Warning: Permanently added '10.128.0.29' (ECDSA) to the list of known hosts. syzkaller login: [ 57.018421][ T6855] IPVS: ftp: loaded support on port[0] = 21 [ 57.088742][ T21] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.103310][ T21] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.146294][ T2623] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 57.163749][ T116] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.172905][ T116] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.183270][ T2623] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready executing program [ 57.197447][ T6855] ================================================================================ [ 57.207864][ T6855] UBSAN: array-index-out-of-bounds in net/mac80211/cfg.c:524:9 [ 57.215468][ T6855] index 255 is out of range for type 'ieee80211_key *[8]' [ 57.223074][ T6855] CPU: 0 PID: 6855 Comm: syz-executor586 Not tainted 5.9.0-rc3-syzkaller #0 [ 57.231736][ T6855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.241808][ T6855] Call Trace: [ 57.245078][ T6855] dump_stack+0x198/0x1fd [ 57.249384][ T6855] ubsan_epilogue+0xb/0x5a [ 57.253781][ T6855] __ubsan_handle_out_of_bounds.cold+0x62/0x6c [ 57.259909][ T6855] ? lock_is_held_type+0xbb/0xf0 [ 57.264852][ T6855] ieee80211_del_key+0x428/0x440 [ 57.269771][ T6855] nl80211_del_key+0x493/0x980 [ 57.274515][ T6855] ? cfg80211_tdls_oper_request+0x7f0/0x7f0 [ 57.280393][ T6855] ? nl80211_pre_doit+0xa2/0x630 [ 57.285307][ T6855] ? nl80211_dump_wiphy_parse.constprop.0+0x580/0x580 [ 57.292044][ T6855] genl_rcv_msg+0x61d/0x980 [ 57.296528][ T6855] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 57.303444][ T6855] ? lock_release+0x8f0/0x8f0 [ 57.308100][ T6855] netlink_rcv_skb+0x15a/0x430 [ 57.312838][ T6855] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 57.319760][ T6855] ? netlink_ack+0xa10/0xa10 [ 57.324342][ T6855] ? __kmalloc_node_track_caller+0x38/0x60 [ 57.330143][ T6855] genl_rcv+0x24/0x40 [ 57.334107][ T6855] netlink_unicast+0x533/0x7d0 [ 57.338852][ T6855] ? netlink_attachskb+0x810/0x810 [ 57.343941][ T6855] ? __phys_addr_symbol+0x2c/0x70 [ 57.348942][ T6855] ? __check_object_size+0x171/0x3e4 [ 57.354207][ T6855] netlink_sendmsg+0x856/0xd90 [ 57.358955][ T6855] ? netlink_unicast+0x7d0/0x7d0 [ 57.363876][ T6855] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 57.369143][ T6855] ? netlink_unicast+0x7d0/0x7d0 [ 57.374106][ T6855] sock_sendmsg+0xcf/0x120 [ 57.378499][ T6855] ____sys_sendmsg+0x6e8/0x810 [ 57.383285][ T6855] ? kernel_sendmsg+0x50/0x50 [ 57.387937][ T6855] ? do_recvmmsg+0x6d0/0x6d0 [ 57.392505][ T6855] ? lock_is_held_type+0xbb/0xf0 [ 57.397418][ T6855] ? find_held_lock+0x2d/0x110 [ 57.402159][ T6855] ? __might_fault+0x11f/0x1d0 [ 57.406944][ T6855] ___sys_sendmsg+0xf3/0x170 [ 57.411512][ T6855] ? sendmsg_copy_msghdr+0x160/0x160 [ 57.416814][ T6855] ? __might_fault+0x190/0x1d0 [ 57.421554][ T6855] ? _copy_to_user+0x126/0x160 [ 57.426299][ T6855] ? sock_do_ioctl+0x168/0x2d0 [ 57.431038][ T6855] ? compat_ifr_data_ioctl+0x150/0x150 [ 57.436474][ T6855] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 57.442346][ T6855] ? __fget_light+0x215/0x280 [ 57.447006][ T6855] __sys_sendmsg+0xe5/0x1b0 [ 57.451486][ T6855] ? __sys_sendmsg_sock+0xb0/0xb0 [ 57.456482][ T6855] ? lock_is_held_type+0xbb/0xf0 [ 57.461402][ T6855] ? syscall_enter_from_user_mode+0x20/0x290 [ 57.467409][ T6855] ? lockdep_hardirqs_on+0x53/0x100 [ 57.472630][ T6855] do_syscall_64+0x2d/0x70 [ 57.477066][ T6855] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 57.482932][ T6855] RIP: 0033:0x4416f9 [ 57.486803][ T6855] Code: e8 dc 05 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 0d fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 57.506379][ T6855] RSP: 002b:00007ffec22b1e98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 57.514762][ T6855] RAX: ffffffffffffffda RBX: 00007ffec22b1ec0 RCX: 00000000004416f9 [ 57.522720][ T6855] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003 [ 57.530667][ T6855] RBP: 0000000000000003 R08: 