[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.60' (ECDSA) to the list of known hosts. 2020/08/29 05:33:02 parsed 1 programs 2020/08/29 05:33:03 executed programs: 0 syzkaller login: [ 151.468471] audit: type=1400 audit(1598679183.269:8): avc: denied { execmem } for pid=6479 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 152.619119] IPVS: ftp: loaded support on port[0] = 21 [ 152.721895] chnl_net:caif_netlink_parms(): no params data found [ 152.832042] bridge0: port 1(bridge_slave_0) entered blocking state [ 152.838527] bridge0: port 1(bridge_slave_0) entered disabled state [ 152.845677] device bridge_slave_0 entered promiscuous mode [ 152.854654] bridge0: port 2(bridge_slave_1) entered blocking state [ 152.861684] bridge0: port 2(bridge_slave_1) entered disabled state [ 152.869793] device bridge_slave_1 entered promiscuous mode [ 152.887058] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 152.895997] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 152.915403] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 152.922906] team0: Port device team_slave_0 added [ 152.929602] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 152.936927] team0: Port device team_slave_1 added [ 152.953164] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 152.959617] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 152.985608] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 152.997632] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 153.004422] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 153.030738] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 153.041832] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 153.050177] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 153.069635] device hsr_slave_0 entered promiscuous mode [ 153.075420] device hsr_slave_1 entered promiscuous mode [ 153.082288] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 153.089889] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 153.156171] bridge0: port 2(bridge_slave_1) entered blocking state [ 153.162643] bridge0: port 2(bridge_slave_1) entered forwarding state [ 153.169590] bridge0: port 1(bridge_slave_0) entered blocking state [ 153.175947] bridge0: port 1(bridge_slave_0) entered forwarding state [ 153.210306] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 153.216403] 8021q: adding VLAN 0 to HW filter on device bond0 [ 153.225345] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 153.234606] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 153.243793] bridge0: port 1(bridge_slave_0) entered disabled state [ 153.251784] bridge0: port 2(bridge_slave_1) entered disabled state [ 153.259450] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 153.270657] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 153.276762] 8021q: adding VLAN 0 to HW filter on device team0 [ 153.285860] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 153.293860] bridge0: port 1(bridge_slave_0) entered blocking state [ 153.300271] bridge0: port 1(bridge_slave_0) entered forwarding state [ 153.309848] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 153.317626] bridge0: port 2(bridge_slave_1) entered blocking state [ 153.324040] bridge0: port 2(bridge_slave_1) entered forwarding state [ 153.339886] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 153.348071] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 153.357656] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 153.369409] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 153.379624] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 153.389150] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 153.395169] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 153.409264] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 153.416516] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 153.423514] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 153.434361] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 153.447800] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 153.457623] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 153.493367] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 153.500867] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 153.507595] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 153.517602] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 153.525926] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 153.533327] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 153.542872] device veth0_vlan entered promiscuous mode [ 153.552770] device veth1_vlan entered promiscuous mode [ 153.559302] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 153.567911] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 153.579880] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 