Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.149' (ECDSA) to the list of known hosts. syzkaller login: [ 63.641604][ T6872] IPVS: ftp: loaded support on port[0] = 21 [ 63.714352][ T2892] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.740748][ T2892] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 executing program [ 63.764427][ T6902] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 63.775877][ T7] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.786001][ T7] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.795734][ T6902] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 63.814269][ T6872] ------------[ cut here ]------------ [ 63.820557][ T6872] wlan1: Failed check-sdata-in-driver check, flags: 0x4 [ 63.829189][ T6872] WARNING: CPU: 1 PID: 6872 at net/mac80211/driver-ops.h:172 drv_bss_info_changed+0x560/0x660 [ 63.840676][ T6872] Kernel panic - not syncing: panic_on_warn set ... [ 63.847672][ T6872] CPU: 1 PID: 6872 Comm: syz-executor609 Not tainted 5.9.0-rc8-syzkaller #0 [ 63.856429][ T6872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.867117][ T6872] Call Trace: [ 63.870621][ T6872] dump_stack+0x198/0x1fd [ 63.874961][ T6872] panic+0x382/0x7fb [ 63.878944][ T6872] ? __warn_printk+0xf3/0xf3 [ 63.883536][ T6872] ? drv_bss_info_changed+0x560/0x660 [ 63.889033][ T6872] ? seq_open+0x13a/0x180 [ 63.893525][ T6872] ? drv_bss_info_changed+0x560/0x660 [ 63.899270][ T6872] ? __warn.cold+0x5/0x4b [ 63.904541][ T6872] ? __warn+0xd6/0x1f2 [ 63.908607][ T6872] ? drv_bss_info_changed+0x560/0x660 [ 63.914099][ T6872] __warn.cold+0x20/0x4b [ 63.918523][ T6872] ? drv_bss_info_changed+0x560/0x660 [ 63.923982][ T6872] report_bug+0x1bd/0x210 [ 63.928358][ T6872] handle_bug+0x38/0x90 [ 63.932514][ T6872] ? __warn_printk+0xc6/0xf3 [ 63.937378][ T6872] exc_invalid_op+0x14/0x40 [ 63.942177][ T6872] asm_exc_invalid_op+0x12/0x20 [ 63.947238][ T6872] RIP: 0010:drv_bss_info_changed+0x560/0x660 [ 63.953744][ T6872] Code: ab 40 06 00 00 48 85 ed 0f 84 99 00 00 00 e8 c7 e5 b7 f9 e8 c2 e5 b7 f9 44 89 fa 48 89 ee 48 c7 c7 00 c8 5e 89 e8 b2 22 88 f9 <0f> 0b e9 6b fd ff ff e8 a4 e5 b7 f9 0f 0b e9 ac fc ff ff e8 18 be [ 63.975559][ T6872] RSP: 0018:ffffc900057675c0 EFLAGS: 00010286 [ 63.982157][ T6872] RAX: 0000000000000000 RBX: ffff888094380c00 RCX: 0000000000000000 [ 63.990315][ T6872] RDX: ffff8880a78d8580 RSI: ffffffff815f5a55 RDI: fffff52000aeceaa [ 63.999537][ T6872] RBP: ffff888094380000 R08: 0000000000000001 R09: ffff8880ae5318e7 [ 64.007600][ T6872] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000002000000 [ 64.015608][ T6872] R13: ffff888094381e10 R14: 0000000000000000 R15: 0000000000000004 [ 64.023844][ T6872] ? vprintk_func+0x95/0x1d4 [ 64.028437][ T6872] ieee80211_bss_info_change_notify+0x9a/0xc0 [ 64.034587][ T6872] ieee80211_set_mcast_rate+0x37/0x40 [ 64.039952][ T6872] ? ieee80211_set_wds_peer+0x30/0x30 [ 64.045325][ T6872] nl80211_set_mcast_rate+0x387/0x6c0 [ 64.050821][ T6872] ? nl80211_tdls_cancel_channel_switch+0x630/0x630 [ 64.057688][ T6872] ? nl80211_pre_doit+0xa2/0x630 [ 64.062756][ T6872] ? nl80211_dump_wiphy_parse.constprop.0+0x580/0x580 [ 64.069739][ T6872] genl_rcv_msg+0x61d/0x980 [ 64.074506][ T6872] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 64.081671][ T6872] ? lock_release+0x8f0/0x8f0 [ 64.086353][ T6872] netlink_rcv_skb+0x15a/0x430 [ 64.091197][ T6872] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 64.098593][ T6872] ? netlink_ack+0xa10/0xa10 [ 64.103634][ T6872] ? __kmalloc_node_track_caller+0x38/0x60 [ 64.109571][ T6872] genl_rcv+0x24/0x40 [ 64.113683][ T6872] netlink_unicast+0x533/0x7d0 [ 64.118614][ T6872] ? netlink_attachskb+0x810/0x810 [ 64.123868][ T6872] ? __phys_addr_symbol+0x2c/0x70 [ 64.128975][ T6872] ? __check_object_size+0x171/0x3e4 [ 64.134382][ T6872] netlink_sendmsg+0x856/0xd90 [ 64.139400][ T6872] ? netlink_unicast+0x7d0/0x7d0 [ 64.144509][ T6872] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 64.150099][ T6872] ? netlink_unicast+0x7d0/0x7d0 [ 64.155046][ T6872] sock_sendmsg+0xcf/0x120 [ 64.159713][ T6872] ____sys_sendmsg+0x6e8/0x810 [ 64.164526][ T6872] ? kernel_sendmsg+0x50/0x50 [ 64.169403][ T6872] ? do_recvmmsg+0x6d0/0x6d0 [ 64.174146][ T6872] ? lock_is_held_type+0xbb/0xf0 [ 64.179258][ T6872] ? find_held_lock+0x2d/0x110 [ 64.184069][ T6872] ? __might_fault+0x11f/0x1d0 [ 64.188894][ T6872] ___sys_sendmsg+0xf3/0x170 [ 64.193610][ T6872] ? sendmsg_copy_msghdr+0x160/0x160 [ 64.198981][ T6872] ? __might_fault+0x190/0x1d0 [ 64.203906][ T6872] ? _copy_to_user+0x126/0x160 [ 64.208715][ T6872] ? sock_do_ioctl+0x168/0x2d0 [ 64.213747][ T6872] ? compat_ifr_data_ioctl+0x150/0x150 [ 64.219738][ T6872] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 64.225757][ T6872] ? __fget_light+0x215/0x280 [ 64.230782][ T6872] __sys_sendmsg+0xe5/0x1b0 [ 64.235596][ T6872] ? __sys_sendmsg_sock+0xb0/0xb0 [ 64.240613][ T6872] ? lock_is_held_type+0xbb/0xf0 [ 64.245550][ T6872] ? check_preemption_disabled+0x50/0x130 [ 64.251326][ T6872] ? syscall_enter_from_user_mode+0x1d/0x60 [ 64.257638][ T6872] do_syscall_64+0x2d/0x70 [ 64.262369][ T6872] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.268411][ T6872] RIP: 0033:0x4417c9 [ 64.272301][ T6872] Code: e8 dc 05 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 0d fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 64.292024][ T6872] RSP: 002b:00007ffd5815e4d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 64.300610][ T6872] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004417c9 [ 64.308703][ T6872] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000005 [ 64.316669][ T6872] RBP: 000000316e616c77 R08: 0000002000000000 R09: 0000002000000000 [ 64.324826][ T6872] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000032 [ 64.333222][ T6872] R13: 0000000000000000 R14: 000000000000000c R15: 0000000000000004 [ 64.343182][ T6872] Kernel Offset: disabled [ 64.347823][ T6872] Rebooting in 86400 seconds..