[ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.6' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 62.909209][ T7073] ================================================================== [ 62.917553][ T7073] BUG: KASAN: null-ptr-deref in choke_reset+0x208/0x340 [ 62.924475][ T7073] Write of size 8 at addr 0000000000000000 by task syz-executor631/7073 [ 62.932774][ T7073] [ 62.935129][ T7073] CPU: 0 PID: 7073 Comm: syz-executor631 Not tainted 5.7.0-rc1-next-20200415-syzkaller #0 [ 62.945003][ T7073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.955035][ T7073] Call Trace: [ 62.958335][ T7073] dump_stack+0x188/0x20d [ 62.962656][ T7073] ? choke_reset+0x208/0x340 [ 62.967230][ T7073] __kasan_report.cold+0x5/0x4d [ 62.972088][ T7073] ? choke_reset+0x208/0x340 [ 62.976814][ T7073] ? choke_reset+0x208/0x340 [ 62.981387][ T7073] kasan_report+0x33/0x50 [ 62.985706][ T7073] check_memory_region+0x141/0x190 [ 62.990816][ T7073] memset+0x20/0x40 [ 62.994616][ T7073] choke_reset+0x208/0x340 [ 62.999016][ T7073] ? choke_destroy+0x40/0x40 [ 63.003591][ T7073] qdisc_reset+0x6b/0x520 [ 63.007923][ T7073] dev_deactivate_queue.constprop.0+0x13c/0x240 [ 63.014165][ T7073] dev_deactivate_many+0xe2/0xba0 [ 63.019236][ T7073] ? __is_module_percpu_address+0x257/0x350 [ 63.025118][ T7073] dev_deactivate+0xf8/0x1c0 [ 63.029705][ T7073] ? dev_deactivate_many+0xba0/0xba0 [ 63.034982][ T7073] ? is_dynamic_key+0x12a/0x1a0 [ 63.039816][ T7073] ? choke_dequeue+0x4b0/0x4b0 [ 63.044565][ T7073] qdisc_graft+0xd25/0x1120 [ 63.049073][ T7073] ? tc_dump_tclass+0x480/0x480 [ 63.053929][ T7073] ? tc_get_qdisc+0xaf0/0xaf0 [ 63.058609][ T7073] ? nla_memcpy+0xa0/0xa0 [ 63.062948][ T7073] ? ns_capable_common+0xe2/0x100 [ 63.067983][ T7073] tc_modify_qdisc+0xbab/0x1a00 [ 63.072862][ T7073] ? qdisc_create+0x1140/0x1140 [ 63.077723][ T7073] ? mutex_trylock+0x2c0/0x2c0 [ 63.082481][ T7073] ? find_held_lock+0x2d/0x110 [ 63.087263][ T7073] ? qdisc_create+0x1140/0x1140 [ 63.092118][ T7073] rtnetlink_rcv_msg+0x44e/0xad0 [ 63.097066][ T7073] ? rtnl_bridge_getlink+0x870/0x870 [ 63.102356][ T7073] ? lock_acquire+0x1f2/0x8f0 [ 63.107040][ T7073] ? netlink_deliver_tap+0x146/0xb50 [ 63.112425][ T7073] netlink_rcv_skb+0x15a/0x410 [ 63.117193][ T7073] ? rtnl_bridge_getlink+0x870/0x870 [ 63.122481][ T7073] ? netlink_ack+0xa10/0xa10 [ 63.127122][ T7073] netlink_unicast+0x537/0x740 [ 63.131893][ T7073] ? netlink_attachskb+0x810/0x810 [ 63.137012][ T7073] ? _copy_from_iter_full+0x25c/0x870 [ 63.142378][ T7073] ? __phys_addr_symbol+0x2c/0x70 [ 63.147382][ T7073] ? __check_object_size+0x171/0x437 [ 63.152649][ T7073] netlink_sendmsg+0x882/0xe10 [ 63.157412][ T7073] ? aa_af_perm+0x260/0x260 [ 63.161893][ T7073] ? netlink_unicast+0x740/0x740 [ 63.166827][ T7073] ? netlink_unicast+0x740/0x740 [ 63.171743][ T7073] sock_sendmsg+0xcf/0x120 [ 63.176140][ T7073] ____sys_sendmsg+0x6bf/0x7e0 [ 63.180919][ T7073] ? print_usage_bug+0x240/0x240 [ 63.185850][ T7073] ? kernel_sendmsg+0x50/0x50 [ 63.190524][ T7073] ___sys_sendmsg+0x100/0x170 [ 63.195705][ T7073] ? sendmsg_copy_msghdr+0x70/0x70 [ 63.200822][ T7073] ? mark_held_locks+0xe0/0xe0 [ 63.205571][ T7073] ? __this_cpu_preempt_check+0x28/0x190 [ 63.211189][ T7073] ? percpu_counter_add_batch+0x123/0x180 [ 63.216893][ T7073] ? find_held_lock+0x2d/0x110 [ 63.221650][ T7073] ? __fd_install+0x1b4/0x600 [ 63.226311][ T7073] ? lock_downgrade+0x840/0x840 [ 63.231154][ T7073] ? __fget_light+0x1ab/0x270 [ 63.235828][ T7073] __sys_sendmsg+0xec/0x1b0 [ 63.240317][ T7073] ? __sys_sendmsg_sock+0xb0/0xb0 [ 63.245330][ T7073] ? trace_hardirqs_off_caller+0x55/0x230 [ 63.251033][ T7073] ? do_syscall_64+0x21/0x7d0 [ 63.255693][ T7073] do_syscall_64+0xf6/0x7d0 [ 63.260189][ T7073] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 63.266063][ T7073] RIP: 0033:0x441409 [ 63.269936][ T7073] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 63.289633][ T7073] RSP: 002b:00007ffde13fde18 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 63.298087][ T7073] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441409 [ 63.306042][ T7073] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004 [ 63.314094][ T7073] RBP: 000000000000f58a R08: 00000000004002c8 R09: 00000000004002c8 [ 63.322048][ T7073] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000402230 [ 63.330002][ T7073] R13: 00000000004022c0 R14: 0000000000000000 R15: 0000000000000000 [ 63.337984][ T7073] ================================================================== [ 63.346047][ T7073] Disabling lock debugging due to kernel taint [ 63.352231][ T7073] Kernel panic - not syncing: panic_on_warn set ... [ 63.358815][ T7073] CPU: 0 PID: 7073 Comm: syz-executor631 Tainted: G B 5.7.0-rc1-next-20200415-syzkaller #0 [ 63.370083][ T7073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.380155][ T7073] Call Trace: [ 63.383430][ T7073] dump_stack+0x188/0x20d [ 63.387754][ T7073] panic+0x2e3/0x75c [ 63.391628][ T7073] ? add_taint.cold+0x16/0x16 [ 63.396287][ T7073] ? retint_kernel+0x2b/0x2b [ 63.400908][ T7073] ? choke_reset+0x208/0x340 [ 63.405480][ T7073] ? trace_hardirqs_on+0x55/0x220 [ 63.410482][ T7073] ? choke_reset+0x208/0x340 [ 63.415050][ T7073] end_report+0x4d/0x53 [ 63.419185][ T7073] __kasan_report.cold+0xd/0x4d [ 63.424041][ T7073] ? choke_reset+0x208/0x340 [ 63.428641][ T7073] ? choke_reset+0x208/0x340 [ 63.433216][ T7073] kasan_report+0x33/0x50 [ 63.437534][ T7073] check_memory_region+0x141/0x190 [ 63.442621][ T7073] memset+0x20/0x40 [ 63.446422][ T7073] choke_reset+0x208/0x340 [ 63.450830][ T7073] ? choke_destroy+0x40/0x40 [ 63.455430][ T7073] qdisc_reset+0x6b/0x520 [ 63.459757][ T7073] dev_deactivate_queue.constprop.0+0x13c/0x240 [ 63.465996][ T7073] dev_deactivate_many+0xe2/0xba0 [ 63.470997][ T7073] ? __is_module_percpu_address+0x257/0x350 [ 63.476866][ T7073] dev_deactivate+0xf8/0x1c0 [ 63.481453][ T7073] ? dev_deactivate_many+0xba0/0xba0 [ 63.486728][ T7073] ? is_dynamic_key+0x12a/0x1a0 [ 63.491564][ T7073] ? choke_dequeue+0x4b0/0x4b0 [ 63.496419][ T7073] qdisc_graft+0xd25/0x1120 [ 63.500909][ T7073] ? tc_dump_tclass+0x480/0x480 [ 63.505771][ T7073] ? tc_get_qdisc+0xaf0/0xaf0 [ 63.510517][ T7073] ? nla_memcpy+0xa0/0xa0 [ 63.514837][ T7073] ? ns_capable_common+0xe2/0x100 [ 63.519870][ T7073] tc_modify_qdisc+0xbab/0x1a00 [ 63.524718][ T7073] ? qdisc_create+0x1140/0x1140 [ 63.529551][ T7073] ? mutex_trylock+0x2c0/0x2c0 [ 63.534292][ T7073] ? find_held_lock+0x2d/0x110 [ 63.539061][ T7073] ? qdisc_create+0x1140/0x1140 [ 63.543889][ T7073] rtnetlink_rcv_msg+0x44e/0xad0 [ 63.548819][ T7073] ? rtnl_bridge_getlink+0x870/0x870 [ 63.554082][ T7073] ? lock_acquire+0x1f2/0x8f0 [ 63.558734][ T7073] ? netlink_deliver_tap+0x146/0xb50 [ 63.564025][ T7073] netlink_rcv_skb+0x15a/0x410 [ 63.568772][ T7073] ? rtnl_bridge_getlink+0x870/0x870 [ 63.574037][ T7073] ? netlink_ack+0xa10/0xa10 [ 63.578623][ T7073] netlink_unicast+0x537/0x740 [ 63.583367][ T7073] ? netlink_attachskb+0x810/0x810 [ 63.588454][ T7073] ? _copy_from_iter_full+0x25c/0x870 [ 63.593812][ T7073] ? __phys_addr_symbol+0x2c/0x70 [ 63.598828][ T7073] ? __check_object_size+0x171/0x437 [ 63.604089][ T7073] netlink_sendmsg+0x882/0xe10 [ 63.608839][ T7073] ? aa_af_perm+0x260/0x260 [ 63.613316][ T7073] ? netlink_unicast+0x740/0x740 [ 63.618228][ T7073] ? netlink_unicast+0x740/0x740 [ 63.623140][ T7073] sock_sendmsg+0xcf/0x120 [ 63.627534][ T7073] ____sys_sendmsg+0x6bf/0x7e0 [ 63.632273][ T7073] ? print_usage_bug+0x240/0x240 [ 63.637182][ T7073] ? kernel_sendmsg+0x50/0x50 [ 63.641839][ T7073] ___sys_sendmsg+0x100/0x170 [ 63.646495][ T7073] ? sendmsg_copy_msghdr+0x70/0x70 [ 63.651595][ T7073] ? mark_held_locks+0xe0/0xe0 [ 63.656356][ T7073] ? __this_cpu_preempt_check+0x28/0x190 [ 63.661975][ T7073] ? percpu_counter_add_batch+0x123/0x180 [ 63.667784][ T7073] ? find_held_lock+0x2d/0x110 [ 63.672532][ T7073] ? __fd_install+0x1b4/0x600 [ 63.677188][ T7073] ? lock_downgrade+0x840/0x840 [ 63.682028][ T7073] ? __fget_light+0x1ab/0x270 [ 63.686701][ T7073] __sys_sendmsg+0xec/0x1b0 [ 63.691182][ T7073] ? __sys_sendmsg_sock+0xb0/0xb0 [ 63.696208][ T7073] ? trace_hardirqs_off_caller+0x55/0x230 [ 63.701904][ T7073] ? do_syscall_64+0x21/0x7d0 [ 63.706557][ T7073] do_syscall_64+0xf6/0x7d0 [ 63.711053][ T7073] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 63.716926][ T7073] RIP: 0033:0x441409 [ 63.720864][ T7073] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 63.740452][ T7073] RSP: 002b:00007ffde13fde18 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 63.748865][ T7073] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441409 [ 63.756816][ T7073] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004 [ 63.764771][ T7073] RBP: 000000000000f58a R08: 00000000004002c8 R09: 00000000004002c8 [ 63.772729][ T7073] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000402230 [ 63.780836][ T7073] R13: 00000000004022c0 R14: 0000000000000000 R15: 0000000000000000 [ 63.790459][ T7073] Kernel Offset: disabled [ 63.794779][ T7073] Rebooting in 86400 seconds..