[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.253' (ECDSA) to the list of known hosts. syzkaller login: [ 47.605685] audit: type=1400 audit(1602841232.165:8): avc: denied { execmem } for pid=6525 comm="syz-executor830" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 48.697076] IPVS: ftp: loaded support on port[0] = 21 [ 48.799919] chnl_net:caif_netlink_parms(): no params data found [ 48.893550] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.900247] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.907432] device bridge_slave_0 entered promiscuous mode [ 48.917000] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.923844] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.931927] device bridge_slave_1 entered promiscuous mode [ 48.950391] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 48.959577] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 48.978234] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 48.986190] team0: Port device team_slave_0 added [ 48.992307] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 49.000038] team0: Port device team_slave_1 added [ 49.016482] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 49.022847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 49.048133] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 49.060520] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 49.066758] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 49.092378] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 49.103231] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 49.111148] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 49.132964] device hsr_slave_0 entered promiscuous mode [ 49.138903] device hsr_slave_1 entered promiscuous mode [ 49.145583] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 49.152956] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 49.227350] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.233851] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.241058] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.247536] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.285917] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 49.292563] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.302326] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 49.312276] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 49.322522] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.331280] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.338367] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 49.350206] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 49.356317] 8021q: adding VLAN 0 to HW filter on device team0 [ 49.366846] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.375264] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.381781] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.392675] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.400545] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.406937] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.430850] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 49.438897] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 49.448044] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 49.456163] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 49.466327] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 49.472814] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 49.481034] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 49.496826] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 49.504383] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 49.511647] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 49.523867] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 49.536950] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 49.547790] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 49.584281] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 49.591950] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 49.598591] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 49.608563] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 49.616823] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 49.624050] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 49.634276] device veth0_vlan entered promiscuous mode [ 49.644688] device veth1_vlan entered promiscuous mode [ 49.651254] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 49.660564] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 49.673022] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 49.683000] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 49.691563] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 49.700017] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 49.710671] device veth0_macvtap entered promiscuous mode [ 49.716944] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 49.726191] device veth1_macvtap entered promiscuous mode [ 49.736819] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 49.746645] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 49.757247] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 49.764870] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 49.774743] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 49.785451] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 49.792471] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 49.799682] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 49.807529] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 49.940001] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready [ 49.946974] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.963024] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.975967] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready executing program [ 49.986087] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready [ 49.995770] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 50.003003] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 50.010311] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 50.021872] ------------[ cut here ]------------ [ 50.027318] WARNING: CPU: 1 PID: 7 at net/mac80211/sta_info.c:458 sta_info_insert_rcu.cold+0x104/0x280 [ 50.036796] Kernel panic - not syncing: panic_on_warn set ... [ 50.036796] [ 50.044179] CPU: 1 PID: 7 Comm: kworker/u4:0 Not tainted 4.19.150-syzkaller #0 [ 50.051521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 50.060885] Workqueue: phy2 ieee80211_iface_work [ 50.065631] Call Trace: [ 50.068206] dump_stack+0x22c/0x33e [ 50.071842] panic+0x2ac/0x565 [ 50.075034] ? __warn_printk+0xf3/0xf3 [ 50.078911] ? sta_info_insert_rcu.cold+0x104/0x280 [ 50.083929] ? __probe_kernel_read+0x130/0x1b0 [ 50.088499] ? __warn.cold+0x5/0x5a [ 50.092116] ? __warn+0xe4/0x200 [ 50.095467] ? sta_info_insert_rcu.cold+0x104/0x280 [ 50.100470] __warn.cold+0x20/0x5a [ 50.104002] ? sta_info_insert_rcu.cold+0x104/0x280 [ 50.109012] report_bug+0x262/0x2b0 [ 50.112631] do_error_trap+0x1e1/0x330 [ 50.116515] ? math_error+0x320/0x320 [ 50.120306] ? __irq_work_queue_local+0x155/0x200 [ 50.125164] ? irq_work_queue+0x29/0x80 [ 50.129142] ? error_entry+0x72/0xd0 [ 50.132853] ? trace_hardirqs_off_caller+0x6e/0x210 [ 50.137855] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 50.142686] invalid_op+0x14/0x20 [ 50.146126] RIP: 0010:sta_info_insert_rcu.cold+0x104/0x280 [ 50.151748] Code: 74 24 30 48 c7 c7 80 98 1c 8b e8 d5 4e 68 fc 0f b6 44 24 30 e9 10 5a ff ff e8 d6 ff 23 fa 48 c7 c7 c0 5e cd 88 e8 79 7b 0d fa <0f> 0b 41 bd ea ff ff ff e9 4d 63 ff ff e8 b8 ff 23 fa 0f b6 f3 48 [ 50.170724] RSP: 0018:ffff8880a9a0fa60 EFLAGS: 00010282 [ 50.176075] RAX: 0000000000000024 RBX: ffff8880a06022c0 RCX: 0000000000000000 [ 50.183342] RDX: 0000000000000000 RSI: ffffffff815b623f RDI: ffffed1015341f3e [ 50.190794] RBP: 0000000000000001 R08: 0000000000000024 R09: 0000000000000000 [ 50.198059] R10: 0000000000000005 R11: 0000000000000000 R12: 000000008540bf2f [ 50.205346] R13: ffff8880849dc648 R14: ffff8880849dc600 R15: 000000000000bd07 [ 50.212777] ? vprintk_func+0x7f/0x224 [ 50.216661] ? check_preemption_disabled+0x41/0x2b0 [ 50.221719] ? minstrel_ht_rate_update+0x40/0x40 [ 50.226492] ? rate_control_rate_init+0x33c/0x570 [ 50.231338] ieee80211_ibss_finish_sta+0x277/0x380 [ 50.236320] ? ieee80211_sta_join_ibss+0xf90/0xf90 [ 50.241260] ? ieee80211_ibss_work+0x120/0xec0 [ 50.245831] ? __local_bh_enable_ip+0x159/0x2a0 [ 50.250488] ? lockdep_hardirqs_on+0x3c1/0x5e0 [ 50.255065] ieee80211_ibss_work+0x2b6/0xec0 [ 50.259551] ? ieee80211_ibss_rx_queued_mgmt+0x1940/0x1940 [ 50.265172] ? mark_held_locks+0xa6/0xf0 [ 50.269216] ? _raw_spin_unlock_irqrestore+0x7d/0xf0 [ 50.274313] ? lockdep_hardirqs_on+0x3c1/0x5e0 [ 50.278901] ? _raw_spin_unlock_irqrestore+0x6a/0xf0 [ 50.283992] ieee80211_iface_work+0x828/0x900 [ 50.288477] process_one_work+0x796/0x14e0 [ 50.292709] ? init_worker_pool+0x5c0/0x5c0 [ 50.297028] worker_thread+0x64c/0x1130 [ 50.300998] ? rescuer_thread+0xce0/0xce0 [ 50.305149] kthread+0x33f/0x460 [ 50.308500] ? kthread_park+0x180/0x180 [ 50.312473] ret_from_fork+0x24/0x30 [ 50.317436] Kernel Offset: disabled [ 50.321107] Rebooting in 86400 seconds..