[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.11' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 36.778110] FAULT_INJECTION: forcing a failure. [ 36.778110] name failslab, interval 1, probability 0, space 0, times 1 [ 36.789868] CPU: 0 PID: 8104 Comm: syz-executor726 Not tainted 4.19.160-syzkaller #0 [ 36.798100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.807454] Call Trace: [ 36.810044] dump_stack+0x1fc/0x2fe [ 36.813773] should_fail.cold+0xa/0x14 [ 36.817656] ? setup_fault_attr+0x200/0x200 [ 36.822085] ? lock_acquire+0x170/0x3c0 [ 36.826067] __should_failslab+0x115/0x180 [ 36.830293] should_failslab+0x5/0xf [ 36.834009] kmem_cache_alloc_node_trace+0x244/0x3b0 [ 36.839102] setup_kmem_cache_node+0x283/0x510 [ 36.843675] __do_tune_cpucache+0x161/0x210 [ 36.847995] enable_cpucache+0x50/0x130 [ 36.851975] __kmem_cache_create+0x1a7/0x260 [ 36.856396] create_cache+0xd1/0x1f0 [ 36.860100] kmem_cache_create_usercopy+0x1a6/0x240 [ 36.865108] kmem_cache_create+0xd/0x10 [ 36.869107] ieee80211_mesh_init_sdata+0x47c/0x550 [ 36.874134] ieee80211_setup_sdata+0xcbb/0xf70 [ 36.878755] ieee80211_if_add+0xe19/0x17c0 [ 36.883316] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 36.888357] ieee80211_add_iface+0x99/0x160 [ 36.892787] ? ieee80211_del_iface+0x20/0x20 [ 36.897195] nl80211_new_interface+0x531/0x1570 [ 36.901878] ? nl80211_prepare_wdev_dump+0x550/0x550 [ 36.906990] ? nl80211_notify_iface+0x1b0/0x1b0 [ 36.911762] ? nl80211_pre_doit+0xa2/0x620 [ 36.915987] ? __cfg80211_rdev_from_attrs+0x700/0x700 [ 36.921182] genl_family_rcv_msg+0x642/0xc40 [ 36.925620] ? genl_rcv+0x40/0x40 [ 36.929084] ? genl_rcv_msg+0x12f/0x160 [ 36.933048] ? __mutex_add_waiter+0x160/0x160 [ 36.937539] ? __radix_tree_lookup+0x216/0x370 [ 36.942122] genl_rcv_msg+0xbf/0x160 [ 36.945873] netlink_rcv_skb+0x160/0x440 [ 36.949938] ? genl_family_rcv_msg+0xc40/0xc40 [ 36.954532] ? netlink_ack+0xae0/0xae0 [ 36.958433] ? genl_rcv+0x15/0x40 [ 36.961933] genl_rcv+0x24/0x40 [ 36.965207] netlink_unicast+0x4d5/0x690 [ 36.969267] ? netlink_sendskb+0x110/0x110 [ 36.973512] ? _copy_from_iter_full+0x229/0x7c0 [ 36.978198] ? __phys_addr_symbol+0x2c/0x70 [ 36.982528] ? __check_object_size+0x17b/0x3d1 [ 36.987104] netlink_sendmsg+0x6bb/0xc40 [ 36.991177] ? aa_af_perm+0x230/0x230 [ 36.994997] ? nlmsg_notify+0x1a0/0x1a0 [ 36.998964] ? kernel_recvmsg+0x220/0x220 [ 37.003105] ? nlmsg_notify+0x1a0/0x1a0 [ 37.007107] sock_sendmsg+0xc3/0x120 [ 37.010828] ___sys_sendmsg+0x7bb/0x8e0 [ 37.014808] ? check_preemption_disabled+0x41/0x280 [ 37.019819] ? copy_msghdr_from_user+0x440/0x440 [ 37.024571] ? proc_fail_nth_write+0x95/0x1d0 [ 37.029053] ? proc_tgid_io_accounting+0x7f0/0x7f0 [ 37.033978] ? debug_check_no_obj_freed+0x201/0x482 [ 37.038986] ? __vfs_write+0xff/0x770 [ 37.042799] ? proc_tgid_io_accounting+0x7f0/0x7f0 [ 37.047732] ? common_file_perm+0x4e5/0x850 [ 37.052063] ? kernel_read+0x110/0x110 [ 37.055965] ? trace_hardirqs_off+0x64/0x200 [ 37.060361] ? fsnotify+0x84e/0xe10 [ 37.063974] ? vfs_write+0x3d7/0x540 [ 37.067691] ? __fdget+0x1a0/0x230 [ 37.071230] __x64_sys_sendmsg+0x132/0x220 [ 