[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.13' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 62.058001][ T8469] ================================================================== [ 62.066306][ T8469] BUG: KASAN: stack-out-of-bounds in bitmap_from_arr32+0x199/0x1f0 [ 62.074175][ T8469] Write of size 8 at addr ffffc9000151f5b0 by task syz-executor624/8469 [ 62.082476][ T8469] [ 62.084787][ T8469] CPU: 0 PID: 8469 Comm: syz-executor624 Not tainted 5.10.0-rc4-syzkaller #0 [ 62.093519][ T8469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.103556][ T8469] Call Trace: [ 62.106850][ T8469] dump_stack+0x107/0x163 [ 62.111161][ T8469] ? bitmap_from_arr32+0x199/0x1f0 [ 62.116260][ T8469] ? bitmap_from_arr32+0x199/0x1f0 [ 62.121351][ T8469] print_address_description.constprop.0.cold+0x5/0x4c8 [ 62.128417][ T8469] ? _raw_spin_lock_irqsave+0x4e/0x50 [ 62.133782][ T8469] ? vprintk_func+0x95/0x1e0 [ 62.138396][ T8469] ? bitmap_from_arr32+0x199/0x1f0 [ 62.143577][ T8469] ? bitmap_from_arr32+0x199/0x1f0 [ 62.148963][ T8469] kasan_report.cold+0x1f/0x37 [ 62.153715][ T8469] ? bitmap_from_arr32+0x199/0x1f0 [ 62.158810][ T8469] bitmap_from_arr32+0x199/0x1f0 [ 62.163740][ T8469] ethnl_parse_bitset+0x448/0x7a0 [ 62.168805][ T8469] ? ethnl_update_bitset32+0x70/0x70 [ 62.174070][ T8469] ? ethnl_parse_header_dev_get+0x2cd/0x7f0 [ 62.179946][ T8469] ? ____sys_sendmsg+0x6e8/0x810 [ 62.184859][ T8469] ? ___sys_sendmsg+0xf3/0x170 [ 62.189597][ T8469] ? __sys_sendmsg+0xe5/0x1b0 [ 62.194269][ T8469] ? do_syscall_64+0x2d/0x70 [ 62.198835][ T8469] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 62.204981][ T8469] ethnl_set_features+0x2ac/0xa70 [ 62.209995][ T8469] ? __nla_validate_parse+0x2d3/0x2ae0 [ 62.215462][ T8469] ? features_reply_size+0x140/0x140 [ 62.220744][ T8469] ? nla_get_range_signed+0x520/0x520 [ 62.226202][ T8469] ? __nla_parse+0x3d/0x50 [ 62.230653][ T8469] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x280 [ 62.238042][ T8469] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 62.245319][ T8469] genl_family_rcv_msg_doit+0x228/0x320 [ 62.250844][ T8469] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 62.258198][ T8469] ? ns_capable+0xde/0x100 [ 62.262608][ T8469] genl_rcv_msg+0x328/0x580 [ 62.267112][ T8469] ? genl_get_cmd+0x480/0x480 [ 62.271777][ T8469] ? features_reply_size+0x140/0x140 [ 62.277053][ T8469] ? lock_release+0x710/0x710 [ 62.281854][ T8469] netlink_rcv_skb+0x153/0x420 [ 62.286612][ T8469] ? genl_get_cmd+0x480/0x480 [ 62.291279][ T8469] ? netlink_ack+0xaa0/0xaa0 [ 62.295861][ T8469] genl_rcv+0x24/0x40 [ 62.299822][ T8469] netlink_unicast+0x533/0x7d0 [ 62.304572][ T8469] ? netlink_attachskb+0x810/0x810 [ 62.309680][ T8469] ? __phys_addr_symbol+0x2c/0x70 [ 62.314684][ T8469] ? __check_object_size+0x171/0x3f0 [ 62.319953][ T8469] netlink_sendmsg+0x856/0xd90 [ 62.324712][ T8469] ? netlink_unicast+0x7d0/0x7d0 [ 62.330070][ T8469] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 62.335332][ T8469] ? netlink_unicast+0x7d0/0x7d0 [ 62.340270][ T8469] sock_sendmsg+0xcf/0x120 [ 62.344665][ T8469] ____sys_sendmsg+0x6e8/0x810 [ 62.349426][ T8469] ? kernel_sendmsg+0x50/0x50 [ 62.354090][ T8469] ? do_recvmmsg+0x6c0/0x6c0 [ 62.358669][ T8469] ? stack_trace_save+0x8c/0xc0 [ 62.363511][ T8469] ? stack_trace_consume_entry+0x160/0x160 [ 62.369303][ T8469] ___sys_sendmsg+0xf3/0x170 [ 62.373876][ T8469] ? sendmsg_copy_msghdr+0x160/0x160 [ 62.379138][ T8469] ? exit_to_user_mode_prepare+0x17e/0x1a0 [ 62.384924][ T8469] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 62.391451][ T8469] ? debug_object_active_state+0x260/0x350 [ 62.397236][ T8469] ? lock_downgrade+0x6d0/0x6d0 [ 62.402070][ T8469] ? _raw_spin_unlock_irqrestore+0x42/0x50 [ 62.407879][ T8469] ? lockdep_hardirqs_on+0x79/0x100 [ 62.413070][ T8469] ? _raw_spin_unlock_irqrestore+0x2f/0x50 [ 62.418859][ T8469] ? debug_object_active_state+0x260/0x350 [ 62.424652][ T8469] ? __fget_light+0x215/0x280 [ 62.429316][ T8469] __sys_sendmsg+0xe5/0x1b0 [ 62.433803][ T8469] ? __sys_sendmsg_sock+0xb0/0xb0 [ 62.438834][ T8469] ? syscall_enter_from_user_mode+0x1d/0x50 [ 62.444710][ T8469] do_syscall_64+0x2d/0x70 [ 62.449104][ T8469] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 62.454975][ T8469] RIP: 0033:0x440899 [ 62.458853][ T8469] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 11 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 62.478437][ T8469] RSP: 002b:00007ffe5de83088 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 62.486829][ T8469] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440899 [ 62.494779][ T8469] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000003 [ 62.502727][ T8469] RBP: 00000000006cb018 R08: 0000000000000000 R09: 00000000004002c8 [ 62.510688][ T8469] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401e80 [ 62.518658][ T8469] R13: 0000000000401f10 R14: 0000000000000000 R15: 0000000000000000 [ 62.526616][ T8469] [ 62.528925][ T8469] [ 62.531234][ T8469] addr ffffc9000151f5b0 is located in stack of task syz-executor624/8469 at offset 264 in frame: [ 62.542149][ T8469] ethnl_set_features+0x0/0xa70 [ 62.546970][ T8469] [ 62.549272][ T8469] this frame has 9 objects: [ 62.553750][ T8469] [32, 40) 'reply_payload' [ 62.553758][ T8469] [64, 80) 'req_info' [ 62.558235][ T8469] [96, 104) 'wanted_diff_mask' [ 62.562286][ T8469] [128, 136) 'active_diff_mask' [ 62.567108][ T8469] [160, 168) 'old_active' [ 62.572019][ T8469] [192, 200) 'old_wanted' [ 62.576408][ T8469] [224, 232) 'new_active' [ 62.580796][ T8469] [256, 264) 'req_wanted' [ 62.585196][ T8469] [288, 296) 'req_mask' [ 62.589669][ T8469] [ 62.596182][ T8469] Memory state around the buggy address: [ 62.601800][ T8469] ffffc9000151f480: 00 00 00 00 00 f1 f1 f1 f1 00 f2 f2 f2 00 00 f2 [ 62.609850][ T8469] ffffc9000151f500: f2 00 f2 f2 f2 00 f2 f2 f2 00 f2 f2 f2 00 f2 f2 [ 62.617906][ T8469] >ffffc9000151f580: f2 00 f2 f2 f2 00 f2 f2 f2 00 f3 f3 f3 00 00 00 [ 62.625960][ T8469] ^ [ 62.631565][ T8469] ffffc9000151f600: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1 [ 62.639612][ T8469] ffffc9000151f680: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 00 00 [ 62.647645][ T8469] ================================================================== [ 62.655679][ T8469] Disabling lock debugging due to kernel taint [ 62.662313][ T8469] Kernel panic - not syncing: panic_on_warn set ... [ 62.668996][ T8469] CPU: 0 PID: 8469 Comm: syz-executor624 Tainted: G B 5.10.0-rc4-syzkaller #0 [ 62.679146][ T8469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.689280][ T8469] Call Trace: [ 62.692561][ T8469] dump_stack+0x107/0x163 [ 62.696907][ T8469] ? bitmap_from_arr32+0x150/0x1f0 [ 62.701988][ T8469] panic+0x306/0x73d [ 62.705857][ T8469] ? __warn_printk+0xf3/0xf3 [ 62.710422][ T8469] ? preempt_schedule_common+0x59/0xc0 [ 62.715852][ T8469] ? bitmap_from_arr32+0x199/0x1f0 [ 62.720936][ T8469] ? preempt_schedule_thunk+0x16/0x18 [ 62.726280][ T8469] ? trace_hardirqs_on+0x51/0x1c0 [ 62.731277][ T8469] ? bitmap_from_arr32+0x199/0x1f0 [ 62.736368][ T8469] ? bitmap_from_arr32+0x199/0x1f0 [ 62.741450][ T8469] end_report+0x58/0x5e [ 62.746471][ T8469] kasan_report.cold+0xd/0x37 [ 62.751160][ T8469] ? bitmap_from_arr32+0x199/0x1f0 [ 62.756279][ T8469] bitmap_from_arr32+0x199/0x1f0 [ 62.761189][ T8469] ethnl_parse_bitset+0x448/0x7a0 [ 62.766186][ T8469] ? ethnl_update_bitset32+0x70/0x70 [ 62.771441][ T8469] ? ethnl_parse_header_dev_get+0x2cd/0x7f0 [ 62.777304][ T8469] ? ____sys_sendmsg+0x6e8/0x810 [ 62.782210][ T8469] ? ___sys_sendmsg+0xf3/0x170 [ 62.786989][ T8469] ? __sys_sendmsg+0xe5/0x1b0 [ 62.791640][ T8469] ? do_syscall_64+0x2d/0x70 [ 62.796204][ T8469] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 62.802241][ T8469] ethnl_set_features+0x2ac/0xa70 [ 62.807241][ T8469] ? __nla_validate_parse+0x2d3/0x2ae0 [ 62.812672][ T8469] ? features_reply_size+0x140/0x140 [ 62.817930][ T8469] ? nla_get_range_signed+0x520/0x520 [ 62.823277][ T8469] ? __nla_parse+0x3d/0x50 [ 62.827669][ T8469] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x280 [ 62.835010][ T8469] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 62.842264][ T8469] genl_family_rcv_msg_doit+0x228/0x320 [ 62.847821][ T8469] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 62.855162][ T8469] ? ns_capable+0xde/0x100 [ 62.859550][ T8469] genl_rcv_msg+0x328/0x580 [ 62.864039][ T8469] ? genl_get_cmd+0x480/0x480 [ 62.868686][ T8469] ? features_reply_size+0x140/0x140 [ 62.873942][ T8469] ? lock_release+0x710/0x710 [ 62.878590][ T8469] netlink_rcv_skb+0x153/0x420 [ 62.883324][ T8469] ? genl_get_cmd+0x480/0x480 [ 62.887972][ T8469] ? netlink_ack+0xaa0/0xaa0 [ 62.892556][ T8469] genl_rcv+0x24/0x40 [ 62.896509][ T8469] netlink_unicast+0x533/0x7d0 [ 62.901248][ T8469] ? netlink_attachskb+0x810/0x810 [ 62.906333][ T8469] ? __phys_addr_symbol+0x2c/0x70 [ 62.911341][ T8469] ? __check_object_size+0x171/0x3f0 [ 62.916603][ T8469] netlink_sendmsg+0x856/0xd90 [ 62.921342][ T8469] ? netlink_unicast+0x7d0/0x7d0 [ 62.926260][ T8469] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 62.931524][ T8469] ? netlink_unicast+0x7d0/0x7d0 [ 62.936438][ T8469] sock_sendmsg+0xcf/0x120 [ 62.940829][ T8469] ____sys_sendmsg+0x6e8/0x810 [ 62.945567][ T8469] ? kernel_sendmsg+0x50/0x50 [ 62.950213][ T8469] ? do_recvmmsg+0x6c0/0x6c0 [ 62.954778][ T8469] ? stack_trace_save+0x8c/0xc0 [ 62.959599][ T8469] ? stack_trace_consume_entry+0x160/0x160 [ 62.965376][ T8469] ___sys_sendmsg+0xf3/0x170 [ 62.969979][ T8469] ? sendmsg_copy_msghdr+0x160/0x160 [ 62.975234][ T8469] ? exit_to_user_mode_prepare+0x17e/0x1a0 [ 62.981013][ T8469] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 62.987054][ T8469] ? debug_object_active_state+0x260/0x350 [ 62.992924][ T8469] ? lock_downgrade+0x6d0/0x6d0 [ 62.997761][ T8469] ? _raw_spin_unlock_irqrestore+0x42/0x50 [ 63.003538][ T8469] ? lockdep_hardirqs_on+0x79/0x100 [ 63.008782][ T8469] ? _raw_spin_unlock_irqrestore+0x2f/0x50 [ 63.014608][ T8469] ? debug_object_active_state+0x260/0x350 [ 63.020473][ T8469] ? __fget_light+0x215/0x280 [ 63.025126][ T8469] __sys_sendmsg+0xe5/0x1b0 [ 63.029599][ T8469] ? __sys_sendmsg_sock+0xb0/0xb0 [ 63.034598][ T8469] ? syscall_enter_from_user_mode+0x1d/0x50 [ 63.040547][ T8469] do_syscall_64+0x2d/0x70 [ 63.044937][ T8469] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.050802][ T8469] RIP: 0033:0x440899 [ 63.054686][ T8469] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 11 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 63.074316][ T8469] RSP: 002b:00007ffe5de83088 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 63.082700][ T8469] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440899 [ 63.090653][ T8469] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000003 [ 63.098607][ T8469] RBP: 00000000006cb018 R08: 0000000000000000 R09: 00000000004002c8 [ 63.106551][ T8469] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401e80 [ 63.114495][ T8469] R13: 0000000000401f10 R14: 0000000000000000 R15: 0000000000000000 [ 63.123029][ T8469] Kernel Offset: disabled [ 63.127336][ T8469] Rebooting in 86400 seconds..