[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   38.948649] audit: type=1800 audit(1548293787.428:25): pid=7721 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   38.983584] audit: type=1800 audit(1548293787.428:26): pid=7721 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   39.021008] audit: type=1800 audit(1548293787.438:27): pid=7721 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.196' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   47.029657] ==================================================================
[   47.037274] BUG: KASAN: global-out-of-bounds in validate_nla+0x12c4/0x1580
[   47.044370] Read of size 1 at addr ffffffff88f40520 by task syz-executor276/7874
[   47.051890] 
[   47.053504] CPU: 0 PID: 7874 Comm: syz-executor276 Not tainted 5.0.0-rc3+ #33
[   47.060760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   47.070124] Call Trace:
[   47.072707]  dump_stack+0x1db/0x2d0
[   47.076336]  ? dump_stack_print_info.cold+0x20/0x20
[   47.081342]  ? mark_held_locks+0xb1/0x100
[   47.085478]  ? validate_nla+0x12c4/0x1580
[   47.089638]  print_address_description.cold+0x5/0x20d
[   47.094814]  ? validate_nla+0x12c4/0x1580
[   47.098946]  ? validate_nla+0x12c4/0x1580
[   47.103090]  kasan_report.cold+0x1b/0x40
[   47.107147]  ? do_raw_spin_trylock+0x210/0x270
[   47.111711]  ? validate_nla+0x12c4/0x1580
[   47.115865]  __asan_report_load1_noabort+0x14/0x20
[   47.120888]  validate_nla+0x12c4/0x1580
[   47.125024]  ? nla_memcpy+0xb0/0xb0
[   47.128636]  ? depot_save_stack+0x1de/0x460
[   47.132946]  ? save_stack+0xa9/0xd0
[   47.136558]  ? save_stack+0x45/0xd0
[   47.140172]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[   47.145269]  ? kasan_kmalloc+0x9/0x10
[   47.149056]  nla_validate+0xc1/0x130
[   47.152756]  validate_nla+0x711/0x1580
[   47.156632]  ? print_usage_bug+0x20/0xd0
[   47.160677]  ? nla_memcpy+0xb0/0xb0
[   47.164289]  ? add_lock_to_list.isra.0+0x450/0x450
[   47.169216]  ? __lock_is_held+0xb6/0x140
[   47.173263]  ? add_lock_to_list.isra.0+0x450/0x450
[   47.178201]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.183727]  __nla_parse+0x206/0x340
[   47.187429]  nla_parse+0x45/0x60
[   47.190786]  nl80211_dump_wiphy_parse.isra.0.constprop.0+0x133/0x610
[   47.197266]  ? nl80211_set_cqm+0x1e50/0x1e50
[   47.201661]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.207185]  nl80211_dump_wiphy+0x595/0x760
[   47.211496]  genl_lock_dumpit+0x6d/0xa0
[   47.215458]  netlink_dump+0x5f2/0x1070
[   47.219334]  ? netlink_broadcast+0x50/0x50
[   47.223566]  __netlink_dump_start+0x5b4/0x7e0
[   47.228045]  ? genl_lock_dumpit+0xa0/0xa0
[   47.232191]  genl_family_rcv_msg+0xeb5/0x11a0
[   47.236680]  ? genl_unregister_family+0x8a0/0x8a0
[   47.241508]  ? genl_lock_dumpit+0xa0/0xa0
[   47.245670]  ? genl_lock_done+0xe0/0xe0
[   47.249628]  ? genl_unlock+0x20/0x20
[   47.253348]  ? radix_tree_insert+0x850/0x850
[   47.257744]  ? netlink_deliver_tap+0x32b/0xf40
[   47.262601]  ? lock_downgrade+0x910/0x910
[   47.266737]  ? kasan_check_read+0x11/0x20
[   47.270888]  genl_rcv_msg+0xca/0x16c
[   47.274590]  netlink_rcv_skb+0x17d/0x410
[   47.278650]  ? genl_family_rcv_msg+0x11a0/0x11a0
[   47.283418]  ? netlink_ack+0xba0/0xba0
[   47.287309]  ? __down_interruptible+0x740/0x740
[   47.291967]  genl_rcv+0x29/0x40
[   47.295230]  netlink_unicast+0x574/0x770
[   47.299277]  ? netlink_attachskb+0x980/0x980
[   47.303675]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.309212]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   47.314227]  netlink_sendmsg+0xa05/0xf90
[   47.318293]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   47.323824]  ? netlink_unicast+0x770/0x770
[   47.328047]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   47.332875]  ? apparmor_socket_sendmsg+0x2a/0x30
[   47.337620]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.343142]  ? security_socket_sendmsg+0x93/0xc0
[   47.347883]  ? netlink_unicast+0x770/0x770
[   47.352113]  sock_sendmsg+0xdd/0x130
[   47.355827]  ___sys_sendmsg+0x7ec/0x910
[   47.359787]  ? copy_msghdr_from_user+0x570/0x570
[   47.364526]  ? __handle_mm_fault+0x955/0x55a0
[   47.369006]  ? add_lock_to_list.isra.0+0x450/0x450
