[   36.787600] audit: type=1800 audit(1548338620.514:27): pid=7592 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[   36.812998] audit: type=1800 audit(1548338620.514:28): pid=7592 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   37.379822] audit: type=1800 audit(1548338621.184:29): pid=7592 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   37.399178] audit: type=1800 audit(1548338621.184:30): pid=7592 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.141' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   44.293397] ==================================================================
[   44.300996] BUG: KASAN: global-out-of-bounds in validate_nla+0x12c4/0x1580
[   44.307994] Read of size 1 at addr ffffffff88f41fc0 by task syz-executor884/7743
[   44.315505] 
[   44.317118] CPU: 1 PID: 7743 Comm: syz-executor884 Not tainted 5.0.0-rc3+ #41
[   44.324514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   44.333850] Call Trace:
[   44.336423]  dump_stack+0x1db/0x2d0
[   44.340034]  ? dump_stack_print_info.cold+0x20/0x20
[   44.345036]  ? mark_held_locks+0xb1/0x100
[   44.349227]  ? validate_nla+0x12c4/0x1580
[   44.353360]  print_address_description.cold+0x5/0x20d
[   44.358529]  ? validate_nla+0x12c4/0x1580
[   44.362659]  ? validate_nla+0x12c4/0x1580
[   44.366829]  kasan_report.cold+0x1b/0x40
[   44.370924]  ? do_raw_spin_trylock+0x1a0/0x270
[   44.375486]  ? validate_nla+0x12c4/0x1580
[   44.379662]  __asan_report_load1_noabort+0x14/0x20
[   44.384655]  validate_nla+0x12c4/0x1580
[   44.388662]  ? nla_memcpy+0xb0/0xb0
[   44.392271]  ? depot_save_stack+0x1de/0x460
[   44.396574]  ? save_stack+0xa9/0xd0
[   44.400180]  ? save_stack+0x45/0xd0
[   44.403804]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[   44.408884]  ? kasan_kmalloc+0x9/0x10
[   44.412669]  nla_validate+0xc1/0x130
[   44.416364]  validate_nla+0x711/0x1580
[   44.420283]  ? print_usage_bug+0xb0/0xd0
[   44.424335]  ? nla_memcpy+0xb0/0xb0
[   44.427975]  ? add_lock_to_list.isra.0+0x450/0x450
[   44.432899]  ? __lock_is_held+0xb6/0x140
[   44.436943]  ? add_lock_to_list.isra.0+0x450/0x450
[   44.441856]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   44.447381]  __nla_parse+0x206/0x340
[   44.451081]  nla_parse+0x45/0x60
[   44.454434]  nl80211_dump_wiphy_parse.isra.0.constprop.0+0x133/0x610
[   44.461037]  ? nl80211_set_cqm+0x1e50/0x1e50
[   44.465426]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   44.470992]  nl80211_dump_wiphy+0x595/0x760
[   44.475317]  genl_lock_dumpit+0x6d/0xa0
[   44.479274]  netlink_dump+0x5f2/0x1070
[   44.483148]  ? netlink_broadcast+0x50/0x50
[   44.487404]  __netlink_dump_start+0x5b4/0x7e0
[   44.491882]  ? genl_lock_dumpit+0xa0/0xa0
[   44.496013]  genl_family_rcv_msg+0xeb5/0x11a0
[   44.500491]  ? genl_unregister_family+0x8a0/0x8a0
[   44.505317]  ? genl_lock_dumpit+0xa0/0xa0
[   44.509460]  ? genl_lock_done+0xe0/0xe0
[   44.513425]  ? genl_unlock+0x20/0x20
[   44.517155]  ? radix_tree_insert+0x850/0x850
[   44.521550]  ? netlink_deliver_tap+0x32b/0xf40
[   44.526118]  ? lock_downgrade+0x910/0x910
[   44.530252]  ? kasan_check_read+0x11/0x20
[   44.534387]  genl_rcv_msg+0xca/0x16c
[   44.538084]  netlink_rcv_skb+0x17d/0x410
[   44.542126]  ? genl_family_rcv_msg+0x11a0/0x11a0
[   44.546883]  ? netlink_ack+0xba0/0xba0
[   44.550859]  ? __down_interruptible+0x740/0x740
[   44.555513]  genl_rcv+0x29/0x40
[   44.558787]  netlink_unicast+0x574/0x770
[   44.562839]  ? netlink_attachskb+0x980/0x980
[   44.567231]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   44.572761]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   44.577762]  netlink_sendmsg+0xa05/0xf90
[   44.581808]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   44.587329]  ? netlink_unicast+0x770/0x770
[   44.591639]  ? smack_socket_sendmsg+0xb1/0x1a0
[   44.596203]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   44.601725]  ? security_socket_sendmsg+0x93/0xc0
[   44.606465]  ? netlink_unicast+0x770/0x770
[   44.610689]  sock_sendmsg+0xdd/0x130
[   44.614385]  ___sys_sendmsg+0x7ec/0x910
[   44.618353]  ? copy_msghdr_from_user+0x570/0x570
[   44.623094]  ? __handle_mm_fault+0x955/0x55a0