153.590154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 153.597404] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 153.605245] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 153.615462] device veth0_macvtap entered promiscuous mode [ 153.621752] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 153.630782] device veth1_macvtap entered promiscuous mode [ 153.639916] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 153.650074] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 153.660677] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 153.667380] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 153.676277] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 153.686456] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 153.694524] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 154.645415] Bluetooth: hci0: command 0x0409 tx timeout 2020/08/29 05:33:08 executed programs: 131 [ 156.718664] Bluetooth: hci0: command 0x041b tx timeout [ 158.798200] Bluetooth: hci0: command 0x040f tx timeout [ 160.878111] Bluetooth: hci0: command 0x0419 tx timeout 2020/08/29 05:33:13 executed programs: 509 2020/08/29 05:33:18 executed programs: 978 [ 167.142045] kasan: CONFIG_KASAN_INLINE enabled [ 167.146803] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 167.155832] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 167.162078] CPU: 0 PID: 10076 Comm: syz-executor.0 Not tainted 4.19.142-syzkaller #0 [ 167.169938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 167.179305] RIP: 0010:tty_release+0xfb/0xf60 [ 167.183738] Code: 48 c1 ea 03 80 3c 02 00 0f 85 3a 0d 00 00 48 8b 04 24 48 8b 98 90 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <80> 3c 02 00 0f 85 d5 0c 00 00 48 8b 04 24 4c 8b 23 48 8d 78 20 48 [ 167.202626] RSP: 0018:ffff888096ac7dc0 EFLAGS: 00010246 [ 167.207979] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff83a58587 [ 167.215239] RDX: 0000000000000000 RSI: ffffffff83a5a212 RDI: 0000000000000004 [ 167.222493] RBP: ffff888099622640 R08: 0000000000000000 R09: 0000000000000000 [ 167.229788] R10: 0000000000000004 R11: 0000000000000000 R12: ffff8880a430a630 [ 167.237204] R13: ffff88808fd277a8 R14: ffffffff83a5a150 R15: ffff888093a04c20 [ 167.244459] FS: 00007fefc1efa700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000 [ 167.252687] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 167.258564] CR2: 0000000000000000 CR3: 0000000099549000 CR4: 00000000001406f0 [ 167.265838] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 167.273104] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 167.280361] Call Trace: [ 167.282944] ? ima_file_free+0xb6/0x460 [ 167.286907] ? do_tty_hangup+0x30/0x30 [ 167.290795] __fput+0x2ce/0x890 [ 167.294081] task_work_run+0x148/0x1c0 [ 167.297965] exit_to_usermode_loop+0x251/0x2a0 [ 167.302549] do_syscall_64+0x538/0x620 [ 167.306443] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 167.311628] RIP: 0033:0x45d5b9 [ 167.314808] Code: 5d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 167.334232] RSP: 002b:00007fefc1ef9c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 167.341941] RAX: 0000000000000000 RBX: 0000000000002ac0 RCX: 000000000045d5b9 [ 167.349194] RDX: 0000000000000005 RSI: 0000000000000001 RDI: 0000000000000004 [ 167.356479] RBP: 000000000118cf88 R08: 0000000000000000 R09: 0000000000000000 [ 167.363733] R10: 0000000020000040 R11: 0000000000000246 R12: 000000000118cf4c [ 167.370986] R13: 00007fff61dd204f R14: 00007fefc1efa9c0 R15: 000000000118cf4c [ 167.378242] Modules linked in: [ 167.382273] ---[ end trace 758e7f9b1e5f1590 ]--- [ 167.387049] RIP: 0010:tty_release+0xfb/0xf60 [ 167.391515] Code: 48 c1 ea 03 80 3c 02 00 0f 85 3a 0d 00 00 48 8b 04 24 48 8b 98 90 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <80> 3c 02 00 0f 85 d5 0c 00 00 48 8b 04 24 4c 8b 23 48 8d 78 20 48 [ 167.411605] RSP: 0018:ffff888096ac7dc0 EFLAGS: 00010246 [ 167.416981] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff83a58587 [ 167.424305] RDX: 0000000000000000 RSI: ffffffff83a5a212 RDI: 0000000000000004 [ 167.431654] RBP: ffff888099622640 R08: 0000000000000000 R09: 0000000000000000 [ 167.438946] R10: 0000000000000004 R11: 0000000000000000 R12: ffff8880a430a630 [ 167.446212] R13: ffff88808fd277a8 R14: ffffffff83a5a150 R15: ffff888093a04c20 [ 167.453509] FS: 00007fefc1efa700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000 [ 167.461799] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 167.467692] CR2: 0000000000000000 CR3: 0000000099549000 CR4: 00000000001406f0 [ 167.475031] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 167.482347] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 167.489642] Kernel panic - not syncing: Fatal exception [ 167.496556] Kernel Offset: disabled [ 167.500178] Rebooting in 86400 seconds..