------------[ cut here ]------------ WARNING: CPU: 1 PID: 15824 at net/mac80211/rx.c:4592 ieee80211_rx_napi.cold+0x11/0x80 net/mac80211/rx.c:4592 Kernel panic - not syncing: panic_on_warn set ... CPU: 1 PID: 15824 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 panic+0x26a/0x50e kernel/panic.c:186 __warn.cold+0x20/0x5a kernel/panic.c:541 report_bug+0x262/0x2b0 lib/bug.c:183 fixup_bug arch/x86/kernel/traps.c:178 [inline] fixup_bug arch/x86/kernel/traps.c:173 [inline] do_error_trap+0x1d7/0x310 arch/x86/kernel/traps.c:296 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:1038 RIP: 0010:ieee80211_rx_napi.cold+0x11/0x80 net/mac80211/rx.c:4592 Code: ff e8 c4 15 4e f9 48 c7 c7 c0 c0 67 89 e8 23 47 df ff 0f 0b e9 02 0c 8c ff e8 ac 15 4e f9 48 c7 c7 c0 c0 67 89 e8 0b 47 df ff <0f> 0b e9 64 82 8c ff e8 94 15 4e f9 48 c7 c7 c0 c0 67 89 e8 f3 46 RSP: 0018:ffff8880ba107d00 EFLAGS: 00010282 RAX: 0000000000000024 RBX: ffff888054833608 RCX: 0000000000000000 RDX: 0000000000000100 RSI: ffffffff814dff01 RDI: ffffed1017420f92 RBP: 0000000000000000 R08: 0000000000000024 R09: 0000000000000000 R10: 0000000000000005 R11: 0000000000000000 R12: ffff888098405ac0 R13: ffff888054831cc0 R14: ffff888054831cc0 R15: ffff888098405ac0 ieee80211_rx include/net/mac80211.h:4109 [inline] ieee80211_tasklet_handler+0x101/0x160 net/mac80211/main.c:229 tasklet_action_common.constprop.0+0x265/0x360 kernel/softirq.c:522 __do_softirq+0x265/0x980 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x215/0x260 kernel/softirq.c:412 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894 RIP: 0010:orc_find arch/x86/kernel/unwind_orc.c:150 [inline] RIP: 0010:unwind_next_frame+0x2a6/0x1400 arch/x86/kernel/unwind_orc.c:422 Code: 24 20 8b 0c 95 bc 91 17 8c 8d 56 01 48 b8 00 00 00 00 00 fc ff df 48 8d 3c 95 bc 91 17 8c 49 89 f8 49 c1 e8 03 45 0f b6 04 00 <48> 89 f8 83 e0 07 83 c0 03 44 38 c0 7c 30 45 84 c0 74 2b 48 89 54 RSP: 0018:ffff888051db75a8 EFLAGS: 00000a02 ORIG_RAX: ffffffffffffff13 RAX: dffffc0000000000 RBX: 1ffff1100a3b6ebe RCX: 0000000000026384 RDX: 000000000000a78b RSI: 000000000000a78a RDI: ffffffff8c1a2fe8 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001 R10: ffff888051db7737 R11: 0000000000074071 R12: ffff888051db7720 R13: ffff888051db770d R14: ffff888051db76d8 R15: ffffffff81a78a5e __save_stack_trace+0x9f/0x190 arch/x86/kernel/stacktrace.c:44 save_stack mm/kasan/kasan.c:448 [inline] set_track mm/kasan/kasan.c:460 [inline] kasan_kmalloc+0xeb/0x160 mm/kasan/kasan.c:553 slab_post_alloc_hook mm/slab.h:445 [inline] slab_alloc mm/slab.c:3397 [inline] kmem_cache_alloc+0x110/0x370 mm/slab.c:3557 skb_clone+0x151/0x3d0 net/core/skbuff.c:1293 do_one_broadcast net/netlink/af_netlink.c:1450 [inline] netlink_broadcast_filtered+0x8e5/0xbc0 net/netlink/af_netlink.c:1525 netlink_broadcast+0x35/0x40 net/netlink/af_netlink.c:1549 uevent_net_broadcast_untagged lib/kobject_uevent.c:330 [inline] kobject_uevent_net_broadcast lib/kobject_uevent.c:407 [inline] kobject_uevent_env+0xa56/0x1480 lib/kobject_uevent.c:591 loop_set_fd drivers/block/loop.c:1005 [inline] lo_ioctl+0xff9/0x20e0 drivers/block/loop.c:1576 __blkdev_driver_ioctl block/ioctl.c:303 [inline] blkdev_ioctl+0x5cb/0x1a80 block/ioctl.c:601 block_ioctl+0xe9/0x130 fs/block_dev.c:1906 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7ff19a155367 Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 f4 57 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ff1986c7f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007ff19a155367 RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006 RBP: 0000000000000006 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 R13: 0000000020000248 R14: 0000000000000003 R15: 00007ff19a19fa20 Kernel Offset: disabled Rebooting in 86400 seconds.. ---------------- Code disassembly (best guess): 0: 24 20 and $0x20,%al 2: 8b 0c 95 bc 91 17 8c mov -0x73e86e44(,%rdx,4),%ecx 9: 8d 56 01 lea 0x1(%rsi),%edx c: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 13: fc ff df 16: 48 8d 3c 95 bc 91 17 lea -0x73e86e44(,%rdx,4),%rdi 1d: 8c 1e: 49 89 f8 mov %rdi,%r8 21: 49 c1 e8 03 shr $0x3,%r8 25: 45 0f b6 04 00 movzbl (%r8,%rax,1),%r8d * 2a: 48 89 f8 mov %rdi,%rax <-- trapping instruction 2d: 83 e0 07 and $0x7,%eax 30: 83 c0 03 add $0x3,%eax 33: 44 38 c0 cmp %r8b,%al 36: 7c 30 jl 0x68 38: 45 84 c0 test %r8b,%r8b 3b: 74 2b je 0x68 3d: 48 rex.W 3e: 89 .byte 0x89 3f: 54 push %rsp