[ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.148' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 75.120193][ T8384] ================================================================== [ 75.129490][ T8384] BUG: KASAN: null-ptr-deref in ieee802154_llsec_parse_key_id+0x4ec/0x8a0 [ 75.139458][ T8384] Read of size 8 at addr 0000000000000004 by task syz-executor310/8384 [ 75.150562][ T8384] [ 75.153121][ T8384] CPU: 1 PID: 8384 Comm: syz-executor310 Not tainted 5.12.0-rc4-syzkaller #0 [ 75.162563][ T8384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 75.173797][ T8384] Call Trace: [ 75.177515][ T8384] dump_stack+0x141/0x1d7 [ 75.181960][ T8384] ? ieee802154_llsec_parse_key_id+0x4ec/0x8a0 [ 75.188957][ T8384] kasan_report.cold+0x5f/0xd8 [ 75.194538][ T8384] ? ___sys_sendmsg+0xe0/0x170 [ 75.199415][ T8384] ? ieee802154_llsec_parse_key_id+0x4ec/0x8a0 [ 75.206836][ T8384] kasan_check_range+0x13d/0x180 [ 75.212894][ T8384] memcpy+0x20/0x60 [ 75.216908][ T8384] ieee802154_llsec_parse_key_id+0x4ec/0x8a0 [ 75.223922][ T8384] ? ieee802154_nl_get_dev.isra.0+0x230/0x230 [ 75.232175][ T8384] ieee802154_llsec_setparams+0x2a9/0x760 [ 75.238526][ T8384] ? ieee802154_llsec_getparams+0x550/0x550 [ 75.245106][ T8384] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 75.251495][ T8384] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 75.259469][ T8384] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 75.267821][ T8384] genl_family_rcv_msg_doit+0x228/0x320 [ 75.274658][ T8384] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 75.282781][ T8384] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 75.289448][ T8384] ? ns_capable+0xde/0x100 [ 75.294656][ T8384] genl_rcv_msg+0x328/0x580 [ 75.299831][ T8384] ? genl_get_cmd+0x480/0x480 [ 75.306202][ T8384] ? ieee802154_llsec_getparams+0x550/0x550 [ 75.312757][ T8384] ? lock_release+0x720/0x720 [ 75.317725][ T8384] netlink_rcv_skb+0x153/0x420 [ 75.323430][ T8384] ? genl_get_cmd+0x480/0x480 [ 75.328805][ T8384] ? netlink_ack+0xaa0/0xaa0 [ 75.333658][ T8384] genl_rcv+0x24/0x40 [ 75.338585][ T8384] netlink_unicast+0x533/0x7d0 [ 75.343646][ T8384] ? netlink_attachskb+0x870/0x870 [ 75.349126][ T8384] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 75.356470][ T8384] ? __phys_addr_symbol+0x2c/0x70 [ 75.362974][ T8384] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 75.371245][ T8384] ? __check_object_size+0x171/0x3f0 [ 75.376852][ T8384] netlink_sendmsg+0x856/0xd90 [ 75.384743][ T8384] ? netlink_unicast+0x7d0/0x7d0 [ 75.391633][ T8384] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 75.399264][ T8384] ? netlink_unicast+0x7d0/0x7d0 [ 75.405482][ T8384] sock_sendmsg+0xcf/0x120 [ 75.409999][ T8384] ____sys_sendmsg+0x6e8/0x810 [ 75.415407][ T8384] ? kernel_sendmsg+0x50/0x50 [ 75.420813][ T8384] ? do_recvmmsg+0x6d0/0x6d0 [ 75.425924][ T8384] ? lock_chain_count+0x20/0x20 [ 75.431103][ T8384] ? find_held_lock+0x2d/0x110 [ 75.436203][ T8384] ___sys_sendmsg+0xf3/0x170 [ 75.441118][ T8384] ? sendmsg_copy_msghdr+0x160/0x160 [ 75.447210][ T8384] ? __lock_acquire+0x16b3/0x54c0 [ 75.452828][ T8384] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 75.459367][ T8384] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 75.466024][ T8384] ? __fget_light+0x215/0x280 [ 75.471181][ T8384] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 75.479413][ T8384] __sys_sendmsg+0xe5/0x1b0 [ 75.485143][ T8384] ? __sys_sendmsg_sock+0x30/0x30 [ 75.491280][ T8384] ? syscall_enter_from_user_mode+0x27/0x70 [ 75.498085][ T8384] do_syscall_64+0x2d/0x70 [ 75.504305][ T8384] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 75.511229][ T8384] RIP: 0033:0x43fad9 [ 75.515376][ T8384] Code: 28 c3 e8 5a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 75.539187][ T8384] RSP: 002b:00007ffc1c2e83b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 75.549639][ T8384] RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 000000000043fad9 [ 75.559020][ T8384] RDX: 0000000000000010 RSI: 00000000200002c0 RDI: 0000000000000004 [ 75.568429][ T8384] RBP: 0000000000403540 R08: 000000000000002b R09: 00000000004004a0 [ 75.578576][ T8384] R10: 0000000000000005 R11: 0000000000000246 R12: 00000000004035d0 [ 75.587296][ T8384] R13: 0000000000000000 R14: 00000000004ad018 R15: 00000000004004a0 [ 75.596365][ T8384] ================================================================== [ 75.605827][ T8384] Disabling lock debugging due to kernel taint [ 75.612974][ T8384] Kernel panic - not