[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.20' (ECDSA) to the list of known hosts. syzkaller login: [ 83.008533] audit: type=1400 audit(1601995449.907:8): avc: denied { execmem } for pid=6494 comm="syz-executor291" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 83.036358] IPVS: ftp: loaded support on port[0] = 21 [ 83.097443] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready [ 83.112129] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.119359] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 executing program [ 83.145760] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 83.159922] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready [ 83.167397] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.174910] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.182515] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 83.219275] ------------[ cut here ]------------ [ 83.230354] wlan1: Failed check-sdata-in-driver check, flags: 0x4 [ 83.237342] WARNING: CPU: 0 PID: 6535 at net/mac80211/driver-ops.h:17 ieee80211_bss_info_change_notify+0x886/0x980 [ 83.247840] Kernel panic - not syncing: panic_on_warn set ... [ 83.247840] [ 83.255215] CPU: 0 PID: 6535 Comm: syz-executor291 Not tainted 4.19.149-syzkaller #0 [ 83.263096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 83.272451] Call Trace: [ 83.275194] dump_stack+0x22c/0x33e [ 83.278957] panic+0x2ac/0x565 [ 83.282135] ? __warn_printk+0xf3/0xf3 [ 83.286011] ? ieee80211_bss_info_change_notify+0x886/0x980 [ 83.291731] ? __probe_kernel_read+0x130/0x1b0 [ 83.296320] ? __warn.cold+0x5/0x5a [ 83.300037] ? __warn+0xe4/0x200 [ 83.303770] ? ieee80211_bss_info_change_notify+0x886/0x980 [ 83.309468] __warn.cold+0x20/0x5a [ 83.313005] ? ieee80211_bss_info_change_notify+0x886/0x980 [ 83.318706] report_bug+0x262/0x2b0 [ 83.322328] do_error_trap+0x1e1/0x330 [ 83.326205] ? math_error+0x320/0x320 [ 83.329987] ? irq_work_claim+0xa6/0xc0 [ 83.333954] ? irq_work_queue+0x29/0x80 [ 83.337911] ? error_entry+0x72/0xd0 [ 83.341608] ? trace_hardirqs_off_caller+0x6e/0x210 [ 83.346623] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 83.351463] invalid_op+0x14/0x20 [ 83.354908] RIP: 0010:ieee80211_bss_info_change_notify+0x886/0x980 [ 83.361206] Code: 00 00 48 8b ab 28 05 00 00 48 85 ed 74 53 e8 91 75 26 fa e8 8c 75 26 fa 44 89 fa 48 89 ee 48 c7 c7 e0 51 cd 88 e8 b0 21 f7 f9 <0f> 0b e9 b7 f8 ff ff e8 6e 75 26 fa 0f 0b e9 ce fa ff ff e8 62 75 [ 83.380115] RSP: 0018:ffff8880a0d07608 EFLAGS: 00010286 [ 83.385475] RAX: 0000000000000000 RBX: ffff888087c1db00 RCX: 0000000000000000 [ 83.392753] RDX: 0000000000000000 RSI: ffffffff815b623f RDI: ffffed10141a0eb3 [ 83.400525] RBP: ffff888087c1d040 R08: 0000000000000001 R09: 0000000000000000 [ 83.407772] R10: 0000000000000005 R11: 0000000000000000 R12: 0000000002000000 [ 83.415036] R13: ffff888087c1ea90 R14: 0000000000000000 R15: 0000000000000004 [ 83.422325] ? vprintk_func+0x7f/0x224 [ 83.426202] ? ieee80211_bss_info_change_notify+0x886/0x980 [ 83.431900] ieee80211_set_mcast_rate+0x37/0x40 [ 83.436570] ? ieee80211_set_wds_peer+0x30/0x30 [ 83.441234] nl80211_set_mcast_rate+0x355/0x970 [ 83.445893] ? nl80211_abort_scan+0x790/0x790 [ 83.450384] ? nl80211_pre_doit+0xa2/0x660 [ 83.454687] ? nl80211_vendor_cmd_dump+0x15e0/0x15e0 [ 83.459783] genl_family_rcv_msg+0x6bf/0xd50 [ 83.464192] ? genl_family_attrbuf+0x120/0x120 [ 83.468756] ? genl_rcv_msg+0x15d/0x1b0 [ 83.472727] ? ww_mutex_unlock+0x2f0/0x2f0 [ 83.477105] ? __lock_acquire+0x6ec/0x3ff0 [ 83.481324] ? __radix_tree_lookup+0x251/0x3f0 [ 83.486281] genl_rcv_msg+0xdf/0x1b0 [ 83.489990] netlink_rcv_skb+0x160/0x440 [ 83.494035] ? genl_family_rcv_msg+0xd50/0xd50 [ 83.498600] ? netlink_ack+0xae0/0xae0 [ 83.502476] ? genl_rcv+0x15/0x40 [ 83.506080] genl_rcv+0x24/0x40 [ 83.509356] netlink_unicast+0x4d5/0x690 [ 83.513402] ? netlink_sendskb+0x110/0x110 [ 83.517623] netlink_sendmsg+0x717/0xcc0 [ 83.521669] ? nlmsg_notify+0x1a0/0x1a0 [ 83.525638] ? __sock_recv_ts_and_drops+0x540/0x540 [ 83.530639] ? nlmsg_notify+0x1a0/0x1a0 [ 83.534596] sock_sendmsg+0xc7/0x130 [ 83.538323] ___sys_sendmsg+0x7bb/0x8f0 [ 83.542478] ? copy_msghdr_from_user+0x440/0x440 [ 83.547227] ? selinux_file_alloc_security+0xe4/0x1c0 [ 83.552412] ? rcu_read_lock_sched_held+0x174/0x1e0 [ 83.557412] ? sock_ioctl+0x30e/0x5f0 [ 83.561198] ? routing_ioctl+0x570/0x570 [ 83.565244] ? mark_held_locks+0xf0/0xf0 [ 83.569300] ? percpu_counter_add_batch+0x126/0x180 [ 83.574309] ? routing_ioctl+0x570/0x570 [ 83.578351] ? do_vfs_ioctl+0x110/0x12e0 [ 83.582397] ? selinux_file_ioctl+0x44f/0x5e0 [ 83.586876] ? ioctl_preallocate+0x200/0x200 [ 83.591285] ? __fget_light+0x1a2/0x230 [ 83.595253] __x64_sys_sendmsg+0x132/0x220 [ 83.599756] ? __sys_sendmsg+0x1b0/0x1b0 [ 83.603806] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 83.609151] ? trace_hardirqs_off_caller+0x6e/0x210 [ 83.614154] ? do_syscall_64+0x21/0x670 [ 83.618110] do_syscall_64+0xf9/0x670 [ 83.621907] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 83.627077] RIP: 0033:0x442039 [ 83.630261] Code: e8 ac 00 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 83.649154] RSP: 002b:00007fffbe59dd48 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 83.656853] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000442039 [ 83.664107] RDX: 0000000000000000 RSI: 0000000020000400 RDI: 0000000000000004 [ 83.671363] RBP: 0000000000000000 R08: 0000001d00000000 R09: 0000001d00000000 [ 83.678618] R10: 0000001d00000000 R11: 0000000000000246 R12: 0000000000000032 [ 83.685870] R13: 0000000000000000 R14: 000000000000000c R15: 0000000000000004 [ 83.694785] Kernel Offset: disabled [ 83.698473] Rebooting in 86400 seconds..