Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.144' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 38.432084] ================================================================== [ 38.439696] BUG: KASAN: null-ptr-deref in ieee802154_llsec_parse_key_id+0x4ec/0x8a0 [ 38.447517] Read of size 8 at addr 0000000000000004 by task syz-executor260/8097 [ 38.455023] [ 38.456662] CPU: 0 PID: 8097 Comm: syz-executor260 Not tainted 4.19.177-syzkaller #0 [ 38.466521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.475865] Call Trace: [ 38.478474] dump_stack+0x1fc/0x2ef [ 38.482151] kasan_report_error.cold+0x15b/0x1b9 [ 38.486890] ? ieee802154_llsec_parse_key_id+0x4ec/0x8a0 [ 38.492346] kasan_report+0x8f/0xa0 [ 38.495956] ? ieee802154_llsec_parse_key_id+0x4ec/0x8a0 [ 38.501392] memcpy+0x20/0x50 [ 38.504479] ieee802154_llsec_parse_key_id+0x4ec/0x8a0 [ 38.509785] ? ieee802154_nl_start_confirm.isra.0+0x250/0x250 [ 38.515678] ? apparmor_sb_mount+0x970/0x970 [ 38.520067] ? apparmor_sb_mount+0x970/0x970 [ 38.524471] ieee802154_llsec_del_key+0x109/0x240 [ 38.529302] ? ieee802154_llsec_add_key+0x680/0x680 [ 38.534364] ? nla_parse+0x1b2/0x290 [ 38.538084] genl_family_rcv_msg+0x642/0xc40 [ 38.542480] ? genl_rcv+0x40/0x40 [ 38.545932] ? genl_rcv_msg+0x12f/0x160 [ 38.549896] ? __mutex_add_waiter+0x160/0x160 [ 38.554443] ? __radix_tree_lookup+0x216/0x370 [ 38.559015] genl_rcv_msg+0xbf/0x160 [ 38.562733] netlink_rcv_skb+0x160/0x440 [ 38.566780] ? genl_family_rcv_msg+0xc40/0xc40 [ 38.571345] ? netlink_ack+0xae0/0xae0 [ 38.575223] ? genl_rcv+0x15/0x40 [ 38.578671] genl_rcv+0x24/0x40 [ 38.581939] netlink_unicast+0x4d5/0x690 [ 38.585983] ? netlink_sendskb+0x110/0x110 [ 38.590204] ? _copy_from_iter_full+0x229/0x7c0 [ 38.594877] ? __phys_addr_symbol+0x2c/0x70 [ 38.599191] ? __check_object_size+0x17b/0x3e0 [ 38.603766] netlink_sendmsg+0x6bb/0xc40 [ 38.607816] ? aa_af_perm+0x230/0x230 [ 38.611600] ? nlmsg_notify+0x1a0/0x1a0 [ 38.615568] ? kernel_recvmsg+0x220/0x220 [ 38.619702] ? nlmsg_notify+0x1a0/0x1a0 [ 38.623655] sock_sendmsg+0xc3/0x120 [ 38.627349] ___sys_sendmsg+0x7bb/0x8e0 [ 38.631307] ? copy_msghdr_from_user+0x440/0x440 [ 38.636070] ? apparmor_file_receive+0x160/0x160 [ 38.640817] ? __lockdep_init_map+0x100/0x5a0 [ 38.645295] ? check_preemption_disabled+0x41/0x280 [ 38.650291] ? mark_held_locks+0xf0/0xf0 [ 38.654332] ? percpu_counter_add_batch+0x126/0x180 [ 38.659355] ? alloc_empty_file+0xd7/0x170 [ 38.663569] ? errseq_sample+0x56/0x70 [ 38.667434] ? alloc_file+0x326/0x4d0 [ 38.671227] ? __fd_install+0x1b4/0x610 [ 38.675183] ? __fdget+0x1a0/0x230 [ 38.678727] __x64_sys_sendmsg+0x132/0x220 [ 38.682952] ? __sys_sendmsg+0x1b0/0x1b0 [ 38.687005] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 38.692362] ? trace_hardirqs_off_caller+0x6e/0x210 [ 38.697364] ? do_syscall_64+0x21/0x620 [ 38.701322] do_syscall_64+0xf9/0x620 [ 38.705106] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.710305] RIP: 0033:0x43fab9 [ 38.713478] Code: 28 c3 e8 5a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 38.732364] RSP: 002b:00007ffdee7d7ac8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 38.740049] RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 000000000043fab9 [ 38.747298] RDX: 0000000024008144 RSI: 0000000020000200 RDI: 0000000000000004 [ 38.754548] RBP: 0000000000403520 R08: 0000000000000030 R09: 00000000004004a0 [ 38.761796] R10: 0000000000000001 R11: 0000000000000246 R12: 00000000004035b0 [ 38.769053] R13: 0000000000000000 R14: 00000000004ad018 R15: 00000000004004a0 [ 38.776309] ================================================================== [ 