[ OK ] Started Getty on tty3. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty2. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.58' (ECDSA) to the list of known hosts. syzkaller login: [ 71.437093][ T6867] IPVS: ftp: loaded support on port[0] = 21 [ 71.539741][ T7] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.548350][ T7] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.579194][ T317] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 executing program [ 71.588656][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 71.598303][ T317] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.609658][ T6845] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 71.627115][ T6867] ================================================================================ [ 71.639275][ T6867] UBSAN: array-index-out-of-bounds in net/mac80211/cfg.c:524:9 [ 71.650293][ T6867] index 255 is out of range for type 'ieee80211_key *[8]' [ 71.658370][ T6867] CPU: 0 PID: 6867 Comm: syz-executor186 Not tainted 5.9.0-rc6-syzkaller #0 [ 71.667144][ T6867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 71.677186][ T6867] Call Trace: [ 71.680463][ T6867] dump_stack+0x198/0x1fd [ 71.684774][ T6867] ubsan_epilogue+0xb/0x5a [ 71.689172][ T6867] __ubsan_handle_out_of_bounds.cold+0x62/0x6c [ 71.695349][ T6867] ? lock_is_held_type+0xbb/0xf0 [ 71.700281][ T6867] ieee80211_del_key+0x428/0x440 [ 71.705203][ T6867] nl80211_del_key+0x493/0x980 [ 71.709964][ T6867] ? cfg80211_tdls_oper_request+0x7f0/0x7f0 [ 71.715859][ T6867] ? nl80211_pre_doit+0xa2/0x630 [ 71.720799][ T6867] genl_family_rcv_msg_doit+0x228/0x320 [ 71.726337][ T6867] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 71.733701][ T6867] ? ns_capable+0xde/0x100 [ 71.738097][ T6867] genl_rcv_msg+0x328/0x580 [ 71.742591][ T6867] ? genl_get_cmd+0x480/0x480 [ 71.747245][ T6867] ? lock_acquire+0x1f3/0xaf0 [ 71.751901][ T6867] ? cfg80211_tdls_oper_request+0x7f0/0x7f0 [ 71.757782][ T6867] ? lock_release+0x8f0/0x8f0 [ 71.762441][ T6867] netlink_rcv_skb+0x15a/0x430 [ 71.767182][ T6867] ? genl_get_cmd+0x480/0x480 [ 71.771836][ T6867] ? netlink_ack+0xa10/0xa10 [ 71.776409][ T6867] ? __kmalloc_node_track_caller+0x38/0x60 [ 71.782198][ T6867] genl_rcv+0x24/0x40 [ 71.786157][ T6867] netlink_unicast+0x533/0x7d0 [ 71.790946][ T6867] ? netlink_attachskb+0x810/0x810 [ 71.796052][ T6867] ? __phys_addr_symbol+0x2c/0x70 [ 71.801082][ T6867] ? __check_object_size+0x171/0x3e4 [ 71.806367][ T6867] netlink_sendmsg+0x856/0xd90 [ 71.812094][ T6867] ? netlink_unicast+0x7d0/0x7d0 [ 71.817066][ T6867] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 71.822335][ T6867] ? netlink_unicast+0x7d0/0x7d0 [ 71.827254][ T6867] sock_sendmsg+0xcf/0x120 [ 71.831654][ T6867] ____sys_sendmsg+0x6e8/0x810 [ 71.836408][ T6867] ? kernel_sendmsg+0x50/0x50 [ 71.841062][ T6867] ? do_recvmmsg+0x6d0/0x6d0 [ 71.846161][ T6867] ? lock_is_held_type+0xbb/0xf0 [ 71.851078][ T6867] ? find_held_lock+0x2d/0x110 [ 71.855820][ T6867] ? __might_fault+0x11f/0x1d0 [ 71.861260][ T6867] ___sys_sendmsg+0xf3/0x170 [ 71.865827][ T6867] ? sendmsg_copy_msghdr+0x160/0x160 [ 71.871095][ T6867] ? __might_fault+0x190/0x1d0 [ 71.875836][ T6867] ? _copy_to_user+0x126/0x160 [ 71.880591][ T6867] ? sock_do_ioctl+0x168/0x2d0 [ 71.885341][ T6867] ? compat_ifr_data_ioctl+0x150/0x150 [ 71.890779][ T6867] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 71.896661][ T6867] ? __fget_light+0x215/0x280 [ 71.901318][ T6867] __sys_sendmsg+0xe5/0x1b0 [ 71.905798][ T6867] ? __sys_sendmsg_sock+0xb0/0xb0 [ 71.910807][ T6867] ? check_preemption_disabled+0x50/0x130 [ 71.916502][ T6867] ? syscall_enter_from_user_mode+0x1d/0x60 [ 71.922374][ T6867] do_syscall_64+0x2d/0x70 [ 71.926769][ T6867] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 71.932636][ T6867] RIP: 0033:0x441769 [ 71.936511][ T6867] Code: e8 dc 05 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 0d fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 71.956095][ T6867] RSP: 002b:00007fff53527588 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 71.965192][ T6867] RAX: ffffffffffffffda RBX: 00007fff535275b0 RCX: 0000000000441769 [ 71.973230][ T6867] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000003 [ 71.981212][ T6867] RBP: 