0000002000000000 R09: 0000002000000000 [ 57.538610][ T6855] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000032 [ 57.546567][ T6855] R13: 0000000000000000 R14: 000000000000000c R15: 0000000000000004 [ 57.557388][ T6855] ================================================================================ [ 57.566765][ T6855] Kernel panic - not syncing: panic_on_warn set ... [ 57.573355][ T6855] CPU: 0 PID: 6855 Comm: syz-executor586 Not tainted 5.9.0-rc3-syzkaller #0 [ 57.582017][ T6855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.592136][ T6855] Call Trace: [ 57.595432][ T6855] dump_stack+0x198/0x1fd [ 57.599759][ T6855] panic+0x382/0x7fb [ 57.603632][ T6855] ? __warn_printk+0xf3/0xf3 [ 57.608201][ T6855] ? ubsan_epilogue+0x3e/0x5a [ 57.612863][ T6855] ? ubsan_epilogue+0x35/0x5a [ 57.617528][ T6855] ubsan_epilogue+0x54/0x5a [ 57.622008][ T6855] __ubsan_handle_out_of_bounds.cold+0x62/0x6c [ 57.628136][ T6855] ? lock_is_held_type+0xbb/0xf0 [ 57.633052][ T6855] ieee80211_del_key+0x428/0x440 [ 57.637967][ T6855] nl80211_del_key+0x493/0x980 [ 57.642708][ T6855] ? cfg80211_tdls_oper_request+0x7f0/0x7f0 [ 57.648583][ T6855] ? nl80211_pre_doit+0xa2/0x630 [ 57.653496][ T6855] ? nl80211_dump_wiphy_parse.constprop.0+0x580/0x580 [ 57.660242][ T6855] genl_rcv_msg+0x61d/0x980 [ 57.664735][ T6855] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 57.671663][ T6855] ? lock_release+0x8f0/0x8f0 [ 57.676319][ T6855] netlink_rcv_skb+0x15a/0x430 [ 57.681059][ T6855] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 57.687980][ T6855] ? netlink_ack+0xa10/0xa10 [ 57.692550][ T6855] ? __kmalloc_node_track_caller+0x38/0x60 [ 57.698331][ T6855] genl_rcv+0x24/0x40 [ 57.702299][ T6855] netlink_unicast+0x533/0x7d0 [ 57.707049][ T6855] ? netlink_attachskb+0x810/0x810 [ 57.712135][ T6855] ? __phys_addr_symbol+0x2c/0x70 [ 57.717131][ T6855] ? __check_object_size+0x171/0x3e4 [ 57.722394][ T6855] netlink_sendmsg+0x856/0xd90 [ 57.727143][ T6855] ? netlink_unicast+0x7d0/0x7d0 [ 57.732080][ T6855] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 57.737338][ T6855] ? netlink_unicast+0x7d0/0x7d0 [ 57.742250][ T6855] sock_sendmsg+0xcf/0x120 [ 57.746640][ T6855] ____sys_sendmsg+0x6e8/0x810 [ 57.751380][ T6855] ? kernel_sendmsg+0x50/0x50 [ 57.756041][ T6855] ? do_recvmmsg+0x6d0/0x6d0 [ 57.760614][ T6855] ? lock_is_held_type+0xbb/0xf0 [ 57.765527][ T6855] ? find_held_lock+0x2d/0x110 [ 57.770267][ T6855] ? __might_fault+0x11f/0x1d0 [ 57.775007][ T6855] ___sys_sendmsg+0xf3/0x170 [ 57.779584][ T6855] ? sendmsg_copy_msghdr+0x160/0x160 [ 57.784849][ T6855] ? __might_fault+0x190/0x1d0 [ 57.789586][ T6855] ? _copy_to_user+0x126/0x160 [ 57.794325][ T6855] ? sock_do_ioctl+0x168/0x2d0 [ 57.799060][ T6855] ? compat_ifr_data_ioctl+0x150/0x150 [ 57.804514][ T6855] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 57.810407][ T6855] ? __fget_light+0x215/0x280 [ 57.815063][ T6855] __sys_sendmsg+0xe5/0x1b0 [ 57.819538][ T6855] ? __sys_sendmsg_sock+0xb0/0xb0 [ 57.824534][ T6855] ? lock_is_held_type+0xbb/0xf0 [ 57.829468][ T6855] ? syscall_enter_from_user_mode+0x20/0x290 [ 57.835434][ T6855] ? lockdep_hardirqs_on+0x53/0x100 [ 57.840620][ T6855] do_syscall_64+0x2d/0x70 [ 57.845012][ T6855] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 57.850889][ T6855] RIP: 0033:0x4416f9 [ 57.854757][ T6855] Code: e8 dc 05 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 0d fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 57.874344][ T6855] RSP: 002b:00007ffec22b1e98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 57.882727][ T6855] RAX: ffffffffffffffda RBX: 00007ffec22b1ec0 RCX: 00000000004416f9 [ 57.890674][ T6855] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003 [ 57.898617][ T6855] RBP: 0000000000000003 R08: 0000002000000000 R09: 0000002000000000 [ 57.906573][ T6855] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000032 [ 57.914518][ T6855] R13: 0000000000000000 R14: 000000000000000c R15: 0000000000000004 [ 57.923658][ T6855] Kernel Offset: disabled [ 57.928032][ T6855] Rebooting in 86400 seconds..