Warning: Permanently added '10.128.1.44' (ECDSA) to the list of known hosts. syzkaller login: [ 41.098255] audit: type=1400 audit(1602506726.788:8): avc: denied { execmem } for pid=6492 comm="syz-executor585" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 41.111812] IPVS: ftp: loaded support on port[0] = 21 [ 41.195496] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready [ 41.203638] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 41.213052] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 executing program [ 41.239968] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 41.255742] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready [ 41.263664] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 41.270937] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 41.278690] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 41.288654] netlink: 8 bytes leftover after parsing attributes in process `syz-executor585'. [ 41.298860] ================================================================================ [ 41.307547] UBSAN: Undefined behaviour in net/mac80211/cfg.c:491:9 [ 41.313884] index 255 is out of range for type 'ieee80211_key *[6]' [ 41.320308] CPU: 1 PID: 6493 Comm: syz-executor585 Not tainted 4.19.150-syzkaller #0 [ 41.328277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.337642] Call Trace: [ 41.340237] dump_stack+0x22c/0x33e [ 41.343872] ubsan_epilogue+0xe/0x3a [ 41.347590] __ubsan_handle_out_of_bounds.cold+0x63/0x6f [ 41.353047] ieee80211_del_key+0x48a/0x490 [ 41.357293] nl80211_del_key+0x41e/0xc50 [ 41.361368] ? nl80211_parse_key+0x1120/0x1120 [ 41.365961] ? _raw_spin_unlock_irqrestore+0x6a/0xf0 [ 41.371082] ? nl80211_pre_doit+0xa2/0x660 [ 41.375434] ? nl80211_vendor_cmd_dump+0x15e0/0x15e0 [ 41.380547] genl_family_rcv_msg+0x6bf/0xd50 [ 41.384974] ? genl_family_attrbuf+0x120/0x120 [ 41.390007] ? genl_rcv_msg+0x15d/0x1b0 [ 41.394545] ? ww_mutex_unlock+0x2f0/0x2f0 [ 41.398814] ? __lock_acquire+0x6ec/0x3ff0 [ 41.403086] ? __radix_tree_lookup+0x251/0x3f0 [ 41.407695] genl_rcv_msg+0xdf/0x1b0 [ 41.411417] netlink_rcv_skb+0x160/0x440 [ 41.415485] ? genl_family_rcv_msg+0xd50/0xd50 [ 41.420078] ? netlink_ack+0xae0/0xae0 [ 41.423976] ? genl_rcv+0x15/0x40 [ 41.427455] genl_rcv+0x24/0x40 [ 41.430740] netlink_unicast+0x4d5/0x690 [ 41.434835] ? netlink_sendskb+0x110/0x110 [ 41.439104] netlink_sendmsg+0x717/0xcc0 [ 41.443180] ? nlmsg_notify+0x1a0/0x1a0 [ 41.447713] ? __sock_recv_ts_and_drops+0x540/0x540 [ 41.453355] ? nlmsg_notify+0x1a0/0x1a0 [ 41.457690] sock_sendmsg+0xc7/0x130 [ 41.461409] ___sys_sendmsg+0x7bb/0x8f0 [ 41.465410] ? lock_acquire+0x170/0x3f0 [ 41.469572] ? copy_msghdr_from_user+0x440/0x440 [ 41.474346] ? __lock_acquire+0x6ec/0x3ff0 [ 41.478604] ? lock_downgrade+0x750/0x750 [ 41.482757] ? lock_acquire+0x170/0x3f0 [ 41.486744] ? debug_object_active_state+0x108/0x340 [ 41.491877] ? mark_held_locks+0xf0/0xf0 [ 41.495942] ? lockdep_hardirqs_on+0x3c1/0x5e0 [ 41.501152] ? _raw_spin_unlock_irqrestore+0x6a/0xf0 [ 41.506277] ? debug_object_active_state+0x25b/0x340 [ 41.511393] ? __fget_light+0x1a2/0x230 [ 41.515468] __x64_sys_sendmsg+0x132/0x220 [ 41.519726] ? __sys_sendmsg+0x1b0/0x1b0 [ 41.523817] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 41.529362] ? trace_hardirqs_off_caller+0x6e/0x210 [ 41.534393] ? do_syscall_64+0x21/0x670 [ 41.538370] do_syscall_64+0xf9/0x670 [ 41.542184] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.547983] RIP: 0033:0x441719 [ 41.551174] Code: e8 dc 05 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 0d fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 41.571567] RSP: 002b:00007ffd7558d9f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 41.579384] RAX: ffffffffffffffda RBX: 00007ffd7558da20 RCX: 0000000000441719 [ 41.586688] RDX: 0000000000000000 RSI: 0000000020000380