[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.2' (ECDSA) to the list of known hosts. 2020/09/04 19:49:45 parsed 1 programs 2020/09/04 19:49:46 executed programs: 0 syzkaller login: [ 150.445440] audit: type=1400 audit(1599248986.116:8): avc: denied { execmem } for pid=6482 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 151.590909] IPVS: ftp: loaded support on port[0] = 21 [ 151.701553] chnl_net:caif_netlink_parms(): no params data found [ 151.785758] bridge0: port 1(bridge_slave_0) entered blocking state [ 151.792244] bridge0: port 1(bridge_slave_0) entered disabled state [ 151.800247] device bridge_slave_0 entered promiscuous mode [ 151.807640] bridge0: port 2(bridge_slave_1) entered blocking state [ 151.815077] bridge0: port 2(bridge_slave_1) entered disabled state [ 151.822257] device bridge_slave_1 entered promiscuous mode [ 151.839647] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 151.848362] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 151.867140] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 151.875349] team0: Port device team_slave_0 added [ 151.881729] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 151.889154] team0: Port device team_slave_1 added [ 151.903791] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 151.910075] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 151.935504] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 151.947151] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 151.953588] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 151.978962] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 151.989708] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 151.997091] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 152.016912] device hsr_slave_0 entered promiscuous mode [ 152.022783] device hsr_slave_1 entered promiscuous mode [ 152.029175] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 152.036289] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 152.102746] bridge0: port 2(bridge_slave_1) entered blocking state [ 152.109183] bridge0: port 2(bridge_slave_1) entered forwarding state [ 152.115937] bridge0: port 1(bridge_slave_0) entered blocking state [ 152.122327] bridge0: port 1(bridge_slave_0) entered forwarding state [ 152.155153] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 152.162378] 8021q: adding VLAN 0 to HW filter on device bond0 [ 152.172019] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 152.181385] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 152.191221] bridge0: port 1(bridge_slave_0) entered disabled state [ 152.198192] bridge0: port 2(bridge_slave_1) entered disabled state [ 152.206431] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 152.217426] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 152.223832] 8021q: adding VLAN 0 to HW filter on device team0 [ 152.233252] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 152.240989] bridge0: port 1(bridge_slave_0) entered blocking state [ 152.247344] bridge0: port 1(bridge_slave_0) entered forwarding state [ 152.268613] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 152.278597] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 152.290894] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 152.297676] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 152.305715] bridge0: port 2(bridge_slave_1) entered blocking state [ 152.312149] bridge0: port 2(bridge_slave_1) entered forwarding state [ 152.320226] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 152.327833] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 152.335561] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 152.343416] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 152.351178] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 152.358097] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 152.370256] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 152.379570] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 152.386308] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 152.396275] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 152.409794] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 152.419849] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 152.455311] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 152.463004] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 152.470694] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 152.480352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 152.488023] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 152.495261] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 152.503896] device veth0_vlan entered promiscuous mode [ 152.514244] device veth1_vlan entered promiscuous mode [ 152.520466] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 152.529055] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 152.540671] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 152.551075] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 152.558298] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 152.566297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 152.576615] device veth0_macvtap entered promiscuous mode [ 152.583245] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 152.592284] device veth1_macvtap entered promiscuous mode [ 152.602711] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 152.612111] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 152.623012] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 152.630524] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 152.638682] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 152.648720] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 152.656228] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 153.620149] Bluetooth: hci0: command 0x0409 tx timeout 2020/09/04 19:49:51 executed programs: 130 [ 155.709042] Bluetooth: hci0: command 0x041b tx timeout [ 157.779403] Bluetooth: hci0: command 0x040f tx timeout [ 159.180114] kasan: CONFIG_KASAN_INLINE enabled [ 159.185047] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 159.195115] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 159.201363] CPU: 0 PID: 8014 Comm: syz-executor.0 Not tainted 4.19.143-syzkaller #0 [ 159.209144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 159.218485] RIP: 0010:tty_release+0xfb/0xf60 [ 159.222891] Code: 48 c1 ea 03 80 3c 02 00 0f 85 3a 0d 00 00 48 8b 04 24 48 8b 98 90 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <80> 3c 02 00 0f 85 d5 0c 00 00 48 8b 04 24 4c 8b 23 48 8d 78 20 48 [ 159.241795] RSP: 0018:ffff88808f6efdc0 EFLAGS: 00010246 [ 159.247150] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff83a585e7 [ 159.254397] RDX: 0000000000000000 RSI: ffffffff83a5a272 RDI: 0000000000000004 [ 159.261644] RBP: ffff88808df42b80 R08: 0000000000000000 R09: 0000000000000000 [ 159.268892] R10: 0000000000000004 R11: 0000000000000000 R12: ffff8880a4336b60 [ 159.276139] R13: ffff8880917f50a8 R14: ffffffff83a5a1b0 R15: ffff88809e577620 [ 159.283387] FS: 000000000258a940(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000 [ 159.291591] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 159.297448] CR2: 00007ffdd3b8e0f8 CR3: 0000000091101000 CR4: 00000000001406f0 [ 159.304697] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 159.311948] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 159.319193] Call Trace: [ 159.321767] ? ima_file_free+0xb6/0x460 [ 159.325720] ? do_tty_hangup+0x30/0x30 [ 159.329582] __fput+0x2ce/0x890 [ 159.332864] task_work_run+0x148/0x1c0 [ 159.336744] exit_to_usermode_loop+0x251/0x2a0 [ 159.341307] do_syscall_64+0x538/0x620 [ 159.345175] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 159.350342] RIP: 0033:0x416f01 [ 159.353514] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 159.372393] RSP: 002b:00007ffe74a29790 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 159.380090] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000416f01 [ 159.387351] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 0000000000000003 [ 159.394610] RBP: 0000000000000000 R08: 0000000001190370 R09: 0000000000000000 [ 159.401867] R10: 00007ffe74a29870 R11: 0000000000000293 R12: 0000000001190378 [ 159.409114] R13: 0000000000000000 R14: ffffffffffffffff R15: 000000000118cf4c [ 159.416384] Modules linked in: [ 159.420897] ---[ end trace 0ee7e514fdc9972d ]--- [ 159.425669] RIP: 0010:tty_release+0xfb/0xf60 [ 159.430300] Code: 48 c1 ea 03 80 3c 02 00 0f 85 3a 0d 00 00 48 8b 04 24 48 8b 98 90 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <80> 3c 02 00 0f 85 d5 0c 00 00 48 8b 04 24 4c 8b 23 48 8d 78 20 48 [ 159.449315] RSP: 0018:ffff88808f6efdc0 EFLAGS: 00010246 [ 159.454671] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff83a585e7 [ 159.461994] RDX: 0000000000000000 RSI: ffffffff83a5a272 RDI: 0000000000000004 [ 159.469322] RBP: ffff88808df42b80 R08: 0000000000000000 R09: 0000000000000000 [ 159.476595] R10: 0000000000000004 R11: 0000000000000000 R12: ffff8880a4336b60 [ 159.483909] R13: ffff8880917f50a8 R14: ffffffff83a5a1b0 R15: ffff88809e577620 [ 159.491225] FS: 000000000258a940(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000 [ 159.499476] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 159.505352] CR2: 00007fcb0403b0d8 CR3: 0000000091101000 CR4: 00000000001406f0 [ 159.512661] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 159.519970] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 159.527234] Kernel panic - not syncing: Fatal exception [ 159.533768] Kernel Offset: disabled [ 159.537384] Rebooting in 86400 seconds..