[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   39.283090] audit: type=1800 audit(1548299306.130:25): pid=7796 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   39.319563] audit: type=1800 audit(1548299306.130:26): pid=7796 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   39.350071] audit: type=1800 audit(1548299306.130:27): pid=7796 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.51' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   58.580352] ==================================================================
[   58.587987] BUG: KASAN: global-out-of-bounds in validate_nla+0x12c4/0x1580
[   58.594986] Read of size 1 at addr ffffffff88f41fc0 by task syz-executor288/7947
[   58.602495] 
[   58.604110] CPU: 1 PID: 7947 Comm: syz-executor288 Not tainted 5.0.0-rc3+ #41
[   58.611493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   58.620830] Call Trace:
[   58.623404]  dump_stack+0x1db/0x2d0
[   58.627014]  ? dump_stack_print_info.cold+0x20/0x20
[   58.632017]  ? mark_held_locks+0xb1/0x100
[   58.636155]  ? validate_nla+0x12c4/0x1580
[   58.640306]  print_address_description.cold+0x5/0x20d
[   58.645508]  ? validate_nla+0x12c4/0x1580
[   58.649647]  ? validate_nla+0x12c4/0x1580
[   58.653795]  kasan_report.cold+0x1b/0x40
[   58.657841]  ? do_raw_spin_trylock+0x1a0/0x270
[   58.662455]  ? validate_nla+0x12c4/0x1580
[   58.666725]  __asan_report_load1_noabort+0x14/0x20
[   58.671638]  validate_nla+0x12c4/0x1580
[   58.675595]  ? nla_memcpy+0xb0/0xb0
[   58.679230]  ? depot_save_stack+0x1de/0x460
[   58.683546]  ? save_stack+0xa9/0xd0
[   58.687161]  ? save_stack+0x45/0xd0
[   58.690767]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[   58.695871]  ? kasan_kmalloc+0x9/0x10
[   58.699663]  nla_validate+0xc1/0x130
[   58.703363]  validate_nla+0x711/0x1580
[   58.707231]  ? print_usage_bug+0xb0/0xd0
[   58.711481]  ? nla_memcpy+0xb0/0xb0
[   58.715094]  ? add_lock_to_list.isra.0+0x450/0x450
[   58.720034]  ? find_held_lock+0x35/0x120
[   58.724209]  ? add_lock_to_list.isra.0+0x450/0x450
[   58.729122]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   58.734657]  __nla_parse+0x206/0x340
[   58.738353]  nla_parse+0x45/0x60
[   58.741815]  nl80211_dump_wiphy_parse.isra.0.constprop.0+0x133/0x610
[   58.748295]  ? nl80211_set_cqm+0x1e50/0x1e50
[   58.752838]  nl80211_dump_wiphy+0x595/0x760
[   58.757147]  genl_lock_dumpit+0x6d/0xa0
[   58.761106]  netlink_dump+0x5f2/0x1070
[   58.765089]  ? netlink_broadcast+0x50/0x50
[   58.769312]  __netlink_dump_start+0x5b4/0x7e0
[   58.773793]  ? genl_lock_dumpit+0xa0/0xa0
[   58.777933]  genl_family_rcv_msg+0xeb5/0x11a0
[   58.782433]  ? genl_unregister_family+0x8a0/0x8a0
[   58.787286]  ? genl_lock_dumpit+0xa0/0xa0
[   58.791438]  ? genl_lock_done+0xe0/0xe0
[   58.795418]  ? genl_unlock+0x20/0x20
[   58.799114]  ? radix_tree_insert+0x850/0x850
[   58.803682]  ? netlink_deliver_tap+0x32b/0xf40
[   58.808270]  ? lock_downgrade+0x910/0x910
[   58.812409]  ? kasan_check_read+0x11/0x20
[   58.816558]  genl_rcv_msg+0xca/0x16c
[   58.820415]  netlink_rcv_skb+0x17d/0x410
[   58.824599]  ? genl_family_rcv_msg+0x11a0/0x11a0
[   58.829349]  ? netlink_ack+0xba0/0xba0
[   58.833308]  ? __down_interruptible+0x740/0x740
[   58.837976]  genl_rcv+0x29/0x40
[   58.841234]  netlink_unicast+0x574/0x770
[   58.845295]  ? netlink_attachskb+0x980/0x980
[   58.849685]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   58.855203]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   58.860202]  netlink_sendmsg+0xa05/0xf90
[   58.864358]  ? netlink_unicast+0x770/0x770
[   58.868576]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   58.873403]  ? apparmor_socket_sendmsg+0x2a/0x30
[   58.878141]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   58.883691]  ? security_socket_sendmsg+0x93/0xc0
[   58.888537]  ? netlink_unicast+0x770/0x770
[   58.892758]  sock_sendmsg+0xdd/0x130
[   58.896454]  ___sys_sendmsg+0x7ec/0x910
[   58.900414]  ? copy_msghdr_from_user+0x570/0x570
[   58.905263]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   58.910798]  ? __handle_mm_fault+0x955/0x55a0