37.075551] ? __sys_sendmsg+0x1b0/0x1b0 [ 37.079596] ? vfs_write+0x393/0x540 [ 37.083300] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 37.088649] ? trace_hardirqs_off_caller+0x6e/0x210 [ 37.093668] ? do_syscall_64+0x21/0x620 [ 37.097643] do_syscall_64+0xf9/0x620 [ 37.101431] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.106623] RIP: 0033:0x441889 [ 37.109802] Code: e8 5c ac 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 1b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 37.128712] RSP: 002b:00007ffd6e2a6528 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 37.136413] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441889 [ 37.143681] RDX: 0000000000000000 RSI: 00000000200006c0 RDI: 0000000000000003 [ 37.151023] RBP: 00007ffd6e2a6540 R08: 0000000000000002 R09: 0000000000000000 [ 37.158278] R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff [ 37.165549] R13: 0000000000000005 R14: 0000000000000000 R15: 0000000000000000 [ 37.173592] enable_cpucache failed for mesh_rmc, error 12 [ 37.179368] kmem_cache_create(mesh_rmc) failed with error -12 [ 37.185582] CPU: 0 PID: 8104 Comm: syz-executor726 Not tainted 4.19.160-syzkaller #0 [ 37.193473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.202932] Call Trace: [ 37.205552] dump_stack+0x1fc/0x2fe [ 37.209203] kmem_cache_create_usercopy.cold+0x23/0xae [ 37.214499] kmem_cache_create+0xd/0x10 [ 37.218469] ieee80211_mesh_init_sdata+0x47c/0x550 [ 37.223395] ieee80211_setup_sdata+0xcbb/0xf70 [ 37.227973] ieee80211_if_add+0xe19/0x17c0 [ 37.232204] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 37.237214] ieee80211_add_iface+0x99/0x160 [ 37.241541] ? ieee80211_del_iface+0x20/0x20 [ 37.245962] nl80211_new_interface+0x531/0x1570 [ 37.250628] ? nl80211_prepare_wdev_dump+0x550/0x550 [ 37.255722] ? nl80211_notify_iface+0x1b0/0x1b0 [ 37.260412] ? nl80211_pre_doit+0xa2/0x620 [ 37.264652] ? __cfg80211_rdev_from_attrs+0x700/0x700 [ 37.269837] genl_family_rcv_msg+0x642/0xc40 [ 37.274255] ? genl_rcv+0x40/0x40 [ 37.277722] ? genl_rcv_msg+0x12f/0x160 [ 37.281709] ? __mutex_add_waiter+0x160/0x160 [ 37.286208] ? __radix_tree_lookup+0x216/0x370 [ 37.290819] genl_rcv_msg+0xbf/0x160 [ 37.294527] netlink_rcv_skb+0x160/0x440 [ 37.298588] ? genl_family_rcv_msg+0xc40/0xc40 [ 37.303162] ? netlink_ack+0xae0/0xae0 [ 37.307065] ? genl_rcv+0x15/0x40 [ 37.310520] genl_rcv+0x24/0x40 [ 37.313810] netlink_unicast+0x4d5/0x690 [ 37.317984] ? netlink_sendskb+0x110/0x110 [ 37.322239] ? _copy_from_iter_full+0x229/0x7c0 [ 37.326924] ? __phys_addr_symbol+0x2c/0x70 [ 37.331530] ? __check_object_size+0x17b/0x3d1 [ 37.336108] netlink_sendmsg+0x6bb/0xc40 [ 37.340279] ? aa_af_perm+0x230/0x230 [ 37.344074] ? nlmsg_notify+0x1a0/0x1a0 [ 37.348498] ? kernel_recvmsg+0x220/0x220 [ 37.352657] ? nlmsg_notify+0x1a0/0x1a0 [ 37.356629] sock_sendmsg+0xc3/0x120 [ 37.360351] ___sys_sendmsg+0x7bb/0x8e0 [ 37.364311] ? check_preemption_disabled+0x41/0x280 [ 37.369336] ? copy_msghdr_from_user+0x440/0x440 [ 37.374095] ? proc_fail_nth_write+0x95/0x1d0 [ 37.378582] ? proc_tgid_io_accounting+0x7f0/0x7f0 [ 37.383504] ? debug_check_no_obj_freed+0x201/0x482 [ 