Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.229' (ECDSA) to the list of known hosts. syzkaller login: [ 34.303352] IPVS: ftp: loaded support on port[0] = 21 [ 34.384386] chnl_net:caif_netlink_parms(): no params data found [ 34.461307] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.469755] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.478037] device bridge_slave_0 entered promiscuous mode [ 34.485809] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.493059] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.500465] device bridge_slave_1 entered promiscuous mode [ 34.519104] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 34.528148] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 34.547651] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 34.555299] team0: Port device team_slave_0 added [ 34.560768] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 34.569900] team0: Port device team_slave_1 added [ 34.586051] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 34.592857] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.618938] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 34.630939] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 34.637813] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.663771] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 34.674869] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 34.682850] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 34.703488] device hsr_slave_0 entered promiscuous mode [ 34.709245] device hsr_slave_1 entered promiscuous mode [ 34.716135] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 34.724319] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 34.794297] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.800910] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.808015] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.814479] bridge0: port 1(bridge_slave_0) entered forwarding state [ 34.846165] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 34.852965] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.861062] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 34.870421] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 34.880246] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.887765] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.895409] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 34.906888] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 34.913139] 8021q: adding VLAN 0 to HW filter on device team0 [ 34.923437] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 34.931044] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.937474] bridge0: port 1(bridge_slave_0) entered forwarding state [ 34.953288] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 34.961222] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.967642] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.975855] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 34.985034] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 34.994274] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 35.006381] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 35.017408] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 35.027472] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 35.035092] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 35.048366] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 35.056398] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 35.063198] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 35.074107] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 35.086809] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 35.096313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 35.130475] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 35.138143] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 35.145626] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 35.156145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 35.163964] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 35.170889] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 35.180551] device veth0_vlan entered promiscuous mode [ 35.189670] device veth1_vlan entered promiscuous mode [ 35.195899] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 35.204754] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 35.216538] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 35.226767] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 35.234393] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 35.241903] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 35.252409] device veth0_macvtap entered promiscuous mode [ 35.258584] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 35.267900] device veth1_macvtap entered promiscuous mode [ 35.277925] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 35.287689] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 35.297942] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 35.305296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 35.313763] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 35.325042] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 35.332434] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 35.450940] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready [ 35.460153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 35.475368] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 35.494849] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready executing program [ 35.507151] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready [ 35.514995] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 35.523583] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 35.530340] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 35.540834] ------------[ cut here ]------------ [ 35.546283] WARNING: CPU: 0 PID: 23 at net/mac80211/sta_info.c:478 sta_info_insert_rcu.cold+0x29/0xd8 [ 35.555653] Kernel panic - not syncing: panic_on_warn set ... [ 35.555653] [ 35.563115] CPU: 0 PID: 23 Comm: kworker/u4:1 Not tainted 4.19.194-syzkaller #0 [ 35.570560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.579936] Workqueue: phy2 ieee80211_iface_work [ 35.584827] Call Trace: [ 35.587423] dump_stack+0x1fc/0x2ef [ 35.591057] panic+0x26a/0x50e [ 35.594266] ? __warn_printk+0xf3/0xf3 [ 35.598168] ? sta_info_insert_rcu.cold+0x29/0xd8 [ 35.603015] ? __probe_kernel_read+0x130/0x1b0 [ 35.607597] ? __warn.cold+0x5/0x5a [ 35.611224] ? __warn+0xe4/0x200 [ 35.614590] ? sta_info_insert_rcu.cold+0x29/0xd8 [ 35.619437] __warn.cold+0x20/0x5a [ 35.622986] ? sta_info_insert_rcu.cold+0x29/0xd8 [ 35.627844] report_bug+0x262/0x2b0 [ 35.631530] do_error_trap+0x1d7/0x310 [ 35.635437] ? math_error+0x310/0x310 [ 35.639240] ? __irq_work_queue_local+0x101/0x160 [ 35.644091] ? irq_work_queue+0x29/0x80 [ 35.648186] ? error_entry+0x72/0xd0 [ 35.651905] ? trace_hardirqs_off_caller+0x6e/0x210 [ 35.656926] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.661794] invalid_op+0x14/0x20 [ 35.665255] RIP: 0010:sta_info_insert_rcu.cold+0x29/0xd8 [ 35.670819] Code: ff e8 4e 22 4f f9 48 c7 c7 a0 36 67 89 e8 0b 6e df ff 0f 0b e9 e7 db 82 ff e8 36 22 4f f9 48 c7 c7 a0 36 67 89 e8 f3 6d df ff <0f> 0b 41 bc ea ff ff ff e9 51 ed 82 ff e8 18 22 4f f9 48 c7 c7 a0 [ 35.689813] RSP: 0018:ffff8880b5047a60 EFLAGS: 00010282 [ 35.695178] RAX: 0000000000000024 RBX: ffff8880af8c5480 RCX: 0000000000000000 [ 35.702472] RDX: 0000000000000000 RSI: ffffffff814df761 RDI: ffffed1016a08f3e [ 35.709740] RBP: 0000000000000001 R08: 0000000000000024 R09: 0000000000000000 [ 35.717123] R10: 0000000000000005 R11: 0000000000000000 R12: 000000008ea478ef [ 35.724398] R13: ffff8880948e81c8 R14: ffff8880948e8180 R15: ffff888094961260 [ 35.731828] ? vprintk_func+0x81/0x180 [ 35.735728] ? check_preemption_disabled+0x41/0x280 [ 35.740759] ? minstrel_ht_rate_update+0x40/0x40 [ 35.745538] ? rate_control_rate_init+0x2fa/0x4f0 [ 35.750391] ieee80211_ibss_finish_sta+0x25b/0x360 [ 35.755348] ? ieee80211_sta_join_ibss+0xe50/0xe50 [ 35.760278] ? mark_held_locks+0xa6/0xf0 [ 35.764367] ? __local_bh_enable_ip+0x159/0x270 [ 35.769044] ieee80211_ibss_work+0x2b6/0xe10 [ 35.773461] ? ieee80211_ibss_rx_queued_mgmt+0x18b0/0x18b0 [ 35.779099] ? mark_held_locks+0xa6/0xf0 [ 35.783198] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 35.788312] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 35.792914] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 35.798153] ieee80211_iface_work+0x7ba/0x8a0 [ 35.802667] process_one_work+0x864/0x1570 [ 35.806913] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 35.811596] worker_thread+0x64c/0x1130 [ 35.815623] ? process_one_work+0x1570/0x1570 [ 35.820146] kthread+0x33f/0x460 [ 35.823524] ? kthread_park+0x180/0x180 [ 35.827506] ret_from_fork+0x24/0x30 [ 35.832058] Kernel Offset: disabled [ 35.835881] Rebooting in 86400 seconds..