[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.38' (ECDSA) to the list of known hosts. syzkaller login: [ 48.598907] IPVS: ftp: loaded support on port[0] = 21 [ 48.693415] chnl_net:caif_netlink_parms(): no params data found [ 48.769995] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.776905] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.783901] device bridge_slave_0 entered promiscuous mode [ 48.792387] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.799921] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.807465] device bridge_slave_1 entered promiscuous mode [ 48.824117] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 48.833031] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 48.851368] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 48.859787] team0: Port device team_slave_0 added [ 48.865156] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 48.872758] team0: Port device team_slave_1 added [ 48.888070] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 48.894304] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 48.920667] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 48.932830] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 48.940483] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 48.967048] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 48.978041] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.985399] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 49.005872] device hsr_slave_0 entered promiscuous mode [ 49.011849] device hsr_slave_1 entered promiscuous mode [ 49.018597] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 49.025556] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 49.090861] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.097295] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.104000] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.110400] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.141978] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 49.149657] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.158198] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 49.168195] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 49.176914] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.183873] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.191447] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 49.201924] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 49.208173] 8021q: adding VLAN 0 to HW filter on device team0 [ 49.217787] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.225374] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.231811] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.240956] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.249295] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.255794] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.271389] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 49.279220] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 49.289756] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 49.303061] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 49.313681] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 49.324704] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 49.332625] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 49.340929] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 49.348755] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 49.361113] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 49.372715] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 49.379624] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 49.386432] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 49.400758] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 49.409924] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 49.442874] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 49.451471] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 49.458742] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 49.468414] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 49.476803] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 49.483629] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 49.492724] device veth0_vlan entered promiscuous mode [ 49.501647] device veth1_vlan entered promiscuous mode [ 49.507829] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 49.516226] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 49.527186] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 49.537162] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 49.544422] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 49.552338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 49.561792] device veth0_macvtap entered promiscuous mode [ 49.569495] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 49.578751] device veth1_macvtap entered promiscuous mode [ 49.587832] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 49.597445] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 49.607839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 49.614501] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 49.623235] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 49.633532] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 49.640513] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 49.747957] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready [ 49.754672] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.770349] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.780200] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready [ 49.787260] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 49.794686] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.803269] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.811236] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 49.822352] ------------[ cut here ]------------ [ 49.828208] no supported rates (0x0) in rate_mask 0xff with flags 0x0 [ 49.835094] WARNING: CPU: 0 PID: 8078 at net/mac80211/rate.c:359 __rate_control_send_low+0x4bb/0x580 [ 49.844379] Kernel panic - not syncing: panic_on_warn set ... [ 49.844379] [ 49.851775] CPU: 0 PID: 8078 Comm: kworker/u4:5 Not tainted 4.19.164-syzkaller #0 [ 49.859375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.868724] Workqueue: phy2 ieee80211_roc_work [ 49.873286] Call Trace: [ 49.875856] dump_stack+0x1fc/0x2fe [ 49.879487] panic+0x26a/0x50e [ 49.882662] ? __warn_printk+0xf3/0xf3 [ 49.886556] ? __rate_control_send_low+0x4bb/0x580 [ 49.891471] ? __probe_kernel_read+0x130/0x1b0 [ 49.896033] ? __warn.cold+0x5/0x61 [ 49.899642] ? __warn+0xe4/0x200 [ 49.902993] ? __rate_control_send_low+0x4bb/0x580 [ 49.907902] __warn.cold+0x20/0x61 [ 49.911424] ? __rate_control_send_low+0x4bb/0x580 [ 49.916347] report_bug+0x262/0x2b0 [ 49.919971] do_error_trap+0x1d7/0x310 [ 49.923846] ? math_error+0x310/0x310 [ 49.927628] ? irq_work_claim+0xa6/0xc0 [ 49.931584] ? irq_work_queue+0x29/0x80 [ 49.935541] ? error_entry+0x72/0xd0 [ 49.940019] ? trace_hardirqs_off_caller+0x6e/0x210 [ 49.945017] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 49.949856] invalid_op+0x14/0x20 [ 49.953379] RIP: 0010:__rate_control_send_low+0x4bb/0x580 [ 49.958897] Code: 0f 85 d6 00 00 00 48 8b 44 24 18 44 8b 24 a8 e8 fb 1f a9 f9 8b 54 24 24 44 89 e9 44 89 e6 48 c7 c7 c0 14 67 89 e8 70 fc 7c f9 <0f> 0b e9 03 fe ff ff e8 d9 1f a9 f9 41 83 cd 10 e9 32 fc ff ff e8 [ 49.977792] RSP: 0018:ffff8880b38d7760 EFLAGS: 00010282 [ 49.983915] RAX: 0000000000000000 RBX: ffff8880a903e868 RCX: 0000000000000000 [ 49.991170] RDX: 0000000000000000 RSI: ffffffff814fdd11 RDI: ffffed101671aede [ 49.998432] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 50.005683] R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000000 [ 50.012932] R13: 0000000000000000 R14: 0000000000000008 R15: ffff8880954eed28 [ 50.020200] ? vprintk_func+0x81/0x17e [ 50.024597] rate_control_send_low+0x190/0x610 [ 50.029160] ? minstrel_ht_alloc_sta+0x2b0/0x2b0 [ 50.033901] minstrel_ht_get_rate+0x58/0x1510 [ 50.038391] ? mark_held_locks+0xf0/0xf0 [ 50.042446] ? minstrel_ht_alloc_sta+0x2b0/0x2b0 [ 50.047235] rate_control_get_rate+0x2b1/0x520 [ 50.051927] ieee80211_tx_h_rate_ctrl+0x8b9/0x1450 [ 50.056854] ? check_preemption_disabled+0x41/0x280 [ 50.061939] ? purge_old_ps_buffers+0x2d0/0x2d0 [ 50.066604] ? ieee80211_tx_h_select_key+0x6b4/0x15c0 [ 50.071799] invoke_tx_handlers_early+0x84f/0x1f90 [ 50.076718] ieee80211_tx+0x283/0x3e0 [ 50.080502] ? ieee80211_tx_prepare_skb+0x450/0x450 [ 50.086115] ? check_preemption_disabled+0x41/0x280 [ 50.091122] ? ieee80211_skb_resize.isra.0+0xff/0x640 [ 50.096403] ? round_jiffies_up_relative+0xd0/0xd0 [ 50.101316] ? ieee80211_set_qos_hdr+0x87/0x3a0 [ 50.105984] ieee80211_xmit+0x380/0x480 [ 50.109941] __ieee80211_tx_skb_tid_band+0x209/0x2b0 [ 50.115026] ieee80211_handle_roc_started+0x207/0x4f0 [ 50.120219] ? ieee80211_queue_delayed_work+0x131/0x170 [ 50.125565] _ieee80211_start_next_roc+0x75d/0x11e0 [ 50.130579] __ieee80211_roc_work+0x19a/0x3b0 [ 50.135056] ieee80211_roc_work+0x2b/0x40 [ 50.139191] process_one_work+0x864/0x1570 [ 50.143505] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 50.148161] worker_thread+0x64c/0x1130 [ 50.152122] ? __kthread_parkme+0x133/0x1e0 [ 50.156538] ? process_one_work+0x1570/0x1570 [ 50.161037] kthread+0x33f/0x460 [ 50.164384] ? kthread_park+0x180/0x180 [ 50.168355] ret_from_fork+0x24/0x30 [ 50.172991] Kernel Offset: disabled [ 50.176654] Rebooting in 86400 seconds..