[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] startpar: service(s) returned failure: rsyslog restorecond ...[?25l[?1c7[FAIL8[?25h[?0c failed! Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 47.379698] kauditd_printk_skb: 4 callbacks suppressed [ 47.379712] audit: type=1400 audit(1548333335.115:35): avc: denied { map } for pid=8019 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.185' (ECDSA) to the list of known hosts. [ 54.207761] audit: type=1400 audit(1548333341.935:36): avc: denied { map } for pid=8031 comm="syz-executor881" path="/root/syz-executor881548145" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 54.211761] ================================================================== executing program [ 54.234161] audit: type=1400 audit(1548333341.935:37): avc: denied { create } for pid=8031 comm="syz-executor881" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 54.241458] BUG: KASAN: global-out-of-bounds in validate_nla+0x12c4/0x1580 [ 54.241469] Read of size 1 at addr ffffffff88f41fc0 by task syz-executor881/8031 [ 54.241473] [ 54.241487] CPU: 0 PID: 8031 Comm: syz-executor881 Not tainted 5.0.0-rc3+ #41 [ 54.241494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.241499] Call Trace: [ 54.241518] dump_stack+0x1db/0x2d0 [ 54.265542] audit: type=1400 audit(1548333341.935:38): avc: denied { write } for pid=8031 comm="syz-executor881" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 54.272434] ? dump_stack_print_info.cold+0x20/0x20 [ 54.272452] ? mark_held_locks+0xb1/0x100 [ 54.272467] ? validate_nla+0x12c4/0x1580 [ 54.341515] print_address_description.cold+0x5/0x20d [ 54.346706] ? validate_nla+0x12c4/0x1580 [ 54.350837] ? validate_nla+0x12c4/0x1580 [ 54.354980] kasan_report.cold+0x1b/0x40 [ 54.359035] ? do_raw_spin_trylock+0x1a0/0x270 [ 54.363597] ? validate_nla+0x12c4/0x1580 [ 54.367730] __asan_report_load1_noabort+0x14/0x20 [ 54.372642] validate_nla+0x12c4/0x1580 [ 54.376599] ? nla_memcpy+0xb0/0xb0 [ 54.380207] ? depot_save_stack+0x1de/0x460 [ 54.384512] ? save_stack+0xa9/0xd0 [ 54.388130] ? save_stack+0x45/0xd0 [ 54.391742] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 54.396824] ? kasan_kmalloc+0x9/0x10 [ 54.400607] nla_validate+0xc1/0x130 [ 54.404305] validate_nla+0x711/0x1580 [ 54.408173] ? print_usage_bug+0xb0/0xd0 [ 54.412215] ? nla_memcpy+0xb0/0xb0 [ 54.415824] ? add_lock_to_list.isra.0+0x450/0x450 [ 54.420733] ? __lock_is_held+0xb6/0x140 [ 54.424776] ? add_lock_to_list.isra.0+0x450/0x450 [ 54.429687] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.435207] __nla_parse+0x206/0x340 [ 54.438904] nla_parse+0x45/0x60 [ 54.442263] nl80211_dump_wiphy_parse.isra.0.constprop.0+0x133/0x610 [ 54.448739] ? nl80211_set_cqm+0x1e50/0x1e50 [ 54.453132] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.458656] nl80211_dump_wiphy+0x595/0x760 [ 54.462968] genl_lock_dumpit+0x6d/0xa0 [ 54.466953] netlink_dump+0x5f2/0x1070 [ 54.470846] ? netlink_broadcast+0x50/0x50 [ 54.475089] __netlink_dump_start+0x5b4/0x7e0 [ 54.479574] ? genl_lock_dumpit+0xa0/0xa0 [ 54.483715] genl_family_rcv_msg+0xeb5/0x11a0 [ 54.488195] ? genl_unregister_family+0x8a0/0x8a0 [ 54.493018] ? genl_lock_dumpit+0xa0/0xa0 [ 54.497146] ? genl_lock_done+0xe0/0xe0 [ 54.501105] ? genl_unlock+0x20/0x20 [ 54.504814] ? radix_tree_insert+0x850/0x850 [ 54.509211] ? netlink_deliver_tap+0x32b/0xf40 [ 54.513780] ? lock_downgrade+0x910/0x910 [ 54.517914] ? kasan_check_read+0x11/0x20 [ 54.522072] genl_rcv_msg+0xca/0x16c [ 54.525768] netlink_rcv_skb+0x17d/0x410 [ 54.529809] ? genl_family_rcv_msg+0x11a0/0x11a0 [ 54.534555] ? netlink_ack+0xba0/0xba0 [ 54.538431] ? __down_interruptible+0x740/0x740 [ 54.543087] genl_rcv+0x29/0x40 [ 54.546350] netlink_unicast+0x574/0x770 [ 54.550411] ? netlink_attachskb+0x980/0x980 [ 54.554805] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.560324] netlink_sendmsg+0xa05/0xf90 [ 54.564362] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 54.569885] ? netlink_unicast+0x770/0x770 [ 54.574392] ? selinux_socket_sendmsg+0x36/0x40 [ 