[   47.374479]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[   47.379310]  ? check_preemption_disabled+0x48/0x290
[   47.384436]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.389962]  ? __fget_light+0x2db/0x420
[   47.393921]  ? fget_raw+0x20/0x20
[   47.397376]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[   47.402640]  ? rcu_read_unlock_special+0x380/0x380
[   47.407566]  ? __fdget+0x1b/0x20
[   47.410917]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   47.416443]  ? sockfd_lookup_light+0xc2/0x160
[   47.420927]  __sys_sendmsg+0x112/0x270
[   47.424827]  ? __ia32_sys_shutdown+0x80/0x80
[   47.429221]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.434744]  ? vmacache_update+0x114/0x140
[   47.438972]  ? __ia32_sys_fallocate+0xf0/0xf0
[   47.443478]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   47.448840]  ? trace_hardirqs_off_caller+0x300/0x300
[   47.453942]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   47.458687]  __x64_sys_sendmsg+0x78/0xb0
[   47.462736]  do_syscall_64+0x1a3/0x800
[   47.466610]  ? syscall_return_slowpath+0x5f0/0x5f0
[   47.471713]  ? prepare_exit_to_usermode+0x232/0x3b0
[   47.476736]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   47.481573]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   47.487199] RIP: 0033:0x4400d9
[   47.490379] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   47.509270] RSP: 002b:00007ffdf4b0bfe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   47.516976] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004400d9
[   47.524249] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000003
[   47.531525] RBP: 00000000006ca018 R08: 0000000000000006 R09: 00000000004002c8
[   47.538779] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000401960
[   47.546031] R13: 00000000004019f0 R14: 0000000000000000 R15: 0000000000000000
[   47.553289] 
[   47.554897] The buggy address belongs to the variable:
[   47.560161]  nl80211_pmsr_attr_policy+0x60/0x80
[   47.564808] 
[   47.566416] Memory state around the buggy address:
[   47.571326]  ffffffff88f40400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   47.578685]  ffffffff88f40480: 00 00 00 00 fa fa fa fa 00 00 00 00 00 00 00 00
[   47.586155] >ffffffff88f40500: 00 00 00 00 fa fa fa fa 00 00 00 00 00 00 00 00
[   47.593588]                                ^
[   47.597980]  ffffffff88f40580: 00 00 fa fa fa fa fa fa 00 00 00 00 00 00 fa fa
[   47.605323]  ffffffff88f40600: fa fa fa fa 00 00 00 00 fa fa fa fa 00 00 00 00
[   47.612927] ==================================================================
[   47.620354] Disabling lock debugging due to kernel taint
[   47.626236] Kernel panic - not syncing: panic_on_warn set ...
[   47.632135] CPU: 0 PID: 7874 Comm: syz-executor276 Tainted: G    B             5.0.0-rc3+ #33
[   47.640867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   47.650226] Call Trace:
[   47.652802]  dump_stack+0x1db/0x2d0
[   47.656622]  ? dump_stack_print_info.cold+0x20/0x20
[   47.661648]  panic+0x2cb/0x65c
[   47.664825]  ? add_taint.cold+0x16/0x16
[   47.668786]  ? validate_nla+0x12c4/0x1580
[   47.672918]  ? preempt_schedule+0x4b/0x60
[   47.677051]  ? ___preempt_schedule+0x16/0x18
[   47.681452]  ? trace_hardirqs_on+0xb4/0x310
[   47.685762]  ? validate_nla+0x12c4/0x1580
[   47.689896]  end_report+0x47/0x4f
[   47.693351]  ? validate_nla+0x12c4/0x1580
[   47.697488]  kasan_report.cold+0xe/0x40
[   47.701448]  ? do_raw_spin_trylock+0x210/0x270
[   47.706022]  ? validate_nla+0x12c4/0x1580
[   47.710162]  __asan_report_load1_noabort+0x14/0x20
[   47.715085]  validate_nla+0x12c4/0x1580
[   47.719045]  ? nla_memcpy+0xb0/0xb0
[   47.722664]  ? depot_save_stack+0x1de/0x460
[   47.726976]  ? save_stack+0xa9/0xd0
[   47.730586]  ? save_stack+0x45/0xd0
[   47.734205]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[   47.739300]  ? kasan_kmalloc+0x9/0x10
[   47.743086]  nla_validate+0xc1/0x130
[   47.746785]  validate_nla+0x711/0x1580
[   47.750654]  ? print_usage_bug+0x20/0xd0
[   47.754977]  ? nla_memcpy+0xb0/0xb0
[   47.758589]  ? add_lock_to_list.isra.0+0x450/0x450
[   47.763504]  ? __lock_is_held+0xb6/0x140
