[ OK ] Reached target Login Prompts. [ OK ] Started System Logging Service. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.238' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 28.757314] ================================================================== [ 28.764919] BUG: KASAN: null-ptr-deref in ieee802154_llsec_parse_key_id+0x494/0x820 [ 28.772693] Read of size 8 at addr 0000000000000004 by task syz-executor669/7956 [ 28.780200] [ 28.781808] CPU: 0 PID: 7956 Comm: syz-executor669 Not tainted 4.14.228-syzkaller #0 [ 28.789664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.798997] Call Trace: [ 28.801569] dump_stack+0x1b2/0x281 [ 28.805245] kasan_report_error.cold+0x144/0x191 [ 28.809988] ? ieee802154_llsec_parse_key_id+0x494/0x820 [ 28.815415] kasan_report+0x6f/0x80 [ 28.819021] ? ieee802154_llsec_parse_key_id+0x494/0x820 [ 28.824493] memcpy+0x20/0x50 [ 28.827576] ieee802154_llsec_parse_key_id+0x494/0x820 [ 28.832829] ? ieee802154_nl_start_confirm.isra.0+0x1f0/0x1f0 [ 28.838689] ? lock_downgrade+0x740/0x740 [ 28.842814] ieee802154_llsec_del_key+0xf5/0x210 [ 28.847549] ? ieee802154_llsec_add_key+0x5c0/0x5c0 [ 28.852544] ? nla_parse+0x157/0x1f0 [ 28.856236] genl_family_rcv_msg+0x572/0xb20 [ 28.860624] ? genl_rcv+0x40/0x40 [ 28.864058] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 28.869488] ? trace_hardirqs_on+0x10/0x10 [ 28.873731] ? sock_sendmsg+0xb5/0x100 [ 28.877600] genl_rcv_msg+0xaf/0x140 [ 28.881291] netlink_rcv_skb+0x125/0x390 [ 28.885327] ? genl_family_rcv_msg+0xb20/0xb20 [ 28.890062] ? netlink_ack+0x9a0/0x9a0 [ 28.893927] ? lock_acquire+0x170/0x3f0 [ 28.897878] genl_rcv+0x24/0x40 [ 28.901143] netlink_unicast+0x437/0x610 [ 28.905183] ? netlink_sendskb+0xd0/0xd0 [ 28.909219] ? __check_object_size+0x179/0x230 [ 28.913851] netlink_sendmsg+0x62e/0xb80 [ 28.917948] ? nlmsg_notify+0x170/0x170 [ 28.921898] ? kernel_recvmsg+0x210/0x210 [ 28.926026] ? security_socket_sendmsg+0x83/0xb0 [ 28.930771] ? nlmsg_notify+0x170/0x170 [ 28.934722] sock_sendmsg+0xb5/0x100 [ 28.938456] ___sys_sendmsg+0x6c8/0x800 [ 28.942407] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 28.947140] ? trace_hardirqs_on+0x10/0x10 [ 28.951349] ? trace_hardirqs_on+0x10/0x10 [ 28.955565] ? apparmor_file_alloc_security+0x129/0x800 [ 28.960906] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 28.966334] ? __lockdep_init_map+0x100/0x560 [ 28.970804] ? __fd_install+0x1ec/0x5c0 [ 28.974757] ? lock_acquire+0x170/0x3f0 [ 28.978707] ? lock_downgrade+0x740/0x740 [ 28.982832] ? __fdget+0x167/0x1f0 [ 28.986350] ? sockfd_lookup_light+0xb2/0x160 [ 28.990819] __sys_sendmsg+0xa3/0x120 [ 28.994595] ? SyS_shutdown+0x160/0x160 [ 28.998550] ? move_addr_to_kernel+0x60/0x60 [ 29.002934] ? __do_page_fault+0x159/0xad0 [ 29.007163] SyS_sendmsg+0x27/0x40 [ 29.010682] ? __sys_sendmsg+0x120/0x120 [ 29.014724] do_syscall_64+0x1d5/0x640 [ 29.018593] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.023762] RIP: 0033:0x43fab9 [ 29.026953] RSP: 002b:00007ffff4b5abd8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 29.034636] RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 000000000043fab9 [ 29.041882] RDX: 0000000024008144 RSI: 0000000020000200 RDI: 0000000000000004 [ 29.049128] RBP: 0000000000403520 R08: 0000000000000030 R09: 00000000004004a0 [ 29.056374] R10: 0000000000000001 R11: 0000000000000246 R12: 00000000004035b0 [ 29.063618] R13: 0000000000000000 R14: 00000000004ad018 R15: 00000000004004a0 [ 