54.579043] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.584559] ? security_socket_sendmsg+0x93/0xc0 [ 54.589299] ? netlink_unicast+0x770/0x770 [ 54.593733] sock_sendmsg+0xdd/0x130 [ 54.597439] ___sys_sendmsg+0x7ec/0x910 [ 54.601410] ? copy_msghdr_from_user+0x570/0x570 [ 54.606153] ? __handle_mm_fault+0x955/0x55a0 [ 54.610652] ? add_lock_to_list.isra.0+0x450/0x450 [ 54.615570] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 54.620399] ? check_preemption_disabled+0x48/0x290 [ 54.625403] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.630949] ? __fget_light+0x2db/0x420 [ 54.634919] ? fget_raw+0x20/0x20 [ 54.638370] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 54.643640] ? rcu_read_unlock_special+0x380/0x380 [ 54.648561] ? __fdget+0x1b/0x20 [ 54.651909] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 54.657438] ? sockfd_lookup_light+0xc2/0x160 [ 54.661925] __sys_sendmsg+0x112/0x270 [ 54.665795] ? __ia32_sys_shutdown+0x80/0x80 [ 54.670183] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.675699] ? vmacache_update+0x114/0x140 [ 54.679930] ? __ia32_sys_fallocate+0xf0/0xf0 [ 54.684407] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.689757] ? trace_hardirqs_off_caller+0x300/0x300 [ 54.694845] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 54.699585] __x64_sys_sendmsg+0x78/0xb0 [ 54.703627] do_syscall_64+0x1a3/0x800 [ 54.707518] ? syscall_return_slowpath+0x5f0/0x5f0 [ 54.712433] ? prepare_exit_to_usermode+0x232/0x3b0 [ 54.717434] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 54.722297] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.727469] RIP: 0033:0x4400d9 [ 54.730644] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 54.749527] RSP: 002b:00007ffc70ffd188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 54.757214] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004400d9 [ 54.764789] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000003 [ 54.772041] RBP: 00000000006ca018 R08: 0000000000000006 R09: 00000000004002c8 [ 54.779291] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000401960 [ 54.786540] R13: 00000000004019f0 R14: 0000000000000000 R15: 0000000000000000 [ 54.793795] [ 54.795399] The buggy address belongs to the variable: [ 54.800663] nl80211_pmsr_attr_policy+0x60/0x80 [ 54.805307] [ 54.806919] Memory state around the buggy address: [ 54.811827] ffffffff88f41e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 54.819164] ffffffff88f41f00: 00 00 00 00 00 00 00 00 fa fa fa fa 00 00 00 00 [ 54.826504] >ffffffff88f41f80: 00 00 00 00 00 00 00 00 fa fa fa fa 00 00 00 00 [ 54.833848] ^ [ 54.839277] ffffffff88f42000: 00 00 00 00 00 00 fa fa fa fa fa fa 00 00 00 00 [ 54.846615] ffffffff88f42080: 00 00 fa fa fa fa fa fa 00 00 00 00 fa fa fa fa [ 54.853951] ================================================================== [ 54.861287] Disabling lock debugging due to kernel taint [ 54.867122] Kernel panic - not syncing: panic_on_warn set ... [ 54.873014] CPU: 0 PID: 8031 Comm: syz-executor881 Tainted: G B 5.0.0-rc3+ #41 [ 54.881654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.890996] Call Trace: [ 54.893566] dump_stack+0x1db/0x2d0 [ 54.897174] ? dump_stack_print_info.cold+0x20/0x20 [ 54.902178] panic+0x2cb/0x65c [ 54.905352] ? add_taint.cold+0x16/0x16 [ 54.909309] ? validate_nla+0x12c4/0x1580 [ 54.913438] ? preempt_schedule+0x4b/0x60 [ 54.917582] ? ___preempt_schedule+0x16/0x18 [ 54.921976] ? trace_hardirqs_on+0xb4/0x310 [ 54.926277] ? validate_nla+0x12c4/0x1580 [ 54.930406] end_report+0x47/0x4f [ 54.933841] ? validate_nla+0x12c4/0x1580 [ 54.937996] kasan_report.cold+0xe/0x40 [ 54.941954] ? do_raw_spin_trylock+0x1a0/0x270 [ 54.946517] ? validate_nla+0x12c4/0x1580 [ 54.950655] __asan_report_load1_noabort+0x14/0x20 [ 54.955580] validate_nla+0x12c4/0x1580 [ 54.959537] ? nla_memcpy+0xb0/0xb0 [ 54.963144] ? depot_save_stack+0x1de/0x460 [ 54.967447] ? save_stack+0xa9/0xd0 [ 54.971053] ? save_stack+0x45/0xd0 [ 54.974660] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 54.979754] ? kasan_kmalloc+0x9/0x10 [ 54.983536] nla_validate+0xc1/0x130 [ 