Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.18' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 62.604026][ T6874] ================================================================== [ 62.612284][ T6874] BUG: KASAN: slab-out-of-bounds in strset_parse_request+0x4dd/0x530 [ 62.620633][ T6874] Read of size 8 at addr ffff8880a120be18 by task syz-executor483/6874 [ 62.628875][ T6874] [ 62.631208][ T6874] CPU: 1 PID: 6874 Comm: syz-executor483 Not tainted 5.9.0-rc8-syzkaller #0 [ 62.639873][ T6874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.650311][ T6874] Call Trace: [ 62.653617][ T6874] dump_stack+0x198/0x1fd [ 62.657955][ T6874] ? strset_parse_request+0x4dd/0x530 [ 62.663419][ T6874] ? strset_parse_request+0x4dd/0x530 [ 62.668816][ T6874] print_address_description.constprop.0.cold+0xae/0x497 [ 62.675874][ T6874] ? strset_parse_request+0x4dd/0x530 [ 62.681260][ T6874] ? lockdep_hardirqs_off+0x96/0xd0 [ 62.686486][ T6874] ? vprintk_func+0x95/0x1d4 [ 62.691264][ T6874] ? strset_parse_request+0x4dd/0x530 [ 62.696619][ T6874] ? strset_parse_request+0x4dd/0x530 [ 62.701991][ T6874] kasan_report.cold+0x1f/0x37 [ 62.706752][ T6874] ? strset_parse_request+0x4dd/0x530 [ 62.712118][ T6874] strset_parse_request+0x4dd/0x530 [ 62.717403][ T6874] ? ethnl_default_dumpit+0xe10/0xe10 [ 62.722776][ T6874] ? strset_cleanup_data+0x100/0x100 [ 62.728073][ T6874] ? trace_kmalloc+0xfd/0x130 [ 62.732740][ T6874] ? strset_cleanup_data+0x100/0x100 [ 62.738018][ T6874] ethnl_default_parse+0xda/0x130 [ 62.743746][ T6874] ethnl_default_start+0x21f/0x510 [ 62.749198][ T6874] ? ethnl_default_parse+0x130/0x130 [ 62.754641][ T6874] genl_start+0x3cc/0x670 [ 62.759139][ T6874] __netlink_dump_start+0x585/0x900 [ 62.764537][ T6874] ? genl_family_rcv_msg_doit+0x320/0x320 [ 62.770253][ T6874] ? ethnl_fill_reply_header.part.0+0x320/0x320 [ 62.778196][ T6874] genl_family_rcv_msg_dumpit+0x1c9/0x310 [ 62.783923][ T6874] ? genl_rcv+0x40/0x40 [ 62.788086][ T6874] ? genl_family_rcv_msg_doit+0x320/0x320 [ 62.794555][ T6874] ? ethnl_fill_reply_header.part.0+0x320/0x320 [ 62.801490][ T6874] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 62.807400][ T6874] ? __radix_tree_lookup+0x1f3/0x290 [ 62.812689][ T6874] ? genl_get_cmd+0x3cf/0x480 [ 62.822322][ T6874] genl_rcv_msg+0x434/0x580 [ 62.826898][ T6874] ? genl_get_cmd+0x480/0x480 [ 62.831600][ T6874] ? lock_acquire+0x1f3/0xaf0 [ 62.836340][ T6874] ? ethnl_reply_init+0x1f0/0x1f0 [ 62.841375][ T6874] ? ethnl_default_parse+0x130/0x130 [ 62.846710][ T6874] ? ethnl_fill_reply_header.part.0+0x320/0x320 [ 62.853240][ T6874] ? get_order+0x20/0x20 [ 62.857543][ T6874] ? lock_release+0x8f0/0x8f0 [ 62.863082][ T6874] netlink_rcv_skb+0x15a/0x430 [ 62.868000][ T6874] ? genl_get_cmd+0x480/0x480 [ 62.872719][ T6874] ? netlink_ack+0xa10/0xa10 [ 62.877431][ T6874] ? __kmalloc_node_track_caller+0x38/0x60 [ 62.883237][ T6874] genl_rcv+0x24/0x40 [ 62.887203][ T6874] netlink_unicast+0x533/0x7d0 [ 62.892155][ T6874] ? netlink_attachskb+0x810/0x810 [ 62.898926][ T6874] ? __phys_addr_symbol+0x2c/0x70 [ 62.904558][ T6874] ? __check_object_size+0x171/0x3e4 [ 62.910175][ T6874] netlink_sendmsg+0x856/0xd90 [ 62.915207][ T6874] ? netlink_unicast+0x7d0/0x7d0 [ 62.920847][ T6874] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 