================================================================== BUG: KASAN: null-ptr-deref in memcpy include/linux/string.h:348 [inline] BUG: KASAN: null-ptr-deref in llcp_sock_getname+0x358/0x460 net/nfc/llcp_sock.c:531 Read of size 43 at addr 0000000000000000 by task syz-executor.4/9903 alloc_pages_current+0x107/0x210 mm/mempolicy.c:2197 alloc_pages include/linux/gfp.h:532 [inline] __get_free_pages mm/page_alloc.c:4441 [inline] get_zeroed_page+0x14/0x50 mm/page_alloc.c:4450 __dev_alloc_name net/core/dev.c:1080 [inline] dev_alloc_name_ns+0x14b/0x470 net/core/dev.c:1119 dev_get_valid_name+0x6c/0xd0 net/core/dev.c:1154 register_netdevice+0x284/0xff0 net/core/dev.c:8651 ip6gre_newlink_common.isra.0+0x165/0x3c0 net/ipv6/ip6_gre.c:1985 ip6gre_newlink+0x298/0x7a0 net/ipv6/ip6_gre.c:2018 rtnl_newlink+0x1042/0x1600 net/core/rtnetlink.c:3132 rtnetlink_rcv_msg+0x463/0xb00 net/core/rtnetlink.c:4768 netlink_rcv_skb+0x17d/0x460 net/netlink/af_netlink.c:2454 rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:4786 netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline] netlink_unicast+0x53a/0x730 net/netlink/af_netlink.c:1343 netlink_sendmsg+0x8ae/0xd70 net/netlink/af_netlink.c:1908 sock_sendmsg_nosec net/socket.c:622 [inline] sock_sendmsg+0xd7/0x130 net/socket.c:632 ___sys_sendmsg+0x803/0x920 net/socket.c:2115 __sys_sendmsg+0x105/0x1d0 net/socket.c:2153 __do_sys_sendmsg net/socket.c:2162 [inline] __se_sys_sendmsg net/socket.c:2160 [inline] __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2160 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45af49 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fd5ba50bc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fd5ba50bc90 RCX: 000000000045af49 RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd5ba50c6d4 R13: 00000000004caa88 R14: 00000000004e40f8 R15: 0000000000000004 CPU: 1 PID: 9903 Comm: syz-executor.4 Not tainted 4.19.95-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x197/0x210 lib/dump_stack.c:118 kasan_report_error mm/kasan/report.c:352 [inline] kasan_report mm/kasan/report.c:412 [inline] kasan_report.cold+0x199/0x2ba mm/kasan/report.c:396 check_memory_region_inline mm/kasan/kasan.c:260 [inline] check_memory_region+0x123/0x190 mm/kasan/kasan.c:267 memcpy+0x24/0x50 mm/kasan/kasan.c:302 memcpy include/linux/string.h:348 [inline] llcp_sock_getname+0x358/0x460 net/nfc/llcp_sock.c:531 __sys_getsockname+0x12b/0x230 net/socket.c:1697 netlink: 'syz-executor.2': attribute type 1 has an invalid length. __do_sys_getsockname net/socket.c:1712 [inline] __se_sys_getsockname net/socket.c:1709 [inline] __x64_sys_getsockname+0x73/0xb0 net/socket.c:1709 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45af49 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fb8370d3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000033 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045af49 RDX: 0000000020000080 RSI: 0000000020000000 RDI: 0000000000000004 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb8370d46d4 R13: 00000000004c1ea6 R14: 00000000004d75e8 R15: 00000000ffffffff ================================================================== CPU: 0 PID: 9931 Comm: syz-executor.5 Not tainted 4.19.95-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x197/0x210 lib/dump_stack.c:118 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0xa/0x1b lib/fault-inject.c:149