syncing: panic_on_warn set ... [ 75.620461][ T8384] CPU: 1 PID: 8384 Comm: syz-executor310 Tainted: G B 5.12.0-rc4-syzkaller #0 [ 75.632160][ T8384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 75.646586][ T8384] Call Trace: [ 75.650118][ T8384] dump_stack+0x141/0x1d7 [ 75.654942][ T8384] panic+0x306/0x73d [ 75.658883][ T8384] ? __warn_printk+0xf3/0xf3 [ 75.663865][ T8384] ? preempt_schedule_common+0x59/0xc0 [ 75.669373][ T8384] ? ieee802154_llsec_parse_key_id+0x4ec/0x8a0 [ 75.675893][ T8384] ? preempt_schedule_thunk+0x16/0x18 [ 75.681637][ T8384] ? trace_hardirqs_on+0x38/0x1c0 [ 75.687056][ T8384] ? trace_hardirqs_on+0x51/0x1c0 [ 75.692546][ T8384] ? ieee802154_llsec_parse_key_id+0x4ec/0x8a0 [ 75.700309][ T8384] ? ieee802154_llsec_parse_key_id+0x4ec/0x8a0 [ 75.707461][ T8384] end_report.cold+0x5a/0x5a [ 75.712757][ T8384] kasan_report.cold+0x6a/0xd8 [ 75.717734][ T8384] ? ___sys_sendmsg+0xe0/0x170 [ 75.723537][ T8384] ? ieee802154_llsec_parse_key_id+0x4ec/0x8a0 [ 75.731339][ T8384] kasan_check_range+0x13d/0x180 [ 75.736682][ T8384] memcpy+0x20/0x60 [ 75.740778][ T8384] ieee802154_llsec_parse_key_id+0x4ec/0x8a0 [ 75.746924][ T8384] ? ieee802154_nl_get_dev.isra.0+0x230/0x230 [ 75.753197][ T8384] ieee802154_llsec_setparams+0x2a9/0x760 [ 75.759253][ T8384] ? ieee802154_llsec_getparams+0x550/0x550 [ 75.765529][ T8384] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 75.772319][ T8384] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 75.779989][ T8384] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 75.787454][ T8384] genl_family_rcv_msg_doit+0x228/0x320 [ 75.793454][ T8384] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 75.801904][ T8384] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 75.808768][ T8384] ? ns_capable+0xde/0x100 [ 75.813789][ T8384] genl_rcv_msg+0x328/0x580 [ 75.819063][ T8384] ? genl_get_cmd+0x480/0x480 [ 75.824133][ T8384] ? ieee802154_llsec_getparams+0x550/0x550 [ 75.830757][ T8384] ? lock_release+0x720/0x720 [ 75.836174][ T8384] netlink_rcv_skb+0x153/0x420 [ 75.841531][ T8384] ? genl_get_cmd+0x480/0x480 [ 75.847174][ T8384] ? netlink_ack+0xaa0/0xaa0 [ 75.851944][ T8384] genl_rcv+0x24/0x40 [ 75.856156][ T8384] netlink_unicast+0x533/0x7d0 [ 75.860941][ T8384] ? netlink_attachskb+0x870/0x870 [ 75.867857][ T8384] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 75.876063][ T8384] ? __phys_addr_symbol+0x2c/0x70 [ 75.881298][ T8384] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 75.887620][ T8384] ? __check_object_size+0x171/0x3f0 [ 75.892948][ T8384] netlink_sendmsg+0x856/0xd90 [ 75.897961][ T8384] ? netlink_unicast+0x7d0/0x7d0 [ 75.903213][ T8384] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 75.910052][ T8384] ? netlink_unicast+0x7d0/0x7d0 [ 75.915705][ T8384] sock_sendmsg+0xcf/0x120 [ 75.920315][ T8384] ____sys_sendmsg+0x6e8/0x810 [ 75.925259][ T8384] ? kernel_sendmsg+0x50/0x50 [ 75.930204][ T8384] ? do_recvmmsg+0x6d0/0x6d0 [ 75.935134][ T8384] ? lock_chain_count+0x20/0x20 [ 75.940277][ T8384] ? find_held_lock+0x2d/0x110 [ 75.945536][ T8384] ___sys_sendmsg+0xf3/0x170 [ 75.950258][ T8384] ? sendmsg_copy_msghdr+0x160/0x160 [ 75.955832][ T8384] ? __lock_acquire+0x16b3/0x54c0 [ 75.962090][ T8384] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 75.969036][ T8384] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 75.975460][ T8384] ? __fget_light+0x215/0x280 [ 75.980190][ T8384] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 75.986966][ T8384] __sys_sendmsg+0xe5/0x1b0 [ 75.992115][ T8384] ? __sys_sendmsg_sock+0x30/0x30 [ 75.997288][ T8384] ? syscall_enter_from_user_mode+0x27/0x70 [ 76.003238][ T8384] do_syscall_64+0x2d/0x70 [ 76.007835][ T8384] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 76.014363][ T8384] RIP: 0033:0x43fad9 [ 76.019071][ T8384] Code: 28 c3 e8 5a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 76.039417][ T8384] RSP: 002b:00007ffc1c2e83b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 76.048678][ T8384] RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 000000000043fad9 [ 76.056860][ T8384] RDX: 0000000000000010 RSI: 00000000200002c0 RDI: 0000000000000004 [ 76.065206][ T8384] RBP: 0000000000403540 R08: 000000000000002b R09: 00000000004004a0 [ 76.073737][ T8384] R10: 0000000000000005 R11: 0000000000000246 R12: 00000000004035d0 [ 76.081737][ T8384] R13: 0000000000000000 R14: 00000000004ad018 R15: 00000000004004a0 [ 76.091067][ T8384] Kernel Offset: disabled [ 76.095578][ T8384] Rebooting in 86400 seconds..