54.987228] validate_nla+0x711/0x1580 [ 54.991094] ? print_usage_bug+0xb0/0xd0 [ 54.995136] ? nla_memcpy+0xb0/0xb0 [ 54.998751] ? add_lock_to_list.isra.0+0x450/0x450 [ 55.003658] ? __lock_is_held+0xb6/0x140 [ 55.007698] ? add_lock_to_list.isra.0+0x450/0x450 [ 55.012610] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 55.018141] __nla_parse+0x206/0x340 [ 55.021839] nla_parse+0x45/0x60 [ 55.025203] nl80211_dump_wiphy_parse.isra.0.constprop.0+0x133/0x610 [ 55.031762] ? nl80211_set_cqm+0x1e50/0x1e50 [ 55.036151] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 55.041670] nl80211_dump_wiphy+0x595/0x760 [ 55.045980] genl_lock_dumpit+0x6d/0xa0 [ 55.049937] netlink_dump+0x5f2/0x1070 [ 55.053810] ? netlink_broadcast+0x50/0x50 [ 55.058029] __netlink_dump_start+0x5b4/0x7e0 [ 55.062502] ? genl_lock_dumpit+0xa0/0xa0 [ 55.066630] genl_family_rcv_msg+0xeb5/0x11a0 [ 55.071108] ? genl_unregister_family+0x8a0/0x8a0 [ 55.075933] ? genl_lock_dumpit+0xa0/0xa0 [ 55.080060] ? genl_lock_done+0xe0/0xe0 [ 55.084011] ? genl_unlock+0x20/0x20 [ 55.087704] ? radix_tree_insert+0x850/0x850 [ 55.092094] ? netlink_deliver_tap+0x32b/0xf40 [ 55.096659] ? lock_downgrade+0x910/0x910 [ 55.100788] ? kasan_check_read+0x11/0x20 [ 55.104921] genl_rcv_msg+0xca/0x16c [ 55.108628] netlink_rcv_skb+0x17d/0x410 [ 55.112669] ? genl_family_rcv_msg+0x11a0/0x11a0 [ 55.117405] ? netlink_ack+0xba0/0xba0 [ 55.121275] ? __down_interruptible+0x740/0x740 [ 55.125926] genl_rcv+0x29/0x40 [ 55.129186] netlink_unicast+0x574/0x770 [ 55.133242] ? netlink_attachskb+0x980/0x980 [ 55.137636] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 55.143154] netlink_sendmsg+0xa05/0xf90 [ 55.147198] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 55.152731] ? netlink_unicast+0x770/0x770 [ 55.156949] ? selinux_socket_sendmsg+0x36/0x40 [ 55.161597] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 55.167112] ? security_socket_sendmsg+0x93/0xc0 [ 55.171845] ? netlink_unicast+0x770/0x770 [ 55.176061] sock_sendmsg+0xdd/0x130 [ 55.179756] ___sys_sendmsg+0x7ec/0x910 [ 55.183714] ? copy_msghdr_from_user+0x570/0x570 [ 55.188450] ? __handle_mm_fault+0x955/0x55a0 [ 55.192930] ? add_lock_to_list.isra.0+0x450/0x450 [ 55.197850] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 55.202691] ? check_preemption_disabled+0x48/0x290 [ 55.207686] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 55.213201] ? __fget_light+0x2db/0x420 [ 55.217157] ? fget_raw+0x20/0x20 [ 55.220594] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 55.225853] ? rcu_read_unlock_special+0x380/0x380 [ 55.230768] ? __fdget+0x1b/0x20 [ 55.234116] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 55.239635] ? sockfd_lookup_light+0xc2/0x160 [ 55.244115] __sys_sendmsg+0x112/0x270 [ 55.247988] ? __ia32_sys_shutdown+0x80/0x80 [ 55.252380] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 55.257908] ? vmacache_update+0x114/0x140 [ 55.262125] ? __ia32_sys_fallocate+0xf0/0xf0 [ 55.266602] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.271947] ? trace_hardirqs_off_caller+0x300/0x300 [ 55.277032] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 55.281768] __x64_sys_sendmsg+0x78/0xb0 [ 55.285821] do_syscall_64+0x1a3/0x800 [ 55.289693] ? syscall_return_slowpath+0x5f0/0x5f0 [ 55.294605] ? prepare_exit_to_usermode+0x232/0x3b0 [ 55.299604] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 55.304439] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.309606] RIP: 0033:0x4400d9 [ 55.312776] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 55.331655] RSP: 002b:00007ffc70ffd188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 55.339343] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004400d9 [ 55.346680] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000003 [ 55.353927] RBP: 00000000006ca018 R08: 0000000000000006 R09: 00000000004002c8 [ 55.361181] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000401960 [ 55.368428] R13: 00000000004019f0 R14: 0000000000000000 R15: 0000000000000000 [ 55.376807] Kernel Offset: disabled [ 55.380428] Rebooting in 86400 seconds..