Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.41' (ECDSA) to the list of known hosts. syzkaller login: [ 52.707317][ T8471] IPVS: ftp: loaded support on port[0] = 21 [ 52.776085][ T24] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 52.792802][ T24] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 52.807950][ T4912] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready executing program [ 52.829446][ T24] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 52.837429][ T24] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 52.854792][ T4912] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 52.899552][ T8471] ------------[ cut here ]------------ [ 52.905135][ T8471] wlan1: Failed check-sdata-in-driver check, flags: 0x4 [ 52.959436][ T8471] WARNING: CPU: 1 PID: 8471 at net/mac80211/driver-ops.h:172 drv_bss_info_changed+0x4f3/0x5f0 [ 52.970480][ T8471] Modules linked in: [ 52.974416][ T8471] CPU: 1 PID: 8471 Comm: syz-executor637 Not tainted 5.11.0-rc5-syzkaller #0 [ 52.992061][ T8471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.003576][ T8471] RIP: 0010:drv_bss_info_changed+0x4f3/0x5f0 [ 53.010714][ T8471] Code: 40 06 00 00 48 85 ed 0f 84 9c 00 00 00 e8 65 d2 26 f9 e8 60 d2 26 f9 8b 54 24 04 48 89 ee 48 c7 c7 c0 b5 62 8a e8 a9 ff 6c 00 <0f> 0b e9 dd fd ff ff e8 41 d2 26 f9 0f 0b e9 15 fd ff ff 4c 89 ff [ 53.031088][ T8471] RSP: 0018:ffffc90000edf508 EFLAGS: 00010286 [ 53.037177][ T8471] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 53.045577][ T8471] RDX: ffff88801be63780 RSI: ffffffff815b6285 RDI: fffff520001dbe93 [ 53.053622][ T8471] RBP: ffff888024aa0000 R08: 0000000000000000 R09: 0000000000000000 [ 53.062157][ T8471] R10: ffffffff815af45e R11: 0000000000000000 R12: ffff888024aa0bc0 [ 53.070402][ T8471] R13: 0000000002000000 R14: ffff888024aa1de0 R15: ffff888024aa1dd8 [ 53.078375][ T8471] FS: 0000000001772880(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000 [ 53.087370][ T8471] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 53.094029][ T8471] CR2: 00007f00379e6740 CR3: 000000001cd6f000 CR4: 0000000000350ef0 [ 53.102064][ T8471] Call Trace: [ 53.105343][ T8471] ieee80211_bss_info_change_notify+0x9a/0xc0 [ 53.111467][ T8471] ieee80211_set_mcast_rate+0x37/0x40 [ 53.116845][ T8471] ? ieee80211_get_mesh_config+0x30/0x30 [ 53.122533][ T8471] nl80211_set_mcast_rate+0x317/0x610 [ 53.127910][ T8471] ? nl80211_tdls_cancel_channel_switch+0x5b0/0x5b0 [ 53.134773][ T8471] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 53.141078][ T8471] ? nl80211_pre_doit+0xa2/0x630 [ 53.146020][ T8471] genl_family_rcv_msg_doit+0x228/0x320 [ 53.151617][ T8471] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 53.158998][ T8471] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 53.165342][ T8471] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 53.171730][ T8471] ? ns_capable+0xde/0x100 [ 53.176150][ T8471] genl_rcv_msg+0x328/0x580 [ 53.180739][ T8471] ? genl_get_cmd+0x480/0x480 [ 53.185588][ T8471] ? nl80211_tdls_cancel_channel_switch+0x5b0/0x5b0 [ 53.193261][ T8471] ? lock_release+0x710/0x710 [ 53.197974][ T8471] netlink_rcv_skb+0x153/0x420 [ 53.203221][ T8471] ? genl_get_cmd+0x480/0x480 [ 53.208111][ T8471] ? netlink_ack+0xaa0/0xaa0 [ 53.212837][ T8471] genl_rcv+0x24/0x40 [ 53.216834][ T8471] netlink_unicast+0x533/0x7d0 [ 53.221669][ T8471] ? netlink_attachskb+0x870/0x870 [ 53.226780][ T8471] ? _copy_from_iter_full+0x275/0x850 [ 53.232441][ T8471] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 53.238705][ T8471] ? __phys_addr_symbol+0x2c/0x70 [ 53.243820][ T8471] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 53.249611][ T8471] ? __check_object_size+0x171/0x3f0 [ 53.254905][ T8471] netlink_sendmsg+0x856/0xd90 [ 53.259725][ T8471] ? netlink_unicast+0x7d0/0x7d0 [ 53.264676][ T8471] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 53.270974][ T8471] ? netlink_unicast+0x7d0/0x7d0 [ 53.275922][ T8471] sock_sendmsg+0xcf/0x120 [ 53.280580][ T8471] ____sys_sendmsg+0x6e8/0x810 [ 53.285363][ T8471] ? kernel_sendmsg+0x50/0x50 [ 53.290115][ T8471] ? do_recvmmsg+0x6c0/0x6c0 [ 53.294812][ T8471] ? find_held_lock+0x2d/0x110 [ 53.299660][ T8471] ___sys_sendmsg+0xf3/0x170 [ 53.304258][ T8471] ? sendmsg_copy_msghdr+0x160/0x160 [ 53.309629][ T8471] ? _copy_to_user+0xdc/0x150 [ 53.314317][ T8471] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 53.321529][ T8471] ? sock_do_ioctl+0x168/0x2d0 [ 53.326335][ T8471] ? compat_ifr_data_ioctl+0x150/0x150 [ 53.332342][ T8471] ? __sanitizer_cov_trace_switch+0x63/0xf0 [ 53.338271][ T8471] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 53.344673][ T8471] ? __fget_light+0x215/0x280 [ 53.349445][ T8471] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 53.355707][ T8471] __sys_sendmsg+0xe5/0x1b0 [ 53.360578][ T8471] ? __sys_sendmsg_sock+0xb0/0xb0 [ 53.365625][ T8471] ? syscall_enter_from_user_mode+0x1d/0x50 [ 53.371628][ T8471] do_syscall_64+0x2d/0x70 [ 53.376054][ T8471] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 53.382026][ T8471] RIP: 0033:0x4417f9 [ 53.385932][ T8471] Code: e8 dc 05 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 8b 0d fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 53.405639][ T8471] RSP: 002b:00007fff15ccbe88 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 53.414144][ T8471] RAX: ffffffffffffffda RBX: 00007fff15ccbeb0 RCX: 00000000004417f9 [ 53.422248][ T8471] RDX: 0000000000000000 RSI: 0000000020000400 RDI: 0000000000000004 [ 53.430283][ T8471] RBP: 0000000000000003 R08: 0000002100000000 R09: 0000002100000000 [ 53.438264][ T8471] R10: 0000002100000000 R11: 0000000000000246 R12: 0000000000000032 [ 53.446328][ T8471] R13: 0000000000000000 R14: 000000000000000c R15: 0000000000000004 [ 53.454485][ T8471] Kernel panic - not syncing: panic_on_warn set ... [ 53.461091][ T8471] CPU: 1 PID: 8471 Comm: syz-executor637 Not tainted 5.11.0-rc5-syzkaller #0 [ 53.470117][ T8471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.480165][ T8471] Call Trace: [ 53.483436][ T8471] dump_stack+0x107/0x163 [ 53.487757][ T8471] panic+0x306/0x73d [ 53.491642][ T8471] ? __warn_printk+0xf3/0xf3 [ 53.496225][ T8471] ? __warn.cold+0x1a/0x44 [ 53.500630][ T8471] ? drv_bss_info_changed+0x4f3/0x5f0 [ 53.505986][ T8471] __warn.cold+0x35/0x44 [ 53.510213][ T8471] ? wake_up_klogd.part.0+0x8e/0xd0 [ 53.515397][ T8471] ? drv_bss_info_changed+0x4f3/0x5f0 [ 53.520755][ T8471] report_bug+0x1bd/0x210 [ 53.525073][ T8471] handle_bug+0x3c/0x60 [ 53.529211][ T8471] exc_invalid_op+0x14/0x40 [ 53.533696][ T8471] asm_exc_invalid_op+0x12/0x20 [ 53.538531][ T8471] RIP: 0010:drv_bss_info_changed+0x4f3/0x5f0 [ 53.544766][ T8471] Code: 40 06 00 00 48 85 ed 0f 84 9c 00 00 00 e8 65 d2 26 f9 e8 60 d2 26 f9 8b 54 24 04 48 89 ee 48 c7 c7 c0 b5 62 8a e8 a9 ff 6c 00 <0f> 0b e9 dd fd ff ff e8 41 d2 26 f9 0f 0b e9 15 fd ff ff 4c 89 ff [ 53.564720][ T8471] RSP: 0018:ffffc90000edf508 EFLAGS: 00010286 [ 53.570869][ T8471] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 53.580294][ T8471] RDX: ffff88801be63780 RSI: ffffffff815b6285 RDI: fffff520001dbe93 [ 53.588654][ T8471] RBP: ffff888024aa0000 R08: 0000000000000000 R09: 0000000000000000 [ 53.596612][ T8471] R10: ffffffff815af45e R11: 0000000000000000 R12: ffff888024aa0bc0 [ 53.605649][ T8471] R13: 0000000002000000 R14: ffff888024aa1de0 R15: ffff888024aa1dd8 [ 53.613619][ T8471] ? wake_up_klogd.part.0+0x8e/0xd0 [ 53.619028][ T8471] ? vprintk_func+0x95/0x1e0 [ 53.623904][ T8471] ? drv_bss_info_changed+0x4f3/0x5f0 [ 53.629649][ T8471] ieee80211_bss_info_change_notify+0x9a/0xc0 [ 53.635698][ T8471] ieee80211_set_mcast_rate+0x37/0x40 [ 53.641334][ T8471] ? ieee80211_get_mesh_config+0x30/0x30 [ 53.647046][ T8471] nl80211_set_mcast_rate+0x317/0x610 [ 53.652494][ T8471] ? nl80211_tdls_cancel_channel_switch+0x5b0/0x5b0 [ 53.659523][ T8471] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 53.665940][ T8471] ? nl80211_pre_doit+0xa2/0x630 [ 53.670867][ T8471] genl_family_rcv_msg_doit+0x228/0x320 [ 53.676425][ T8471] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 53.683975][ T8471] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 53.690209][ T8471] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 53.696435][ T8471] ? ns_capable+0xde/0x100 [ 53.700840][ T8471] genl_rcv_msg+0x328/0x580 [ 53.705419][ T8471] ? genl_get_cmd+0x480/0x480 [ 53.710341][ T8471] ? nl80211_tdls_cancel_channel_switch+0x5b0/0x5b0 [ 53.717041][ T8471] ? lock_release+0x710/0x710 [ 53.721800][ T8471] netlink_rcv_skb+0x153/0x420 [ 53.726582][ T8471] ? genl_get_cmd+0x480/0x480 [ 53.731368][ T8471] ? netlink_ack+0xaa0/0xaa0 [ 53.736040][ T8471] genl_rcv+0x24/0x40 [ 53.740119][ T8471] netlink_unicast+0x533/0x7d0 [ 53.744872][ T8471] ? netlink_attachskb+0x870/0x870 [ 53.749989][ T8471] ? _copy_from_iter_full+0x275/0x850 [ 53.755348][ T8471] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 53.761589][ T8471] ? __phys_addr_symbol+0x2c/0x70 [ 53.766600][ T8471] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 53.772325][ T8471] ? __check_object_size+0x171/0x3f0 [ 53.777620][ T8471] netlink_sendmsg+0x856/0xd90 [ 53.782395][ T8471] ? netlink_unicast+0x7d0/0x7d0 [ 53.787343][ T8471] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 53.793573][ T8471] ? netlink_unicast+0x7d0/0x7d0 [ 53.798495][ T8471] sock_sendmsg+0xcf/0x120 [ 53.802919][ T8471] ____sys_sendmsg+0x6e8/0x810 [ 53.809183][ T8471] ? kernel_sendmsg+0x50/0x50 [ 53.813931][ T8471] ? do_recvmmsg+0x6c0/0x6c0 [ 53.818543][ T8471] ? find_held_lock+0x2d/0x110 [ 53.823309][ T8471] ___sys_sendmsg+0xf3/0x170 [ 53.827885][ T8471] ? sendmsg_copy_msghdr+0x160/0x160 [ 53.833157][ T8471] ? _copy_to_user+0xdc/0x150 [ 53.837930][ T8471] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 53.844178][ T8471] ? sock_do_ioctl+0x168/0x2d0 [ 53.848933][ T8471] ? compat_ifr_data_ioctl+0x150/0x150 [ 53.854403][ T8471] ? __sanitizer_cov_trace_switch+0x63/0xf0 [ 53.860288][ T8471] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 53.866525][ T8471] ? __fget_light+0x215/0x280 [ 53.871187][ T8471] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 53.877632][ T8471] __sys_sendmsg+0xe5/0x1b0 [ 53.882122][ T8471] ? __sys_sendmsg_sock+0xb0/0xb0 [ 53.887163][ T8471] ? syscall_enter_from_user_mode+0x1d/0x50 [ 53.893130][ T8471] do_syscall_64+0x2d/0x70 [ 53.897528][ T8471] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 53.903408][ T8471] RIP: 0033:0x4417f9 [ 53.907310][ T8471] Code: e8 dc 05 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 8b 0d fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 53.927977][ T8471] RSP: 002b:00007fff15ccbe88 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 53.936866][ T8471] RAX: ffffffffffffffda RBX: 00007fff15ccbeb0 RCX: 00000000004417f9 [ 53.944998][ T8471] RDX: 0000000000000000 RSI: 0000000020000400 RDI: 0000000000000004 [ 53.953021][ T8471] RBP: 0000000000000003 R08: 0000002100000000 R09: 0000002100000000 [ 53.960977][ T8471] R10: 0000002100000000 R11: 0000000000000246 R12: 0000000000000032 [ 53.968935][ T8471] R13: 0000000000000000 R14: 000000000000000c R15: 0000000000000004 [ 53.981079][ T8471] Kernel Offset: disabled [ 53.986823][ T8471] Rebooting in 86400 seconds..