62.926122][ T6874] ? netlink_unicast+0x7d0/0x7d0 [ 62.931062][ T6874] sock_sendmsg+0xcf/0x120 [ 62.935749][ T6874] ____sys_sendmsg+0x6e8/0x810 [ 62.940675][ T6874] ? kernel_sendmsg+0x50/0x50 [ 62.945348][ T6874] ? do_recvmmsg+0x6d0/0x6d0 [ 62.949933][ T6874] ? stack_trace_consume_entry+0x160/0x160 [ 62.956254][ T6874] ___sys_sendmsg+0xf3/0x170 [ 62.960959][ T6874] ? sendmsg_copy_msghdr+0x160/0x160 [ 62.966587][ T6874] ? syscall_exit_to_user_mode+0x7e/0x2e0 [ 62.973071][ T6874] ? lock_downgrade+0x830/0x830 [ 62.978664][ T6874] ? check_preemption_disabled+0x50/0x130 [ 62.985617][ T6874] ? _raw_spin_unlock_irqrestore+0x6f/0x90 [ 62.992668][ T6874] ? lockdep_hardirqs_on_prepare+0x354/0x530 [ 63.002245][ T6874] ? _raw_spin_unlock_irqrestore+0x6f/0x90 [ 63.009281][ T6874] ? lockdep_hardirqs_on+0x53/0x100 [ 63.014494][ T6874] ? _raw_spin_unlock_irqrestore+0x5c/0x90 [ 63.020586][ T6874] ? debug_object_active_state+0x260/0x350 [ 63.026875][ T6874] ? debug_object_init_on_stack+0x20/0x20 [ 63.035893][ T6874] ? __fget_light+0x215/0x280 [ 63.041357][ T6874] __sys_sendmsg+0xe5/0x1b0 [ 63.047900][ T6874] ? __sys_sendmsg_sock+0xb0/0xb0 [ 63.052997][ T6874] ? lock_is_held_type+0xbb/0xf0 [ 63.058026][ T6874] ? check_preemption_disabled+0x50/0x130 [ 63.066586][ T6874] ? syscall_enter_from_user_mode+0x1d/0x60 [ 63.075160][ T6874] do_syscall_64+0x2d/0x70 [ 63.082578][ T6874] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.089521][ T6874] RIP: 0033:0x440979 [ 63.093499][ T6874] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 11 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 63.113099][ T6874] RSP: 002b:00007ffe892965e8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 63.121524][ T6874] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440979 [ 63.129518][ T6874] RDX: 0000000000000000 RSI: 0000000020000780 RDI: 0000000000000003 [ 63.138158][ T6874] RBP: 00000000006ca018 R08: 0000000000000001 R09: 00000000004002c8 [ 63.146302][ T6874] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000401f60 [ 63.154264][ T6874] R13: 0000000000401ff0 R14: 0000000000000000 R15: 0000000000000000 [ 63.162232][ T6874] [ 63.164573][ T6874] Allocated by task 6874: [ 63.169354][ T6874] kasan_save_stack+0x1b/0x40 [ 63.174017][ T6874] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 63.179630][ T6874] __kmalloc+0x1b0/0x360 [ 63.183854][ T6874] genl_family_rcv_msg_attrs_parse.constprop.0+0xd7/0x280 [ 63.191319][ T6874] genl_start+0x187/0x670 [ 63.195635][ T6874] __netlink_dump_start+0x585/0x900 [ 63.200905][ T6874] genl_family_rcv_msg_dumpit+0x1c9/0x310 [ 63.206717][ T6874] genl_rcv_msg+0x434/0x580 [ 63.211262][ T6874] netlink_rcv_skb+0x15a/0x430 [ 63.216011][ T6874] genl_rcv+0x24/0x40 [ 63.219974][ T6874] netlink_unicast+0x533/0x7d0 [ 63.224873][ T6874] netlink_sendmsg+0x856/0xd90 [ 63.229632][ T6874] sock_sendmsg+0xcf/0x120 [ 63.234033][ T6874] ____sys_sendmsg+0x6e8/0x810 [ 63.239782][ T6874] ___sys_sendmsg+0xf3/0x170 [ 63.245246][ T6874] __sys_sendmsg+0xe5/0x1b0 [ 63.249799][ T6874] do_syscall_64+0x2d/0x70 [ 63.254230][ T6874] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.260517][ T6874] [ 63.262839][ T6874] The buggy address belongs to the object at ffff8880a120be00 [ 63.262839][ T6874] which belongs to the cache kmalloc-32 of size 32 [ 63.279578][ T6874] The buggy address is located 24 bytes inside of [ 63.279578][ T6874] 32-byte region [ffff8880a120be00, ffff8880a120be20) [ 63.292777][ T6874] The buggy address belongs to the page: [ 63.298402][ T6874] page:000000007938d980 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880a120bfc1 pfn:0xa120b [ 63.310016][ T6874] flags: 0xfffe0000000200(slab) [ 63.314856][ T6874] raw: 00fffe0000000200 ffffea0002848c08 ffffea00027e6b48 ffff8880aa040100 [ 63.323430][ T6874] raw: ffff8880a120bfc1 ffff8880a120b000 0000000100000011 0000000000000000 [ 63.332010][ T6874] page dumped because: kasan: bad access detected [ 63.338407][ T6874] [ 63.340803][ T6874] Memory state around the buggy address: [ 63.346449][ T6874] ffff8880a120bd00: fb fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 63.354866][ T6874] ffff8880a120bd80: fb fb fb fb fc fc fc fc 00 01 fc fc fc fc fc fc [ 63.362943][ T6874] >ffff8880a120be00: 00 00 00 fc fc fc fc fc 00 01 fc fc fc fc fc fc [ 63.371013][ T6874] ^ [ 63.375972][ T6874] ffff8880a120be80: fa fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 63.384020][ T6874] ffff8880a120bf00: 05 fc fc fc fc fc fc fc 05 fc fc fc fc fc fc fc [ 63.392095][ T6874] ================================================================== [ 63.400237][ T6874] Disabling lock debugging due to kernel taint [ 63.453505][ T6874] Kernel panic - not syncing: panic_on_warn set ... [ 63.460126][ T6874] CPU: 1 PID: 6874 Comm: syz-executor483 Tainted: G B 5.9.0-rc8-syzkaller #0 [ 63.470646][ T6874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.480692][ T6874] Call Trace: [ 63.483973][ T6874] dump_stack+0x198/0x1fd [ 63.488290][ T6874] ? strset_parse_request+0x470/0x530 [ 63.493647][ T6874] panic+0x382/0x7fb [ 63.497515][ T6874] ? __warn_printk+0xf3/0xf3 [ 63.502094][ T6874] ? preempt_schedule_common+0x59/0xc0 [ 63.507527][ T6874] ? strset_parse_request+0x4dd/0x530 [ 63.512889][ T6874] ? preempt_schedule_thunk+0x16/0x18 [ 63.518240][ T6874] ? trace_hardirqs_on+0x55/0x220 [ 63.523266][ T6874] ? strset_parse_request+0x4dd/0x530 [ 63.528628][ T6874] ? strset_parse_request+0x4dd/0x530 [ 63.534165][ T6874] end_report+0x4d/0x53 [ 63.539900][ T6874] kasan_report.cold+0xd/0x37 [ 63.544917][ T6874] ? strset_parse_request+0x4dd/0x530 [ 63.550552][ T6874] strset_parse_request+0x4dd/0x530 [ 63.555870][ T6874] ? ethnl_default_dumpit+0xe10/0xe10 [ 63.561361][ T6874] ? strset_cleanup_data+0x100/0x100 [ 63.566641][ T6874] ? trace_kmalloc+0xfd/0x130 [ 63.571307][ T6874] ? strset_cleanup_data+0x100/0x100 [ 63.576580][ T6874] ethnl_default_parse+0xda/0x130 [ 63.581603][ T6874] ethnl_default_start+0x21f/0x510 [ 63.586707][ T6874] ? ethnl_default_parse+0x130/0x130 [ 63.591965][ T6874] genl_start+0x3cc/0x670 [ 63.596274][ T6874] __netlink_dump_start+0x585/0x900 [ 63.601544][ T6874] ? genl_family_rcv_msg_doit+0x320/0x320 [ 63.607256][ T6874] ? ethnl_fill_reply_header.part.0+0x320/0x320 [ 63.613474][ T6874] genl_family_rcv_msg_dumpit+0x1c9/0x310 [ 63.619163][ T6874] ? genl_rcv+0x40/0x40 [ 63.623295][ T6874] ? genl_family_rcv_msg_doit+0x320/0x320 [ 63.628997][ T6874] ? ethnl_fill_reply_header.part.0+0x320/0x320 [ 63.635228][ T6874] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 63.641117][ T6874] ? __radix_tree_lookup+0x1f3/0x290 [ 