38.783645] Disabling lock debugging due to kernel taint [ 38.789622] Kernel panic - not syncing: panic_on_warn set ... [ 38.789622] [ 38.796986] CPU: 0 PID: 8097 Comm: syz-executor260 Tainted: G B 4.19.177-syzkaller #0 [ 38.806248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.815590] Call Trace: [ 38.818163] dump_stack+0x1fc/0x2ef [ 38.821767] panic+0x26a/0x50e [ 38.824937] ? __warn_printk+0xf3/0xf3 [ 38.829860] ? preempt_schedule_common+0x45/0xc0 [ 38.834596] ? ___preempt_schedule+0x16/0x18 [ 38.838985] ? trace_hardirqs_on+0x55/0x210 [ 38.843307] kasan_end_report+0x43/0x49 [ 38.847260] kasan_report_error.cold+0xa7/0x1b9 [ 38.851909] ? ieee802154_llsec_parse_key_id+0x4ec/0x8a0 [ 38.857336] kasan_report+0x8f/0xa0 [ 38.860956] ? ieee802154_llsec_parse_key_id+0x4ec/0x8a0 [ 38.866401] memcpy+0x20/0x50 [ 38.869489] ieee802154_llsec_parse_key_id+0x4ec/0x8a0 [ 38.874749] ? ieee802154_nl_start_confirm.isra.0+0x250/0x250 [ 38.880621] ? apparmor_sb_mount+0x970/0x970 [ 38.885010] ? apparmor_sb_mount+0x970/0x970 [ 38.889407] ieee802154_llsec_del_key+0x109/0x240 [ 38.894231] ? ieee802154_llsec_add_key+0x680/0x680 [ 38.899230] ? nla_parse+0x1b2/0x290 [ 38.902927] genl_family_rcv_msg+0x642/0xc40 [ 38.907325] ? genl_rcv+0x40/0x40 [ 38.910757] ? genl_rcv_msg+0x12f/0x160 [ 38.914712] ? __mutex_add_waiter+0x160/0x160 [ 38.919190] ? __radix_tree_lookup+0x216/0x370 [ 38.923753] genl_rcv_msg+0xbf/0x160 [ 38.927456] netlink_rcv_skb+0x160/0x440 [ 38.931496] ? genl_family_rcv_msg+0xc40/0xc40 [ 38.936060] ? netlink_ack+0xae0/0xae0 [ 38.939929] ? genl_rcv+0x15/0x40 [ 38.943363] genl_rcv+0x24/0x40 [ 38.946618] netlink_unicast+0x4d5/0x690 [ 38.950662] ? netlink_sendskb+0x110/0x110 [ 38.954886] ? _copy_from_iter_full+0x229/0x7c0 [ 38.959534] ? __phys_addr_symbol+0x2c/0x70 [ 38.963834] ? __check_object_size+0x17b/0x3e0 [ 38.968396] netlink_sendmsg+0x6bb/0xc40 [ 38.972435] ? aa_af_perm+0x230/0x230 [ 38.976212] ? nlmsg_notify+0x1a0/0x1a0 [ 38.980164] ? kernel_recvmsg+0x220/0x220 [ 38.984308] ? nlmsg_notify+0x1a0/0x1a0 [ 38.988272] sock_sendmsg+0xc3/0x120 [ 38.991964] ___sys_sendmsg+0x7bb/0x8e0 [ 38.995917] ? copy_msghdr_from_user+0x440/0x440 [ 39.000651] ? apparmor_file_receive+0x160/0x160 [ 39.005386] ? __lockdep_init_map+0x100/0x5a0 [ 39.009862] ? check_preemption_disabled+0x41/0x280 [ 39.014853] ? mark_held_locks+0xf0/0xf0 [ 39.018904] ? percpu_counter_add_batch+0x126/0x180 [ 39.023901] ? alloc_empty_file+0xd7/0x170 [ 39.028129] ? errseq_sample+0x56/0x70 [ 39.031993] ? alloc_file+0x326/0x4d0 [ 39.035772] ? __fd_install+0x1b4/0x610 [ 39.039728] ? __fdget+0x1a0/0x230 [ 39.043249] __x64_sys_sendmsg+0x132/0x220 [ 39.047482] ? __sys_sendmsg+0x1b0/0x1b0 [ 39.051532] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 39.056874] ? trace_hardirqs_off_caller+0x6e/0x210 [ 39.061881] ? do_syscall_64+0x21/0x620 [ 39.065843] do_syscall_64+0xf9/0x620 [ 39.069624] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.074789] RIP: 0033:0x43fab9 [ 39.077960] Code: 28 c3 e8 5a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 39.096836] RSP: 002b:00007ffdee7d7ac8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 39.104521] RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 000000000043fab9 [ 39.111767] RDX: 0000000024008144 RSI: 0000000020000200 RDI: 0000000000000004 [ 39.119112] RBP: 0000000000403520 R08: 0000000000000030 R09: 00000000004004a0 [ 39.126357] R10: 0000000000000001 R11: 0000000000000246 R12: 00000000004035b0 [ 39.135428] R13: 0000000000000000 R14: 00000000004ad018 R15: 00000000004004a0 [ 39.143297] Kernel Offset: disabled [ 39.146908] Rebooting in 86400 seconds..