[   44.627573]  ? add_lock_to_list.isra.0+0x450/0x450
[   44.632489]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[   44.637318]  ? check_preemption_disabled+0x48/0x290
[   44.642321]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   44.647846]  ? __fget_light+0x2db/0x420
[   44.651803]  ? fget_raw+0x20/0x20
[   44.655241]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[   44.660516]  ? rcu_read_unlock_special+0x380/0x380
[   44.665547]  ? __fdget+0x1b/0x20
[   44.668899]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   44.674417]  ? sockfd_lookup_light+0xc2/0x160
[   44.678897]  __sys_sendmsg+0x112/0x270
[   44.682767]  ? __ia32_sys_shutdown+0x80/0x80
[   44.687157]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   44.692674]  ? vmacache_update+0x114/0x140
[   44.696912]  ? __ia32_sys_fallocate+0xf0/0xf0
[   44.701389]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   44.706733]  ? trace_hardirqs_off_caller+0x300/0x300
[   44.711921]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   44.716680]  __x64_sys_sendmsg+0x78/0xb0
[   44.720726]  do_syscall_64+0x1a3/0x800
[   44.724613]  ? syscall_return_slowpath+0x5f0/0x5f0
[   44.729537]  ? prepare_exit_to_usermode+0x232/0x3b0
[   44.734546]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   44.739377]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   44.744548] RIP: 0033:0x4400d9
[   44.747739] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   44.766620] RSP: 002b:00007ffd0034dae8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   44.774311] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004400d9
[   44.781561] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000003
[   44.788808] RBP: 00000000006ca018 R08: 0000000000000006 R09: 00000000004002c8
[   44.796146] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000401960
[   44.803410] R13: 00000000004019f0 R14: 0000000000000000 R15: 0000000000000000
[   44.810668] 
[   44.812281] The buggy address belongs to the variable:
[   44.817542]  nl80211_pmsr_attr_policy+0x60/0x80
[   44.822188] 
[   44.823804] Memory state around the buggy address:
[   44.828714]  ffffffff88f41e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   44.836051]  ffffffff88f41f00: 00 00 00 00 00 00 00 00 fa fa fa fa 00 00 00 00
[   44.843386] >ffffffff88f41f80: 00 00 00 00 00 00 00 00 fa fa fa fa 00 00 00 00
[   44.850755]                                            ^
[   44.856187]  ffffffff88f42000: 00 00 00 00 00 00 fa fa fa fa fa fa 00 00 00 00
[   44.863526]  ffffffff88f42080: 00 00 fa fa fa fa fa fa 00 00 00 00 fa fa fa fa
[   44.870862] ==================================================================
[   44.878197] Disabling lock debugging due to kernel taint
[   44.883798] Kernel panic - not syncing: panic_on_warn set ...
[   44.889680] CPU: 1 PID: 7743 Comm: syz-executor884 Tainted: G    B             5.0.0-rc3+ #41
[   44.898320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   44.907650] Call Trace:
[   44.910222]  dump_stack+0x1db/0x2d0
[   44.913831]  ? dump_stack_print_info.cold+0x20/0x20
[   44.919024]  panic+0x2cb/0x65c
[   44.922199]  ? add_taint.cold+0x16/0x16
[   44.926157]  ? validate_nla+0x12c4/0x1580
[   44.930294]  ? preempt_schedule+0x4b/0x60
[   44.934423]  ? ___preempt_schedule+0x16/0x18
[   44.938814]  ? trace_hardirqs_on+0xb4/0x310
[   44.943121]  ? validate_nla+0x12c4/0x1580
[   44.947248]  end_report+0x47/0x4f
[   44.950699]  ? validate_nla+0x12c4/0x1580
[   44.954826]  kasan_report.cold+0xe/0x40
[   44.958783]  ? do_raw_spin_trylock+0x1a0/0x270
[   44.963342]  ? validate_nla+0x12c4/0x1580
[   44.967471]  __asan_report_load1_noabort+0x14/0x20
[   44.972379]  validate_nla+0x12c4/0x1580
[   44.976341]  ? nla_memcpy+0xb0/0xb0
[   44.979948]  ? depot_save_stack+0x1de/0x460
[   44.984251]  ? save_stack+0xa9/0xd0
[   44.987857]  ? save_stack+0x45/0xd0
[   44.991632]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[   44.996728]  ? kasan_kmalloc+0x9/0x10
[   45.000515]  nla_validate+0xc1/0x130
[   45.004212]  validate_nla+0x711/0x1580
[   45.008077]  ? print_usage_bug+0xb0/0xd0
[   45.012118]  ? nla_memcpy+0xb0/0xb0
[   45.015721]  ? add_lock_to_list.isra.0+0x450/0x450
