[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.90' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 27.272765] FAULT_INJECTION: forcing a failure. [ 27.272765] name failslab, interval 1, probability 0, space 0, times 1 [ 27.284255] CPU: 0 PID: 7984 Comm: syz-executor074 Not tainted 4.14.207-syzkaller #0 [ 27.292112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.301439] Call Trace: [ 27.304002] dump_stack+0x1b2/0x283 [ 27.307603] should_fail.cold+0x10a/0x154 [ 27.311737] should_failslab+0xd6/0x130 [ 27.315741] kmem_cache_alloc_node_trace+0x25a/0x400 [ 27.320909] setup_kmem_cache_node+0x1ed/0x4e0 [ 27.325476] __do_tune_cpucache+0x151/0x200 [ 27.329770] do_tune_cpucache+0x21/0xc0 [ 27.333718] ? calculate_slab_order+0xc4/0x110 [ 27.338282] enable_cpucache+0x3a/0xd0 [ 27.342152] __kmem_cache_create+0x19d/0x240 [ 27.346537] create_cache+0xab/0x1b0 [ 27.350246] kmem_cache_create+0x1bb/0x260 [ 27.354465] ieee80211_mesh_init_sdata+0x547/0x650 [ 27.359372] ieee80211_setup_sdata+0xb29/0xf40 [ 27.363932] ieee80211_if_add+0xce0/0x16b0 [ 27.368146] ? kmem_cache_alloc_node_trace+0x383/0x400 [ 27.373399] ieee80211_add_iface+0x89/0x110 [ 27.377697] ? ieee80211_del_iface+0x20/0x20 [ 27.382079] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 27.387506] nl80211_new_interface+0x44b/0x1360 [ 27.392152] ? nl80211_prepare_wdev_dump+0x540/0x540 [ 27.397276] ? nl80211_notify_iface+0x190/0x190 [ 27.401921] ? nl80211_pre_doit+0x79/0x510 [ 27.406239] genl_family_rcv_msg+0x572/0xb20 [ 27.410627] ? genl_rcv+0x40/0x40 [ 27.414077] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 27.419574] ? trace_hardirqs_on+0x10/0x10 [ 27.423892] ? sock_sendmsg+0xb5/0x100 [ 27.427806] genl_rcv_msg+0xaf/0x140 [ 27.431630] netlink_rcv_skb+0x125/0x390 [ 27.435726] ? genl_family_rcv_msg+0xb20/0xb20 [ 27.440456] ? netlink_ack+0x9a0/0x9a0 [ 27.444328] ? lock_acquire+0x170/0x3f0 [ 27.448424] genl_rcv+0x24/0x40 [ 27.451819] netlink_unicast+0x437/0x610 [ 27.455876] ? netlink_sendskb+0xd0/0xd0 [ 27.459913] ? __check_object_size+0x179/0x22c [ 27.464475] netlink_sendmsg+0x62e/0xb80 [ 27.468519] ? nlmsg_notify+0x170/0x170 [ 27.472477] ? kernel_recvmsg+0x210/0x210 [ 27.476641] ? security_socket_sendmsg+0x83/0xb0 [ 27.481372] ? nlmsg_notify+0x170/0x170 [ 27.485329] sock_sendmsg+0xb5/0x100 [ 27.489018] ___sys_sendmsg+0x6c8/0x800 [ 27.492967] ? get_pid_task+0x91/0x130 [ 27.496956] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 27.501808] ? lock_downgrade+0x740/0x740 [ 27.505958] ? proc_fail_nth_write+0x7b/0x180 [ 27.510434] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 27.515334] ? fsnotify+0x974/0x11b0 [ 27.519035] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 27.523941] ? debug_check_no_obj_freed+0x2c0/0x674 [ 27.529031] ? vfs_write+0x35d/0x4d0 [ 27.532774] ? __fdget+0x167/0x1f0 [ 27.536293] ? sockfd_lookup_light+0xb2/0x160 [ 27.540849] __sys_sendmsg+0xa3/0x120 [ 27.544651] ? SyS_shutdown+0x160/0x160 [ 27.548604] ? SyS_read+0x210/0x210 [ 27.552205] SyS_sendmsg+0x27/0x40 [ 27.555717] ? __sys_sendmsg+0x120/0x120 [ 27.559753] do_syscall_64+0x1d5/0x640 [ 27.563629] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 27.568797] RIP: 0033:0x4418c9 [ 27.571962] RSP: 002b:00007ffea8b688c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 