37.388513] ? __vfs_write+0xff/0x770 [ 37.392323] ? proc_tgid_io_accounting+0x7f0/0x7f0 [ 37.397262] ? common_file_perm+0x4e5/0x850 [ 37.401577] ? kernel_read+0x110/0x110 [ 37.405466] ? trace_hardirqs_off+0x64/0x200 [ 37.409885] ? fsnotify+0x84e/0xe10 [ 37.413508] ? vfs_write+0x3d7/0x540 [ 37.417392] ? __fdget+0x1a0/0x230 [ 37.420927] __x64_sys_sendmsg+0x132/0x220 [ 37.425191] ? __sys_sendmsg+0x1b0/0x1b0 [ 37.429248] ? vfs_write+0x393/0x540 [ 37.432951] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 37.438310] ? trace_hardirqs_off_caller+0x6e/0x210 [ 37.443325] ? do_syscall_64+0x21/0x620 [ 37.447288] do_syscall_64+0xf9/0x620 [ 37.451209] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.456905] RIP: 0033:0x441889 [ 37.460085] Code: e8 5c ac 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 1b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 37.479002] RSP: 002b:00007ffd6e2a6528 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 37.486722] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441889 [ 37.493994] RDX: 0000000000000000 RSI: 00000000200006c0 RDI: 0000000000000003 [ 37.501263] RBP: 00007ffd6e2a6540 R08: 0000000000000002 R09: 0000000000000000 [ 37.508542] R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff [ 37.515919] R13: 0000000000000005 R14: 0000000000000000 R15: 0000000000000000 executing program [ 37.575867] FAULT_INJECTION: forcing a failure. [ 37.575867] name failslab, interval 1, probability 0, space 0, times 0 [ 37.587745] CPU: 0 PID: 8114 Comm: syz-executor726 Not tainted 4.19.160-syzkaller #0 [ 37.595634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.604996] Call Trace: [ 37.607585] dump_stack+0x1fc/0x2fe [ 37.611214] should_fail.cold+0xa/0x14 [ 37.615100] ? mesh_table_alloc+0x3d/0x150 [ 37.619443] ? setup_fault_attr+0x200/0x200 [ 37.623772] __should_failslab+0x115/0x180 [ 37.627998] should_failslab+0x5/0xf [ 37.631707] kmem_cache_alloc_trace+0x46/0x380 [ 37.636289] mesh_table_alloc+0x3d/0x150 [ 37.640339] mesh_pathtbl_init+0x2d/0x100 [ 37.644488] ieee80211_mesh_init_sdata+0x28e/0x550 [ 37.649414] ieee80211_setup_sdata+0xcbb/0xf70 [ 37.654076] ieee80211_if_add+0xe19/0x17c0 [ 37.658298] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 37.663314] ieee80211_add_iface+0x99/0x160 [ 37.667628] ? ieee80211_del_iface+0x20/0x20 [ 37.672056] nl80211_new_interface+0x531/0x1570 [ 37.676713] ? nl80211_prepare_wdev_dump+0x550/0x550 [ 37.681813] ? nl80211_notify_iface+0x1b0/0x1b0 [ 37.686489] ? nl80211_pre_doit+0xa2/0x620 [ 37.690713] ? __cfg80211_rdev_from_attrs+0x700/0x700 [ 37.695892] genl_family_rcv_msg+0x642/0xc40 [ 37.700301] ? genl_rcv+0x40/0x40 [ 37.703737] ? genl_rcv_msg+0x12f/0x160 [ 37.707694] ? __mutex_add_waiter+0x160/0x160 [ 37.712203] ? __radix_tree_lookup+0x216/0x370 [ 37.716782] genl_rcv_msg+0xbf/0x160 [ 37.720487] netlink_rcv_skb+0x160/0x440 [ 37.724556] ? genl_family_rcv_msg+0xc40/0xc40 [ 37.729136] ? netlink_ack+0xae0/0xae0 [ 37.733020] ? genl_rcv+0x15/0x40 [ 37.736465] genl_rcv+0x24/0x40 [ 37.739743] netlink_unicast+0x4d5/0x690 [ 37.743801] ? netlink_sendskb+0x110/0x110 [ 37.748027] ? _copy_from_iter_full+0x229/0x7c0 [ 37.752729] ? __phys_addr_symbol+0x2c/0x70 [ 37.757042] ? __check_object_size+0x17b/0x3d1 [ 37.761621] netlink_sendmsg+0x6bb/0xc40 [ 37.765686] ? aa_af_perm+0x230/0x230 [ 37.769472] ? nlmsg_notify+0x1a0/0x1a0 [ 37.773437] ? kernel_recvmsg+0x220/0x220 [ 37.777573] ? nlmsg_notify+0x1a0/0x1a0 [ 37.781550] sock_sendmsg+0xc3/0x120 [ 37.785253] ___sys_sendmsg+0x7bb/0x8e0 [ 37.789344] ? check_preemption_disabled+0x41/0x280 [ 37.794348] ? copy_msghdr_from_user+0x440/0x440 [ 37.799108] ? proc_fail_nth_write+0x95/0x1d0 [ 37.803766] ? proc_tgid_io_accounting+0x7f0/0x7f0 [ 37.808697] ? debug_check_no_obj_freed+0x201/0x482 [ 37.813713] ? __vfs_write+0xff/0x770 [ 37.817503] ? proc_tgid_io_accounting+0x7f0/0x7f0 [ 37.822463] ? common_file_perm+0x4e5/0x850 [ 37.826781] ? kernel_read+0x110/0x110 [ 37.830657] ? trace_hardirqs_off+0x64/0x200 [ 37.835051] ? fsnotify+0x84e/0xe10 [ 37.838662] ? vfs_write+0x3d7/0x540 [ 37.842362] ? __fdget+0x1a0/0x230 [ 37.845891] __x64_sys_sendmsg+0x132/0x220 [ 37.850116] ? __sys_sendmsg+0x1b0/0x1b0 [ 37.854160] ? vfs_write+0x393/0x540 [ 37.857867] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 37.863228] ? trace_hardirqs_off_caller+0x6e/0x210 [ 37.868229] ? do_syscall_64+0x21/0x620 [ 37.872196] do_syscall_64+0xf9/0x620 [ 37.875996] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.881178] RIP: 0033:0x441889 [ 37.884365] Code: e8 5c ac 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 1b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 37.903281] RSP: 002b:00007ffd6e2a6528 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 37.910973] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441889 [ 37.918235] RDX: 0000000000000000 RSI: 00000000200006c0 RDI: 0000000000000003 [ 37.925510] RBP: 00007ffd6e2a6540 R08: 0000000000000002 R09: 0000000000000000 [ 37.932765] R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff [ 37.940019] R13: 0000000000000005 R14: 0000000000000000 R15: 0000000000000000 [ 37.947936] ================================================================== [ 37.955316] BUG: KASAN: wild-memory-access in __lock_acquire+0x251/0x3ff0 [ 37.962243] Write of size 4 at addr dead000000000238 by task syz-executor726/8114 [ 37.969855] [ 37.971508] CPU: 0 PID: 8114 Comm: syz-executor726 Not tainted 4.19.160-syzkaller #0 [ 37.979385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.988738] Call Trace: [ 37.991312] dump_stack+0x1fc/0x2fe [ 37.994927] kasan_report_error.cold+0x15b/0x1c7 [ 37.999686] ? __lock_acquire+0x251/0x3ff0 [ 38.003906] kasan_report+0x8f/0x96 [ 38.007524] ? __lock_acquire+0x251/0x3ff0 [ 38.011739] __lock_acquire+0x251/0x3ff0 [ 38.015795] ? mark_held_locks+0xa6/0xf0 [ 38.019853] ? finish_task_switch+0x118/0x780 [ 38.024345] ? _raw_spin_unlock_irq+0x24/0x80 [ 38.028822] ? check_preemption_disabled+0x41/0x280 [ 38.033823] ? mark_held_locks+0xf0/0xf0 [ 38.037875] ? mark_held_locks+0xa6/0xf0 [ 38.041920] ? __flush_work+0x56b/0x8b0 [ 38.045884] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 38.050460] ? __flush_work+0x4cf/0x8b0 [ 38.054418] ? alloc_unbound_pwq+0xc10/0xc10 [ 38.058829] ? mark_held_locks+0xa6/0xf0 [ 38.062886] ? io_schedule_timeout+0x140/0x140 [ 38.067452] lock_acquire+0x170/0x3c0 [ 38.071241] ? rhashtable_free_and_destroy+0x41/0x970 [ 38.076412] ? rhashtable_free_and_destroy+0x41/0x970 [ 38.081584] __mutex_lock+0xd7/0x1260 [ 38.085367] ? rhashtable_free_and_destroy+0x41/0x970 [ 38.090637] ? rhashtable_free_and_destroy+0x41/0x970 [ 38.095820] ? __mutex_add_waiter+0x160/0x160 [ 38.100316] ? try_to_grab_pending+0x6f0/0x6f0 [ 38.104888] ? should_fail+0x142/0x7b0 [ 38.108766] ? mesh_table_alloc+0x3d/0x150 [ 38.112985] ? setup_fault_attr+0x200/0x200 [ 38.117290] ? check_preemption_disabled+0x41/0x280 [ 38.122293] rhashtable_free_and_destroy+0x41/0x970 [ 38.127312] ? mesh_path_tbl_expire.constprop.0+0x1d0/0x1d0 [ 38.133008] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 38.138034] ? kmem_cache_alloc_trace+0x323/0x380 [ 38.142878] mesh_pathtbl_init+0xd9/0x100 [ 38.147043] ieee80211_mesh_init_sdata+0x28e/0x550 [ 38.151987] ieee80211_setup_sdata+0xcbb/0xf70 [ 38.156561] ieee80211_if_add+0xe19/0x17c0 [ 38.160786] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 38.165814] ieee80211_add_iface+0x99/0x160 [ 38.170158] ? ieee80211_del_iface+0x20/0x20 [ 38.174561] nl80211_new_interface+0x531/0x1570 [ 38.179221] ? nl80211_prepare_wdev_dump+0x550/0x550 [ 38.184314] ? nl80211_notify_iface+0x1b0/0x1b0 [ 38.188971] ? nl80211_pre_doit+0xa2/0x620 [ 38.193197] ? __cfg80211_rdev_from_attrs+0x700/0x700 [ 38.198393] genl_family_rcv_msg+0x642/0xc40 [ 38.202791] ? genl_rcv+0x40/0x40 [ 38.206242] ? genl_rcv_msg+0x12f/0x160 [ 38.210205] ? __mutex_add_waiter+0x160/0x160 [ 38.214698] ? __radix_tree_lookup+0x216/0x370 [ 38.219336] genl_rcv_msg+0xbf/0x160 [ 38.223475] netlink_rcv_skb+0x160/0x440 [ 38.227607] ? genl_family_rcv_msg+0xc40/0xc40 [ 38.232216] ? netlink_ack+0xae0/0xae0 [ 38.236208] ? genl_rcv+0x15/0x40 [ 38.239645] genl_rcv+0x24/0x40 [ 38.242908] netlink_unicast+0x4d5/0x690 [ 38.246966] ? netlink_sendskb+0x110/0x110 [ 38.251197] ? _copy_from_iter_full+0x229/0x7c0 [ 38.255856] ? __phys_addr_symbol+0x2c/0x70 [ 38.260166] ? __check_object_size+0x17b/0x3d1 [ 38.264751] netlink_sendmsg+0x6bb/0xc40 [ 38.268818] ? aa_af_perm+0x230/0x230 [ 38.272676] ? nlmsg_notify+0x1a0/0x1a0 [ 38.276640] ? kernel_recvmsg+0x220/0x220 [ 38.280793] ? nlmsg_notify+0x1a0/0x1a0 [ 38.284762] sock_sendmsg+0xc3/0x120 [ 38.288485] ___sys_sendmsg+0x7bb/0x8e0 [ 38.292499] ? check_preemption_disabled+0x41/0x280 [ 38.297536] ? copy_msghdr_from_user+0x440/0x440 [ 38.302461] ? proc_fail_nth_write+0x95/0x1d0 [ 38.306954] ? proc_tgid_io_accounting+0x7f0/0x7f0 [ 38.311899] ? debug_check_no_obj_freed+0x201/0x482 [ 38.316925] ? __vfs_write+0xff/0x770 [ 38.320733] ? proc_tgid_io_accounting+0x7f0/0x7f0 [ 38.325659] ? common_file_perm+0x4e5/0x850 [ 38.329972] ? kernel_read+0x110/0x110 [ 38.333862] ? trace_hardirqs_off+0x64/0x200 [ 38.338259] ? fsnotify+0x84e/0xe10 [ 38.341878] ? vfs_write+0x3d7/0x540 [ 38.345575] ? __fdget+0x1a0/0x230 [ 38.349121] __x64_sys_sendmsg+0x132/0x220 [ 38.353351] ? __sys_sendmsg+0x1b0/0x1b0 [ 38.357399] ? vfs_write+0x393/0x540 [ 38.361101] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 