[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   40.309241] audit: type=1800 audit(1548293821.890:25): pid=7696 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   40.345658] audit: type=1800 audit(1548293821.890:26): pid=7696 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   40.373814] audit: type=1800 audit(1548293821.900:27): pid=7696 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.116' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   51.509927] ==================================================================
[   51.517470] BUG: KASAN: global-out-of-bounds in validate_nla+0x12c4/0x1580
[   51.524482] Read of size 1 at addr ffffffff88f41fc0 by task syz-executor602/7847
[   51.532013] 
[   51.533631] CPU: 0 PID: 7847 Comm: syz-executor602 Not tainted 5.0.0-rc3+ #41
[   51.540891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   51.550235] Call Trace:
[   51.552815]  dump_stack+0x1db/0x2d0
[   51.556430]  ? dump_stack_print_info.cold+0x20/0x20
[   51.561435]  ? mark_held_locks+0xb1/0x100
[   51.565567]  ? validate_nla+0x12c4/0x1580
[   51.569710]  print_address_description.cold+0x5/0x20d
[   51.574885]  ? validate_nla+0x12c4/0x1580
[   51.579017]  ? validate_nla+0x12c4/0x1580
[   51.583155]  kasan_report.cold+0x1b/0x40
[   51.587201]  ? do_raw_spin_trylock+0x1a0/0x270
[   51.591766]  ? validate_nla+0x12c4/0x1580
[   51.595920]  __asan_report_load1_noabort+0x14/0x20
[   51.600834]  validate_nla+0x12c4/0x1580
[   51.604800]  ? nla_memcpy+0xb0/0xb0
[   51.608411]  ? depot_save_stack+0x1de/0x460
[   51.612749]  ? save_stack+0xa9/0xd0
[   51.616380]  ? save_stack+0x45/0xd0
[   51.620009]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[   51.625102]  ? kasan_kmalloc+0x9/0x10
[   51.628897]  nla_validate+0xc1/0x130
[   51.632598]  validate_nla+0x711/0x1580
[   51.636478]  ? print_usage_bug+0xb0/0xd0
[   51.640524]  ? nla_memcpy+0xb0/0xb0
[   51.644133]  ? add_lock_to_list.isra.0+0x450/0x450
[   51.649201]  ? __lock_is_held+0xb6/0x140
[   51.653272]  ? add_lock_to_list.isra.0+0x450/0x450
[   51.658209]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   51.663745]  __nla_parse+0x206/0x340
[   51.667451]  nla_parse+0x45/0x60
[   51.670807]  nl80211_dump_wiphy_parse.isra.0.constprop.0+0x133/0x610
[   51.677286]  ? nl80211_set_cqm+0x1e50/0x1e50
[   51.681679]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   51.687208]  nl80211_dump_wiphy+0x595/0x760
[   51.691518]  genl_lock_dumpit+0x6d/0xa0
[   51.695480]  netlink_dump+0x5f2/0x1070
[   51.699353]  ? netlink_broadcast+0x50/0x50
[   51.703589]  __netlink_dump_start+0x5b4/0x7e0
[   51.708067]  ? genl_lock_dumpit+0xa0/0xa0
[   51.712202]  genl_family_rcv_msg+0xeb5/0x11a0
[   51.716689]  ? genl_unregister_family+0x8a0/0x8a0
[   51.721513]  ? genl_lock_dumpit+0xa0/0xa0
[   51.725641]  ? genl_lock_done+0xe0/0xe0
[   51.729618]  ? genl_unlock+0x20/0x20
[   51.733349]  ? radix_tree_insert+0x850/0x850
[   51.737754]  ? netlink_deliver_tap+0x32b/0xf40
[   51.742338]  ? lock_downgrade+0x910/0x910
[   51.746479]  ? kasan_check_read+0x11/0x20
[   51.750615]  ? tcf_sample_act+0x410/0xbf0
[   51.754775]  genl_rcv_msg+0xca/0x16c
[   51.758483]  netlink_rcv_skb+0x17d/0x410
[   51.762541]  ? genl_family_rcv_msg+0x11a0/0x11a0
[   51.767302]  ? netlink_ack+0xba0/0xba0
[   51.771180]  ? __down_interruptible+0x740/0x740
[   51.775863]  genl_rcv+0x29/0x40
[   51.779138]  netlink_unicast+0x574/0x770
[   51.783203]  ? netlink_attachskb+0x980/0x980
[   51.787620]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   51.793280]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   51.798293]  netlink_sendmsg+0xa05/0xf90
[   51.802341]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   51.807865]  ? netlink_unicast+0x770/0x770
[   51.812082]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   51.816912]  ? apparmor_socket_sendmsg+0x2a/0x30
[   51.821656]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   51.827183]  ? security_socket_sendmsg+0x93/0xc0
[   51.831923]  ? netlink_unicast+0x770/0x770
[   51.836146]  sock_sendmsg+0xdd/0x130
[   51.839966]  ___sys_sendmsg+0x7ec/0x910
[   51.843959]  ? copy_msghdr_from_user+0x570/0x570
[   51.848719]  ? __handle_mm_fault+0x955/0x55a0