27.579643] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004418c9 [ 27.586899] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000005 [ 27.594272] RBP: 00007ffea8b688e0 R08: 0000000000000002 R09: 0000000000000000 [ 27.601516] R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff [ 27.608767] R13: 0000000000000006 R14: 0000000000000000 R15: 0000000000000000 [ 27.616870] enable_cpucache failed for mesh_rmc, error 12 [ 27.622572] kmem_cache_create(mesh_rmc) failed with error -12 [ 27.628554] CPU: 0 PID: 7984 Comm: syz-executor074 Not tainted 4.14.207-syzkaller #0 [ 27.636418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.645753] Call Trace: [ 27.648315] dump_stack+0x1b2/0x283 [ 27.651919] kmem_cache_create.cold+0x60/0x82 [ 27.656391] ieee80211_mesh_init_sdata+0x547/0x650 [ 27.661293] ieee80211_setup_sdata+0xb29/0xf40 [ 27.665856] ieee80211_if_add+0xce0/0x16b0 [ 27.670332] ? kmem_cache_alloc_node_trace+0x383/0x400 [ 27.675723] ieee80211_add_iface+0x89/0x110 [ 27.680020] ? ieee80211_del_iface+0x20/0x20 [ 27.684422] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 27.689847] nl80211_new_interface+0x44b/0x1360 [ 27.694493] ? nl80211_prepare_wdev_dump+0x540/0x540 [ 27.699573] ? nl80211_notify_iface+0x190/0x190 [ 27.704219] ? nl80211_pre_doit+0x79/0x510 [ 27.708432] genl_family_rcv_msg+0x572/0xb20 [ 27.712816] ? genl_rcv+0x40/0x40 [ 27.716245] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 27.721675] ? trace_hardirqs_on+0x10/0x10 [ 27.725884] ? sock_sendmsg+0xb5/0x100 [ 27.729839] genl_rcv_msg+0xaf/0x140 [ 27.733667] netlink_rcv_skb+0x125/0x390 [ 27.737717] ? genl_family_rcv_msg+0xb20/0xb20 [ 27.742276] ? netlink_ack+0x9a0/0x9a0 [ 27.746137] ? lock_acquire+0x170/0x3f0 [ 27.750087] genl_rcv+0x24/0x40 [ 27.753383] netlink_unicast+0x437/0x610 [ 27.757418] ? netlink_sendskb+0xd0/0xd0 [ 27.761455] ? __check_object_size+0x179/0x22c [ 27.766012] netlink_sendmsg+0x62e/0xb80 [ 27.770049] ? nlmsg_notify+0x170/0x170 [ 27.773996] ? kernel_recvmsg+0x210/0x210 [ 27.778130] ? security_socket_sendmsg+0x83/0xb0 [ 27.782859] ? nlmsg_notify+0x170/0x170 [ 27.786803] sock_sendmsg+0xb5/0x100 [ 27.790500] ___sys_sendmsg+0x6c8/0x800 [ 27.794534] ? get_pid_task+0x91/0x130 [ 27.798391] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 27.803137] ? lock_downgrade+0x740/0x740 [ 27.807259] ? proc_fail_nth_write+0x7b/0x180 [ 27.811724] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 27.816644] ? fsnotify+0x974/0x11b0 [ 27.820326] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 27.825227] ? debug_check_no_obj_freed+0x2c0/0x674 [ 27.830218] ? vfs_write+0x35d/0x4d0 [ 27.833901] ? __fdget+0x167/0x1f0 [ 27.837412] ? sockfd_lookup_light+0xb2/0x160 [ 27.841879] __sys_sendmsg+0xa3/0x120 [ 27.845774] ? SyS_shutdown+0x160/0x160 [ 27.849768] ? SyS_read+0x210/0x210 [ 27.853367] SyS_sendmsg+0x27/0x40 [ 27.856875] ? __sys_sendmsg+0x120/0x120 [ 27.860907] do_syscall_64+0x1d5/0x640 [ 27.864788] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 27.869954] RIP: 0033:0x4418c9 executing program [ 27.873128] RSP: 002b:00007ffea8b688c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 27.880808] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004418c9 [ 