63.646376][ T6874] ? genl_get_cmd+0x3cf/0x480 [ 63.651025][ T6874] genl_rcv_msg+0x434/0x580 [ 63.655503][ T6874] ? genl_get_cmd+0x480/0x480 [ 63.660159][ T6874] ? lock_acquire+0x1f3/0xaf0 [ 63.665605][ T6874] ? ethnl_reply_init+0x1f0/0x1f0 [ 63.670617][ T6874] ? ethnl_default_parse+0x130/0x130 [ 63.675876][ T6874] ? ethnl_fill_reply_header.part.0+0x320/0x320 [ 63.682205][ T6874] ? get_order+0x20/0x20 [ 63.686478][ T6874] ? lock_release+0x8f0/0x8f0 [ 63.691273][ T6874] netlink_rcv_skb+0x15a/0x430 [ 63.696014][ T6874] ? genl_get_cmd+0x480/0x480 [ 63.700677][ T6874] ? netlink_ack+0xa10/0xa10 [ 63.705242][ T6874] ? __kmalloc_node_track_caller+0x38/0x60 [ 63.711022][ T6874] genl_rcv+0x24/0x40 [ 63.714984][ T6874] netlink_unicast+0x533/0x7d0 [ 63.719728][ T6874] ? netlink_attachskb+0x810/0x810 [ 63.724833][ T6874] ? __phys_addr_symbol+0x2c/0x70 [ 63.730118][ T6874] ? __check_object_size+0x171/0x3e4 [ 63.735409][ T6874] netlink_sendmsg+0x856/0xd90 [ 63.740173][ T6874] ? netlink_unicast+0x7d0/0x7d0 [ 63.745134][ T6874] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 63.750552][ T6874] ? netlink_unicast+0x7d0/0x7d0 [ 63.755514][ T6874] sock_sendmsg+0xcf/0x120 [ 63.759984][ T6874] ____sys_sendmsg+0x6e8/0x810 [ 63.765010][ T6874] ? kernel_sendmsg+0x50/0x50 [ 63.770132][ T6874] ? do_recvmmsg+0x6d0/0x6d0 [ 63.774902][ T6874] ? stack_trace_consume_entry+0x160/0x160 [ 63.780887][ T6874] ___sys_sendmsg+0xf3/0x170 [ 63.785457][ T6874] ? sendmsg_copy_msghdr+0x160/0x160 [ 63.790734][ T6874] ? syscall_exit_to_user_mode+0x7e/0x2e0 [ 63.796454][ T6874] ? lock_downgrade+0x830/0x830 [ 63.801297][ T6874] ? check_preemption_disabled+0x50/0x130 [ 63.807256][ T6874] ? _raw_spin_unlock_irqrestore+0x6f/0x90 [ 63.813051][ T6874] ? lockdep_hardirqs_on_prepare+0x354/0x530 [ 63.819017][ T6874] ? _raw_spin_unlock_irqrestore+0x6f/0x90 [ 63.824798][ T6874] ? lockdep_hardirqs_on+0x53/0x100 [ 63.829983][ T6874] ? _raw_spin_unlock_irqrestore+0x5c/0x90 [ 63.835765][ T6874] ? debug_object_active_state+0x260/0x350 [ 63.841568][ T6874] ? debug_object_init_on_stack+0x20/0x20 [ 63.847275][ T6874] ? __fget_light+0x215/0x280 [ 63.851927][ T6874] __sys_sendmsg+0xe5/0x1b0 [ 63.856406][ T6874] ? __sys_sendmsg_sock+0xb0/0xb0 [ 63.861403][ T6874] ? lock_is_held_type+0xbb/0xf0 [ 63.866315][ T6874] ? check_preemption_disabled+0x50/0x130 [ 63.872007][ T6874] ? syscall_enter_from_user_mode+0x1d/0x60 [ 63.877890][ T6874] do_syscall_64+0x2d/0x70 [ 63.882380][ T6874] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.888245][ T6874] RIP: 0033:0x440979 [ 63.892122][ T6874] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 11 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 63.911715][ T6874] RSP: 002b:00007ffe892965e8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 63.920111][ T6874] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440979 [ 63.928066][ T6874] RDX: 0000000000000000 RSI: 0000000020000780 RDI: 0000000000000003 [ 63.936012][ T6874] RBP: 00000000006ca018 R08: 0000000000000001 R09: 00000000004002c8 [ 63.943969][ T6874] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000401f60 [ 63.951913][ T6874] R13: 0000000000401ff0 R14: 0000000000000000 R15: 0000000000000000 [ 63.960958][ T6874] Kernel Offset: disabled [ 63.965275][ T6874] Rebooting in 86400 seconds..