[   51.853730]  ? add_lock_to_list.isra.0+0x450/0x450
[   51.858656]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[   51.863491]  ? check_preemption_disabled+0x48/0x290
[   51.868521]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   51.874145]  ? __fget_light+0x2db/0x420
[   51.878398]  ? fget_raw+0x20/0x20
[   51.881851]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[   51.887271]  ? rcu_read_unlock_special+0x380/0x380
[   51.892193]  ? __fdget+0x1b/0x20
[   51.895556]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   51.901110]  ? sockfd_lookup_light+0xc2/0x160
[   51.905609]  __sys_sendmsg+0x112/0x270
[   51.909491]  ? __ia32_sys_shutdown+0x80/0x80
[   51.913894]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   51.919426]  ? vmacache_update+0x114/0x140
[   51.923650]  ? __ia32_sys_fallocate+0xf0/0xf0
[   51.928130]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   51.933479]  ? trace_hardirqs_off_caller+0x300/0x300
[   51.938577]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   51.943320]  __x64_sys_sendmsg+0x78/0xb0
[   51.947506]  do_syscall_64+0x1a3/0x800
[   51.951401]  ? syscall_return_slowpath+0x5f0/0x5f0
[   51.956330]  ? prepare_exit_to_usermode+0x232/0x3b0
[   51.961338]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   51.966173]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   51.971349] RIP: 0033:0x4400d9
[   51.974523] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   51.993546] RSP: 002b:00007fffa6f7ee88 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   52.001248] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004400d9
[   52.008503] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000003
[   52.015769] RBP: 00000000006ca018 R08: 0000000000000006 R09: 00000000004002c8
[   52.023164] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000401960
[   52.030427] R13: 00000000004019f0 R14: 0000000000000000 R15: 0000000000000000
[   52.037692] 
[   52.039301] The buggy address belongs to the variable:
[   52.044583]  nl80211_pmsr_attr_policy+0x60/0x80
[   52.049236] 
[   52.050846] Memory state around the buggy address:
[   52.055783]  ffffffff88f41e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   52.063154]  ffffffff88f41f00: 00 00 00 00 00 00 00 00 fa fa fa fa 00 00 00 00
[   52.070650] >ffffffff88f41f80: 00 00 00 00 00 00 00 00 fa fa fa fa 00 00 00 00
[   52.078012]                                            ^
[   52.083463]  ffffffff88f42000: 00 00 00 00 00 00 fa fa fa fa fa fa 00 00 00 00
[   52.090822]  ffffffff88f42080: 00 00 fa fa fa fa fa fa 00 00 00 00 fa fa fa fa
[   52.098171] ==================================================================
[   52.105509] Disabling lock debugging due to kernel taint
[   52.111363] Kernel panic - not syncing: panic_on_warn set ...
[   52.117252] CPU: 0 PID: 7847 Comm: syz-executor602 Tainted: G    B             5.0.0-rc3+ #41
[   52.125897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   52.135228] Call Trace:
[   52.137804]  dump_stack+0x1db/0x2d0
[   52.141412]  ? dump_stack_print_info.cold+0x20/0x20
[   52.147115]  panic+0x2cb/0x65c
[   52.150299]  ? add_taint.cold+0x16/0x16
[   52.154261]  ? validate_nla+0x12c4/0x1580
[   52.158399]  ? preempt_schedule+0x4b/0x60
[   52.162545]  ? ___preempt_schedule+0x16/0x18
[   52.166945]  ? trace_hardirqs_on+0xb4/0x310
[   52.171252]  ? validate_nla+0x12c4/0x1580
[   52.175658]  end_report+0x47/0x4f
[   52.179169]  ? validate_nla+0x12c4/0x1580
[   52.183337]  kasan_report.cold+0xe/0x40
[   52.187315]  ? do_raw_spin_trylock+0x1a0/0x270
[   52.191890]  ? validate_nla+0x12c4/0x1580
[   52.196033]  __asan_report_load1_noabort+0x14/0x20
[   52.200950]  validate_nla+0x12c4/0x1580
[   52.204910]  ? nla_memcpy+0xb0/0xb0
[   52.208516]  ? depot_save_stack+0x1de/0x460
[   52.212827]  ? save_stack+0xa9/0xd0
[   52.216560]  ? save_stack+0x45/0xd0
[   52.220192]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[   52.225288]  ? kasan_kmalloc+0x9/0x10
[   52.229078]  nla_validate+0xc1/0x130
[   52.232774]  validate_nla+0x711/0x1580
[   52.236649]  ? print_usage_bug+0xb0/0xd0
[   52.240692]  ? nla_memcpy+0xb0/0xb0
[   52.244305]  ? add_lock_to_list.isra.0+0x450/0x450
[   52.249223]  ? __lock_is_held+0xb6/0x140
