Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.103' (ECDSA) to the list of known hosts. syzkaller login: [ 66.704648][ T6870] IPVS: ftp: loaded support on port[0] = 21 [ 66.791583][ T7] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.809072][ T7] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.824414][ T2547] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready executing program [ 66.861511][ T7] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.870648][ T7] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.879959][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 66.905026][ T6870] netlink: 20 bytes leftover after parsing attributes in process `syz-executor036'. [ 66.915365][ T6870] ------------[ cut here ]------------ [ 66.921533][ T6870] WARNING: CPU: 0 PID: 6870 at net/mac80211/rate.c:269 ieee80211_check_rate_mask+0x198/0x210 [ 66.933931][ T6870] Kernel panic - not syncing: panic_on_warn set ... [ 66.940534][ T6870] CPU: 0 PID: 6870 Comm: syz-executor036 Not tainted 5.9.0-rc8-syzkaller #0 [ 66.949930][ T6870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.959975][ T6870] Call Trace: [ 66.963257][ T6870] dump_stack+0x198/0x1fd [ 66.967596][ T6870] panic+0x382/0x7fb [ 66.971501][ T6870] ? __warn_printk+0xf3/0xf3 [ 66.976107][ T6870] ? printk+0xba/0xed [ 66.980079][ T6870] ? log_store.cold+0x16/0x16 [ 66.984751][ T6870] ? __warn.cold+0x5/0x4b [ 66.989076][ T6870] ? __warn+0xd6/0x1f2 [ 66.993143][ T6870] ? ieee80211_check_rate_mask+0x198/0x210 [ 66.998944][ T6870] __warn.cold+0x20/0x4b [ 67.003170][ T6870] ? ieee80211_check_rate_mask+0x198/0x210 [ 67.009236][ T6870] report_bug+0x1bd/0x210 [ 67.013561][ T6870] handle_bug+0x38/0x90 [ 67.017715][ T6870] exc_invalid_op+0x14/0x40 [ 67.022208][ T6870] asm_exc_invalid_op+0x12/0x20 [ 67.027042][ T6870] RIP: 0010:ieee80211_check_rate_mask+0x198/0x210 [ 67.033481][ T6870] Code: 45 85 ff 0f 84 8d 0c 00 00 48 83 c4 10 5b 5d 41 5c 41 5d 41 5e 41 5f e9 b6 46 b0 f9 e8 b1 46 b0 f9 0f 0b eb e4 e8 a8 46 b0 f9 <0f> 0b eb db e8 1f 1f f1 f9 e9 98 fe ff ff 4c 89 ef e8 12 1f f1 f9 [ 67.054303][ T6870] RSP: 0018:ffffc90001867578 EFLAGS: 00010293 [ 67.060354][ T6870] RAX: 0000000000000000 RBX: ffff88809358cc00 RCX: ffffffff87c5f756 [ 67.068307][ T6870] RDX: ffff8880935da180 RSI: ffffffff87c5f868 RDI: 0000000000000005 [ 67.076297][ T6870] RBP: ffff8880855a3350 R08: ffff88809358de48 R09: ffff8880935daa60 [ 67.084258][ T6870] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 67.092229][ T6870] R13: 00000000ffffffff R14: ffff88809358cc00 R15: 0000000000000000 [ 67.100208][ T6870] ? ieee80211_check_rate_mask+0x86/0x210 [ 67.105925][ T6870] ? ieee80211_check_rate_mask+0x198/0x210 [ 67.111721][ T6870] ? ieee80211_check_rate_mask+0x198/0x210 [ 67.117534][ T6870] ieee80211_change_bss+0x53c/0xc20 [ 67.122727][ T6870] nl80211_set_bss+0x76c/0xc70 [ 67.127475][ T6870] ? nl80211_set_power_save+0x6c0/0x6c0 [ 67.133020][ T6870] ? nl80211_pre_doit+0xa2/0x630 [ 67.137942][ T6870] ? nl80211_dump_wiphy_parse.constprop.0+0x580/0x580 [ 67.144699][ T6870] genl_rcv_msg+0x61d/0x980 [ 67.149193][ T6870] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 67.156132][ T6870] ? lock_release+0x8f0/0x8f0 [ 67.160797][ T6870] netlink_rcv_skb+0x15a/0x430 [ 67.165546][ T6870] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 67.172481][ T6870] ? netlink_ack+0xa10/0xa10 [ 67.177075][ T6870] ? __kmalloc_node_track_caller+0x38/0x60 [ 67.182920][ T6870] genl_rcv+0x24/0x40 [ 67.186904][ T6870] netlink_unicast+0x533/0x7d0 [ 67.191654][ T6870] ? netlink_attachskb+0x810/0x810 [ 67.196750][ T6870] ? __phys_addr_symbol+0x2c/0x70 [ 67.201753][ T6870] ? __check_object_size+0x171/0x3e4 [ 67.207035][ T6870] netlink_sendmsg+0x856/0xd90 [ 67.211803][ T6870] ? netlink_unicast+0x7d0/0x7d0 [ 67.216727][ T6870] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 67.222016][ T6870] ? netlink_unicast+0x7d0/0x7d0 [ 67.226949][ T6870] sock_sendmsg+0xcf/0x120 [ 67.231365][ T6870] ____sys_sendmsg+0x6e8/0x810 [ 67.236113][ T6870] ? kernel_sendmsg+0x50/0x50 [ 67.240787][ T6870] ? do_recvmmsg+0x6d0/0x6d0 [ 67.245364][ T6870] ? stack_trace_consume_entry+0x160/0x160 [ 67.251170][ T6870] ___sys_sendmsg+0xf3/0x170 [ 67.255741][ T6870] ? sendmsg_copy_msghdr+0x160/0x160 [ 67.261024][ T6870] ? syscall_exit_to_user_mode+0x7e/0x2e0 [ 67.266735][ T6870] ? lock_downgrade+0x830/0x830 [ 67.271567][ T6870] ? check_preemption_disabled+0x50/0x130 [ 67.277268][ T6870] ? _raw_spin_unlock_irqrestore+0x6f/0x90 [ 67.283059][ T6870] ? lockdep_hardirqs_on_prepare+0x354/0x530 [ 67.289034][ T6870] ? _raw_spin_unlock_irqrestore+0x6f/0x90 [ 67.294819][ T6870] ? lockdep_hardirqs_on+0x53/0x100 [ 67.300015][ T6870] ? _raw_spin_unlock_irqrestore+0x5c/0x90 [ 67.305815][ T6870] ? debug_object_active_state+0x260/0x350 [ 67.311603][ T6870] ? debug_object_init_on_stack+0x20/0x20 [ 67.317303][ T6870] ? __fget_light+0x215/0x280 [ 67.322064][ T6870] __sys_sendmsg+0xe5/0x1b0 [ 67.326653][ T6870] ? __sys_sendmsg_sock+0xb0/0xb0 [ 67.331670][ T6870] ? lock_is_held_type+0xbb/0xf0 [ 67.336600][ T6870] ? check_preemption_disabled+0x50/0x130 [ 67.342298][ T6870] ? syscall_enter_from_user_mode+0x1d/0x60 [ 67.348177][ T6870] do_syscall_64+0x2d/0x70 [ 67.352572][ T6870] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.358441][ T6870] RIP: 0033:0x4419c9 [ 67.362317][ T6870] Code: e8 dc 05 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 0d fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 67.381918][ T6870] RSP: 002b:00007fff6930c958 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 67.390326][ T6870] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004419c9 [ 67.398282][ T6870] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 67.406248][ T6870] RBP: 000000306e616c77 R08: 0000000000000000 R09: 0000002000000000 [ 67.414201][ T6870] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000032 [ 67.422166][ T6870] R13: 0000000000000000 R14: 000000000000000c R15: 0000000000000004 [ 67.431328][ T6870] Kernel Offset: disabled [ 67.435708][ T6870] Rebooting in 86400 seconds..