Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.16' (ECDSA) to the list of known hosts. syzkaller login: [ 63.229420][ T8506] IPVS: ftp: loaded support on port[0] = 21 executing program [ 63.312906][ T21] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.328433][ T21] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.349137][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 63.372373][ T7] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.380343][ T7] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.389352][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 63.402129][ T8506] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 63.413826][ T8506] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 63.422209][ T8506] CPU: 0 PID: 8506 Comm: syz-executor284 Not tainted 5.9.0-syzkaller #0 [ 63.430503][ T8506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.440587][ T8506] RIP: 0010:call_commit_handler+0x8b/0x110 [ 63.446369][ T8506] Code: 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 7d 48 8b 9d e0 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <80> 3c 02 00 75 73 48 b8 00 00 00 00 00 fc ff df 48 8b 1b 48 89 da [ 63.465952][ T8506] RSP: 0018:ffffc900018f7ca8 EFLAGS: 00010246 [ 63.471993][ T8506] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff8844a668 [ 63.479950][ T8506] RDX: 0000000000000000 RSI: ffffffff8844a675 RDI: ffff888094a081e0 [ 63.487894][ T8506] RBP: ffff888094a08000 R08: 0000000000000000 R09: ffff888094a08047 [ 63.495838][ T8506] R10: 0000000000000000 R11: 0000000000000000 R12: ffff888094a08040 [ 63.503794][ T8506] R13: ffffc900018f7db0 R14: ffff888094a08000 R15: 0000000000000004 [ 63.511739][ T8506] FS: 00000000024e7880(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000 [ 63.520676][ T8506] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 63.527253][ T8506] CR2: 00000000200000c0 CR3: 00000000b4958000 CR4: 00000000001506f0 [ 63.535317][ T8506] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 63.543352][ T8506] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 63.551307][ T8506] Call Trace: [ 63.554580][ T8506] ioctl_standard_call+0x1b8/0x1f0 [ 63.559668][ T8506] ? cfg80211_wext_freq+0x1b0/0x1b0 [ 63.564839][ T8506] ? iw_handler_get_private+0x1a0/0x1a0 [ 63.570358][ T8506] ? cfg80211_wext_freq+0x1b0/0x1b0 [ 63.575528][ T8506] wireless_process_ioctl+0xc8/0x4c0 [ 63.580787][ T8506] ? call_commit_handler+0x110/0x110 [ 63.586046][ T8506] wext_handle_ioctl+0x26b/0x280 [ 63.590957][ T8506] ? compat_standard_call+0x340/0x340 [ 63.596303][ T8506] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 63.602171][ T8506] ? generic_block_fiemap+0x60/0x60 [ 63.607342][ T8506] ? __up_read+0x1a1/0x7b0 [ 63.611729][ T8506] sock_ioctl+0x439/0x730 [ 63.616030][ T8506] ? dlci_ioctl_set+0x30/0x30 [ 63.620677][ T8506] ? vmacache_update+0xce/0x140 [ 63.625500][ T8506] ? bpf_lsm_file_ioctl+0x5/0x10 [ 63.630409][ T8506] ? dlci_ioctl_set+0x30/0x30 [ 63.635058][ T8506] __x64_sys_ioctl+0x193/0x200 [ 63.639794][ T8506] do_syscall_64+0x2d/0x70 [ 63.644182][ T8506] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.650044][ T8506] RIP: 0033:0x441549 [ 63.653914][ T8506] Code: e8 ec 05 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 0d fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 63.673490][ T8506] RSP: 002b:00007ffe5dd32f18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 63.681874][ T8506] RAX: ffffffffffffffda RBX: 00007ffe5dd32f40 RCX: 0000000000441549 [ 63.689819][ T8506] RDX: 00000000200000c0 RSI: 0000000000008b04 RDI: 0000000000000003 [ 63.697764][ T8506] RBP: 0000000000000003 R08: 0000002000000000 R09: 0000002000000000 [ 63.705718][ T8506] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000032 [ 63.713671][ T8506] R13: 0000000000000000 R14: 000000000000000c R15: 0000000000000004 [ 63.721615][ T8506] Modules linked in: [ 63.727302][ T8506] ---[ end trace 306294f5bc0e138c ]--- [ 63.732770][ T8506] RIP: 0010:call_commit_handler+0x8b/0x110 [ 63.738923][ T8506] Code: 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 7d 48 8b 9d e0 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <80> 3c 02 00 75 73 48 b8 00 00 00 00 00 fc ff df 48 8b 1b 48 89 da [ 63.758736][ T8506] RSP: 0018:ffffc900018f7ca8 EFLAGS: 00010246 [ 63.764816][ T8506] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff8844a668 [ 63.772797][ T8506] RDX: 0000000000000000 RSI: ffffffff8844a675 RDI: ffff888094a081e0 [ 63.780968][ T8506] RBP: ffff888094a08000 R08: 0000000000000000 R09: ffff888094a08047 [ 63.788955][ T8506] R10: 0000000000000000 R11: 0000000000000000 R12: ffff888094a08040 [ 63.796912][ T8506] R13: ffffc900018f7db0 R14: ffff888094a08000 R15: 0000000000000004 [ 63.804890][ T8506] FS: 00000000024e7880(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000 [ 63.813849][ T8506] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 63.820450][ T8506] CR2: 00000000200000c0 CR3: 00000000b4958000 CR4: 00000000001506f0 [ 63.828437][ T8506] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 63.836393][ T8506] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 63.844466][ T8506] Kernel panic - not syncing: Fatal exception [ 63.851098][ T8506] Kernel Offset: disabled [ 63.855405][ T8506] Rebooting in 86400 seconds..