[   52.253267]  ? add_lock_to_list.isra.0+0x450/0x450
[   52.258179]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   52.263817]  __nla_parse+0x206/0x340
[   52.267542]  nla_parse+0x45/0x60
[   52.270994]  nl80211_dump_wiphy_parse.isra.0.constprop.0+0x133/0x610
[   52.277479]  ? nl80211_set_cqm+0x1e50/0x1e50
[   52.281875]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   52.287397]  nl80211_dump_wiphy+0x595/0x760
[   52.291706]  genl_lock_dumpit+0x6d/0xa0
[   52.295683]  netlink_dump+0x5f2/0x1070
[   52.299586]  ? netlink_broadcast+0x50/0x50
[   52.303821]  __netlink_dump_start+0x5b4/0x7e0
[   52.308300]  ? genl_lock_dumpit+0xa0/0xa0
[   52.312431]  genl_family_rcv_msg+0xeb5/0x11a0
[   52.316912]  ? genl_unregister_family+0x8a0/0x8a0
[   52.321736]  ? genl_lock_dumpit+0xa0/0xa0
[   52.325864]  ? genl_lock_done+0xe0/0xe0
[   52.329819]  ? genl_unlock+0x20/0x20
[   52.333525]  ? radix_tree_insert+0x850/0x850
[   52.337917]  ? netlink_deliver_tap+0x32b/0xf40
[   52.342485]  ? lock_downgrade+0x910/0x910
[   52.346691]  ? kasan_check_read+0x11/0x20
[   52.350851]  ? tcf_sample_act+0x410/0xbf0
[   52.355001]  genl_rcv_msg+0xca/0x16c
[   52.358716]  netlink_rcv_skb+0x17d/0x410
[   52.362884]  ? genl_family_rcv_msg+0x11a0/0x11a0
[   52.367634]  ? netlink_ack+0xba0/0xba0
[   52.371521]  ? __down_interruptible+0x740/0x740
[   52.376177]  genl_rcv+0x29/0x40
[   52.379440]  netlink_unicast+0x574/0x770
[   52.383485]  ? netlink_attachskb+0x980/0x980
[   52.388225]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   52.393759]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   52.398774]  netlink_sendmsg+0xa05/0xf90
[   52.402838]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   52.408383]  ? netlink_unicast+0x770/0x770
[   52.412611]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   52.417665]  ? apparmor_socket_sendmsg+0x2a/0x30
[   52.422413]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   52.427946]  ? security_socket_sendmsg+0x93/0xc0
[   52.432691]  ? netlink_unicast+0x770/0x770
[   52.436916]  sock_sendmsg+0xdd/0x130
[   52.440611]  ___sys_sendmsg+0x7ec/0x910
[   52.444569]  ? copy_msghdr_from_user+0x570/0x570
[   52.449305]  ? __handle_mm_fault+0x955/0x55a0
[   52.453780]  ? add_lock_to_list.isra.0+0x450/0x450
[   52.458695]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[   52.463610]  ? check_preemption_disabled+0x48/0x290
[   52.468615]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   52.474133]  ? __fget_light+0x2db/0x420
[   52.478090]  ? fget_raw+0x20/0x20
[   52.481536]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[   52.486797]  ? rcu_read_unlock_special+0x380/0x380
[   52.491710]  ? __fdget+0x1b/0x20
[   52.495176]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   52.500719]  ? sockfd_lookup_light+0xc2/0x160
[   52.505210]  __sys_sendmsg+0x112/0x270
[   52.509199]  ? __ia32_sys_shutdown+0x80/0x80
[   52.513618]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   52.519151]  ? vmacache_update+0x114/0x140
[   52.523379]  ? __ia32_sys_fallocate+0xf0/0xf0
[   52.527863]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   52.533207]  ? trace_hardirqs_off_caller+0x300/0x300
[   52.538297]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   52.543046]  __x64_sys_sendmsg+0x78/0xb0
[   52.547100]  do_syscall_64+0x1a3/0x800
[   52.550982]  ? syscall_return_slowpath+0x5f0/0x5f0
[   52.555911]  ? prepare_exit_to_usermode+0x232/0x3b0
[   52.560941]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   52.565782]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   52.570954] RIP: 0033:0x4400d9
[   52.574133] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   52.593013] RSP: 002b:00007fffa6f7ee88 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   52.601411] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004400d9
[   52.608674] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000003
[   52.615939] RBP: 00000000006ca018 R08: 0000000000000006 R09: 00000000004002c8
[   52.623349] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000401960
[   52.630618] R13: 00000000004019f0 R14: 0000000000000000 R15: 0000000000000000
[   52.639039] Kernel Offset: disabled
[   52.642667] Rebooting in 86400 seconds..