[   58.915315]  ? add_lock_to_list.isra.0+0x450/0x450
[   58.920346]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[   58.925174]  ? check_preemption_disabled+0x48/0x290
[   58.930168]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   58.935816]  ? __fget_light+0x2db/0x420
[   58.939905]  ? fget_raw+0x20/0x20
[   58.943349]  ? __do_page_fault+0x610/0xd60
[   58.947599]  ? lock_downgrade+0x910/0x910
[   58.951727]  ? __fdget+0x1b/0x20
[   58.955076]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   58.960594]  ? sockfd_lookup_light+0xc2/0x160
[   58.965174]  __sys_sendmsg+0x112/0x270
[   58.969048]  ? __ia32_sys_shutdown+0x80/0x80
[   58.973441]  ? up_read+0x7a/0x2b0
[   58.976894]  ? entry_SYSENTER_compat+0x70/0x7f
[   58.981718]  ? trace_hardirqs_off_caller+0x300/0x300
[   58.987052]  ? __do_page_fault+0x3f1/0xd60
[   58.991276]  __ia32_compat_sys_sendmsg+0x7a/0xb0
[   58.996138]  do_fast_syscall_32+0x333/0xf98
[   59.000443]  ? do_int80_syscall_32+0x880/0x880
[   59.005142]  ? trace_hardirqs_off+0x310/0x310
[   59.009803]  ? syscall_return_slowpath+0x5f0/0x5f0
[   59.014719]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   59.020266]  ? prepare_exit_to_usermode+0x232/0x3b0
[   59.025314]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   59.030164]  entry_SYSENTER_compat+0x70/0x7f
[   59.034567] RIP: 0023:0xf7f94869
[   59.037944] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[   59.056826] RSP: 002b:00000000ff958f9c EFLAGS: 00000246 ORIG_RAX: 0000000000000172
[   59.064892] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000380
[   59.072250] RDX: 0000000000000000 RSI: 00000000080ea078 RDI: 00000000ff958ff0
[   59.079509] RBP: 0000000000001000 R08: 0000000000000000 R09: 0000000000000000
[   59.086760] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   59.094013] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   59.101273] 
[   59.102980] The buggy address belongs to the variable:
[   59.108241]  nl80211_pmsr_attr_policy+0x60/0x80
[   59.112888] 
[   59.114503] Memory state around the buggy address:
[   59.119415]  ffffffff88f41e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   59.126753]  ffffffff88f41f00: 00 00 00 00 00 00 00 00 fa fa fa fa 00 00 00 00
[   59.134088] >ffffffff88f41f80: 00 00 00 00 00 00 00 00 fa fa fa fa 00 00 00 00
[   59.141423]                                            ^
[   59.147063]  ffffffff88f42000: 00 00 00 00 00 00 fa fa fa fa fa fa 00 00 00 00
[   59.154402]  ffffffff88f42080: 00 00 fa fa fa fa fa fa 00 00 00 00 fa fa fa fa
[   59.161736] ==================================================================
[   59.169068] Disabling lock debugging due to kernel taint
[   59.175240] Kernel panic - not syncing: panic_on_warn set ...
[   59.181129] CPU: 1 PID: 7947 Comm: syz-executor288 Tainted: G    B             5.0.0-rc3+ #41
[   59.189766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   59.199095] Call Trace:
[   59.201660]  dump_stack+0x1db/0x2d0
[   59.205267]  ? dump_stack_print_info.cold+0x20/0x20
[   59.210263]  panic+0x2cb/0x65c
[   59.213433]  ? add_taint.cold+0x16/0x16
[   59.217678]  ? validate_nla+0x12c4/0x1580
[   59.221805]  ? preempt_schedule+0x4b/0x60
[   59.225935]  ? ___preempt_schedule+0x16/0x18
[   59.230322]  ? trace_hardirqs_on+0xb4/0x310
[   59.234621]  ? validate_nla+0x12c4/0x1580
[   59.238743]  end_report+0x47/0x4f
[   59.242180]  ? validate_nla+0x12c4/0x1580
[   59.246304]  kasan_report.cold+0xe/0x40
[   59.250257]  ? do_raw_spin_trylock+0x1a0/0x270
[   59.254818]  ? validate_nla+0x12c4/0x1580
[   59.258956]  __asan_report_load1_noabort+0x14/0x20
[   59.263865]  validate_nla+0x12c4/0x1580
[   59.267839]  ? nla_memcpy+0xb0/0xb0
[   59.271469]  ? depot_save_stack+0x1de/0x460
[   59.275827]  ? save_stack+0xa9/0xd0
[   59.279440]  ? save_stack+0x45/0xd0
[   59.283054]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[   59.288168]  ? kasan_kmalloc+0x9/0x10
[   59.291948]  nla_validate+0xc1/0x130
[   59.295640]  validate_nla+0x711/0x1580
[   59.299504]  ? print_usage_bug+0xb0/0xd0
[   59.303542]  ? nla_memcpy+0xb0/0xb0
[   59.307286]  ? add_lock_to_list.isra.0+0x450/0x450
