[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.24' (ECDSA) to the list of known hosts. syzkaller login: [ 44.165214][ T6818] IPVS: ftp: loaded support on port[0] = 21 [ 44.168832][ T6813] IPVS: ftp: loaded support on port[0] = 21 [ 44.173571][ T6816] IPVS: ftp: loaded support on port[0] = 21 [ 44.180451][ T6810] IPVS: ftp: loaded support on port[0] = 21 [ 44.200837][ T6817] IPVS: ftp: loaded support on port[0] = 21 [ 44.207850][ T6815] IPVS: ftp: loaded support on port[0] = 21 executing program executing program executing program [ 44.313513][ T6891] netlink: 'syz-executor163': attribute type 3 has an invalid length. [ 44.324850][ T6891] netlink: 'syz-executor163': attribute type 8 has an invalid length. [ 44.341849][ T6912] netlink: 'syz-executor163': attribute type 3 has an invalid length. [ 44.351166][ T6891] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor163'. executing program executing program executing program [ 44.368583][ T6912] netlink: 'syz-executor163': attribute type 8 has an invalid length. [ 44.378901][ T6927] netlink: 'syz-executor163': attribute type 3 has an invalid length. [ 44.391490][ T6927] netlink: 'syz-executor163': attribute type 8 has an invalid length. [ 44.393944][ T6932] netlink: 'syz-executor163': attribute type 3 has an invalid length. [ 44.400503][ T6927] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor163'. executing program executing program [ 44.417891][ T6937] netlink: 'syz-executor163': attribute type 3 has an invalid length. [ 44.417901][ T6937] netlink: 'syz-executor163': attribute type 8 has an invalid length. [ 44.417914][ T6937] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor163'. [ 44.432472][ T6945] netlink: 'syz-executor163': attribute type 3 has an invalid length. [ 44.438723][ T6940] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor163'. executing program executing program executing program executing program [ 44.444745][ T6945] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor163'. [ 44.461696][ T6946] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor163'. [ 44.463480][ T6912] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor163'. [ 44.478093][ T6948] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor163'. [ 44.484613][ T6932] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor163'. [ 44.492648][ T6947] netlink: 16602 bytes leftover after parsing attributes in process `syz-executor163'. [ 44.509784][ T6932] ================================================================== [ 44.529783][ T6932] BUG: KASAN: vmalloc-out-of-bounds in nl802154_dump_wpan_phy+0x80e/0x8e0 [ 44.538263][ T6932] Read of size 4 at addr ffffc900020f7018 by task syz-executor163/6932 [ 44.546477][ T6932] [ 44.548910][ T6932] CPU: 1 PID: 6932 Comm: syz-executor163 Not tainted 5.8.0-rc2-syzkaller #0 [ 44.557649][ T6932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.567683][ T6932] Call Trace: [ 44.570955][ T6932] dump_stack+0x1f0/0x31e [ 44.575262][ T6932] print_address_description+0x66/0x5a0 [ 44.580789][ T6932] ? vprintk_emit+0x342/0x3c0 [ 44.585444][ T6932] ? printk+0x62/0x83 [ 44.589413][ T6932] ? vprintk_emit+0x339/0x3c0 [ 44.594109][ T6932] kasan_report+0x132/0x1d0 [ 44.598591][ T6932] ? kmem_cache_alloc_trace+0x160/0x300 [ 44.604185][ T6932] ? nl802154_dump_wpan_phy+0x80e/0x8e0 [ 44.609713][ T6932] nl802154_dump_wpan_phy+0x80e/0x8e0 [ 44.615092][ T6932] genl_lock_dumpit+0x86/0xa0 [ 44.619753][ T6932] netlink_dump+0x4be/0x10d0 [ 44.624324][ T6932] ? __netlink_dump_start+0x530/0x700 [ 44.629679][ T6932] __netlink_dump_start+0x538/0x700 [ 44.635043][ T6932] genl_rcv_msg+0xb03/0xe00 [ 44.639546][ T6932] ? genl_rcv_msg+0xe00/0xe00 [ 44.644197][ T6932] ? genl_start+0x570/0x570 [ 44.648670][ T6932] ? genl_lock_dumpit+0xa0/0xa0 [ 44.653523][ T6932] netlink_rcv_skb+0x190/0x3a0 [ 44.658264][ T6932] ? genl_unbind+0x270/0x270 [ 44.662847][ T6932] genl_rcv+0x24/0x40 [ 44.666811][ T6932] netlink_unicast+0x786/0x940 [ 44.671557][ T6932] netlink_sendmsg+0xa57/0xd70 [ 44.676302][ T6932] ? netlink_getsockopt+0x9e0/0x9e0 [ 44.682519][ T6932] ____sys_sendmsg+0x519/0x800 [ 44.687271][ T6932] ? import_iovec+0x12a/0x2c0 [ 44.691961][ T6932] __sys_sendmsg+0x2b1/0x360 [ 44.696561][ T6932] ? check_preemption_disabled+0x40/0x240 [ 44.702260][ T6932] ? check_preemption_disabled+0x40/0x240 [ 44.707957][ T6932] ? do_syscall_64+0x1d/0xe0 [ 44.712531][ T6932] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 44.718574][ T6932] do_syscall_64+0x73/0xe0 [ 44.723056][ T6932] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 44.728929][ T6932] RIP: 0033:0x441409 [ 44.732806][ T6932] Code: Bad RIP value. [ 44.736846][ T6932] RSP: 002b:00007ffe440e3208 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 44.745235][ T6932] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441409 [ 44.753188][ T6932] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 44.761138][ T6932] RBP: 00000000006cc018 R08: 0000000120080522 R09: 0000000120080522 [ 44.769089][ T6932] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402220 [ 44.777040][ T6932] R13: 00000000004022b0 R14: 0000000000000000 R15: 0000000000000000 [ 44.785168][ T6932] [ 44.787560][ T6932] [ 44.789948][ T6932] Memory state around the buggy address: [ 44.795555][ T6932] ffffc900020f6f00: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 44.803612][ T6932] ffffc900020f6f80: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 44.811669][ T6932] >ffffc900020f7000: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 executing program [ 44.819710][ T6932] ^ [ 44.824537][ T6932] ffffc900020f7080: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 44.832748][ T6932] ffffc900020f7100: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 44.840792][ T6932] ================================================================== [ 44.848827][ T6932] Disabling lock debugging due to kernel taint [ 44.856317][ T6932] Kernel panic - not syncing: panic_on_warn set ... [ 44.863092][ T6932] CPU: 1 PID: 6932 Comm: syz-executor163 Tainted: G B 5.8.0-rc2-syzkaller #0 [ 44.873143][ T6932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.883186][ T6932] Call Trace: [ 44.886476][ T6932] dump_stack+0x1f0/0x31e [ 44.890799][ T6932] panic+0x264/0x7a0 [ 44.894671][ T6932] ? trace_hardirqs_on+0x30/0x80 [ 44.899585][ T6932] kasan_report+0x1c9/0x1d0 [ 44.904101][ T6932] ? kmem_cache_alloc_trace+0x160/0x300 [ 44.909667][ T6932] ? nl802154_dump_wpan_phy+0x80e/0x8e0 [ 44.915467][ T6932] nl802154_dump_wpan_phy+0x80e/0x8e0 [ 44.920839][ T6932] genl_lock_dumpit+0x86/0xa0 [ 44.925498][ T6932] netlink_dump+0x4be/0x10d0 [ 44.930064][ T6932] ? __netlink_dump_start+0x530/0x700 [ 44.935425][ T6932] __netlink_dump_start+0x538/0x700 [ 44.940609][ T6932] genl_rcv_msg+0xb03/0xe00 [ 44.945094][ T6932] ? genl_rcv_msg+0xe00/0xe00 [ 44.949753][ T6932] ? genl_start+0x570/0x570 [ 44.954230][ T6932] ? genl_lock_dumpit+0xa0/0xa0 [ 44.959054][ T6932] netlink_rcv_skb+0x190/0x3a0 [ 44.963794][ T6932] ? genl_unbind+0x270/0x270 [ 44.968390][ T6932] genl_rcv+0x24/0x40 [ 44.972347][ T6932] netlink_unicast+0x786/0x940 [ 44.977096][ T6932] netlink_sendmsg+0xa57/0xd70 [ 44.981839][ T6932] ? netlink_getsockopt+0x9e0/0x9e0 [ 44.987027][ T6932] ____sys_sendmsg+0x519/0x800 [ 44.991771][ T6932] ? import_iovec+0x12a/0x2c0 [ 44.996535][ T6932] __sys_sendmsg+0x2b1/0x360 [ 45.001111][ T6932] ? check_preemption_disabled+0x40/0x240 [ 45.006823][ T6932] ? check_preemption_disabled+0x40/0x240 [ 45.012527][ T6932] ? do_syscall_64+0x1d/0xe0 [ 45.017093][ T6932] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 45.023131][ T6932] do_syscall_64+0x73/0xe0 [ 45.027527][ T6932] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 45.033392][ T6932] RIP: 0033:0x441409 [ 45.037253][ T6932] Code: Bad RIP value. [ 45.041311][ T6932] RSP: 002b:00007ffe440e3208 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 45.049723][ T6932] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441409 [ 45.057679][ T6932] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 45.065625][ T6932] RBP: 00000000006cc018 R08: 0000000120080522 R09: 0000000120080522 [ 45.073569][ T6932] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402220 [ 45.081528][ T6932] R13: 00000000004022b0 R14: 0000000000000000 R15: 0000000000000000 [ 45.091114][ T6932] Kernel Offset: disabled [ 45.095436][ T6932] Rebooting in 86400 seconds..