[ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.13' (ECDSA) to the list of known hosts. syzkaller login: [ 39.836143] audit: type=1400 audit(1601603962.020:8): avc: denied { execmem } for pid=6485 comm="syz-executor188" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 39.848982] IPVS: ftp: loaded support on port[0] = 21 [ 39.935963] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready [ 39.945813] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 39.961642] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 executing program [ 39.981695] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 39.995134] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready [ 40.001601] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 40.008903] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 40.017119] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 40.028683] ================================================================================ [ 40.037357] UBSAN: Undefined behaviour in net/mac80211/cfg.c:491:9 [ 40.043824] index 255 is out of range for type 'ieee80211_key *[6]' [ 40.050224] CPU: 0 PID: 6486 Comm: syz-executor188 Not tainted 4.19.149-syzkaller #0 [ 40.058401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.067799] Call Trace: [ 40.070393] dump_stack+0x22c/0x33e [ 40.074033] ubsan_epilogue+0xe/0x3a [ 40.077926] __ubsan_handle_out_of_bounds.cold+0x63/0x6f [ 40.083496] ieee80211_del_key+0x48a/0x490 [ 40.087736] nl80211_del_key+0x41e/0xc50 [ 40.091848] ? nl80211_parse_key+0x1120/0x1120 [ 40.096427] ? validate_nla+0x2c6/0x970 [ 40.100405] ? nl80211_pre_doit+0xa2/0x660 [ 40.104724] ? nl80211_vendor_cmd_dump+0x15e0/0x15e0 [ 40.109825] genl_family_rcv_msg+0x6bf/0xd50 [ 40.114292] ? genl_family_attrbuf+0x120/0x120 [ 40.118869] ? genl_rcv_msg+0x15d/0x1b0 [ 40.122842] ? ww_mutex_unlock+0x2f0/0x2f0 [ 40.127094] ? __lock_acquire+0x6ec/0x3ff0 [ 40.131328] ? __radix_tree_lookup+0x251/0x3f0 [ 40.135910] genl_rcv_msg+0xdf/0x1b0 [ 40.139622] netlink_rcv_skb+0x160/0x440 [ 40.143678] ? genl_family_rcv_msg+0xd50/0xd50 [ 40.148257] ? netlink_ack+0xae0/0xae0 [ 40.152139] ? genl_rcv+0x15/0x40 [ 40.155592] genl_rcv+0x24/0x40 [ 40.167114] netlink_unicast+0x4d5/0x690 [ 40.171177] ? netlink_sendskb+0x110/0x110 [ 40.175414] netlink_sendmsg+0x717/0xcc0 [ 40.179474] ? nlmsg_notify+0x1a0/0x1a0 [ 40.183531] ? __sock_recv_ts_and_drops+0x540/0x540 [ 40.188550] ? nlmsg_notify+0x1a0/0x1a0 [ 40.192523] sock_sendmsg+0xc7/0x130 [ 40.196320] ___sys_sendmsg+0x7bb/0x8f0 [ 40.200387] ? copy_msghdr_from_user+0x440/0x440 [ 40.205143] ? selinux_file_alloc_security+0xe4/0x1c0 [ 40.210328] ? rcu_read_lock_sched_held+0x174/0x1e0 [ 40.215343] ? sock_ioctl+0x30e/0x5f0 [ 40.219139] ? routing_ioctl+0x570/0x570 [ 40.223196] ? mark_held_locks+0xf0/0xf0 [ 40.227251] ? percpu_counter_add_batch+0x126/0x180 [ 40.232268] ? routing_ioctl+0x570/0x570 [ 40.236325] ? do_vfs_ioctl+0x110/0x12e0 [ 40.240380] ? selinux_file_ioctl+0x44f/0x5e0 [ 40.244886] ? ioctl_preallocate+0x200/0x200 [ 40.249291] ? __fget_light+0x1a2/0x230 [ 40.253266] __x64_sys_sendmsg+0x132/0x220 [ 40.257500] ? __sys_sendmsg+0x1b0/0x1b0 [ 40.261562] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 40.266918] ? trace_hardirqs_off_caller+0x6e/0x210 [ 40.271933] ? do_syscall_64+0x21/0x670 [ 40.275998] do_syscall_64+0xf9/0x670 [ 40.279796] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.285021] RIP: 0033:0x441759 [ 40.288209] Code: e8 dc 05 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 0d fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 40.307107] RSP: 002b:00007fff3d5ebe68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 40.314812] RAX: ffffffffffffffda RBX: 00007fff3d5ebe90 RCX: 0000000000441759 [ 40.322075] RDX: 0000000000000000 RSI: 0000000020000400 RDI: 0000000000000003 [ 40.329384] RBP: 0000000000000003 R08: 0000001d00000000 R09: 0000001d00000000 [ 40.336649]