27.888055] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000005 [ 27.895292] RBP: 00007ffea8b688e0 R08: 0000000000000002 R09: 0000000000000000 [ 27.902541] R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff [ 27.909787] R13: 0000000000000006 R14: 0000000000000000 R15: 0000000000000000 [ 27.924452] FAULT_INJECTION: forcing a failure. [ 27.924452] name failslab, interval 1, probability 0, space 0, times 0 [ 27.935778] CPU: 0 PID: 7985 Comm: syz-executor074 Not tainted 4.14.207-syzkaller #0 [ 27.943637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.952966] Call Trace: [ 27.955525] dump_stack+0x1b2/0x283 [ 27.959142] should_fail.cold+0x10a/0x154 [ 27.963264] should_failslab+0xd6/0x130 [ 27.967212] kmem_cache_alloc_trace+0x47/0x3d0 [ 27.971767] mesh_pathtbl_init+0x46/0x290 [ 27.975889] ieee80211_mesh_init_sdata+0x2b4/0x650 [ 27.980824] ieee80211_setup_sdata+0xb29/0xf40 [ 27.985377] ieee80211_if_add+0xce0/0x16b0 [ 27.989587] ? kmem_cache_alloc_node_trace+0x383/0x400 [ 27.994876] ieee80211_add_iface+0x89/0x110 [ 27.999209] ? ieee80211_del_iface+0x20/0x20 [ 28.003590] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 28.009011] nl80211_new_interface+0x44b/0x1360 [ 28.013655] ? nl80211_prepare_wdev_dump+0x540/0x540 [ 28.018730] ? nl80211_notify_iface+0x190/0x190 [ 28.023373] ? nl80211_pre_doit+0x79/0x510 [ 28.027581] genl_family_rcv_msg+0x572/0xb20 [ 28.032237] ? genl_rcv+0x40/0x40 [ 28.035664] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 28.041102] ? trace_hardirqs_on+0x10/0x10 [ 28.045309] ? sock_sendmsg+0xb5/0x100 [ 28.049170] genl_rcv_msg+0xaf/0x140 [ 28.052857] netlink_rcv_skb+0x125/0x390 [ 28.056892] ? genl_family_rcv_msg+0xb20/0xb20 [ 28.061458] ? netlink_ack+0x9a0/0x9a0 [ 28.065320] ? lock_acquire+0x170/0x3f0 [ 28.069270] genl_rcv+0x24/0x40 [ 28.072545] netlink_unicast+0x437/0x610 [ 28.076600] ? netlink_sendskb+0xd0/0xd0 [ 28.080635] ? __check_object_size+0x179/0x22c [ 28.085188] netlink_sendmsg+0x62e/0xb80 [ 28.089227] ? nlmsg_notify+0x170/0x170 [ 28.093172] ? kernel_recvmsg+0x210/0x210 [ 28.097294] ? security_socket_sendmsg+0x83/0xb0 [ 28.102031] ? nlmsg_notify+0x170/0x170 [ 28.105979] sock_sendmsg+0xb5/0x100 [ 28.109682] ___sys_sendmsg+0x6c8/0x800 [ 28.113627] ? get_pid_task+0x91/0x130 [ 28.117487] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 28.122216] ? lock_downgrade+0x740/0x740 [ 28.126338] ? proc_fail_nth_write+0x7b/0x180 [ 28.130814] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 28.135721] ? fsnotify+0x974/0x11b0 [ 28.139410] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 28.144311] ? debug_check_no_obj_freed+0x2c0/0x674 [ 28.149312] ? vfs_write+0x35d/0x4d0 [ 28.153013] ? __fdget+0x167/0x1f0 [ 28.156527] ? sockfd_lookup_light+0xb2/0x160 [ 28.160992] __sys_sendmsg+0xa3/0x120 [ 28.164762] ? SyS_shutdown+0x160/0x160 [ 28.168754] ? SyS_read+0x210/0x210 [ 28.172369] SyS_sendmsg+0x27/0x40 executing program [ 28.175979] ? __sys_sendmsg+0x120/0x120 [ 28.180018] do_syscall_64+0x1d5/0x640 [ 28.183881] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.189042] RIP: 0033:0x4418c9 [ 28.192204] RSP: 002b:00007ffea8b688c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 28.199894] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004418c9 [ 