[ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.166' (ECDSA) to the list of known hosts. syzkaller login: [ 65.675107][ T8505] IPVS: ftp: loaded support on port[0] = 21 [ 65.750523][ T356] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.763234][ T356] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.794001][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 65.817485][ T34] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.825489][ T34] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 executing program [ 65.838663][ T3000] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 65.858311][ T8505] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 65.870060][ T8505] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 65.878477][ T8505] CPU: 1 PID: 8505 Comm: syz-executor591 Not tainted 5.10.0-rc2-syzkaller #0 [ 65.887228][ T8505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.897314][ T8505] RIP: 0010:call_commit_handler+0x8b/0x110 [ 65.903096][ T8505] Code: 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 7d 48 8b 9d e0 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <80> 3c 02 00 75 73 48 b8 00 00 00 00 00 fc ff df 48 8b 1b 48 89 da [ 65.922729][ T8505] RSP: 0018:ffffc90001837ca8 EFLAGS: 00010246 [ 65.928774][ T8505] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff88413f68 [ 65.936773][ T8505] RDX: 0000000000000000 RSI: ffffffff88413f75 RDI: ffff8880126141e0 [ 65.944721][ T8505] RBP: ffff888012614000 R08: 0000000000000000 R09: ffff888012614047 [ 65.952671][ T8505] R10: 0000000000000000 R11: 0000000000000000 R12: ffff888012614040 [ 65.960621][ T8505] R13: ffffc90001837db0 R14: ffff888012614000 R15: 0000000000000004 [ 65.968572][ T8505] FS: 0000000000fe5880(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000 [ 65.977479][ T8505] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 65.984054][ T8505] CR2: 00000000200000c0 CR3: 000000001baee000 CR4: 00000000001506e0 [ 65.992003][ T8505] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 65.999976][ T8505] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 66.007935][ T8505] Call Trace: [ 66.011208][ T8505] ioctl_standard_call+0x1b8/0x1f0 [ 66.016313][ T8505] ? cfg80211_wext_freq+0x1b0/0x1b0 [ 66.021505][ T8505] ? iw_handler_get_private+0x1a0/0x1a0 [ 66.027042][ T8505] ? cfg80211_wext_freq+0x1b0/0x1b0 [ 66.032217][ T8505] wireless_process_ioctl+0xc8/0x4c0 [ 66.037503][ T8505] ? call_commit_handler+0x110/0x110 [ 66.042776][ T8505] wext_handle_ioctl+0x26b/0x280 [ 66.047690][ T8505] ? compat_standard_call+0x340/0x340 [ 66.053061][ T8505] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 66.058933][ T8505] ? generic_block_fiemap+0x60/0x60 [ 66.064119][ T8505] ? __up_read+0x1a1/0x7b0 [ 66.068515][ T8505] sock_ioctl+0x439/0x730 [ 66.072821][ T8505] ? dlci_ioctl_set+0x30/0x30 [ 66.077490][ T8505] ? vmacache_update+0xce/0x140 [ 66.082336][ T8505] ? bpf_lsm_file_ioctl+0x5/0x10 [ 66.087258][ T8505] ? dlci_ioctl_set+0x30/0x30 [ 66.091910][ T8505] __x64_sys_ioctl+0x193/0x200 [ 66.096667][ T8505] do_syscall_64+0x2d/0x70 [ 66.101060][ T8505] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 66.106928][ T8505] RIP: 0033:0x441529 [ 66.110800][ T8505] Code: e8 ec 05 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 8b 0d fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 66.130394][ T8505] RSP: 002b:00007ffe153363a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 66.138789][ T8505] RAX: ffffffffffffffda RBX: 00007ffe153363d0 RCX: 0000000000441529 [ 66.146795][ T8505] RDX: 00000000200000c0 RSI: 0000000000008b04 RDI: 0000000000000003 [ 66.154748][ T8505] RBP: 0000000000000003 R08: 0000002000000000 R09: 0000002000000000 [ 66.162734][ T8505] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000032 [ 66.170685][ T8505] R13: 0000000000000000 R14: 000000000000000c R15: 0000000000000004 [ 66.178649][ T8505] Modules linked in: [ 66.185603][ T34] BUG: sleeping function called from invalid context at net/mac80211/sta_info.c:1962 [ 66.195187][ T34] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 34, name: kworker/u4:2 [ 66.195489][ T8505] ---[ end trace 7d19aba569c501aa ]--- [ 66.205555][ T34] INFO: lockdep is turned off. [ 66.210311][ T8505] RIP: 0010:call_commit_handler+0x8b/0x110 [ 66.216016][ T34] Preemption disabled at: [ 66.220838][ T34] [] __mutex_lock+0x10f/0x10e0 [ 66.220897][ T8505] Code: 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 7d 48 8b 9d e0 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <80> 3c 02 00 75 73 48 b8 00 00 00 00 00 fc ff df 48 8b 1b 48 89 da [ 66.226460][ T34] CPU: 0 PID: 34 Comm: kworker/u4:2 Tainted: G D 5.10.0-rc2-syzkaller #0 [ 66.231746][ T8505] RSP: 0018:ffffc90001837ca8 EFLAGS: 00010246 [ 66.251551][ T34] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.251569][ T34] Workqueue: phy3 ieee80211_iface_work [ 66.251576][ T34] Call Trace: [ 66.251593][ T34] dump_stack+0x107/0x163 [ 66.251606][ T34] ? __mutex_lock+0x10f/0x10e0 [ 66.251620][ T34] ___might_sleep.cold+0x1e8/0x22e [ 66.251634][ T34] sta_info_move_state+0x32/0x8d0 [ 66.251646][ T34] ? wait_for_completion+0x260/0x260 [ 66.251660][ T34] sta_info_free+0x65/0x3b0 [ 66.251674][ T34] sta_info_insert_rcu+0x303/0x2ba0 [ 66.251691][ T34] ? lock_release+0x510/0x710 [ 66.251704][ T34] ? rate_control_rate_init+0x32c/0x6a0 [ 66.251719][ T34] ? sta_info_free+0x3b0/0x3b0 [ 66.251734][ T34] ? __local_bh_enable_ip+0x9c/0x110 [ 66.251748][ T34] ? rate_control_rate_init+0x35f/0x6a0 [ 66.251761][ T34] ieee80211_ibss_finish_sta+0x212/0x390 [ 66.251773][ T34] ? ieee80211_ibss_build_presp+0x15f0/0x15f0 [ 66.251783][ T34] ? rwlock_bug.part.0+0x90/0x90 [ 66.251797][ T34] ? __local_bh_enable_ip+0x9c/0x110 [ 66.251808][ T34] ieee80211_ibss_work+0x2c7/0xe80 [ 66.251829][ T34] ? ieee80211_ibss_rx_queued_mgmt+0x1870/0x1870 [ 66.261771][ T8505] [ 66.267569][ T34] ? lock_downgrade+0x6d0/0x6d0 [ 66.267581][ T34] ? rwlock_bug.part.0+0x90/0x90 [ 66.267596][ T34] ? kfree_skbmem+0xef/0x1b0 [ 66.267608][ T34] ? kmem_cache_free+0x23d/0x350 [ 66.267623][ T34] ? _raw_spin_unlock_irqrestore+0x42/0x50 [ 66.267634][ T34] ? trace_hardirqs_on+0x5b/0x1c0 [ 66.267647][ T34] ? _raw_spin_unlock_irqrestore+0x2f/0x50 [ 66.267663][ T34] ieee80211_iface_work+0x82e/0x970 [ 66.267675][ T34] process_one_work+0x933/0x15a0 [ 66.267688][ T34] ? lock_release+0x710/0x710 [ 66.267698][ T34] ? pwq_dec_nr_in_flight+0x320/0x320 [ 66.267710][ T34] ? rwlock_bug.part.0+0x90/0x90 [ 66.267722][ T34] worker_thread+0x64c/0x1120 [ 66.267736][ T34] ? __kthread_parkme+0x13f/0x1e0 [ 66.267746][ T34] ? process_one_work+0x15a0/0x15a0 [ 66.267758][ T34] kthread+0x3af/0x4a0 [ 66.267772][ T34] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 66.267784][ T34] ret_from_fork+0x1f/0x30 [ 66.473913][ T8505] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff88413f68 [ 66.482591][ T8505] RDX: 0000000000000000 RSI: ffffffff88413f75 RDI: ffff8880126141e0 [ 66.491011][ T8505] RBP: ffff888012614000 R08: 0000000000000000 R09: ffff888012614047 [ 66.499041][ T8505] R10: 0000000000000000 R11: 0000000000000000 R12: ffff888012614040 [ 66.507098][ T8505] R13: ffffc90001837db0 R14: ffff888012614000 R15: 0000000000000004 [ 66.515066][ T8505] FS: 0000000000fe5880(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000 [ 66.524071][ T8505] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 66.530918][ T8505] CR2: 00007fd089b89020 CR3: 000000001baee000 CR4: 00000000001506f0 [ 66.539416][ T8505] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 66.547494][ T8505] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 66.556554][ T8505] Kernel panic - not syncing: Fatal exception [ 66.563338][ T8505] Kernel Offset: disabled [ 66.567741][ T8505] Rebooting in 86400 seconds..