38.366477] ? trace_hardirqs_off_caller+0x6e/0x210 [ 38.371480] ? do_syscall_64+0x21/0x620 [ 38.375437] do_syscall_64+0xf9/0x620 [ 38.379223] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.384396] RIP: 0033:0x441889 [ 38.387572] Code: e8 5c ac 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 1b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 38.406463] RSP: 002b:00007ffd6e2a6528 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 38.414157] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441889 [ 38.421425] RDX: 0000000000000000 RSI: 00000000200006c0 RDI: 0000000000000003 [ 38.428697] RBP: 00007ffd6e2a6540 R08: 0000000000000002 R09: 0000000000000000 [ 38.435996] R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff [ 38.443251] R13: 0000000000000005 R14: 0000000000000000 R15: 0000000000000000 [ 38.450537] ================================================================== [ 38.458100] Disabling lock debugging due to kernel taint [ 38.463622] Kernel panic - not syncing: panic_on_warn set ... [ 38.463622] [ 38.470971] CPU: 0 PID: 8114 Comm: syz-executor726 Tainted: G B 4.19.160-syzkaller #0 [ 38.480236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.489663] Call Trace: [ 38.492257] dump_stack+0x1fc/0x2fe [ 38.495867] panic+0x26a/0x50e [ 38.499150] ? __warn_printk+0xf3/0xf3 [ 38.503036] ? lock_downgrade+0x720/0x720 [ 38.507169] ? trace_hardirqs_off+0x64/0x200 [ 38.511562] ? trace_hardirqs_off+0x64/0x200 [ 38.515972] kasan_end_report+0x43/0x49 [ 38.519944] kasan_report_error.cold+0xa7/0x1c7 [ 38.524618] ? __lock_acquire+0x251/0x3ff0 [ 38.528833] kasan_report+0x8f/0x96 [ 38.532443] ? __lock_acquire+0x251/0x3ff0 [ 38.536661] __lock_acquire+0x251/0x3ff0 [ 38.540707] ? mark_held_locks+0xa6/0xf0 [ 38.544848] ? finish_task_switch+0x118/0x780 [ 38.549422] ? _raw_spin_unlock_irq+0x24/0x80 [ 38.553901] ? check_preemption_disabled+0x41/0x280 [ 38.558902] ? mark_held_locks+0xf0/0xf0 [ 38.562956] ? mark_held_locks+0xa6/0xf0 [ 38.567169] ? __flush_work+0x56b/0x8b0 [ 38.571132] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 38.575702] ? __flush_work+0x4cf/0x8b0 [ 38.579664] ? alloc_unbound_pwq+0xc10/0xc10 [ 38.584056] ? mark_held_locks+0xa6/0xf0 [ 38.588101] ? io_schedule_timeout+0x140/0x140 [ 38.592678] lock_acquire+0x170/0x3c0 [ 38.596465] ? rhashtable_free_and_destroy+0x41/0x970 [ 38.601659] ? rhashtable_free_and_destroy+0x41/0x970 [ 38.606855] __mutex_lock+0xd7/0x1260 [ 38.610659] ? rhashtable_free_and_destroy+0x41/0x970 [ 38.615866] ? rhashtable_free_and_destroy+0x41/0x970 [ 38.621061] ? __mutex_add_waiter+0x160/0x160 [ 38.625578] ? try_to_grab_pending+0x6f0/0x6f0 [ 38.630145] ? should_fail+0x142/0x7b0 [ 38.634031] ? mesh_table_alloc+0x3d/0x150 [ 38.638250] ? setup_fault_attr+0x200/0x200 [ 38.642554] ? check_preemption_disabled+0x41/0x280 [ 38.647570] rhashtable_free_and_destroy+0x41/0x970 [ 38.652575] ? mesh_path_tbl_expire.constprop.0+0x1d0/0x1d0 [ 38.658271] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 38.663275] ? kmem_cache_alloc_trace+0x323/0x380 [ 38.668127] mesh_pathtbl_init+0xd9/0x100 [ 38.672957] ieee80211_mesh_init_sdata+0x28e/0x550 [ 38.677901] ieee80211_setup_sdata+0xcbb/0xf70 [ 38.682469] ieee80211_if_add+0xe19/0x17c0 [ 38.686690] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 38.691700] ieee80211_add_iface+0x99/0x160 [ 38.696035] ? ieee80211_del_iface+0x20/0x20 [ 38.700455] nl80211_new_interface+0x531/0x1570 [ 38.705137] ? nl80211_prepare_wdev_dump+0x550/0x550 [ 38.710223] ? nl80211_notify_iface+0x1b0/0x1b0 [ 38.714892] ? nl80211_pre_doit+0xa2/0x620 [ 38.719172] ? __cfg80211_rdev_from_attrs+0x700/0x700 [ 38.724353] genl_family_rcv_msg+0x642/0xc40 [ 38.728749] ? genl_rcv+0x40/0x40 [ 38.732218] ? genl_rcv_msg+0x12f/0x160 [ 38.736192] ? __mutex_add_waiter+0x160/0x160 [ 38.740672] ? __radix_tree_lookup+0x216/0x370 [ 38.745255] genl_rcv_msg+0xbf/0x160 [ 38.748975] netlink_rcv_skb+0x160/0x440 [ 38.753042] ? genl_family_rcv_msg+0xc40/0xc40 [ 38.757617] ? netlink_ack+0xae0/0xae0 [ 38.761491] ? genl_rcv+0x15/0x40 [ 38.764931] genl_rcv+0x24/0x40 [ 38.768210] netlink_unicast+0x4d5/0x690 [ 38.772262] ? netlink_sendskb+0x110/0x110 [ 38.776496] ? _copy_from_iter_full+0x229/0x7c0 [ 38.781170] ? __phys_addr_symbol+0x2c/0x70 [ 38.785477] ? __check_object_size+0x17b/0x3d1 [ 38.790060] netlink_sendmsg+0x6bb/0xc40 [ 38.794109] ? aa_af_perm+0x230/0x230 [ 38.797920] ? nlmsg_notify+0x1a0/0x1a0 [ 38.801886] ? kernel_recvmsg+0x220/0x220 [ 38.806028] ? nlmsg_notify+0x1a0/0x1a0 [ 38.810014] sock_sendmsg+0xc3/0x120 [ 38.813713] ___sys_sendmsg+0x7bb/0x8e0 [ 38.817673] ? check_preemption_disabled+0x41/0x280 [ 38.822673] ? copy_msghdr_from_user+0x440/0x440 [ 38.827423] ? proc_fail_nth_write+0x95/0x1d0 [ 38.831912] ? proc_tgid_io_accounting+0x7f0/0x7f0 [ 38.836843] ? debug_check_no_obj_freed+0x201/0x482 [ 38.841842] ? __vfs_write+0xff/0x770 [ 38.845640] ? proc_tgid_io_accounting+0x7f0/0x7f0 [ 38.850571] ? common_file_perm+0x4e5/0x850 [ 38.854894] ? kernel_read+0x110/0x110 [ 38.858781] ? trace_hardirqs_off+0x64/0x200 [ 38.863171] ? fsnotify+0x84e/0xe10 [ 38.866788] ? vfs_write+0x3d7/0x540 [ 38.870504] ? __fdget+0x1a0/0x230 [ 38.874036] __x64_sys_sendmsg+0x132/0x220 [ 38.878282] ? __sys_sendmsg+0x1b0/0x1b0 [ 38.882328] ? vfs_write+0x393/0x540 [ 38.886047] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 38.891398] ? trace_hardirqs_off_caller+0x6e/0x210 [ 38.896401] ? do_syscall_64+0x21/0x620 [ 38.900375] do_syscall_64+0xf9/0x620 [ 38.904163] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.909359] RIP: 0033:0x441889 [ 38.912546] Code: e8 5c ac 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 1b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 38.931436] RSP: 002b:00007ffd6e2a6528 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 38.939149] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441889 [ 38.946403] RDX: 0000000000000000 RSI: 00000000200006c0 RDI: 0000000000000003 [ 38.954004] RBP: 00007ffd6e2a6540 R08: 0000000000000002 R09: 0000000000000000 [ 38.961276] R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff [ 38.968977] R13: 0000000000000005 R14: 0000000000000000 R15: 0000000000000000 [ 38.976788] Kernel Offset: disabled [ 38.980424] Rebooting in 86400 seconds..