28.207134] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000005 [ 28.214386] RBP: 00007ffea8b688e0 R08: 0000000000000002 R09: 0000000000000000 [ 28.221633] R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff [ 28.228874] R13: 0000000000000006 R14: 0000000000000000 R15: 0000000000000000 [ 28.241387] FAULT_INJECTION: forcing a failure. [ 28.241387] name failslab, interval 1, probability 0, space 0, times 0 [ 28.253178] CPU: 0 PID: 7986 Comm: syz-executor074 Not tainted 4.14.207-syzkaller #0 [ 28.261172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.270506] Call Trace: [ 28.273073] dump_stack+0x1b2/0x283 [ 28.276679] should_fail.cold+0x10a/0x154 [ 28.280797] should_failslab+0xd6/0x130 [ 28.284745] kmem_cache_alloc_trace+0x47/0x3d0 [ 28.289300] mesh_pathtbl_init+0xf5/0x290 [ 28.293419] ieee80211_mesh_init_sdata+0x2b4/0x650 [ 28.298411] ieee80211_setup_sdata+0xb29/0xf40 [ 28.302969] ieee80211_if_add+0xce0/0x16b0 [ 28.307176] ? kmem_cache_alloc_node_trace+0x383/0x400 [ 28.312423] ieee80211_add_iface+0x89/0x110 [ 28.316713] ? ieee80211_del_iface+0x20/0x20 [ 28.321090] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 28.326522] nl80211_new_interface+0x44b/0x1360 [ 28.331164] ? nl80211_prepare_wdev_dump+0x540/0x540 [ 28.336239] ? nl80211_notify_iface+0x190/0x190 [ 28.340890] ? nl80211_pre_doit+0x79/0x510 [ 28.345104] genl_family_rcv_msg+0x572/0xb20 [ 28.349490] ? genl_rcv+0x40/0x40 [ 28.352917] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 28.358338] ? trace_hardirqs_on+0x10/0x10 [ 28.362542] ? sock_sendmsg+0xb5/0x100 [ 28.366403] genl_rcv_msg+0xaf/0x140 [ 28.370090] netlink_rcv_skb+0x125/0x390 [ 28.374136] ? genl_family_rcv_msg+0xb20/0xb20 [ 28.378689] ? netlink_ack+0x9a0/0x9a0 [ 28.382548] ? lock_acquire+0x170/0x3f0 [ 28.386497] genl_rcv+0x24/0x40 [ 28.389745] netlink_unicast+0x437/0x610 [ 28.393779] ? netlink_sendskb+0xd0/0xd0 [ 28.397898] ? __check_object_size+0x179/0x22c [ 28.402489] netlink_sendmsg+0x62e/0xb80 [ 28.406532] ? nlmsg_notify+0x170/0x170 [ 28.410525] ? kernel_recvmsg+0x210/0x210 [ 28.414646] ? security_socket_sendmsg+0x83/0xb0 [ 28.419371] ? nlmsg_notify+0x170/0x170 [ 28.423318] sock_sendmsg+0xb5/0x100 [ 28.427004] ___sys_sendmsg+0x6c8/0x800 [ 28.430950] ? get_pid_task+0x91/0x130 [ 28.434806] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 28.439531] ? lock_downgrade+0x740/0x740 [ 28.443652] ? proc_fail_nth_write+0x7b/0x180 [ 28.448114] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 28.453012] ? fsnotify+0x974/0x11b0 [ 28.456691] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 28.461590] ? debug_check_no_obj_freed+0x2c0/0x674 [ 28.466582] ? vfs_write+0x35d/0x4d0 [ 28.470264] ? __fdget+0x167/0x1f0 [ 28.473775] ? sockfd_lookup_light+0xb2/0x160 [ 28.478239] __sys_sendmsg+0xa3/0x120 [ 28.482012] ? SyS_shutdown+0x160/0x160 [ 28.485977] ? SyS_read+0x210/0x210 [ 28.489577] SyS_sendmsg+0x27/0x40 [ 28.493096] ? __sys_sendmsg+0x120/0x120 [ 28.497167] do_syscall_64+0x1d5/0x640 [ 28.501026] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.506186] RIP: 0033:0x4418c9 [ 28.509355] RSP: 002b:00007ffea8b688c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 28.517037] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004418c9 [ 