[ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Warning: Permanently added '10.128.0.78' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program [ 75.632411][ T35] audit: type=1400 audit(1612771496.168:8): avc: denied { execmem } for pid=8455 comm="syz-executor100" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 executing program executing program [ 75.789098][ T8472] ================================================================== [ 75.798176][ T8472] BUG: KASAN: double-free or invalid-free in ieee80211_ibss_leave+0x83/0xe0 [ 75.807181][ T8472] [ 75.809544][ T8472] CPU: 0 PID: 8472 Comm: syz-executor100 Not tainted 5.11.0-rc6-syzkaller #0 [ 75.818385][ T8472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 75.828485][ T8472] Call Trace: [ 75.831781][ T8472] dump_stack+0x107/0x163 [ 75.836116][ T8472] ? ieee80211_ibss_leave+0x83/0xe0 [ 75.841319][ T8472] print_address_description.constprop.0.cold+0x5b/0x2c6 [ 75.851172][ T8472] ? ieee80211_ibss_leave+0x83/0xe0 [ 75.857118][ T8472] ? ieee80211_ibss_leave+0x83/0xe0 [ 75.864078][ T8472] kasan_report_invalid_free+0x51/0x80 [ 75.869845][ T8472] ? ieee80211_ibss_leave+0x83/0xe0 [ 75.875970][ T8472] ____kasan_slab_free+0xcc/0xe0 [ 75.881812][ T8472] kfree+0xed/0x270 [ 75.886254][ T8472] ieee80211_ibss_leave+0x83/0xe0 [ 75.891597][ T8472] __cfg80211_leave_ibss+0x19a/0x4c0 [ 75.897904][ T8472] __cfg80211_leave+0x327/0x430 [ 75.903238][ T8472] cfg80211_netdev_notifier_call+0x9e8/0x12c0 [ 75.909889][ T8472] ? cfg80211_register_wdev+0x220/0x220 [ 75.916726][ T8472] ? mark_lock+0xf7/0x1720 [ 75.921256][ T8472] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 75.927587][ T8472] ? lock_chain_count+0x20/0x20 [ 75.932962][ T8472] ? find_held_lock+0x2d/0x110 [ 75.938003][ T8472] ? __sanitizer_cov_trace_switch+0x63/0xf0 [ 75.944164][ T8472] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 75.950600][ T8472] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 75.956969][ T8472] ? ipmr_device_event+0x1ab/0x220 [ 75.963526][ T8472] ? __sanitizer_cov_trace_switch+0x63/0xf0 [ 75.970908][ T8472] notifier_call_chain+0xb5/0x200 [ 75.977033][ T8472] call_netdevice_notifiers_info+0xb5/0x130 [ 75.983082][ T8472] __dev_close_many+0xee/0x2e0 [ 75.988146][ T8472] ? __netdev_walk_all_lower_dev.constprop.0.isra.0+0x530/0x530 [ 75.996277][ T8472] ? __local_bh_enable_ip+0xa0/0x110 [ 76.001607][ T8472] __dev_change_flags+0x2cb/0x730 [ 76.007274][ T8472] ? dev_set_allmulti+0x30/0x30 [ 76.013710][ T8472] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 76.020681][ T8472] ? full_name_hash+0xb5/0xf0 [ 76.025583][ T8472] dev_change_flags+0x8a/0x160 [ 76.030456][ T8472] dev_ifsioc+0x210/0xa70 [ 76.035689][ T8472] ? register_gifconf+0x90/0x90 [ 76.040567][ T8472] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 76.046814][ T8472] ? netdev_name_node_lookup_rcu+0x108/0x150 [ 76.052944][ T8472] dev_ioctl+0x1b1/0xc40 [ 76.057304][ T8472] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 76.063763][ T8472] sock_do_ioctl+0x148/0x2d0 [ 76.068388][ T8472] ? compat_ifr_data_ioctl+0x150/0x150 [ 76.073965][ T8472] ? __sanitizer_cov_trace_switch+0x63/0xf0 [ 76.079999][ T8472] ? generic_block_fiemap+0x60/0x60 [ 76.085201][ T8472] ? selinux_inode_getsecctx+0x90/0x90 [ 76.090684][ T8472] sock_ioctl+0x477/0x6a0 [ 76.095016][ T8472] ? vlan_ioctl_set+0x30/0x30 [ 76.099694][ T8472] ? __fget_files+0x288/0x3d0 [ 76.104369][ T8472] ? security_file_ioctl+0x5c/0xb0 [ 76.109492][ T8472] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 76.115826][ T8472] ? vlan_ioctl_set+0x30/0x30 [ 76.120528][ T8472] __x64_sys_ioctl+0x193/0x200 [ 76.125440][ T8472] do_syscall_64+0x2d/0x70 [ 76.129877][ T8472] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 76.135865][ T8472] RIP: 0033:0x446c99 [ 76.139860][ T8472] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 76.159595][ T8472] RSP: 002b:00007fa8353b02f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 76.168051][ T8472] RAX: ffffffffffffffda RBX: 00000000004cb440 RCX: 0000000000446c99 [ 76.176056][ T8472] RDX: 00000000200008c0 RSI: 0000000000008914 RDI: 0000000000000005 [ 76.184189][ T8472] RBP: 00000000004cb44c R08: 0000000000000000 R09: 0000000000000000 [ 76.192165][ T8472] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000049b07c [ 76.200219][ T8472] R13: 0031313230386c6e R14: 0ba62cdd87f75d44 R15: 00000000004cb448 [ 76.208207][ T8472] [ 76.210653][ T8472] Allocated by task 8465: [ 76.214985][ T8472] kasan_save_stack+0x1b/0x40 [ 76.219682][ T8472] ____kasan_kmalloc.constprop.0+0x7f/0xa0 [ 76.225816][ T8472] __kmalloc_track_caller+0x20a/0x440 [ 76.231314][ T8472] kmemdup+0x23/0x50 [ 76.235262][ T8472] ieee80211_ibss_join+0x8cf/0xfe0 [ 76.240385][ T8472] __cfg80211_join_ibss+0x807/0x1200 [ 76.245676][ T8472] nl80211_join_ibss+0xcbb/0x12b0 [ 76.250740][ T8472] genl_family_rcv_msg_doit+0x228/0x320 [ 76.256285][ T8472] genl_rcv_msg+0x328/0x580 [ 76.260824][ T8472] netlink_rcv_skb+0x153/0x420 [ 76.265582][ T8472] genl_rcv+0x24/0x40 [ 76.269571][ T8472] netlink_unicast+0x533/0x7d0 [ 76.274452][ T8472] netlink_sendmsg+0x856/0xd90 [ 76.279335][ T8472] sock_sendmsg+0xcf/0x120 [ 76.285330][ T8472] ____sys_sendmsg+0x6e8/0x810 [ 76.290091][ T8472] ___sys_sendmsg+0xf3/0x170 [ 76.294683][ T8472] __sys_sendmsg+0xe5/0x1b0 [ 76.299181][ T8472] do_syscall_64+0x2d/0x70 [ 76.303590][ T8472] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 76.309491][ T8472] [ 76.311812][ T8472] Freed by task 8473: [ 76.315792][ T8472] kasan_save_stack+0x1b/0x40 [ 76.320740][ T8472] kasan_set_track+0x1c/0x30 [ 76.325342][ T8472] kasan_set_free_info+0x20/0x30 [ 76.330276][ T8472] ____kasan_slab_free+0xb0/0xe0 [ 76.335643][ T8472] kfree+0xed/0x270 [ 76.339470][ T8472] ieee80211_ibss_leave+0x83/0xe0 [ 76.344510][ T8472] __cfg80211_leave_ibss+0x19a/0x4c0 [ 76.349798][ T8472] __cfg80211_leave+0x327/0x430 [ 76.354648][ T8472] cfg80211_netdev_notifier_call+0x9e8/0x12c0 [ 76.360810][ T8472] notifier_call_chain+0xb5/0x200 [ 76.365986][ T8472] call_netdevice_notifiers_info+0xb5/0x130 [ 76.371879][ T8472] __dev_close_many+0xee/0x2e0 [ 76.376659][ T8472] __dev_change_flags+0x2cb/0x730 [ 76.381691][ T8472] dev_change_flags+0x8a/0x160 [ 76.386449][ T8472] dev_ifsioc+0x210/0xa70 [ 76.390894][ T8472] dev_ioctl+0x1b1/0xc40 [ 76.395151][ T8472] sock_do_ioctl+0x148/0x2d0 [ 76.399777][ T8472] sock_ioctl+0x477/0x6a0 [ 76.404114][ T8472] __x64_sys_ioctl+0x193/0x200 [ 76.408873][ T8472] do_syscall_64+0x2d/0x70 [ 76.413329][ T8472] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 76.419246][ T8472] [ 76.421562][ T8472] Last potentially related work creation: [ 76.427269][ T8472] kasan_save_stack+0x1b/0x40 [ 76.431943][ T8472] kasan_record_aux_stack+0x87/0xb0 [ 76.437260][ T8472] insert_work+0x48/0x370 [ 76.441634][ T8472] __queue_work+0x5c1/0xf00 [ 76.446168][ T8472] queue_work_on+0xc7/0xd0 [ 76.450615][ T8472] call_usermodehelper_exec+0x1f0/0x4c0 [ 76.456161][ T8472] kobject_uevent_env+0xf9f/0x1680 [ 76.461437][ T8472] kobject_synth_uevent+0x701/0x850 [ 76.466648][ T8472] uevent_store+0x20/0x50 [ 76.471009][ T8472] dev_attr_store+0x50/0x80 [ 76.475614][ T8472] sysfs_kf_write+0x110/0x160 [ 76.480356][ T8472] kernfs_fop_write_iter+0x342/0x500 [ 76.485640][ T8472] new_sync_write+0x426/0x650 [ 76.490334][ T8472] vfs_write+0x791/0xa30 [ 76.494578][ T8472] ksys_write+0x12d/0x250 [ 76.498929][ T8472] do_syscall_64+0x2d/0x70 [ 76.503471][ T8472] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 76.509376][ T8472] [ 76.511692][ T8472] Second to last potentially related work creation: [ 76.518261][ T8472] kasan_save_stack+0x1b/0x40 [ 76.522936][ T8472] kasan_record_aux_stack+0x87/0xb0 [ 76.528131][ T8472] insert_work+0x48/0x370 [ 76.532464][ T8472] __queue_work+0x5c1/0xf00 [ 76.537005][ T8472] queue_work_on+0xc7/0xd0 [ 76.541422][ T8472] call_usermodehelper_exec+0x1f0/0x4c0 [ 76.547073][ T8472] kobject_uevent_env+0xf9f/0x1680 [ 76.552195][ T8472] kobject_synth_uevent+0x701/0x850 [ 76.557391][ T8472] uevent_store+0x20/0x50 [ 76.561734][ T8472] dev_attr_store+0x50/0x80 [ 76.566256][ T8472] sysfs_kf_write+0x110/0x160 [ 76.570946][ T8472] kernfs_fop_write_iter+0x342/0x500 [ 76.576229][ T8472] new_sync_write+0x426/0x650 [ 76.580903][ T8472] vfs_write+0x791/0xa30 [ 76.585141][ T8472] ksys_write+0x12d/0x250 [ 76.589487][ T8472] do_syscall_64+0x2d/0x70 [ 76.593900][ T8472] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 76.599793][ T8472] [ 76.602107][ T8472] The buggy address belongs to the object at ffff88801c155f00 [ 76.602107][ T8472] which belongs to the cache kmalloc-192 of size 192 [ 76.616276][ T8472] The buggy address is located 0 bytes inside of [ 76.616276][ T8472] 192-byte region [ffff88801c155f00, ffff88801c155fc0) [ 76.629383][ T8472] The buggy address belongs to the page: [ 76.635026][ T8472] page:000000001221e238 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88801c155900 pfn:0x1c155 [ 76.646533][ T8472] flags: 0xfff00000000200(slab) [ 76.651434][ T8472] raw: 00fff00000000200 ffffea0000928b48 ffffea00006de508 ffff888010c40000 [ 76.660025][ T8472] raw: ffff88801c155900 ffff88801c155000 000000010000000d 0000000000000000 [ 76.668593][ T8472] page dumped because: kasan: bad access detected [ 76.674990][ T8472] [ 76.677303][ T8472] Memory state around the buggy address: [ 76.682959][ T8472] ffff88801c155e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 76.691071][ T8472] ffff88801c155e80: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.699169][ T8472] >ffff88801c155f00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 76.707236][ T8472] ^ [ 76.711404][ T8472] ffff88801c155f80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 76.719490][ T8472] ffff88801c156000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.727568][ T8472] ================================================================== [ 76.735722][ T8472] Disabling lock debugging due to kernel taint [ 76.741883][ T8472] Kernel panic - not syncing: panic_on_warn set ... [ 76.748452][ T8472] CPU: 0 PID: 8472 Comm: syz-executor100 Tainted: G B 5.11.0-rc6-syzkaller #0 [ 76.758731][ T8472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.768834][ T8472] Call Trace: [ 76.772287][ T8472] dump_stack+0x107/0x163 [ 76.776620][ T8472] ? ieee80211_ibss_leave+0x40/0xe0 [ 76.781851][ T8472] panic+0x306/0x73d [ 76.785740][ T8472] ? __warn_printk+0xf3/0xf3 [ 76.790372][ T8472] ? ieee80211_ibss_leave+0x83/0xe0 [ 76.795564][ T8472] ? ieee80211_ibss_leave+0x83/0xe0 [ 76.800752][ T8472] ? ieee80211_ibss_leave+0x83/0xe0 [ 76.805956][ T8472] end_report+0x58/0x5e [ 76.810135][ T8472] kasan_report_invalid_free+0x6d/0x80 [ 76.815585][ T8472] ? ieee80211_ibss_leave+0x83/0xe0 [ 76.820779][ T8472] ____kasan_slab_free+0xcc/0xe0 [ 76.825933][ T8472] kfree+0xed/0x270 [ 76.829739][ T8472] ieee80211_ibss_leave+0x83/0xe0 [ 76.834754][ T8472] __cfg80211_leave_ibss+0x19a/0x4c0 [ 76.840036][ T8472] __cfg80211_leave+0x327/0x430 [ 76.844892][ T8472] cfg80211_netdev_notifier_call+0x9e8/0x12c0 [ 76.850950][ T8472] ? cfg80211_register_wdev+0x220/0x220 [ 76.856486][ T8472] ? mark_lock+0xf7/0x1720 [ 76.862068][ T8472] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 76.869748][ T8472] ? lock_chain_count+0x20/0x20 [ 76.874789][ T8472] ? find_held_lock+0x2d/0x110 [ 76.879547][ T8472] ? __sanitizer_cov_trace_switch+0x63/0xf0 [ 76.885448][ T8472] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 76.891712][ T8472] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 76.897954][ T8472] ? ipmr_device_event+0x1ab/0x220 [ 76.903057][ T8472] ? __sanitizer_cov_trace_switch+0x63/0xf0 [ 76.908947][ T8472] notifier_call_chain+0xb5/0x200 [ 76.913988][ T8472] call_netdevice_notifiers_info+0xb5/0x130 [ 76.919904][ T8472] __dev_close_many+0xee/0x2e0 [ 76.924756][ T8472] ? __netdev_walk_all_lower_dev.constprop.0.isra.0+0x530/0x530 [ 76.932388][ T8472] ? __local_bh_enable_ip+0xa0/0x110 [ 76.937686][ T8472] __dev_change_flags+0x2cb/0x730 [ 76.942703][ T8472] ? dev_set_allmulti+0x30/0x30 [ 76.947558][ T8472] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 76.953806][ T8472] ? full_name_hash+0xb5/0xf0 [ 76.958475][ T8472] dev_change_flags+0x8a/0x160 [ 76.963237][ T8472] dev_ifsioc+0x210/0xa70 [ 76.967574][ T8472] ? register_gifconf+0x90/0x90 [ 76.972413][ T8472] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 76.978748][ T8472] ? netdev_name_node_lookup_rcu+0x108/0x150 [ 76.984728][ T8472] dev_ioctl+0x1b1/0xc40 [ 76.988959][ T8472] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 76.995195][ T8472] sock_do_ioctl+0x148/0x2d0 [ 76.999797][ T8472] ? compat_ifr_data_ioctl+0x150/0x150 [ 77.005243][ T8472] ? __sanitizer_cov_trace_switch+0x63/0xf0 [ 77.011153][ T8472] ? generic_block_fiemap+0x60/0x60 [ 77.016357][ T8472] ? selinux_inode_getsecctx+0x90/0x90 [ 77.021802][ T8472] sock_ioctl+0x477/0x6a0 [ 77.026120][ T8472] ? vlan_ioctl_set+0x30/0x30 [ 77.030783][ T8472] ? __fget_files+0x288/0x3d0 [ 77.035450][ T8472] ? security_file_ioctl+0x5c/0xb0 [ 77.040551][ T8472] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 77.046782][ T8472] ? vlan_ioctl_set+0x30/0x30 [ 77.051464][ T8472] __x64_sys_ioctl+0x193/0x200 [ 77.056320][ T8472] do_syscall_64+0x2d/0x70 [ 77.060753][ T8472] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 77.066652][ T8472] RIP: 0033:0x446c99 [ 77.070550][ T8472] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 77.090160][ T8472] RSP: 002b:00007fa8353b02f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 77.098576][ T8472] RAX: ffffffffffffffda RBX: 00000000004cb440 RCX: 0000000000446c99 [ 77.106541][ T8472] RDX: 00000000200008c0 RSI: 0000000000008914 RDI: 0000000000000005 [ 77.114534][ T8472] RBP: 00000000004cb44c R08: 0000000000000000 R09: 0000000000000000 [ 77.122507][ T8472] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000049b07c [ 77.130574][ T8472] R13: 0031313230386c6e R14: 0ba62cdd87f75d44 R15: 00000000004cb448 [ 77.139302][ T8472] Kernel Offset: disabled [ 77.143629][ T8472] Rebooting in 86400 seconds..