0000000000000003 R08: 0000002000000000 R09: 0000002000000000 [ 71.989174][ T6867] R10: 0000002000000000 R11: 0000000000000246 R12: 0000000000000032 [ 71.997123][ T6867] R13: 0000000000000000 R14: 000000000000000c R15: 0000000000000004 [ 72.007674][ T6867] ================================================================================ [ 72.017086][ T6867] Kernel panic - not syncing: panic_on_warn set ... [ 72.023680][ T6867] CPU: 0 PID: 6867 Comm: syz-executor186 Not tainted 5.9.0-rc6-syzkaller #0 [ 72.032337][ T6867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.045147][ T6867] Call Trace: [ 72.048417][ T6867] dump_stack+0x198/0x1fd [ 72.052731][ T6867] panic+0x382/0x7fb [ 72.056610][ T6867] ? __warn_printk+0xf3/0xf3 [ 72.061187][ T6867] ? mark_lock+0x82/0x1660 [ 72.065588][ T6867] ? ubsan_epilogue+0x3e/0x5a [ 72.070254][ T6867] ? ubsan_epilogue+0x35/0x5a [ 72.074918][ T6867] ubsan_epilogue+0x54/0x5a [ 72.079409][ T6867] __ubsan_handle_out_of_bounds.cold+0x62/0x6c [ 72.085539][ T6867] ? lock_is_held_type+0xbb/0xf0 [ 72.090458][ T6867] ieee80211_del_key+0x428/0x440 [ 72.095376][ T6867] nl80211_del_key+0x493/0x980 [ 72.100122][ T6867] ? cfg80211_tdls_oper_request+0x7f0/0x7f0 [ 72.105996][ T6867] ? nl80211_pre_doit+0xa2/0x630 [ 72.110916][ T6867] genl_family_rcv_msg_doit+0x228/0x320 [ 72.116449][ T6867] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 72.123806][ T6867] ? ns_capable+0xde/0x100 [ 72.129072][ T6867] genl_rcv_msg+0x328/0x580 [ 72.133565][ T6867] ? genl_get_cmd+0x480/0x480 [ 72.138244][ T6867] ? lock_acquire+0x1f3/0xaf0 [ 72.142899][ T6867] ? cfg80211_tdls_oper_request+0x7f0/0x7f0 [ 72.148769][ T6867] ? lock_release+0x8f0/0x8f0 [ 72.154123][ T6867] netlink_rcv_skb+0x15a/0x430 [ 72.158862][ T6867] ? genl_get_cmd+0x480/0x480 [ 72.163528][ T6867] ? netlink_ack+0xa10/0xa10 [ 72.168099][ T6867] ? __kmalloc_node_track_caller+0x38/0x60 [ 72.173884][ T6867] genl_rcv+0x24/0x40 [ 72.177842][ T6867] netlink_unicast+0x533/0x7d0 [ 72.182598][ T6867] ? netlink_attachskb+0x810/0x810 [ 72.187685][ T6867] ? __phys_addr_symbol+0x2c/0x70 [ 72.192685][ T6867] ? __check_object_size+0x171/0x3e4 [ 72.197948][ T6867] netlink_sendmsg+0x856/0xd90 [ 72.202709][ T6867] ? netlink_unicast+0x7d0/0x7d0 [ 72.207635][ T6867] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 72.212921][ T6867] ? netlink_unicast+0x7d0/0x7d0 [ 72.217834][ T6867] sock_sendmsg+0xcf/0x120 [ 72.222244][ T6867] ____sys_sendmsg+0x6e8/0x810 [ 72.226984][ T6867] ? kernel_sendmsg+0x50/0x50 [ 72.231647][ T6867] ? do_recvmmsg+0x6d0/0x6d0 [ 72.236217][ T6867] ? lock_is_held_type+0xbb/0xf0 [ 72.241133][ T6867] ? find_held_lock+0x2d/0x110 [ 72.245879][ T6867] ? __might_fault+0x11f/0x1d0 [ 72.250627][ T6867] ___sys_sendmsg+0xf3/0x170 [ 72.255235][ T6867] ? sendmsg_copy_msghdr+0x160/0x160 [ 72.260547][ T6867] ? __might_fault+0x190/0x1d0 [ 72.265289][ T6867] ? _copy_to_user+0x126/0x160 [ 72.270030][ T6867] ? sock_do_ioctl+0x168/0x2d0 [ 72.274768][ T6867] ? compat_ifr_data_ioctl+0x150/0x150 [ 72.280253][ T6867] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 72.286211][ T6867] ? __fget_light+0x215/0x280 [ 72.290875][ T6867] __sys_sendmsg+0xe5/0x1b0 [ 72.295357][ T6867] ? __sys_sendmsg_sock+0xb0/0xb0 [ 72.300367][ T6867] ? check_preemption_disabled+0x50/0x130 [ 72.306076][ T6867] ? syscall_enter_from_user_mode+0x1d/0x60 [ 72.311965][ T6867] do_syscall_64+0x2d/0x70 [ 72.316372][ T6867] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 72.322265][ T6867] RIP: 0033:0x441769 [ 72.326139][ T6867] Code: e8 dc 05 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 0d fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 72.345726][ T6867] RSP: 002b:00007fff53527588 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 72.354202][ T6867] RAX: ffffffffffffffda RBX: 00007fff535275b0 RCX: 0000000000441769 [ 72.362164][ T6867] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000003 [ 72.370114][ T6867] RBP: 0000000000000003 R08: 0000002000000000 R09: 0000002000000000 [ 72.378073][ T6867] R10: 0000002000000000 R11: 0000000000000246 R12: 0000000000000032 [ 72.386019][ T6867] R13: 0000000000000000 R14: 000000000000000c R15: 0000000000000004 [ 72.395391][ T6867] Kernel Offset: disabled [ 72.399767][ T6867] Rebooting in 86400 seconds..