28.524280] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000005 [ 28.531524] RBP: 00007ffea8b688e0 R08: 0000000000000002 R09: 0000000000000000 [ 28.538767] R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff [ 28.546013] R13: 0000000000000006 R14: 0000000000000000 R15: 0000000000000000 [ 28.553913] INFO: trying to register non-static key. [ 28.559005] the code is fine but needs lockdep annotation. [ 28.564618] turning off the locking correctness validator. [ 28.570313] CPU: 0 PID: 7986 Comm: syz-executor074 Not tainted 4.14.207-syzkaller #0 [ 28.578167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.587492] Call Trace: [ 28.590050] dump_stack+0x1b2/0x283 [ 28.593645] register_lock_class+0x32b/0x1320 [ 28.598118] ? serial8250_console_write+0x783/0x9d0 [ 28.603106] ? trace_hardirqs_on+0x10/0x10 [ 28.607326] ? static_obj+0x50/0x50 [ 28.610939] ? lock_downgrade+0x740/0x740 [ 28.615055] __lock_acquire+0x167/0x3f20 [ 28.619095] ? __lock_acquire+0x5fc/0x3f20 [ 28.623416] ? trace_hardirqs_on+0x10/0x10 [ 28.627622] ? check_preemption_disabled+0x35/0x240 [ 28.632608] ? __switch_to_xtra+0x93/0x12f0 [ 28.636905] ? finish_task_switch+0x178/0x610 [ 28.641371] lock_acquire+0x170/0x3f0 [ 28.645143] ? flush_work+0x88/0x770 [ 28.648825] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 28.653815] flush_work+0xad/0x770 [ 28.657332] ? flush_work+0x88/0x770 [ 28.661027] ? worker_thread+0xff0/0xff0 [ 28.665059] ? __schedule+0x893/0x1de0 [ 28.668924] ? mark_held_locks+0xa6/0xf0 [ 28.672960] ? retint_kernel+0x2d/0x2d [ 28.676818] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 28.681804] ? mark_held_locks+0xa6/0xf0 [ 28.685834] ? __cancel_work_timer+0x2c1/0x460 [ 28.690386] __cancel_work_timer+0x321/0x460 [ 28.694767] ? work_on_cpu_safe+0x70/0x70 [ 28.698886] ? dump_stack+0x26c/0x283 [ 28.702659] rhashtable_free_and_destroy+0x26/0x710 [ 28.707799] ? mesh_path_tbl_expire.constprop.0+0x1d0/0x1d0 [ 28.713517] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 28.718503] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 28.723315] mesh_pathtbl_init+0x223/0x290 [ 28.727518] ieee80211_mesh_init_sdata+0x2b4/0x650 [ 28.732418] ieee80211_setup_sdata+0xb29/0xf40 [ 28.736973] ieee80211_if_add+0xce0/0x16b0 [ 28.741195] ? kmem_cache_alloc_node_trace+0x383/0x400 [ 28.746440] ieee80211_add_iface+0x89/0x110 [ 28.750728] ? ieee80211_del_iface+0x20/0x20 [ 28.755116] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 28.760558] nl80211_new_interface+0x44b/0x1360 [ 28.765195] ? nl80211_prepare_wdev_dump+0x540/0x540 [ 28.770267] ? nl80211_notify_iface+0x190/0x190 [ 28.774908] ? nl80211_pre_doit+0x79/0x510 [ 28.779117] genl_family_rcv_msg+0x572/0xb20 [ 28.783500] ? genl_rcv+0x40/0x40 [ 28.786926] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 28.792378] ? trace_hardirqs_on+0x10/0x10 [ 28.796585] ? sock_sendmsg+0xb5/0x100 [ 28.800445] genl_rcv_msg+0xaf/0x140 [ 28.804130] netlink_rcv_skb+0x125/0x390 [ 28.808165] ? genl_family_rcv_msg+0xb20/0xb20 [ 28.812717] ? netlink_ack+0x9a0/0x9a0 [ 28.816575] ? lock_acquire+0x170/0x3f0 [ 28.820522] genl_rcv+0x24/0x40 [ 28.823773] netlink_unicast+0x437/0x610 [ 28.827807] ? netlink_sendskb+0xd0/0xd0 [ 28.831840] ? __check_object_size+0x179/0x22c [ 28.836392] netlink_sendmsg+0x62e/0xb80 [ 