[ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Started OpenBSD Secure Shell server. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.50' (ECDSA) to the list of known hosts. syzkaller login: [ 70.406737][ T130] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 70.424510][ T130] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 70.460212][ T4139] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready executing program [ 70.503432][ T25] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 70.512577][ T25] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 70.523202][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 70.543842][ T8421] netlink: 'syz-executor783': attribute type 16 has an invalid length. [ 70.552989][ T8421] ------------[ cut here ]------------ [ 70.561375][ T8421] WARNING: CPU: 1 PID: 8421 at net/mac80211/ieee80211_i.h:1458 sta_info_alloc+0x1930/0x1fb0 [ 70.571703][ T8421] Modules linked in: [ 70.575782][ T8421] CPU: 0 PID: 8421 Comm: syz-executor783 Not tainted 5.12.0-rc7-next-20210415-syzkaller #0 [ 70.585967][ T8421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 70.596362][ T8421] RIP: 0010:sta_info_alloc+0x1930/0x1fb0 [ 70.602190][ T8421] Code: 85 b3 03 00 00 49 8b 9f 60 01 00 00 e9 f8 f6 ff ff e8 64 1e 10 f9 8b 5c 24 08 83 e3 01 83 c3 01 e9 54 fb ff ff e8 50 1e 10 f9 <0f> 0b e8 99 08 fc f8 31 ff 89 c3 89 c6 e8 ee 24 10 f9 84 db 0f 84 [ 70.622037][ T8421] RSP: 0018:ffffc90000f9f3d8 EFLAGS: 00010293 [ 70.628417][ T8421] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 70.636416][ T8421] RDX: ffff8880127c5580 RSI: ffffffff886459f0 RDI: 0000000000000003 [ 70.644831][ T8421] RBP: ffff88801a720d00 R08: 0000000000000000 R09: 0000000000000001 [ 70.652932][ T8421] R10: ffffffff88645381 R11: 0000000000000000 R12: 0000000000000000 [ 70.661273][ T8421] R13: 0000000000000008 R14: dffffc0000000000 R15: ffff88801bdb0000 [ 70.669339][ T8421] FS: 0000000000517300(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 [ 70.678441][ T8421] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 70.685066][ T8421] CR2: 00007ff287f5b018 CR3: 000000001dc25000 CR4: 00000000001506f0 [ 70.693255][ T8421] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 70.701451][ T8421] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 70.709825][ T8421] Call Trace: [ 70.713148][ T8421] ieee80211_add_station+0x28c/0x670 [ 70.718500][ T8421] nl80211_new_station+0xdd0/0x13d0 [ 70.723734][ T8421] ? nl80211_set_station+0x11d0/0x11d0 [ 70.729404][ T8421] ? nl80211_pre_doit+0xa6/0x620 [ 70.734365][ T8421] genl_family_rcv_msg_doit+0x228/0x320 [ 70.740371][ T8421] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 70.748264][ T8421] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 70.754558][ T8421] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 70.761319][ T8421] ? ns_capable+0xd9/0x100 [ 70.765819][ T8421] genl_rcv_msg+0x328/0x580 [ 70.772744][ T8421] ? genl_get_cmd+0x480/0x480 [ 70.777632][ T8421] ? nl80211_set_station+0x11d0/0x11d0 [ 70.783232][ T8421] ? lock_release+0x720/0x720 [ 70.788089][ T8421] netlink_rcv_skb+0x153/0x420 [ 70.792939][ T8421] ? genl_get_cmd+0x480/0x480 [ 70.797727][ T8421] ? netlink_ack+0xaa0/0xaa0 [ 70.802485][ T8421] genl_rcv+0x24/0x40 [ 70.806467][ T8421] netlink_unicast+0x533/0x7d0 [ 70.811762][ T8421] ? netlink_attachskb+0x870/0x870 [ 70.817003][ T8421] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 70.824528][ T8421] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 70.830870][ T8421] ? __phys_addr_symbol+0x2c/0x70 [ 70.835921][ T8421] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 70.841963][ T8421] ? __check_object_size+0x171/0x3f0 [ 70.847279][ T8421] netlink_sendmsg+0x84c/0xd90 [ 70.852151][ T8421] ? netlink_unicast+0x7d0/0x7d0 [ 70.857370][ T8421] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 70.863712][ T8421] ? netlink_unicast+0x7d0/0x7d0 [ 70.869704][ T8421] sock_sendmsg+0xcf/0x120 [ 70.874144][ T8421] ____sys_sendmsg+0x6e8/0x810 [ 70.880213][ T8421] ? kernel_sendmsg+0x50/0x50 [ 70.885092][ T8421] ? do_recvmmsg+0x6d0/0x6d0 [ 70.889893][ T8421] ? lock_chain_count+0x20/0x20 [ 70.894802][ T8421] ? find_held_lock+0x2d/0x110 [ 70.899653][ T8421] ___sys_sendmsg+0xf3/0x170 [ 70.904352][ T8421] ? sendmsg_copy_msghdr+0x160/0x160 [ 70.910322][ T8421] ? __lock_acquire+0x16a7/0x5230 [ 70.915870][ T8421] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 70.921922][ T8421] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 70.927995][ T8421] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 70.935033][ T8421] ? __fget_light+0x215/0x280 [ 70.939780][ T8421] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 70.946080][ T8421] __sys_sendmsg+0xe5/0x1b0 [ 70.950890][ T8421] ? __sys_sendmsg_sock+0x30/0x30 [ 70.955949][ T8421] ? syscall_enter_from_user_mode+0x27/0x70 [ 70.961956][ T8421] do_syscall_64+0x3a/0xb0 [ 70.966448][ T8421] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 70.972741][ T8421] RIP: 0033:0x440959 [ 70.976688][ T8421] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 70.996439][ T8421] RSP: 002b:00007ffd025e4f28 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 71.004965][ T8421] RAX: ffffffffffffffda RBX: 00000000004b73c0 RCX: 0000000000440959 [ 71.013558][ T8421] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000004 [ 71.021876][ T8421] RBP: 0000000000000003 R08: 0000000c00000001 R09: 0000000c00000001 [ 71.030132][ T8421] R10: 0000000c00000001 R11: 0000000000000246 R12: 0000000000000031 [ 71.038221][ T8421] R13: 00007ffd025e4f70 R14: 00007ffd025e4f5a R15: 00000000004b7430 [ 71.046273][ T8421] Kernel panic - not syncing: panic_on_warn set ... [ 71.052855][ T8421] CPU: 0 PID: 8421 Comm: syz-executor783 Not tainted 5.12.0-rc7-next-20210415-syzkaller #0 [ 71.062822][ T8421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 71.072894][ T8421] Call Trace: [ 71.076185][ T8421] dump_stack+0x141/0x1d7 [ 71.080510][ T8421] panic+0x306/0x73d [ 71.084415][ T8421] ? __warn_printk+0xf3/0xf3 [ 71.089001][ T8421] ? __warn.cold+0x1a/0x44 [ 71.093689][ T8421] ? sta_info_alloc+0x1930/0x1fb0 [ 71.098718][ T8421] __warn.cold+0x35/0x44 [ 71.102974][ T8421] ? sta_info_alloc+0x1930/0x1fb0 [ 71.107988][ T8421] report_bug+0x1bd/0x210 [ 71.112311][ T8421] handle_bug+0x3c/0x60 [ 71.116490][ T8421] exc_invalid_op+0x14/0x40 [ 71.120982][ T8421] asm_exc_invalid_op+0x12/0x20 [ 71.125835][ T8421] RIP: 0010:sta_info_alloc+0x1930/0x1fb0 [ 71.131464][ T8421] Code: 85 b3 03 00 00 49 8b 9f 60 01 00 00 e9 f8 f6 ff ff e8 64 1e 10 f9 8b 5c 24 08 83 e3 01 83 c3 01 e9 54 fb ff ff e8 50 1e 10 f9 <0f> 0b e8 99 08 fc f8 31 ff 89 c3 89 c6 e8 ee 24 10 f9 84 db 0f 84 [ 71.151768][ T8421] RSP: 0018:ffffc90000f9f3d8 EFLAGS: 00010293 [ 71.158449][ T8421] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 71.166420][ T8421] RDX: ffff8880127c5580 RSI: ffffffff886459f0 RDI: 0000000000000003 [ 71.174381][ T8421] RBP: ffff88801a720d00 R08: 0000000000000000 R09: 0000000000000001 [ 71.182353][ T8421] R10: ffffffff88645381 R11: 0000000000000000 R12: 0000000000000000 [ 71.190316][ T8421] R13: 0000000000000008 R14: dffffc0000000000 R15: ffff88801bdb0000 [ 71.198564][ T8421] ? sta_info_alloc+0x12c1/0x1fb0 [ 71.203585][ T8421] ? sta_info_alloc+0x1930/0x1fb0 [ 71.208605][ T8421] ? sta_info_alloc+0x1930/0x1fb0 [ 71.213629][ T8421] ieee80211_add_station+0x28c/0x670 [ 71.218908][ T8421] nl80211_new_station+0xdd0/0x13d0 [ 71.224103][ T8421] ? nl80211_set_station+0x11d0/0x11d0 [ 71.229567][ T8421] ? nl80211_pre_doit+0xa6/0x620 [ 71.234511][ T8421] genl_family_rcv_msg_doit+0x228/0x320 [ 71.240069][ T8421] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 71.247651][ T8421] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 71.253898][ T8421] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 71.260146][ T8421] ? ns_capable+0xd9/0x100 [ 71.264556][ T8421] genl_rcv_msg+0x328/0x580 [ 71.269056][ T8421] ? genl_get_cmd+0x480/0x480 [ 71.273738][ T8421] ? nl80211_set_station+0x11d0/0x11d0 [ 71.279206][ T8421] ? lock_release+0x720/0x720 [ 71.283892][ T8421] netlink_rcv_skb+0x153/0x420 [ 71.288667][ T8421] ? genl_get_cmd+0x480/0x480 [ 71.293344][ T8421] ? netlink_ack+0xaa0/0xaa0 [ 71.297955][ T8421] genl_rcv+0x24/0x40 [ 71.301949][ T8421] netlink_unicast+0x533/0x7d0 [ 71.306724][ T8421] ? netlink_attachskb+0x870/0x870 [ 71.311830][ T8421] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 71.318587][ T8421] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 71.324823][ T8421] ? __phys_addr_symbol+0x2c/0x70 [ 71.329835][ T8421] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 71.335562][ T8421] ? __check_object_size+0x171/0x3f0 [ 71.340843][ T8421] netlink_sendmsg+0x84c/0xd90 [ 71.345619][ T8421] ? netlink_unicast+0x7d0/0x7d0 [ 71.353608][ T8421] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 71.359866][ T8421] ? netlink_unicast+0x7d0/0x7d0 [ 71.364810][ T8421] sock_sendmsg+0xcf/0x120 [ 71.369218][ T8421] ____sys_sendmsg+0x6e8/0x810 [ 71.373983][ T8421] ? kernel_sendmsg+0x50/0x50 [ 71.378657][ T8421] ? do_recvmmsg+0x6d0/0x6d0 [ 71.383252][ T8421] ? lock_chain_count+0x20/0x20 [ 71.388105][ T8421] ? find_held_lock+0x2d/0x110 [ 71.392890][ T8421] ___sys_sendmsg+0xf3/0x170 [ 71.397478][ T8421] ? sendmsg_copy_msghdr+0x160/0x160 [ 71.402776][ T8421] ? __lock_acquire+0x16a7/0x5230 [ 71.407813][ T8421] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 71.413782][ T8421] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 71.419927][ T8421] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 71.426167][ T8421] ? __fget_light+0x215/0x280 [ 71.430852][ T8421] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 71.437093][ T8421] __sys_sendmsg+0xe5/0x1b0 [ 71.441598][ T8421] ? __sys_sendmsg_sock+0x30/0x30 [ 71.446631][ T8421] ? syscall_enter_from_user_mode+0x27/0x70 [ 71.452539][ T8421] do_syscall_64+0x3a/0xb0 [ 71.457588][ T8421] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 71.463500][ T8421] RIP: 0033:0x440959 [ 71.467402][ T8421] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 71.487034][ T8421] RSP: 002b:00007ffd025e4f28 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 71.495455][ T8421] RAX: ffffffffffffffda RBX: 00000000004b73c0 RCX: 0000000000440959 [ 71.503438][ T8421] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000004 [ 71.511417][ T8421] RBP: 0000000000000003 R08: 0000000c00000001 R09: 0000000c00000001 [ 71.519389][ T8421] R10: 0000000c00000001 R11: 0000000000000246 R12: 0000000000000031 [ 71.527371][ T8421] R13: 00007ffd025e4f70 R14: 00007ffd025e4f5a R15: 00000000004b7430 [ 71.536063][ T8421] Kernel Offset: disabled [ 71.540485][ T8421] Rebooting in 86400 seconds..