[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.4' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 229.499463][ T36] audit: type=1400 audit(1613530323.919:8): avc: denied { execmem } for pid=8414 comm="syz-executor157" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 executing program [ 229.561822][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 229.606379][ T8424] general protection fault, probably for non-canonical address 0xfbd59c0000000020: 0000 [#1] PREEMPT SMP KASAN [ 229.618174][ T8424] KASAN: maybe wild-memory-access in range [0xdead000000000100-0xdead000000000107] [ 229.627472][ T8424] CPU: 1 PID: 8424 Comm: syz-executor157 Not tainted 5.11.0-syzkaller #0 [ 229.635969][ T8424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 229.646048][ T8424] RIP: 0010:ieee80211_chanctx_num_assigned+0xb1/0x140 [ 229.652858][ T8424] Code: a8 f6 ff ff 48 39 c5 74 3b 49 bd 00 00 00 00 00 fc ff df e8 11 7f 13 f9 48 8d bb 58 09 00 00 41 83 c4 01 48 89 f8 48 c1 e8 03 <42> 80 3c 28 00 75 68 48 8b 83 58 09 00 00 48 8d 98 a8 f6 ff ff 48 [ 229.672485][ T8424] RSP: 0018:ffffc90000ff7330 EFLAGS: 00010a02 [ 229.678572][ T8424] RAX: 1bd5a00000000020 RBX: deacfffffffff7a8 RCX: 0000000000000000 [ 229.686552][ T8424] RDX: ffff88802f38a1c0 RSI: ffffffff885f590f RDI: dead000000000100 [ 229.694537][ T8424] RBP: ffff88801eb2f720 R08: 0000000000000000 R09: 0000000000000001 [ 229.702526][ T8424] R10: ffffffff885f596b R11: 0000000000000000 R12: 0000000000000002 [ 229.710519][ T8424] R13: dffffc0000000000 R14: ffff88801eb2f700 R15: 0000000000000000 [ 229.718510][ T8424] FS: 00000000023443c0(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 [ 229.727461][ T8424] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 229.734063][ T8424] CR2: 00000000004b6110 CR3: 0000000023992000 CR4: 00000000001506e0 [ 229.742087][ T8424] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 229.750082][ T8424] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 229.758077][ T8424] Call Trace: [ 229.761366][ T8424] ieee80211_assign_vif_chanctx+0x7b8/0x1230 [ 229.767373][ T8424] __ieee80211_vif_release_channel+0x236/0x430 [ 229.773548][ T8424] ieee80211_vif_release_channel+0x117/0x220 [ 229.779557][ T8424] ieee80211_ibss_disconnect+0x44e/0x7b0 [ 229.785220][ T8424] ieee80211_ibss_leave+0x12/0xe0 [ 229.790268][ T8424] __cfg80211_leave_ibss+0x19a/0x4c0 [ 229.795578][ T8424] cfg80211_leave_ibss+0x57/0x80 [ 229.800536][ T8424] cfg80211_change_iface+0x7f2/0xf10 [ 229.805841][ T8424] nl80211_set_interface+0x65c/0x8d0 [ 229.811155][ T8424] ? nl80211_notify_iface+0x180/0x180 [ 229.816539][ T8424] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 229.822929][ T8424] ? nl80211_pre_doit+0xa2/0x630 [ 229.827923][ T8424] genl_family_rcv_msg_doit+0x228/0x320 [ 229.833466][ T8424] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 229.840848][ T8424] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 229.847103][ T8424] ? cap_capable+0x1f1/0x280 [ 229.851698][ T8424] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 229.857929][ T8424] ? ns_capable+0xde/0x100 [ 229.862337][ T8424] genl_rcv_msg+0x328/0x580 [ 229.866830][ T8424] ? genl_get_cmd+0x480/0x480 [ 229.871514][ T8424] ? nl80211_notify_iface+0x180/0x180 [ 229.876886][ T8424] ? lock_release+0x710/0x710 [ 229.881554][ T8424] netlink_rcv_skb+0x153/0x420 [ 229.886308][ T8424] ? genl_get_cmd+0x480/0x480 [ 229.890993][ T8424] ? netlink_ack+0xaa0/0xaa0 [ 229.895593][ T8424] genl_rcv+0x24/0x40 [ 229.899577][ T8424] netlink_unicast+0x533/0x7d0 [ 229.904358][ T8424] ? netlink_attachskb+0x870/0x870 [ 229.909464][ T8424] ? _copy_from_iter_full+0x275/0x850 [ 229.914831][ T8424] netlink_sendmsg+0x856/0xd90 [ 229.919619][ T8424] ? netlink_unicast+0x7d0/0x7d0 [ 229.924551][ T8424] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 229.930803][ T8424] ? netlink_unicast+0x7d0/0x7d0 [ 229.935749][ T8424] sock_sendmsg+0xcf/0x120 [ 229.940165][ T8424] ____sys_sendmsg+0x6e8/0x810 [ 229.944917][ T8424] ? kernel_sendmsg+0x50/0x50 [ 229.949585][ T8424] ? do_recvmmsg+0x6c0/0x6c0 [ 229.954187][ T8424] ? find_held_lock+0x2d/0x110 [ 229.958942][ T8424] ___sys_sendmsg+0xf3/0x170 [ 229.963538][ T8424] ? sendmsg_copy_msghdr+0x160/0x160 [ 229.968831][ T8424] ? _copy_to_user+0xdc/0x150 [ 229.973498][ T8424] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 229.979727][ T8424] ? sock_do_ioctl+0x168/0x2d0 [ 229.984481][ T8424] ? compat_ifr_data_ioctl+0x150/0x150 [ 229.989944][ T8424] ? __sanitizer_cov_trace_switch+0x63/0xf0 [ 229.995831][ T8424] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 230.002062][ T8424] ? __fget_light+0x215/0x280 [ 230.006734][ T8424] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 230.012976][ T8424] __sys_sendmsg+0xe5/0x1b0 [ 230.017475][ T8424] ? __sys_sendmsg_sock+0xb0/0xb0 [ 230.022507][ T8424] ? syscall_enter_from_user_mode+0x1d/0x50 [ 230.028409][ T8424] do_syscall_64+0x2d/0x70 [ 230.032837][ T8424] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 230.038738][ T8424] RIP: 0033:0x4415a9 [ 230.042619][ T8424] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c4 ff ff ff f7 d8 64 89 01 48 [ 230.063261][ T8424] RSP: 002b:00007fff95a8b388 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 230.071684][ T8424] RAX: ffffffffffffffda RBX: 0000000000038084 RCX: 00000000004415a9 [ 230.079647][ T8424] RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000004 [ 230.087667][ T8424] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 230.095632][ T8424] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff95a8b3bc [ 230.103597][ T8424] R13: 431bde82d7b634db R14: 00007fff95a8b3d0 R15: 00000000004004b8 [ 230.111591][ T8424] Modules linked in: [ 230.116236][ T8424] ---[ end trace 9855a2ea42569d4e ]--- [ 230.121738][ T8424] RIP: 0010:ieee80211_chanctx_num_assigned+0xb1/0x140 [ 230.129478][ T8424] Code: a8 f6 ff ff 48 39 c5 74 3b 49 bd 00 00 00 00 00 fc ff df e8 11 7f 13 f9 48 8d bb 58 09 00 00 41 83 c4 01 48 89 f8 48 c1 e8 03 <42> 80 3c 28 00 75 68 48 8b 83 58 09 00 00 48 8d 98 a8 f6 ff ff 48 [ 230.149168][ T8424] RSP: 0018:ffffc90000ff7330 EFLAGS: 00010a02 [ 230.155256][ T8424] RAX: 1bd5a00000000020 RBX: deacfffffffff7a8 RCX: 0000000000000000 [ 230.163275][ T8424] RDX: ffff88802f38a1c0 RSI: ffffffff885f590f RDI: dead000000000100 [ 230.171364][ T8424] RBP: ffff88801eb2f720 R08: 0000000000000000 R09: 0000000000000001 [ 230.179389][ T8424] R10: ffffffff885f596b R11: 0000000000000000 R12: 0000000000000002 [ 230.187533][ T8424] R13: dffffc0000000000 R14: ffff88801eb2f700 R15: 0000000000000000 [ 230.195521][ T8424] FS: 00000000023443c0(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 [ 230.204563][ T8424] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 230.211222][ T8424] CR2: 00000000004b6110 CR3: 0000000023992000 CR4: 00000000001506e0 [ 230.219232][ T8424] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 230.227209][ T8424] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 230.235248][ T8424] Kernel panic - not syncing: Fatal exception [ 230.241777][ T8424] Kernel Offset: disabled [ 230.246107][ T8424] Rebooting in 86400 seconds..