[   59.312212]  ? find_held_lock+0x35/0x120
[   59.316252]  ? add_lock_to_list.isra.0+0x450/0x450
[   59.321164]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   59.326687]  __nla_parse+0x206/0x340
[   59.330382]  nla_parse+0x45/0x60
[   59.333732]  nl80211_dump_wiphy_parse.isra.0.constprop.0+0x133/0x610
[   59.340413]  ? nl80211_set_cqm+0x1e50/0x1e50
[   59.344812]  nl80211_dump_wiphy+0x595/0x760
[   59.349154]  genl_lock_dumpit+0x6d/0xa0
[   59.353130]  netlink_dump+0x5f2/0x1070
[   59.357023]  ? netlink_broadcast+0x50/0x50
[   59.361264]  __netlink_dump_start+0x5b4/0x7e0
[   59.365738]  ? genl_lock_dumpit+0xa0/0xa0
[   59.369866]  genl_family_rcv_msg+0xeb5/0x11a0
[   59.374375]  ? genl_unregister_family+0x8a0/0x8a0
[   59.379317]  ? genl_lock_dumpit+0xa0/0xa0
[   59.383454]  ? genl_lock_done+0xe0/0xe0
[   59.387405]  ? genl_unlock+0x20/0x20
[   59.391097]  ? radix_tree_insert+0x850/0x850
[   59.395484]  ? netlink_deliver_tap+0x32b/0xf40
[   59.400055]  ? lock_downgrade+0x910/0x910
[   59.404185]  ? kasan_check_read+0x11/0x20
[   59.408468]  genl_rcv_msg+0xca/0x16c
[   59.412173]  netlink_rcv_skb+0x17d/0x410
[   59.416227]  ? genl_family_rcv_msg+0x11a0/0x11a0
[   59.420959]  ? netlink_ack+0xba0/0xba0
[   59.424826]  ? __down_interruptible+0x740/0x740
[   59.429475]  genl_rcv+0x29/0x40
[   59.432733]  netlink_unicast+0x574/0x770
[   59.436795]  ? netlink_attachskb+0x980/0x980
[   59.441182]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   59.446699]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   59.451695]  netlink_sendmsg+0xa05/0xf90
[   59.455733]  ? netlink_unicast+0x770/0x770
[   59.459963]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   59.464787]  ? apparmor_socket_sendmsg+0x2a/0x30
[   59.469519]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   59.475071]  ? security_socket_sendmsg+0x93/0xc0
[   59.479819]  ? netlink_unicast+0x770/0x770
[   59.484133]  sock_sendmsg+0xdd/0x130
[   59.487825]  ___sys_sendmsg+0x7ec/0x910
[   59.491777]  ? copy_msghdr_from_user+0x570/0x570
[   59.496524]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   59.502059]  ? __handle_mm_fault+0x955/0x55a0
[   59.506568]  ? add_lock_to_list.isra.0+0x450/0x450
[   59.511477]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[   59.516301]  ? check_preemption_disabled+0x48/0x290
[   59.521297]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   59.526812]  ? __fget_light+0x2db/0x420
[   59.530762]  ? fget_raw+0x20/0x20
[   59.534195]  ? __do_page_fault+0x610/0xd60
[   59.538430]  ? lock_downgrade+0x910/0x910
[   59.542603]  ? __fdget+0x1b/0x20
[   59.546064]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   59.551589]  ? sockfd_lookup_light+0xc2/0x160
[   59.556069]  __sys_sendmsg+0x112/0x270
[   59.559939]  ? __ia32_sys_shutdown+0x80/0x80
[   59.564324]  ? up_read+0x7a/0x2b0
[   59.567757]  ? entry_SYSENTER_compat+0x70/0x7f
[   59.572321]  ? trace_hardirqs_off_caller+0x300/0x300
[   59.577499]  ? __do_page_fault+0x3f1/0xd60
[   59.581735]  __ia32_compat_sys_sendmsg+0x7a/0xb0
[   59.586488]  do_fast_syscall_32+0x333/0xf98
[   59.590790]  ? do_int80_syscall_32+0x880/0x880
[   59.595366]  ? trace_hardirqs_off+0x310/0x310
[   59.599845]  ? syscall_return_slowpath+0x5f0/0x5f0
[   59.604758]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   59.610281]  ? prepare_exit_to_usermode+0x232/0x3b0
[   59.615276]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   59.620099]  entry_SYSENTER_compat+0x70/0x7f
[   59.624493] RIP: 0023:0xf7f94869
[   59.627839] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[   59.646721] RSP: 002b:00000000ff958f9c EFLAGS: 00000246 ORIG_RAX: 0000000000000172
[   59.654423] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000380
[   59.661770] RDX: 0000000000000000 RSI: 00000000080ea078 RDI: 00000000ff958ff0
[   59.669025] RBP: 0000000000001000 R08: 0000000000000000 R09: 0000000000000000
[   59.676273] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   59.683554] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   59.691979] Kernel Offset: disabled
[   59.695603] Rebooting in 86400 seconds..