[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.44' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 64.356613][ T8474] ================================================================== [ 64.365127][ T8474] BUG: KASAN: global-out-of-bounds in string+0x39c/0x3d0 [ 64.372135][ T8474] Read of size 1 at addr ffffffff8faea960 by task syz-executor696/8474 [ 64.380494][ T8474] [ 64.382834][ T8474] CPU: 0 PID: 8474 Comm: syz-executor696 Not tainted 5.10.0-syzkaller #0 [ 64.391224][ T8474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.401284][ T8474] Call Trace: [ 64.404565][ T8474] dump_stack+0x107/0x163 [ 64.408876][ T8474] ? string+0x39c/0x3d0 [ 64.413292][ T8474] ? string+0x39c/0x3d0 [ 64.417540][ T8474] print_address_description.constprop.0.cold+0x5/0x4c8 [ 64.424472][ T8474] ? _raw_spin_lock_irqsave+0x4e/0x50 [ 64.429855][ T8474] ? vprintk_func+0x95/0x1e0 [ 64.434436][ T8474] ? string+0x39c/0x3d0 [ 64.438568][ T8474] ? string+0x39c/0x3d0 [ 64.442850][ T8474] kasan_report.cold+0x1f/0x37 [ 64.447621][ T8474] ? string+0x39c/0x3d0 [ 64.451783][ T8474] string+0x39c/0x3d0 [ 64.455757][ T8474] ? format_decode+0x230/0xad0 [ 64.460516][ T8474] ? ip6_addr_string_sa+0x830/0x830 [ 64.465704][ T8474] ? lockdep_unlock+0x11c/0x290 [ 64.470537][ T8474] ? __lock_acquire+0x2510/0x5500 [ 64.475657][ T8474] vsnprintf+0x71b/0x14f0 [ 64.480017][ T8474] ? pointer+0x930/0x930 [ 64.484270][ T8474] snprintf+0xbb/0xf0 [ 64.488250][ T8474] ? vsprintf+0x30/0x30 [ 64.492538][ T8474] ? __nla_reserve+0x9a/0xc0 [ 64.497131][ T8474] ? memcpy+0x39/0x60 [ 64.501106][ T8474] smc_nl_get_sys_info+0x493/0x880 [ 64.506222][ T8474] ? smc_nl_fill_lgr_list.constprop.0+0x980/0x980 [ 64.512634][ T8474] ? genl_lock_dumpit+0x3c/0x90 [ 64.517478][ T8474] ? mark_held_locks+0x9f/0xe0 [ 64.522233][ T8474] ? mutex_lock_io_nested+0xf60/0xf60 [ 64.527719][ T8474] ? rcu_read_lock_sched_held+0x3a/0x70 [ 64.533402][ T8474] ? trace_kmalloc_node+0xc1/0xf0 [ 64.538417][ T8474] ? __kmalloc_node_track_caller+0x21a/0x3e0 [ 64.544402][ T8474] ? netlink_dump+0x680/0xb70 [ 64.549170][ T8474] ? __phys_addr+0x9a/0x110 [ 64.553668][ T8474] ? memset+0x20/0x40 [ 64.557686][ T8474] genl_lock_dumpit+0x60/0x90 [ 64.562353][ T8474] netlink_dump+0x4b9/0xb70 [ 64.566859][ T8474] ? netlink_insert+0x1670/0x1670 [ 64.571877][ T8474] ? __mutex_unlock_slowpath+0xe2/0x610 [ 64.577435][ T8474] ? kasan_unpoison_shadow+0x33/0x40 [ 64.582832][ T8474] ? genl_start+0x44a/0x670 [ 64.587329][ T8474] __netlink_dump_start+0x642/0x900 [ 64.592511][ T8474] ? genl_family_rcv_msg_doit+0x320/0x320 [ 64.598218][ T8474] ? smc_nl_fill_lgr_list.constprop.0+0x980/0x980 [ 64.604615][ T8474] genl_family_rcv_msg_dumpit+0x2af/0x310 [ 64.610316][ T8474] ? genl_rcv+0x40/0x40 [ 64.614693][ T8474] ? mutex_lock_io_nested+0xf60/0xf60 [ 64.620061][ T8474] ? __lock_acquire+0x2510/0x5500 [ 64.625106][ T8474] ? genl_family_rcv_msg_doit+0x320/0x320 [ 64.630821][ T8474] ? genl_unlock+0x20/0x20 [ 64.635227][ T8474] ? genl_parallel_done+0xc0/0xc0 [ 64.640340][ T8474] ? __radix_tree_lookup+0x1f3/0x290 [ 64.645750][ T8474] ? genl_get_cmd+0x3cf/0x480 [ 64.650513][ T8474] genl_rcv_msg+0x434/0x580 [ 64.655028][ T8474] ? genl_get_cmd+0x480/0x480 [ 64.659839][ T8474] ? smc_nl_fill_lgr_list.constprop.0+0x980/0x980 [ 64.666261][ T8474] ? lock_release+0x710/0x710 [ 64.670972][ T8474] netlink_rcv_skb+0x153/0x420 [ 64.675732][ T8474] ? genl_get_cmd+0x480/0x480 [ 64.680398][ T8474] ? netlink_ack+0xaa0/0xaa0 [ 64.685004][ T8474] genl_rcv+0x24/0x40 [ 64.688968][ T8474] netlink_unicast+0x533/0x7d0 [ 64.693714][ T8474] ? netlink_attachskb+0x870/0x870 [ 64.698810][ T8474] ? __phys_addr_symbol+0x2c/0x70 [ 64.703832][ T8474] ? __check_object_size+0x171/0x3f0 [ 64.709121][ T8474] netlink_sendmsg+0x856/0xd90 [ 64.713895][ T8474] ? netlink_unicast+0x7d0/0x7d0 [ 64.718849][ T8474] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 64.724281][ T8474] ? netlink_unicast+0x7d0/0x7d0 [ 64.729221][ T8474] sock_sendmsg+0xcf/0x120 [ 64.733648][ T8474] ____sys_sendmsg+0x6e8/0x810 [ 64.738564][ T8474] ? kernel_sendmsg+0x50/0x50 [ 64.743356][ T8474] ? do_recvmmsg+0x6c0/0x6c0 [ 64.747956][ T8474] ? find_held_lock+0x2d/0x110 [ 64.752802][ T8474] ___sys_sendmsg+0xf3/0x170 [ 64.757535][ T8474] ? sendmsg_copy_msghdr+0x160/0x160 [ 64.762819][ T8474] ? do_huge_pmd_anonymous_page+0x8f1/0x2390 [ 64.768840][ T8474] ? find_held_lock+0x2d/0x110 [ 64.773600][ T8474] ? __fget_light+0x215/0x280 [ 64.778265][ T8474] __sys_sendmsg+0xe5/0x1b0 [ 64.782750][ T8474] ? __sys_sendmsg_sock+0xb0/0xb0 [ 64.787909][ T8474] ? syscall_enter_from_user_mode+0x1d/0x50 [ 64.794098][ T8474] do_syscall_64+0x2d/0x70 [ 64.798508][ T8474] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.804387][ T8474] RIP: 0033:0x440299 [ 64.808269][ T8474] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 64.827858][ T8474] RSP: 002b:00007ffeb08758d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 64.836256][ T8474] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440299 [ 64.844356][ T8474] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 [ 64.852456][ T8474] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 64.860437][ T8474] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401aa0 [ 64.868416][ T8474] R13: 0000000000401b30 R14: 0000000000000000 R15: 0000000000000000 [ 64.876389][ T8474] [ 64.878701][ T8474] The buggy address belongs to the variable: [ 64.884660][ T8474] smc_hostname+0x20/0x40 [ 64.888962][ T8474] [ 64.891265][ T8474] Memory state around the buggy address: [ 64.896894][ T8474] ffffffff8faea800: 00 00 f9 f9 f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9 [ 64.904935][ T8474] ffffffff8faea880: 00 00 f9 f9 f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9 [ 64.912975][ T8474] >ffffffff8faea900: 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 f9 f9 f9 f9 [ 64.921013][ T8474] ^ [ 64.928190][ T8474] ffffffff8faea980: 04 f9 f9 f9 f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9 [ 64.936235][ T8474] ffffffff8faeaa00: 00 00 f9 f9 f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9 [ 64.944278][ T8474] ================================================================== [ 64.952325][ T8474] Disabling lock debugging due to kernel taint [ 64.959204][ T8474] Kernel panic - not syncing: panic_on_warn set ... [ 64.965805][ T8474] CPU: 0 PID: 8474 Comm: syz-executor696 Tainted: G B 5.10.0-syzkaller #0 [ 64.975609][ T8474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.985667][ T8474] Call Trace: [ 64.988964][ T8474] dump_stack+0x107/0x163 [ 64.993461][ T8474] ? string+0x2c0/0x3d0 [ 64.997603][ T8474] panic+0x306/0x73d [ 65.001478][ T8474] ? __warn_printk+0xf3/0xf3 [ 65.006050][ T8474] ? preempt_schedule_common+0x59/0xc0 [ 65.011505][ T8474] ? string+0x39c/0x3d0 [ 65.015771][ T8474] ? preempt_schedule_thunk+0x16/0x18 [ 65.021122][ T8474] ? trace_hardirqs_on+0x51/0x1c0 [ 65.026120][ T8474] ? string+0x39c/0x3d0 [ 65.030292][ T8474] ? string+0x39c/0x3d0 [ 65.034434][ T8474] end_report+0x58/0x5e [ 65.038705][ T8474] kasan_report.cold+0xd/0x37 [ 65.043383][ T8474] ? string+0x39c/0x3d0 [ 65.047655][ T8474] string+0x39c/0x3d0 [ 65.051746][ T8474] ? format_decode+0x230/0xad0 [ 65.056633][ T8474] ? ip6_addr_string_sa+0x830/0x830 [ 65.061815][ T8474] ? lockdep_unlock+0x11c/0x290 [ 65.066660][ T8474] ? __lock_acquire+0x2510/0x5500 [ 65.071685][ T8474] vsnprintf+0x71b/0x14f0 [ 65.075998][ T8474] ? pointer+0x930/0x930 [ 65.080498][ T8474] snprintf+0xbb/0xf0 [ 65.084468][ T8474] ? vsprintf+0x30/0x30 [ 65.088611][ T8474] ? __nla_reserve+0x9a/0xc0 [ 65.093187][ T8474] ? memcpy+0x39/0x60 [ 65.097206][ T8474] smc_nl_get_sys_info+0x493/0x880 [ 65.102293][ T8474] ? smc_nl_fill_lgr_list.constprop.0+0x980/0x980 [ 65.108698][ T8474] ? genl_lock_dumpit+0x3c/0x90 [ 65.113555][ T8474] ? mark_held_locks+0x9f/0xe0 [ 65.118306][ T8474] ? mutex_lock_io_nested+0xf60/0xf60 [ 65.123669][ T8474] ? rcu_read_lock_sched_held+0x3a/0x70 [ 65.129193][ T8474] ? trace_kmalloc_node+0xc1/0xf0 [ 65.134341][ T8474] ? __kmalloc_node_track_caller+0x21a/0x3e0 [ 65.140317][ T8474] ? netlink_dump+0x680/0xb70 [ 65.144986][ T8474] ? __phys_addr+0x9a/0x110 [ 65.149486][ T8474] ? memset+0x20/0x40 [ 65.153448][ T8474] genl_lock_dumpit+0x60/0x90 [ 65.158104][ T8474] netlink_dump+0x4b9/0xb70 [ 65.162587][ T8474] ? netlink_insert+0x1670/0x1670 [ 65.167590][ T8474] ? __mutex_unlock_slowpath+0xe2/0x610 [ 65.173138][ T8474] ? kasan_unpoison_shadow+0x33/0x40 [ 65.178410][ T8474] ? genl_start+0x44a/0x670 [ 65.183019][ T8474] __netlink_dump_start+0x642/0x900 [ 65.188211][ T8474] ? genl_family_rcv_msg_doit+0x320/0x320 [ 65.193912][ T8474] ? smc_nl_fill_lgr_list.constprop.0+0x980/0x980 [ 65.200318][ T8474] genl_family_rcv_msg_dumpit+0x2af/0x310 [ 65.206018][ T8474] ? genl_rcv+0x40/0x40 [ 65.210149][ T8474] ? mutex_lock_io_nested+0xf60/0xf60 [ 65.215586][ T8474] ? __lock_acquire+0x2510/0x5500 [ 65.220601][ T8474] ? genl_family_rcv_msg_doit+0x320/0x320 [ 65.226293][ T8474] ? genl_unlock+0x20/0x20 [ 65.230683][ T8474] ? genl_parallel_done+0xc0/0xc0 [ 65.235698][ T8474] ? __radix_tree_lookup+0x1f3/0x290 [ 65.241103][ T8474] ? genl_get_cmd+0x3cf/0x480 [ 65.245761][ T8474] genl_rcv_msg+0x434/0x580 [ 65.250308][ T8474] ? genl_get_cmd+0x480/0x480 [ 65.254983][ T8474] ? smc_nl_fill_lgr_list.constprop.0+0x980/0x980 [ 65.261388][ T8474] ? lock_release+0x710/0x710 [ 65.266059][ T8474] netlink_rcv_skb+0x153/0x420 [ 65.270860][ T8474] ? genl_get_cmd+0x480/0x480 [ 65.275514][ T8474] ? netlink_ack+0xaa0/0xaa0 [ 65.280081][ T8474] genl_rcv+0x24/0x40 [ 65.284066][ T8474] netlink_unicast+0x533/0x7d0 [ 65.288818][ T8474] ? netlink_attachskb+0x870/0x870 [ 65.293920][ T8474] ? __phys_addr_symbol+0x2c/0x70 [ 65.298929][ T8474] ? __check_object_size+0x171/0x3f0 [ 65.304220][ T8474] netlink_sendmsg+0x856/0xd90 [ 65.308993][ T8474] ? netlink_unicast+0x7d0/0x7d0 [ 65.313918][ T8474] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 65.319191][ T8474] ? netlink_unicast+0x7d0/0x7d0 [ 65.324114][ T8474] sock_sendmsg+0xcf/0x120 [ 65.328510][ T8474] ____sys_sendmsg+0x6e8/0x810 [ 65.333266][ T8474] ? kernel_sendmsg+0x50/0x50 [ 65.337917][ T8474] ? do_recvmmsg+0x6c0/0x6c0 [ 65.342503][ T8474] ? find_held_lock+0x2d/0x110 [ 65.347253][ T8474] ___sys_sendmsg+0xf3/0x170 [ 65.351832][ T8474] ? sendmsg_copy_msghdr+0x160/0x160 [ 65.357102][ T8474] ? do_huge_pmd_anonymous_page+0x8f1/0x2390 [ 65.363067][ T8474] ? find_held_lock+0x2d/0x110 [ 65.367825][ T8474] ? __fget_light+0x215/0x280 [ 65.372483][ T8474] __sys_sendmsg+0xe5/0x1b0 [ 65.376965][ T8474] ? __sys_sendmsg_sock+0xb0/0xb0 [ 65.381985][ T8474] ? syscall_enter_from_user_mode+0x1d/0x50 [ 65.387860][ T8474] do_syscall_64+0x2d/0x70 [ 65.392262][ T8474] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.398135][ T8474] RIP: 0033:0x440299 [ 65.402015][ T8474] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 65.421696][ T8474] RSP: 002b:00007ffeb08758d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 65.430291][ T8474] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440299 [ 65.438245][ T8474] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 [ 65.446556][ T8474] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 65.454538][ T8474] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401aa0 [ 65.462579][ T8474] R13: 0000000000401b30 R14: 0000000000000000 R15: 0000000000000000 [ 65.471065][ T8474] Kernel Offset: disabled [ 65.475380][ T8474] Rebooting in 86400 seconds..