[ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. [ OK ] Started OpenBSD Secure Shell server. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.0' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program syzkaller login: [ 58.790556][T10022] general protection fault, probably for non-canonical address 0xfbd59c0000000020: 0000 [#1] PREEMPT SMP KASAN [ 58.802297][T10022] KASAN: maybe wild-memory-access in range [0xdead000000000100-0xdead000000000107] [ 58.811556][T10022] CPU: 0 PID: 10022 Comm: syz-executor445 Not tainted 5.11.0-rc6-syzkaller #0 [ 58.820382][T10022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.830414][T10022] RIP: 0010:ieee80211_assign_vif_chanctx+0x6a7/0xa80 [ 58.837089][T10022] Code: 08 00 0f 85 96 00 00 00 e9 f7 00 00 00 e8 a1 ce 8a f8 49 83 c6 20 31 db 4c 89 f5 0f 1f 84 00 00 00 00 00 48 89 e8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 ef e8 fa 34 ce f8 48 8b 6d 00 4c 39 f5 [ 58.856792][T10022] RSP: 0018:ffffc90007fef670 EFLAGS: 00010a02 [ 58.862862][T10022] RAX: 1bd5a00000000020 RBX: 0000000000000002 RCX: ffff8880156c1bc0 [ 58.870828][T10022] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 58.878797][T10022] RBP: dead000000000100 R08: ffffffff88ecf9e5 R09: fffffbfff1b672de [ 58.886761][T10022] R10: fffffbfff1b672de R11: 0000000000000000 R12: 0000000000000000 [ 58.894712][T10022] R13: dffffc0000000000 R14: ffff888013e2b020 R15: ffff88801bff0bc0 [ 58.902660][T10022] FS: 00007f5557b86700(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 [ 58.911579][T10022] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 58.918142][T10022] CR2: 00007f5557b85288 CR3: 0000000024a0d000 CR4: 00000000001506f0 [ 58.926104][T10022] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 58.934052][T10022] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 58.942009][T10022] Call Trace: [ 58.945450][T10022] __ieee80211_vif_release_channel+0x279/0x540 [ 58.951605][T10022] ieee80211_vif_release_channel+0x13e/0x1a0 [ 58.957573][T10022] ieee80211_ibss_disconnect+0x6ea/0x870 [ 58.963192][T10022] ieee80211_ibss_leave+0x26/0xf0 [ 58.968202][T10022] __cfg80211_leave_ibss+0x11c/0x200 [ 58.973476][T10022] cfg80211_leave_ibss+0x5c/0x70 [ 58.978395][T10022] cfg80211_change_iface+0x428/0xaa0 [ 58.983681][T10022] nl80211_set_interface+0x497/0x7f0 [ 58.988953][T10022] genl_rcv_msg+0xe4e/0x1280 [ 58.993543][T10022] ? nl80211_dump_interface+0x610/0x610 [ 58.999508][T10022] netlink_rcv_skb+0x190/0x3a0 [ 59.004251][T10022] ? genl_rcv+0x40/0x40 [ 59.008387][T10022] genl_rcv+0x24/0x40 [ 59.012362][T10022] netlink_unicast+0x786/0x940 [ 59.017108][T10022] netlink_sendmsg+0x9ae/0xd50 [ 59.021854][T10022] ? netlink_getsockopt+0xa50/0xa50 [ 59.027049][T10022] ____sys_sendmsg+0x519/0x800 [ 59.031792][T10022] ? import_iovec+0xe6/0x120 [ 59.036374][T10022] __sys_sendmsg+0x2bf/0x370 [ 59.040956][T10022] ? __might_fault+0xb9/0x110 [ 59.045614][T10022] ? _copy_to_user+0xef/0x130 [ 59.050267][T10022] ? sock_do_ioctl+0x210/0x260 [ 59.055009][T10022] ? syscall_enter_from_user_mode+0x24/0x190 [ 59.060980][T10022] ? lockdep_hardirqs_on+0x8d/0x130 [ 59.066154][T10022] ? syscall_enter_from_user_mode+0x24/0x190 [ 59.072110][T10022] do_syscall_64+0x2d/0x70 [ 59.077314][T10022] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.083223][T10022] RIP: 0033:0x446889 [ 59.087260][T10022] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 59.106859][T10022] RSP: 002b:00007f5557b862f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 59.115256][T10022] RAX: ffffffffffffffda RBX: 00000000004cb440 RCX: 0000000000446889 [ 59.123206][T10022] RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000003 [ 59.131161][T10022] RBP: 00000000004cb44c R08: 0000000000000003 R09: 0000000000000000 [ 59.139124][T10022] R10: 0000000000000008 R11: 0000000000000246 R12: 000000000049b254 [ 59.147090][T10022] R13: 0031313230386c6e R14: 0000000000000000 R15: 00000000004cb448 [ 59.155048][T10022] Modules linked in: [ 59.169040][T10022] ---[ end trace 986da0a98b3932dc ]--- [ 59.174503][T10022] RIP: 0010:ieee80211_assign_vif_chanctx+0x6a7/0xa80 [ 59.182187][T10022] Code: 08 00 0f 85 96 00 00 00 e9 f7 00 00 00 e8 a1 ce 8a f8 49 83 c6 20 31 db 4c 89 f5 0f 1f 84 00 00 00 00 00 48 89 e8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 ef e8 fa 34 ce f8 48 8b 6d 00 4c 39 f5 [ 59.202342][T10022] RSP: 0018:ffffc90007fef670 EFLAGS: 00010a02 [ 59.209526][T10022] RAX: 1bd5a00000000020 RBX: 0000000000000002 RCX: ffff8880156c1bc0 [ 59.217569][T10022] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 59.226111][T10022] RBP: dead000000000100 R08: ffffffff88ecf9e5 R09: fffffbfff1b672de [ 59.234523][T10022] R10: fffffbfff1b672de R11: 0000000000000000 R12: 0000000000000000 [ 59.242920][T10022] R13: dffffc0000000000 R14: ffff888013e2b020 R15: ffff88801bff0bc0 [ 59.252169][T10022] FS: 00007f5557b86700(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 [ 59.261502][T10022] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 59.268086][T10022] CR2: 00007f5557b43288 CR3: 0000000024a0d000 CR4: 00000000001506f0 [ 59.276630][T10022] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 59.285151][T10022] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 59.293621][T10022] Kernel panic - not syncing: Fatal exception [ 59.300182][T10022] Kernel Offset: disabled [ 59.304506][T10022] Rebooting in 86400 seconds..