][ T7125] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor433'. [ 43.265862][ T7128] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor433'. executing program executing program executing program executing program executing program [ 43.270931][ T7129] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor433'. [ 43.284496][ T7132] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor433'. [ 43.296560][ T7129] ================================================================== [ 43.304780][ T7129] BUG: KASAN: vmalloc-out-of-bounds in nl802154_dump_wpan_phy+0x80e/0x8e0 [ 43.313275][ T7129] Read of size 4 at addr ffffc90001e09018 by task syz-executor433/7129 [ 43.321490][ T7129] executing program [ 43.323806][ T7129] CPU: 0 PID: 7129 Comm: syz-executor433 Not tainted 5.8.0-rc3-syzkaller #0 [ 43.332451][ T7129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.342502][ T7129] Call Trace: [ 43.345785][ T7129] dump_stack+0x1f0/0x31e [ 43.350119][ T7129] print_address_description+0x66/0x5a0 [ 43.355703][ T7129] ? vprintk_emit+0x342/0x3c0 [ 43.360405][ T7129] ? printk+0x62/0x83 [ 43.364376][ T7129] ? vprintk_emit+0x339/0x3c0 [ 43.369079][ T7129] kasan_report+0x132/0x1d0 [ 43.373565][ T7129] ? kmem_cache_alloc_trace+0x240/0x300 [ 43.379125][ T7129] ? nl802154_dump_wpan_phy+0x80e/0x8e0 [ 43.384692][ T7129] nl802154_dump_wpan_phy+0x80e/0x8e0 [ 43.390089][ T7129] genl_lock_dumpit+0x86/0xa0 [ 43.394796][ T7129] netlink_dump+0x4be/0x10d0 [ 43.399397][ T7129] ? __netlink_dump_start+0x530/0x700 [ 43.404765][ T7129] __netlink_dump_start+0x538/0x700 [ 43.409949][ T7129] genl_rcv_msg+0xb03/0xe00 [ 43.414481][ T7129] ? genl_rcv_msg+0xe00/0xe00 [ 43.419134][ T7129] ? genl_start+0x570/0x570 [ 43.423656][ T7129] ? genl_lock_dumpit+0xa0/0xa0 [ 43.428509][ T7129] netlink_rcv_skb+0x190/0x3a0 [ 43.433293][ T7129] ? genl_unbind+0x270/0x270 [ 43.437867][ T7129] genl_rcv+0x24/0x40 [ 43.441845][ T7129] netlink_unicast+0x786/0x940 [ 43.446591][ T7129] netlink_sendmsg+0xa57/0xd70 [ 43.451335][ T7129] ? netlink_getsockopt+0x9e0/0x9e0 [ 43.456529][ T7129] ____sys_sendmsg+0x519/0x800 [ 43.461274][ T7129] ? import_iovec+0x12a/0x2c0 [ 43.465930][ T7129] __sys_sendmsg+0x2b1/0x360 [ 43.470518][ T7129] ? trace_lock_release+0x137/0x1a0 [ 43.475708][ T7129] ? lock_is_held_type+0x87/0xe0 [ 43.480625][ T7129] ? rcu_read_lock_sched_held+0x2f/0xa0 [ 43.486148][ T7129] ? lock_is_held_type+0x87/0xe0 [ 43.491066][ T7129] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 43.497114][ T7129] do_syscall_64+0x73/0xe0 [ 43.501518][ T7129] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 43.507397][ T7129] RIP: 0033:0x441409 [ 43.511263][ T7129] Code: Bad RIP value. [ 43.515304][ T7129] RSP: 002b:00007ffca2622278 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 43.523688][ T7129] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441409 [ 43.531636][ T7129] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 43.539588][ T7129] RBP: 000000000000a901 R08: 0000000100000000 R09: 0000000100000000 [ 43.547538][ T7129] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402220 [ 43.555488][ T7129] R13: 00000000004022b0 R14: 0000000000000000 R15: 0000000000000000 [ 43.563469][ T7129] [ 43.565775][ T7129] [ 43.568076][ T7129] Memory state around the buggy address: [ 43.573686][ T7129] ffffc90001e08f00: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 43.581725][ T7129] ffffc90001e08f80: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 43.589766][ T7129] >ffffc90001e09000: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 43.597801][ T7129] ^ [ 43.602627][ T7129] ffffc90001e09080: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 43.610663][ T7129] ffffc90001e09100: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 43.618700][ T7129] ================================================================== [ 43.626736][ T7129] Disabling lock debugging due to kernel taint [ 43.633819][ T7129] Kernel panic - not syncing: panic_on_warn set ... [ 43.640419][ T7129] CPU: 0 PID: 7129 Comm: syz-executor433 Tainted: G B 5.8.0-rc3-syzkaller #0 [ 43.650477][ T7129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.660526][ T7129] Call Trace: [ 43.663816][ T7129] dump_stack+0x1f0/0x31e [ 43.668121][ T7129] panic+0x264/0x7a0 [ 43.672008][ T7129] ? trace_hardirqs_on+0x30/0x80 [ 43.676921][ T7129] kasan_report+0x1c9/0x1d0 [ 43.681399][ T7129] ? kmem_cache_alloc_trace+0x240/0x300 [ 43.686919][ T7129] ? nl802154_dump_wpan_phy+0x80e/0x8e0 [ 43.692440][ T7129] nl802154_dump_wpan_phy+0x80e/0x8e0 [ 43.697789][ T7129] genl_lock_dumpit+0x86/0xa0 [ 43.702442][ T7129] netlink_dump+0x4be/0x10d0 [ 43.707008][ T7129] ? __netlink_dump_start+0x530/0x700 [ 43.712386][ T7129] __netlink_dump_start+0x538/0x700 [ 43.717562][ T7129] genl_rcv_msg+0xb03/0xe00 [ 43.722040][ T7129] ? genl_rcv_msg+0xe00/0xe00 [ 43.726688][ T7129] ? genl_start+0x570/0x570 [ 43.731170][ T7129] ? genl_lock_dumpit+0xa0/0xa0 [ 43.735995][ T7129] netlink_rcv_skb+0x190/0x3a0 [ 43.740732][ T7129] ? genl_unbind+0x270/0x270 [ 43.745302][ T7129] genl_rcv+0x24/0x40 [ 43.749283][ T7129] netlink_unicast+0x786/0x940 [ 43.754044][ T7129] netlink_sendmsg+0xa57/0xd70 [ 43.758789][ T7129] ? netlink_getsockopt+0x9e0/0x9e0 [ 43.763981][ T7129] ____sys_sendmsg+0x519/0x800 [ 43.768746][ T7129] ? import_iovec+0x12a/0x2c0 [ 43.773423][ T7129] __sys_sendmsg+0x2b1/0x360 [ 43.778009][ T7129] ? trace_lock_release+0x137/0x1a0 [ 43.783189][ T7129] ? lock_is_held_type+0x87/0xe0 [ 43.788124][ T7129] ? rcu_read_lock_sched_held+0x2f/0xa0 [ 43.793659][ T7129] ? lock_is_held_type+0x87/0xe0 [ 43.798588][ T7129] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 43.804635][ T7129] do_syscall_64+0x73/0xe0 [ 43.809028][ T7129] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 43.814894][ T7129] RIP: 0033:0x441409 [ 43.818773][ T7129] Code: Bad RIP value. [ 43.822813][ T7129] RSP: 002b:00007ffca2622278 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 43.831224][ T7129] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441409 [ 43.839177][ T7129] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 43.847157][ T7129] RBP: 000000000000a901 R08: 0000000100000000 R09: 0000000100000000 [ 43.855120][ T7129] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402220 [ 43.863067][ T7129] R13: 00000000004022b0 R14: 0000000000000000 R15: 0000000000000000 [ 43.872345][ T7129] Kernel Offset: disabled [ 43.876676][ T7129] Rebooting in 86400 seconds..