29.070868] ================================================================== [ 29.078198] Disabling lock debugging due to kernel taint [ 29.094898] Kernel panic - not syncing: panic_on_warn set ... [ 29.094898] [ 29.102284] CPU: 1 PID: 7956 Comm: syz-executor669 Tainted: G B 4.14.228-syzkaller #0 [ 29.111356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.120685] Call Trace: [ 29.123254] dump_stack+0x1b2/0x281 [ 29.126921] panic+0x1f9/0x42d [ 29.130087] ? add_taint.cold+0x16/0x16 [ 29.134036] ? ___preempt_schedule+0x16/0x18 [ 29.138421] kasan_end_report+0x43/0x49 [ 29.142425] kasan_report_error.cold+0xa7/0x191 [ 29.147069] ? ieee802154_llsec_parse_key_id+0x494/0x820 [ 29.152516] kasan_report+0x6f/0x80 [ 29.156147] ? ieee802154_llsec_parse_key_id+0x494/0x820 [ 29.161596] memcpy+0x20/0x50 [ 29.164688] ieee802154_llsec_parse_key_id+0x494/0x820 [ 29.169939] ? ieee802154_nl_start_confirm.isra.0+0x1f0/0x1f0 [ 29.175841] ? lock_downgrade+0x740/0x740 [ 29.179963] ieee802154_llsec_del_key+0xf5/0x210 [ 29.184695] ? ieee802154_llsec_add_key+0x5c0/0x5c0 [ 29.189687] ? nla_parse+0x157/0x1f0 [ 29.193377] genl_family_rcv_msg+0x572/0xb20 [ 29.197814] ? genl_rcv+0x40/0x40 [ 29.201245] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 29.206672] ? trace_hardirqs_on+0x10/0x10 [ 29.210880] ? sock_sendmsg+0xb5/0x100 [ 29.214743] genl_rcv_msg+0xaf/0x140 [ 29.218438] netlink_rcv_skb+0x125/0x390 [ 29.222473] ? genl_family_rcv_msg+0xb20/0xb20 [ 29.227029] ? netlink_ack+0x9a0/0x9a0 [ 29.230947] ? lock_acquire+0x170/0x3f0 [ 29.234897] genl_rcv+0x24/0x40 [ 29.238189] netlink_unicast+0x437/0x610 [ 29.242226] ? netlink_sendskb+0xd0/0xd0 [ 29.246264] ? __check_object_size+0x179/0x230 [ 29.250844] netlink_sendmsg+0x62e/0xb80 [ 29.254884] ? nlmsg_notify+0x170/0x170 [ 29.258832] ? kernel_recvmsg+0x210/0x210 [ 29.262959] ? security_socket_sendmsg+0x83/0xb0 [ 29.267692] ? nlmsg_notify+0x170/0x170 [ 29.271641] sock_sendmsg+0xb5/0x100 [ 29.275330] ___sys_sendmsg+0x6c8/0x800 [ 29.279280] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 29.284014] ? trace_hardirqs_on+0x10/0x10 [ 29.288223] ? trace_hardirqs_on+0x10/0x10 [ 29.292435] ? apparmor_file_alloc_security+0x129/0x800 [ 29.297776] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 29.303221] ? __lockdep_init_map+0x100/0x560 [ 29.307692] ? __fd_install+0x1ec/0x5c0 [ 29.311658] ? lock_acquire+0x170/0x3f0 [ 29.315607] ? lock_downgrade+0x740/0x740 [ 29.319728] ? __fdget+0x167/0x1f0 [ 29.323262] ? sockfd_lookup_light+0xb2/0x160 [ 29.327731] __sys_sendmsg+0xa3/0x120 [ 29.331526] ? SyS_shutdown+0x160/0x160 [ 29.335476] ? move_addr_to_kernel+0x60/0x60 [ 29.339860] ? __do_page_fault+0x159/0xad0 [ 29.344070] SyS_sendmsg+0x27/0x40 [ 29.347585] ? __sys_sendmsg+0x120/0x120 [ 29.351626] do_syscall_64+0x1d5/0x640 [ 29.355494] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.360658] RIP: 0033:0x43fab9 [ 29.363822] RSP: 002b:00007ffff4b5abd8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 29.371509] RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 000000000043fab9 [ 29.378759] RDX: 0000000024008144 RSI: 0000000020000200 RDI: 0000000000000004 [ 29.386003] RBP: 0000000000403520 R08: 0000000000000030 R09: 00000000004004a0 [ 29.393250] R10: 0000000000000001 R11: 0000000000000246 R12: 00000000004035b0 [ 29.400505] R13: 0000000000000000 R14: 00000000004ad018 R15: 00000000004004a0 [ 29.408417] Kernel Offset: disabled [ 29.412030] Rebooting in 86400 seconds..