[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.237' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 86.441054][ T35] audit: type=1400 audit(1612380681.410:8): avc: denied { execmem } for pid=8467 comm="syz-executor626" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 executing program [ 86.499680][ T4868] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 86.525847][ T8477] general protection fault, probably for non-canonical address 0xfbd59c0000000020: 0000 [#1] PREEMPT SMP KASAN [ 86.538944][ T8477] KASAN: maybe wild-memory-access in range [0xdead000000000100-0xdead000000000107] [ 86.548243][ T8477] CPU: 1 PID: 8477 Comm: syz-executor626 Not tainted 5.11.0-rc6-syzkaller #0 [ 86.557133][ T8477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 86.567396][ T8477] RIP: 0010:ieee80211_chanctx_num_assigned+0xb1/0x140 [ 86.574201][ T8477] Code: a8 f6 ff ff 48 39 c5 74 3b 49 bd 00 00 00 00 00 fc ff df e8 31 f4 13 f9 48 8d bb 58 09 00 00 41 83 c4 01 48 89 f8 48 c1 e8 03 <42> 80 3c 28 00 75 68 48 8b 83 58 09 00 00 48 8d 98 a8 f6 ff ff 48 [ 86.594037][ T8477] RSP: 0018:ffffc9000163f330 EFLAGS: 00010a02 [ 86.600218][ T8477] RAX: 1bd5a00000000020 RBX: deacfffffffff7a8 RCX: 0000000000000000 [ 86.609335][ T8477] RDX: ffff888030038280 RSI: ffffffff885ecbef RDI: dead000000000100 [ 86.617332][ T8477] RBP: ffff88801f154920 R08: 0000000000000000 R09: 0000000000000001 [ 86.625334][ T8477] R10: ffffffff885ecc4b R11: 0000000000000000 R12: 0000000000000002 [ 86.633317][ T8477] R13: dffffc0000000000 R14: ffff88801f154900 R15: 0000000000000000 [ 86.641300][ T8477] FS: 0000000001ad6300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 [ 86.650852][ T8477] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 86.657464][ T8477] CR2: 00000000004b4120 CR3: 000000002aa53000 CR4: 00000000001506e0 [ 86.665483][ T8477] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 86.673820][ T8477] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 86.682070][ T8477] Call Trace: [ 86.685854][ T8477] ieee80211_assign_vif_chanctx+0x7b8/0x1230 [ 86.691876][ T8477] __ieee80211_vif_release_channel+0x236/0x430 [ 86.698051][ T8477] ieee80211_vif_release_channel+0x117/0x220 [ 86.704049][ T8477] ieee80211_ibss_disconnect+0x44e/0x7b0 [ 86.709698][ T8477] ieee80211_ibss_leave+0x12/0xe0 [ 86.714738][ T8477] __cfg80211_leave_ibss+0x19a/0x4c0 [ 86.720059][ T8477] cfg80211_leave_ibss+0x57/0x80 [ 86.725030][ T8477] cfg80211_change_iface+0x7f2/0xf10 [ 86.731383][ T8477] nl80211_set_interface+0x65c/0x8d0 [ 86.736706][ T8477] ? nl80211_notify_iface+0x180/0x180 [ 86.742113][ T8477] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 86.748858][ T8477] ? nl80211_pre_doit+0xa2/0x630 [ 86.753830][ T8477] genl_family_rcv_msg_doit+0x228/0x320 [ 86.759672][ T8477] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 86.767480][ T8477] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 86.774128][ T8477] ? cap_capable+0x1f1/0x280 [ 86.779080][ T8477] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 86.785376][ T8477] ? ns_capable+0xde/0x100 [ 86.789910][ T8477] genl_rcv_msg+0x328/0x580 [ 86.794538][ T8477] ? genl_get_cmd+0x480/0x480 [ 86.799268][ T8477] ? nl80211_notify_iface+0x180/0x180 [ 86.804668][ T8477] ? lock_release+0x710/0x710 [ 86.809377][ T8477] netlink_rcv_skb+0x153/0x420 [ 86.814174][ T8477] ? genl_get_cmd+0x480/0x480 [ 86.818882][ T8477] ? netlink_ack+0xaa0/0xaa0 [ 86.823501][ T8477] genl_rcv+0x24/0x40 [ 86.827538][ T8477] netlink_unicast+0x533/0x7d0 [ 86.832365][ T8477] ? netlink_attachskb+0x870/0x870 [ 86.837504][ T8477] ? _copy_from_iter_full+0x275/0x850 [ 86.842908][ T8477] netlink_sendmsg+0x856/0xd90 [ 86.847709][ T8477] ? netlink_unicast+0x7d0/0x7d0 [ 86.852687][ T8477] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 86.858954][ T8477] ? netlink_unicast+0x7d0/0x7d0 [ 86.863921][ T8477] sock_sendmsg+0xcf/0x120 [ 86.868365][ T8477] ____sys_sendmsg+0x6e8/0x810 [ 86.873432][ T8477] ? kernel_sendmsg+0x50/0x50 [ 86.878126][ T8477] ? do_recvmmsg+0x6c0/0x6c0 [ 86.882767][ T8477] ? find_held_lock+0x2d/0x110 [ 86.887574][ T8477] ___sys_sendmsg+0xf3/0x170 [ 86.892188][ T8477] ? sendmsg_copy_msghdr+0x160/0x160 [ 86.897508][ T8477] ? _copy_to_user+0xdc/0x150 [ 86.902211][ T8477] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 86.908587][ T8477] ? sock_do_ioctl+0x168/0x2d0 [ 86.913377][ T8477] ? compat_ifr_data_ioctl+0x150/0x150 [ 86.918863][ T8477] ? __sanitizer_cov_trace_switch+0x63/0xf0 [ 86.924971][ T8477] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 86.931241][ T8477] ? __fget_light+0x215/0x280 [ 86.936036][ T8477] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 86.942317][ T8477] __sys_sendmsg+0xe5/0x1b0 [ 86.946859][ T8477] ? __sys_sendmsg_sock+0xb0/0xb0 [ 86.951915][ T8477] ? syscall_enter_from_user_mode+0x1d/0x50 [ 86.957862][ T8477] do_syscall_64+0x2d/0x70 [ 86.962353][ T8477] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 86.968277][ T8477] RIP: 0033:0x440dc9 [ 86.972194][ T8477] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 86.991834][ T8477] RSP: 002b:00007ffd470ae628 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 87.000304][ T8477] RAX: ffffffffffffffda RBX: 00000000000151a7 RCX: 0000000000440dc9 [ 87.008317][ T8477] RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000003 [ 87.016482][ T8477] RBP: 0000000000000000 R08: 00007ffd470ae7c8 R09: 00007ffd470ae7c8 [ 87.024755][ T8477] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd470ae63c [ 87.033006][ T8477] R13: 431bde82d7b634db R14: 00000000004b4018 R15: 00000000004004b8 [ 87.041008][ T8477] Modules linked in: [ 87.047318][ T8477] ---[ end trace e91a66e3df39bd64 ]--- [ 87.052950][ T8477] RIP: 0010:ieee80211_chanctx_num_assigned+0xb1/0x140 [ 87.060582][ T8477] Code: a8 f6 ff ff 48 39 c5 74 3b 49 bd 00 00 00 00 00 fc ff df e8 31 f4 13 f9 48 8d bb 58 09 00 00 41 83 c4 01 48 89 f8 48 c1 e8 03 <42> 80 3c 28 00 75 68 48 8b 83 58 09 00 00 48 8d 98 a8 f6 ff ff 48 [ 87.082036][ T8477] RSP: 0018:ffffc9000163f330 EFLAGS: 00010a02 [ 87.094952][ T8477] RAX: 1bd5a00000000020 RBX: deacfffffffff7a8 RCX: 0000000000000000 [ 87.103039][ T8477] RDX: ffff888030038280 RSI: ffffffff885ecbef RDI: dead000000000100 [ 87.111590][ T8477] RBP: ffff88801f154920 R08: 0000000000000000 R09: 0000000000000001 [ 87.120119][ T8477] R10: ffffffff885ecc4b R11: 0000000000000000 R12: 0000000000000002 [ 87.128785][ T8477] R13: dffffc0000000000 R14: ffff88801f154900 R15: 0000000000000000 [ 87.140117][ T8477] FS: 0000000001ad6300(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 [ 87.156635][ T8477] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 87.168485][ T8477] CR2: 000055d8023ec169 CR3: 000000002aa53000 CR4: 00000000001506f0 [ 87.176985][ T8477] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 87.185475][ T8477] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 87.193781][ T8477] Kernel panic - not syncing: Fatal exception [ 87.200528][ T8477] Kernel Offset: disabled [ 87.204860][ T8477] Rebooting in 86400 seconds..