28.840421] ? nlmsg_notify+0x170/0x170 [ 28.844364] ? kernel_recvmsg+0x210/0x210 [ 28.848481] ? security_socket_sendmsg+0x83/0xb0 [ 28.853217] ? nlmsg_notify+0x170/0x170 [ 28.857162] sock_sendmsg+0xb5/0x100 [ 28.860848] ___sys_sendmsg+0x6c8/0x800 [ 28.864796] ? get_pid_task+0x91/0x130 [ 28.868739] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 28.873476] ? lock_downgrade+0x740/0x740 [ 28.877594] ? proc_fail_nth_write+0x7b/0x180 [ 28.882065] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 28.886965] ? fsnotify+0x974/0x11b0 [ 28.890659] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 28.895574] ? debug_check_no_obj_freed+0x2c0/0x674 [ 28.900663] ? vfs_write+0x35d/0x4d0 [ 28.904347] ? __fdget+0x167/0x1f0 [ 28.907856] ? sockfd_lookup_light+0xb2/0x160 [ 28.912418] __sys_sendmsg+0xa3/0x120 [ 28.916210] ? SyS_shutdown+0x160/0x160 [ 28.920156] ? SyS_read+0x210/0x210 [ 28.923753] SyS_sendmsg+0x27/0x40 [ 28.927263] ? __sys_sendmsg+0x120/0x120 [ 28.931381] do_syscall_64+0x1d5/0x640 [ 28.935239] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.940407] RIP: 0033:0x4418c9 [ 28.943567] RSP: 002b:00007ffea8b688c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 28.951240] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004418c9 [ 28.958478] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000005 [ 28.965720] RBP: 00007ffea8b688e0 R08: 0000000000000002 R09: 0000000000000000 [ 28.972960] R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff [ 28.980199] R13: 0000000000000006 R14: 0000000000000000 R15: 0000000000000000 [ 28.987726] ================================================================== [ 28.995076] BUG: KASAN: global-out-of-bounds in bucket_table_free+0x142/0x150 [ 29.002342] Read of size 8 at addr ffffffff8b2de778 by task syz-executor074/7986 [ 29.009855] [ 29.011467] CPU: 0 PID: 7986 Comm: syz-executor074 Not tainted 4.14.207-syzkaller #0 [ 29.019340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.028757] Call Trace: [ 29.031316] dump_stack+0x1b2/0x283 [ 29.034914] print_address_description.cold+0x5/0x1d3 [ 29.040072] kasan_report_error.cold+0x8a/0x194 [ 29.044710] ? bucket_table_free+0x142/0x150 [ 29.049103] __asan_report_load8_noabort+0x68/0x70 [ 29.054004] ? bucket_table_free+0x142/0x150 [ 29.058415] bucket_table_free+0x142/0x150 [ 29.062621] rhashtable_free_and_destroy+0x20a/0x710 [ 29.067698] ? mesh_path_tbl_expire.constprop.0+0x1d0/0x1d0 [ 29.073592] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 29.078577] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 29.083388] mesh_pathtbl_init+0x223/0x290 [ 29.087596] ieee80211_mesh_init_sdata+0x2b4/0x650 [ 29.092496] ieee80211_setup_sdata+0xb29/0xf40 [ 29.097061] ieee80211_if_add+0xce0/0x16b0 [ 29.101268] ? kmem_cache_alloc_node_trace+0x383/0x400 [ 29.106526] ieee80211_add_iface+0x89/0x110 [ 29.110836] ? ieee80211_del_iface+0x20/0x20 [ 29.115214] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 29.120748] nl80211_new_interface+0x44b/0x1360 [ 29.125391] ? nl80211_prepare_wdev_dump+0x540/0x540 [ 29.130462] ? nl80211_notify_iface+0x190/0x190 [ 29.135111] ? nl80211_pre_doit+0x79/0x510 [ 29.139316] genl_family_rcv_msg+0x572/0xb20 [ 29.143783] ? genl_rcv+0x40/0x40 [ 29.147208] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 