[   47.767556]  ? add_lock_to_list.isra.0+0x450/0x450
[   47.772474]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.777999]  __nla_parse+0x206/0x340
[   47.781698]  nla_parse+0x45/0x60
[   47.785067]  nl80211_dump_wiphy_parse.isra.0.constprop.0+0x133/0x610
[   47.791545]  ? nl80211_set_cqm+0x1e50/0x1e50
[   47.795943]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.801468]  nl80211_dump_wiphy+0x595/0x760
[   47.805795]  genl_lock_dumpit+0x6d/0xa0
[   47.809759]  netlink_dump+0x5f2/0x1070
[   47.813632]  ? netlink_broadcast+0x50/0x50
[   47.817857]  __netlink_dump_start+0x5b4/0x7e0
[   47.822333]  ? genl_lock_dumpit+0xa0/0xa0
[   47.827291]  genl_family_rcv_msg+0xeb5/0x11a0
[   47.831770]  ? genl_unregister_family+0x8a0/0x8a0
[   47.836596]  ? genl_lock_dumpit+0xa0/0xa0
[   47.840724]  ? genl_lock_done+0xe0/0xe0
[   47.844681]  ? genl_unlock+0x20/0x20
[   47.848782]  ? radix_tree_insert+0x850/0x850
[   47.853179]  ? netlink_deliver_tap+0x32b/0xf40
[   47.857748]  ? lock_downgrade+0x910/0x910
[   47.861879]  ? kasan_check_read+0x11/0x20
[   47.866024]  genl_rcv_msg+0xca/0x16c
[   47.869740]  netlink_rcv_skb+0x17d/0x410
[   47.873795]  ? genl_family_rcv_msg+0x11a0/0x11a0
[   47.878546]  ? netlink_ack+0xba0/0xba0
[   47.882420]  ? __down_interruptible+0x740/0x740
[   47.887076]  genl_rcv+0x29/0x40
[   47.890337]  netlink_unicast+0x574/0x770
[   47.894382]  ? netlink_attachskb+0x980/0x980
[   47.898773]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.904293]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   47.909380]  netlink_sendmsg+0xa05/0xf90
[   47.913423]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   47.918945]  ? netlink_unicast+0x770/0x770
[   47.923164]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   47.927990]  ? apparmor_socket_sendmsg+0x2a/0x30
[   47.932757]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.938279]  ? security_socket_sendmsg+0x93/0xc0
[   47.943018]  ? netlink_unicast+0x770/0x770
[   47.947248]  sock_sendmsg+0xdd/0x130
[   47.950946]  ___sys_sendmsg+0x7ec/0x910
[   47.954906]  ? copy_msghdr_from_user+0x570/0x570
[   47.959645]  ? __handle_mm_fault+0x955/0x55a0
[   47.964127]  ? add_lock_to_list.isra.0+0x450/0x450
[   47.969062]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[   47.973890]  ? check_preemption_disabled+0x48/0x290
[   47.978895]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.984416]  ? __fget_light+0x2db/0x420
[   47.988373]  ? fget_raw+0x20/0x20
[   47.991827]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[   47.997088]  ? rcu_read_unlock_special+0x380/0x380
[   48.002005]  ? __fdget+0x1b/0x20
[   48.005364]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   48.010903]  ? sockfd_lookup_light+0xc2/0x160
[   48.015386]  __sys_sendmsg+0x112/0x270
[   48.019257]  ? __ia32_sys_shutdown+0x80/0x80
[   48.023657]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   48.029187]  ? vmacache_update+0x114/0x140
[   48.033418]  ? __ia32_sys_fallocate+0xf0/0xf0
[   48.037901]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   48.043250]  ? trace_hardirqs_off_caller+0x300/0x300
[   48.048338]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   48.054494]  __x64_sys_sendmsg+0x78/0xb0
[   48.058545]  do_syscall_64+0x1a3/0x800
[   48.062416]  ? syscall_return_slowpath+0x5f0/0x5f0
[   48.067368]  ? prepare_exit_to_usermode+0x232/0x3b0
[   48.072369]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   48.077202]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   48.082374] RIP: 0033:0x4400d9
[   48.085565] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   48.104903] RSP: 002b:00007ffdf4b0bfe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   48.112596] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004400d9
[   48.119849] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000003
[   48.127113] RBP: 00000000006ca018 R08: 0000000000000006 R09: 00000000004002c8
[   48.134460] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000401960
[   48.141711] R13: 00000000004019f0 R14: 0000000000000000 R15: 0000000000000000
[   48.150139] Kernel Offset: disabled
[   48.153763] Rebooting in 86400 seconds..