Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.151' (ECDSA) to the list of known hosts. syzkaller login: [ 67.385585][ T8437] IPVS: ftp: loaded support on port[0] = 21 executing program [ 67.481851][ T106] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.501935][ T106] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.535731][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 67.567324][ T259] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.575305][ T259] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.589633][ T3001] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 67.609395][ C1] ------------[ cut here ]------------ [ 67.612717][ T8437] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 67.615010][ C1] WARNING: CPU: 1 PID: 18 at net/wireless/scan.c:2337 cfg80211_inform_single_bss_frame_data+0xc7f/0xe90 [ 67.615073][ C1] Modules linked in: [ 67.615088][ C1] CPU: 1 PID: 18 Comm: ksoftirqd/1 Not tainted 5.11.0-rc5-syzkaller #0 [ 67.648209][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.658315][ C1] RIP: 0010:cfg80211_inform_single_bss_frame_data+0xc7f/0xe90 [ 67.665799][ C1] Code: 0f 0b 45 31 e4 e9 37 fb ff ff e8 3c 4a 3c f9 0f 0b 45 31 e4 e9 28 fb ff ff e8 2d 4a 3c f9 0f 0b e9 58 f4 ff ff e8 21 4a 3c f9 <0f> 0b 45 31 e4 e9 0d fb ff ff e8 12 4a 3c f9 0f 0b e9 4f fd ff ff [ 67.685464][ C1] RSP: 0018:ffffc90000d874c0 EFLAGS: 00010246 [ 67.691608][ C1] RAX: 0000000000000000 RBX: ffffc90000d87a38 RCX: 0000000000000100 [ 67.699654][ C1] RDX: ffff888010db3780 RSI: ffffffff8836717f RDI: 0000000000000003 [ 67.707704][ C1] RBP: ffff888011512c00 R08: 0000000000000023 R09: 0000000000000080 [ 67.715689][ C1] R10: ffffffff883666e3 R11: 000000000000001c R12: 0000000000000023 [ 67.723731][ C1] R13: ffff8880183b0580 R14: 0000000000000080 R15: 0000000000000080 [ 67.731783][ C1] FS: 0000000000000000(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000 [ 67.740791][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 67.747452][ C1] CR2: 0000000020000200 CR3: 000000000b08e000 CR4: 00000000001506e0 [ 67.755447][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 67.763543][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 67.771620][ C1] Call Trace: [ 67.774923][ C1] ? mark_lock+0xf7/0x1720 [ 67.779463][ C1] ? cfg80211_inform_bss_data+0x160/0x160 [ 67.785244][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 67.791366][ C1] cfg80211_inform_bss_frame_data+0xa7/0xb10 [ 67.797450][ C1] ? find_held_lock+0x2d/0x110 [ 67.802245][ C1] ? ieee80211_bss_info_update+0x374/0xb20 [ 67.808137][ C1] ? cfg80211_inform_single_bss_frame_data+0xe90/0xe90 [ 67.815029][ C1] ieee80211_bss_info_update+0x3ce/0xb20 [ 67.820766][ C1] ? ieee80211_rx_bss_put+0x50/0x50 [ 67.825995][ C1] ? __lock_acquire+0x16c2/0x54f0 [ 67.831132][ C1] ? mark_lock+0xf7/0x1720 [ 67.835567][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 67.841658][ C1] ? mark_lock+0xf7/0x1720 [ 67.846119][ C1] ? find_held_lock+0x2d/0x110 [ 67.850985][ C1] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 67.856792][ C1] ? ieee80211_get_channel_khz+0x14a/0x1e0 [ 67.862631][ C1] ieee80211_scan_rx+0x45f/0x7c0 [ 67.867649][ C1] ieee80211_rx_list+0x1faf/0x2430 [ 67.872795][ C1] ? ieee80211_prepare_and_rx_handle+0x6210/0x6210 [ 67.879402][ C1] ? find_held_lock+0x2d/0x110 [ 67.884213][ C1] ? skb_dequeue+0x125/0x180 [ 67.889063][ C1] ieee80211_rx_napi+0xf7/0x3d0 [ 67.893944][ C1] ? ieee80211_rx_list+0x2430/0x2430 [ 67.899333][ C1] ? lockdep_hardirqs_on+0x79/0x100 [ 67.904571][ C1] ? _raw_spin_unlock_irqrestore+0x2f/0x50 [ 67.910475][ C1] ieee80211_tasklet_handler+0xd4/0x130 [ 67.916128][ C1] tasklet_action_common.constprop.0+0x1d7/0x2d0 [ 67.922548][ C1] __do_softirq+0x2bc/0xa29 [ 67.927167][ C1] ? __local_bh_enable_ip+0x110/0x110 [ 67.932564][ C1] run_ksoftirqd+0x2d/0x50 [ 67.937049][ C1] smpboot_thread_fn+0x655/0x9e0 [ 67.942120][ C1] ? __smpboot_create_thread.part.0+0x370/0x370 [ 67.948458][ C1] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 67.954725][ C1] ? __kthread_parkme+0x13f/0x1e0 [ 67.959848][ C1] ? __smpboot_create_thread.part.0+0x370/0x370 [ 67.966112][ C1] kthread+0x3b1/0x4a0 [ 67.970279][ C1] ? __kthread_bind_mask+0xc0/0xc0 [ 67.975409][ C1] ret_from_fork+0x1f/0x30 [ 67.979957][ C1] Kernel panic - not syncing: panic_on_warn set ... [ 67.986548][ C1] CPU: 1 PID: 18 Comm: ksoftirqd/1 Not tainted 5.11.0-rc5-syzkaller #0 [ 67.994810][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.004875][ C1] Call Trace: [ 68.008160][ C1] dump_stack+0x107/0x163 [ 68.012512][ C1] panic+0x306/0x73d [ 68.016475][ C1] ? __warn_printk+0xf3/0xf3 [ 68.021092][ C1] ? __warn.cold+0x1a/0x44 [ 68.025527][ C1] ? cfg80211_inform_single_bss_frame_data+0xc7f/0xe90 [ 68.032401][ C1] __warn.cold+0x35/0x44 [ 68.036663][ C1] ? cfg80211_inform_single_bss_frame_data+0xc7f/0xe90 [ 68.043529][ C1] report_bug+0x1bd/0x210 [ 68.047877][ C1] handle_bug+0x3c/0x60 [ 68.052043][ C1] exc_invalid_op+0x14/0x40 [ 68.056557][ C1] asm_exc_invalid_op+0x12/0x20 [ 68.061425][ C1] RIP: 0010:cfg80211_inform_single_bss_frame_data+0xc7f/0xe90 [ 68.068899][ C1] Code: 0f 0b 45 31 e4 e9 37 fb ff ff e8 3c 4a 3c f9 0f 0b 45 31 e4 e9 28 fb ff ff e8 2d 4a 3c f9 0f 0b e9 58 f4 ff ff e8 21 4a 3c f9 <0f> 0b 45 31 e4 e9 0d fb ff ff e8 12 4a 3c f9 0f 0b e9 4f fd ff ff [ 68.088517][ C1] RSP: 0018:ffffc90000d874c0 EFLAGS: 00010246 [ 68.094598][ C1] RAX: 0000000000000000 RBX: ffffc90000d87a38 RCX: 0000000000000100 [ 68.102576][ C1] RDX: ffff888010db3780 RSI: ffffffff8836717f RDI: 0000000000000003 [ 68.110556][ C1] RBP: ffff888011512c00 R08: 0000000000000023 R09: 0000000000000080 [ 68.118535][ C1] R10: ffffffff883666e3 R11: 000000000000001c R12: 0000000000000023 [ 68.126519][ C1] R13: ffff8880183b0580 R14: 0000000000000080 R15: 0000000000000080 [ 68.134510][ C1] ? cfg80211_inform_single_bss_frame_data+0x1e3/0xe90 [ 68.141384][ C1] ? cfg80211_inform_single_bss_frame_data+0xc7f/0xe90 [ 68.148253][ C1] ? mark_lock+0xf7/0x1720 [ 68.152689][ C1] ? cfg80211_inform_bss_data+0x160/0x160 [ 68.158455][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 68.164457][ C1] cfg80211_inform_bss_frame_data+0xa7/0xb10 [ 68.170458][ C1] ? find_held_lock+0x2d/0x110 [ 68.175238][ C1] ? ieee80211_bss_info_update+0x374/0xb20 [ 68.181061][ C1] ? cfg80211_inform_single_bss_frame_data+0xe90/0xe90 [ 68.187941][ C1] ieee80211_bss_info_update+0x3ce/0xb20 [ 68.193597][ C1] ? ieee80211_rx_bss_put+0x50/0x50 [ 68.198825][ C1] ? __lock_acquire+0x16c2/0x54f0 [ 68.203879][ C1] ? mark_lock+0xf7/0x1720 [ 68.208306][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 68.214303][ C1] ? mark_lock+0xf7/0x1720 [ 68.218752][ C1] ? find_held_lock+0x2d/0x110 [ 68.223537][ C1] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 68.229279][ C1] ? ieee80211_get_channel_khz+0x14a/0x1e0 [ 68.235122][ C1] ieee80211_scan_rx+0x45f/0x7c0 [ 68.240083][ C1] ieee80211_rx_list+0x1faf/0x2430 [ 68.245225][ C1] ? ieee80211_prepare_and_rx_handle+0x6210/0x6210 [ 68.251759][ C1] ? find_held_lock+0x2d/0x110 [ 68.256541][ C1] ? skb_dequeue+0x125/0x180 [ 68.261148][ C1] ieee80211_rx_napi+0xf7/0x3d0 [ 68.266020][ C1] ? ieee80211_rx_list+0x2430/0x2430 [ 68.271321][ C1] ? lockdep_hardirqs_on+0x79/0x100 [ 68.276535][ C1] ? _raw_spin_unlock_irqrestore+0x2f/0x50 [ 68.282376][ C1] ieee80211_tasklet_handler+0xd4/0x130 [ 68.287941][ C1] tasklet_action_common.constprop.0+0x1d7/0x2d0 [ 68.294291][ C1] __do_softirq+0x2bc/0xa29 [ 68.298819][ C1] ? __local_bh_enable_ip+0x110/0x110 [ 68.304203][ C1] run_ksoftirqd+0x2d/0x50 [ 68.308733][ C1] smpboot_thread_fn+0x655/0x9e0 [ 68.313684][ C1] ? __smpboot_create_thread.part.0+0x370/0x370 [ 68.319935][ C1] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 68.326192][ C1] ? __kthread_parkme+0x13f/0x1e0 [ 68.331228][ C1] ? __smpboot_create_thread.part.0+0x370/0x370 [ 68.337485][ C1] kthread+0x3b1/0x4a0 [ 68.341567][ C1] ? __kthread_bind_mask+0xc0/0xc0 [ 68.346695][ C1] ret_from_fork+0x1f/0x30 [ 68.351988][ C1] Kernel Offset: disabled [ 68.356401][ C1] Rebooting in 86400 seconds..