[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.51' (ECDSA) to the list of known hosts. syzkaller login: [ 43.505907] audit: type=1400 audit(1600949277.060:8): avc: denied { execmem } for pid=6480 comm="syz-executor205" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 43.523123] IPVS: ftp: loaded support on port[0] = 21 [ 43.599884] chnl_net:caif_netlink_parms(): no params data found [ 43.685876] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.692540] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.699578] device bridge_slave_0 entered promiscuous mode [ 43.707841] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.714299] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.721225] device bridge_slave_1 entered promiscuous mode [ 43.738753] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 43.748123] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 43.766076] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 43.773465] team0: Port device team_slave_0 added [ 43.778898] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 43.786588] team0: Port device team_slave_1 added [ 43.801102] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 43.807445] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 43.833202] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 43.844801] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 43.851025] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 43.876249] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 43.886898] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 43.894414] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 43.914376] device hsr_slave_0 entered promiscuous mode [ 43.920118] device hsr_slave_1 entered promiscuous mode [ 43.926526] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 43.933642] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 44.000291] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.006779] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.013741] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.020099] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.056087] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 44.062516] 8021q: adding VLAN 0 to HW filter on device bond0 [ 44.070157] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 44.079427] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.088992] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.096207] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.103602] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 44.115136] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 44.121250] 8021q: adding VLAN 0 to HW filter on device team0 [ 44.129611] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.138554] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.144954] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.161885] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.169491] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.175885] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.183568] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 44.191785] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 44.200842] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 44.214267] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 44.224144] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 44.235113] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 44.243748] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.251954] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.259421] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 44.271971] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 44.282822] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 44.289279] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 44.296759] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 44.308125] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 44.319202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 44.353926] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 44.360939] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 44.369040] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 44.377785] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 44.385453] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 44.392909] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 44.403245] device veth0_vlan entered promiscuous mode [ 44.412510] device veth1_vlan entered promiscuous mode [ 44.418373] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 44.427485] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 44.438737] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 44.448547] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 44.456382] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 44.464161] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 44.474420] device veth0_macvtap entered promiscuous mode [ 44.480543] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 44.488720] device veth1_macvtap entered promiscuous mode [ 44.498190] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 44.508229] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 44.519117] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 44.526405] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 44.535146] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 44.545921] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 44.552965] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 44.682968] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready [ 44.689753] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 44.708434] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 44.714680] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready executing program [ 44.730493] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 44.738223] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 44.747265] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 44.755025] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 44.767319] ------------[ cut here ]------------ [ 44.773274] WARNING: CPU: 0 PID: 6429 at net/mac80211/sta_info.c:458 sta_info_insert_rcu.cold+0x104/0x280 [ 44.783008] Kernel panic - not syncing: panic_on_warn set ... [ 44.783008] [ 44.790390] CPU: 0 PID: 6429 Comm: kworker/u4:6 Not tainted 4.19.147-syzkaller #0 [ 44.797988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.807332] Workqueue: phy2 ieee80211_iface_work [ 44.812107] Call Trace: [ 44.814675] dump_stack+0x22c/0x33e [ 44.818281] panic+0x2ac/0x565 [ 44.821455] ? __warn_printk+0xf3/0xf3 [ 44.825339] ? sta_info_insert_rcu.cold+0x104/0x280 [ 44.830332] ? __probe_kernel_read+0x130/0x1b0 [ 44.834902] ? __warn.cold+0x5/0x5a [ 44.838516] ? __warn+0xe4/0x200 [ 44.841874] ? sta_info_insert_rcu.cold+0x104/0x280 [ 44.846879] __warn.cold+0x20/0x5a [ 44.850408] ? sta_info_insert_rcu.cold+0x104/0x280 [ 44.855408] report_bug+0x262/0x2b0 [ 44.859034] do_error_trap+0x1e1/0x330 [ 44.862901] ? math_error+0x320/0x320 [ 44.866695] ? __irq_work_queue_local+0x155/0x200 [ 44.871531] ? irq_work_queue+0x29/0x80 [ 44.876267] ? wake_up_klogd+0xef/0x140 [ 44.880219] ? vprintk_emit+0x1d0/0x7c0 [ 44.884173] ? trace_hardirqs_off_caller+0x69/0x210 [ 44.889168] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 44.894003] invalid_op+0x14/0x20 [ 44.897438] RIP: 0010:sta_info_insert_rcu.cold+0x104/0x280 [ 44.903053] Code: 74 24 30 48 c7 c7 00 29 1c 8b e8 05 96 6a fc 0f b6 44 24 30 e9 10 5a ff ff e8 26 67 26 fa 48 c7 c7 c0 29 cd 88 e8 49 e2 0f fa <0f> 0b 41 bd ea ff ff ff e9 4d 63 ff ff e8 08 67 26 fa 0f b6 f3 48 [ 44.921931] RSP: 0018:ffff88809ec8fa60 EFLAGS: 00010282 [ 44.927270] RAX: 0000000000000024 RBX: ffff88808446a980 RCX: 0000000000000000 [ 44.934533] RDX: 0000000000000000 RSI: ffffffff815b523f RDI: ffffed1013d91f3e [ 44.941781] RBP: 0000000000000001 R08: 0000000000000024 R09: 0000000000000000 [ 44.949032] R10: 0000000000000005 R11: 0000000000000000 R12: 000000008540bf2f [ 44.956297] R13: ffff888087fe8408 R14: ffff888087fe83c0 R15: 000000000000bd07 [ 44.963587] ? vprintk_func+0x7f/0x224 [ 44.967459] ? check_preemption_disabled+0x41/0x2b0 [ 44.972473] ? minstrel_ht_rate_update+0x40/0x40 [ 44.977210] ? rate_control_rate_init+0x33c/0x570 [ 44.982047] ieee80211_ibss_finish_sta+0x277/0x380 [ 44.986955] ? ieee80211_sta_join_ibss+0xf90/0xf90 [ 44.991862] ? ieee80211_ibss_work+0x120/0xec0 [ 44.996421] ? __local_bh_enable_ip+0x159/0x2a0 [ 45.001073] ? lockdep_hardirqs_on+0x3c1/0x5e0 [ 45.005636] ieee80211_ibss_work+0x2b6/0xec0 [ 45.010042] ? ieee80211_ibss_rx_queued_mgmt+0x1940/0x1940 [ 45.015645] ? mark_held_locks+0xa6/0xf0 [ 45.019696] ? _raw_spin_unlock_irqrestore+0x7d/0xf0 [ 45.024773] ? lockdep_hardirqs_on+0x3c1/0x5e0 [ 45.029331] ? _raw_spin_unlock_irqrestore+0x6a/0xf0 [ 45.034419] ieee80211_iface_work+0x828/0x900 [ 45.038893] process_one_work+0x796/0x14e0 [ 45.043118] ? init_worker_pool+0x5c0/0x5c0 [ 45.047420] worker_thread+0x64c/0x1130 [ 45.051394] ? __kthread_parkme+0x133/0x1e0 [ 45.055693] ? rescuer_thread+0xce0/0xce0 [ 45.059821] kthread+0x33f/0x460 [ 45.063167] ? kthread_park+0x180/0x180 [ 45.067119] ret_from_fork+0x24/0x30 [ 45.072236] Kernel Offset: disabled [ 45.075912] Rebooting in 86400 seconds..