29.152651] ? trace_hardirqs_on+0x10/0x10 [ 29.156855] ? sock_sendmsg+0xb5/0x100 [ 29.160821] genl_rcv_msg+0xaf/0x140 [ 29.164514] netlink_rcv_skb+0x125/0x390 [ 29.168547] ? genl_family_rcv_msg+0xb20/0xb20 [ 29.173101] ? netlink_ack+0x9a0/0x9a0 [ 29.176959] ? lock_acquire+0x170/0x3f0 [ 29.180911] genl_rcv+0x24/0x40 [ 29.184163] netlink_unicast+0x437/0x610 [ 29.188197] ? netlink_sendskb+0xd0/0xd0 [ 29.192230] ? __check_object_size+0x179/0x22c [ 29.196782] netlink_sendmsg+0x62e/0xb80 [ 29.200814] ? nlmsg_notify+0x170/0x170 [ 29.204759] ? kernel_recvmsg+0x210/0x210 [ 29.208879] ? security_socket_sendmsg+0x83/0xb0 [ 29.213608] ? nlmsg_notify+0x170/0x170 [ 29.217552] sock_sendmsg+0xb5/0x100 [ 29.221264] ___sys_sendmsg+0x6c8/0x800 [ 29.225211] ? get_pid_task+0x91/0x130 [ 29.229079] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 29.233807] ? lock_downgrade+0x740/0x740 [ 29.237931] ? proc_fail_nth_write+0x7b/0x180 [ 29.242407] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 29.247308] ? fsnotify+0x974/0x11b0 [ 29.250995] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 29.255904] ? debug_check_no_obj_freed+0x2c0/0x674 [ 29.260894] ? vfs_write+0x35d/0x4d0 [ 29.264585] ? __fdget+0x167/0x1f0 [ 29.268185] ? sockfd_lookup_light+0xb2/0x160 [ 29.272653] __sys_sendmsg+0xa3/0x120 [ 29.276438] ? SyS_shutdown+0x160/0x160 [ 29.280384] ? SyS_read+0x210/0x210 [ 29.283979] SyS_sendmsg+0x27/0x40 [ 29.287487] ? __sys_sendmsg+0x120/0x120 [ 29.291527] do_syscall_64+0x1d5/0x640 [ 29.295384] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.300547] RIP: 0033:0x4418c9 [ 29.303756] RSP: 002b:00007ffea8b688c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 29.311547] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004418c9 [ 29.318786] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000005 [ 29.326111] RBP: 00007ffea8b688e0 R08: 0000000000000002 R09: 0000000000000000 [ 29.333353] R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff [ 29.340595] R13: 0000000000000006 R14: 0000000000000000 R15: 0000000000000000 [ 29.347843] [ 29.349445] The buggy address belongs to the variable: [ 29.354700] __key.0+0x18/0x40 [ 29.357859] [ 29.359453] Memory state around the buggy address: [ 29.364363] ffffffff8b2de600: fa fa fa fa 00 fa fa fa fa fa fa fa 00 fa fa fa [ 29.371717] ffffffff8b2de680: fa fa fa fa 00 fa fa fa fa fa fa fa 00 fa fa fa [ 29.379042] >ffffffff8b2de700: fa fa fa fa 00 fa fa fa fa fa fa fa 00 fa fa fa [ 29.386366] ^ [ 29.393610] ffffffff8b2de780: fa fa fa fa 00 fa fa fa fa fa fa fa 00 00 00 00 [ 29.401063] ffffffff8b2de800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.408384] ================================================================== [ 29.416431] Kernel panic - not syncing: panic_on_warn set ... [ 29.416431] [ 29.423792] CPU: 0 PID: 7986 Comm: syz-executor074 Tainted: G B 4.14.207-syzkaller #0 [ 29.432874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.442310] Call Trace: [ 29.444885] dump_stack+0x1b2/0x283 [ 29.448481] panic+0x1f9/0x42d [ 29.451642] ? add_taint.cold+0x16/0x16 [ 29.455586] ? ___preempt_schedule+0x16/0x18 [ 29.459969] kasan_end_report+0x43/0x49 [ 29.463922] kasan_report_error.cold+0xa7/0x194 [ 29.468566] ? bucket_table_free+0x142/0x150 [ 29.472943] __asan_report_load8_noabort+0x68/0x70 [ 29.477847] ? bucket_table_free+0x142/0x150 [ 29.482226] bucket_table_free+0x142/0x150 [ 29.486434] rhashtable_free_and_destroy+0x20a/0x710 [ 29.491504] ? mesh_path_tbl_expire.constprop.0+0x1d0/0x1d0 [ 29.497202] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 29.502197] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 29.507011] mesh_pathtbl_init+0x223/0x290 [ 29.511228] ieee80211_mesh_init_sdata+0x2b4/0x650 [ 29.516129] ieee80211_setup_sdata+0xb29/0xf40 [ 29.520680] ieee80211_if_add+0xce0/0x16b0 [ 29.524888] ? kmem_cache_alloc_node_trace+0x383/0x400 [ 29.530135] ieee80211_add_iface+0x89/0x110 [ 29.534426] ? ieee80211_del_iface+0x20/0x20 [ 29.538802] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 29.544221] nl80211_new_interface+0x44b/0x1360 [ 29.548861] ? nl80211_prepare_wdev_dump+0x540/0x540 [ 29.553932] ? nl80211_notify_iface+0x190/0x190 [ 29.558580] ? nl80211_pre_doit+0x79/0x510 [ 29.562789] genl_family_rcv_msg+0x572/0xb20 [ 29.567200] ? genl_rcv+0x40/0x40 [ 29.570728] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 29.576238] ? trace_hardirqs_on+0x10/0x10 [ 29.580463] ? sock_sendmsg+0xb5/0x100 [ 29.584327] genl_rcv_msg+0xaf/0x140 [ 29.588017] netlink_rcv_skb+0x125/0x390 [ 29.592052] ? genl_family_rcv_msg+0xb20/0xb20 [ 29.596603] ? netlink_ack+0x9a0/0x9a0 [ 29.600570] ? lock_acquire+0x170/0x3f0 [ 29.604516] genl_rcv+0x24/0x40 [ 29.607766] netlink_unicast+0x437/0x610 [ 29.611797] ? netlink_sendskb+0xd0/0xd0 [ 29.615830] ? __check_object_size+0x179/0x22c [ 29.620465] netlink_sendmsg+0x62e/0xb80 [ 29.624512] ? nlmsg_notify+0x170/0x170 [ 29.628453] ? kernel_recvmsg+0x210/0x210 [ 29.632574] ? security_socket_sendmsg+0x83/0xb0 [ 29.637297] ? nlmsg_notify+0x170/0x170 [ 29.641238] sock_sendmsg+0xb5/0x100 [ 29.645076] ___sys_sendmsg+0x6c8/0x800 [ 29.649022] ? get_pid_task+0x91/0x130 [ 29.652889] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 29.657615] ? lock_downgrade+0x740/0x740 [ 29.661738] ? proc_fail_nth_write+0x7b/0x180 [ 29.666257] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 29.671157] ? fsnotify+0x974/0x11b0 [ 29.674973] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 29.680003] ? debug_check_no_obj_freed+0x2c0/0x674 [ 29.684991] ? vfs_write+0x35d/0x4d0 [ 29.688674] ? __fdget+0x167/0x1f0 [ 29.692184] ? sockfd_lookup_light+0xb2/0x160 [ 29.696650] __sys_sendmsg+0xa3/0x120 [ 29.700419] ? SyS_shutdown+0x160/0x160 [ 29.704378] ? SyS_read+0x210/0x210 [ 29.707976] SyS_sendmsg+0x27/0x40 [ 29.711484] ? __sys_sendmsg+0x120/0x120 [ 29.715515] do_syscall_64+0x1d5/0x640 [ 29.719383] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.724629] RIP: 0033:0x4418c9 [ 29.727788] RSP: 002b:00007ffea8b688c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 29.735462] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004418c9 [ 29.742705] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000005 [ 29.749954] RBP: 00007ffea8b688e0 R08: 0000000000000002 R09: 0000000000000000 [ 29.757191] R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff [ 29.764427] R13: 0000000000000006 R14: 0000000000000000 R15: 0000000000000000 [ 29.772329] Kernel Offset: disabled [ 29.775932] Rebooting in 86400 seconds..