[   45.020627]  ? __lock_is_held+0xb6/0x140
[   45.024668]  ? add_lock_to_list.isra.0+0x450/0x450
[   45.029576]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   45.035101]  __nla_parse+0x206/0x340
[   45.038797]  nla_parse+0x45/0x60
[   45.042149]  nl80211_dump_wiphy_parse.isra.0.constprop.0+0x133/0x610
[   45.048621]  ? nl80211_set_cqm+0x1e50/0x1e50
[   45.053022]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   45.058541]  nl80211_dump_wiphy+0x595/0x760
[   45.062846]  genl_lock_dumpit+0x6d/0xa0
[   45.066802]  netlink_dump+0x5f2/0x1070
[   45.070690]  ? netlink_broadcast+0x50/0x50
[   45.074910]  __netlink_dump_start+0x5b4/0x7e0
[   45.079384]  ? genl_lock_dumpit+0xa0/0xa0
[   45.083511]  genl_family_rcv_msg+0xeb5/0x11a0
[   45.087990]  ? genl_unregister_family+0x8a0/0x8a0
[   45.092818]  ? genl_lock_dumpit+0xa0/0xa0
[   45.096941]  ? genl_lock_done+0xe0/0xe0
[   45.100892]  ? genl_unlock+0x20/0x20
[   45.104587]  ? radix_tree_insert+0x850/0x850
[   45.108991]  ? netlink_deliver_tap+0x32b/0xf40
[   45.113560]  ? lock_downgrade+0x910/0x910
[   45.117686]  ? kasan_check_read+0x11/0x20
[   45.121833]  genl_rcv_msg+0xca/0x16c
[   45.125529]  netlink_rcv_skb+0x17d/0x410
[   45.129572]  ? genl_family_rcv_msg+0x11a0/0x11a0
[   45.134306]  ? netlink_ack+0xba0/0xba0
[   45.138175]  ? __down_interruptible+0x740/0x740
[   45.142825]  genl_rcv+0x29/0x40
[   45.146095]  netlink_unicast+0x574/0x770
[   45.150153]  ? netlink_attachskb+0x980/0x980
[   45.154545]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   45.160063]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   45.165062]  netlink_sendmsg+0xa05/0xf90
[   45.169105]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   45.174624]  ? netlink_unicast+0x770/0x770
[   45.178839]  ? smack_socket_sendmsg+0xb1/0x1a0
[   45.183401]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   45.188918]  ? security_socket_sendmsg+0x93/0xc0
[   45.193654]  ? netlink_unicast+0x770/0x770
[   45.197871]  sock_sendmsg+0xdd/0x130
[   45.201568]  ___sys_sendmsg+0x7ec/0x910
[   45.205524]  ? copy_msghdr_from_user+0x570/0x570
[   45.210266]  ? __handle_mm_fault+0x955/0x55a0
[   45.214877]  ? add_lock_to_list.isra.0+0x450/0x450
[   45.219788]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[   45.224612]  ? check_preemption_disabled+0x48/0x290
[   45.229625]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   45.235232]  ? __fget_light+0x2db/0x420
[   45.239192]  ? fget_raw+0x20/0x20
[   45.242630]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[   45.247889]  ? rcu_read_unlock_special+0x380/0x380
[   45.252797]  ? __fdget+0x1b/0x20
[   45.256151]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   45.261670]  ? sockfd_lookup_light+0xc2/0x160
[   45.266167]  __sys_sendmsg+0x112/0x270
[   45.270057]  ? __ia32_sys_shutdown+0x80/0x80
[   45.274452]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   45.279970]  ? vmacache_update+0x114/0x140
[   45.284200]  ? __ia32_sys_fallocate+0xf0/0xf0
[   45.288678]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   45.294019]  ? trace_hardirqs_off_caller+0x300/0x300
[   45.299102]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   45.303838]  __x64_sys_sendmsg+0x78/0xb0
[   45.308169]  do_syscall_64+0x1a3/0x800
[   45.312111]  ? syscall_return_slowpath+0x5f0/0x5f0
[   45.317019]  ? prepare_exit_to_usermode+0x232/0x3b0
[   45.322015]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   45.326846]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   45.332014] RIP: 0033:0x4400d9
[   45.335185] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   45.354069] RSP: 002b:00007ffd0034dae8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   45.361754] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004400d9
[   45.369007] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000003
[   45.376258] RBP: 00000000006ca018 R08: 0000000000000006 R09: 00000000004002c8
[   45.383507] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000401960
[   45.390757] R13: 00000000004019f0 R14: 0000000000000000 R15: 0000000000000000
[   45.399232] Kernel Offset: disabled
[   45.402857] Rebooting in 86400 seconds..