[ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.60' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 65.638827][ T7023] ================================================================== [ 65.647017][ T7023] BUG: KASAN: null-ptr-deref in choke_reset+0x208/0x340 [ 65.653939][ T7023] Write of size 8 at addr 0000000000000000 by task syz-executor416/7023 [ 65.662281][ T7023] [ 65.664596][ T7023] CPU: 1 PID: 7023 Comm: syz-executor416 Not tainted 5.7.0-rc1-syzkaller #0 [ 65.673240][ T7023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.683273][ T7023] Call Trace: [ 65.686573][ T7023] dump_stack+0x188/0x20d [ 65.690884][ T7023] ? choke_reset+0x208/0x340 [ 65.695455][ T7023] __kasan_report.cold+0x5/0x4d [ 65.700286][ T7023] ? choke_reset+0x208/0x340 [ 65.704853][ T7023] ? choke_reset+0x208/0x340 [ 65.709432][ T7023] kasan_report+0x33/0x50 [ 65.713755][ T7023] check_memory_region+0x141/0x190 [ 65.718854][ T7023] memset+0x20/0x40 [ 65.722647][ T7023] choke_reset+0x208/0x340 [ 65.727044][ T7023] ? choke_destroy+0x40/0x40 [ 65.731633][ T7023] qdisc_reset+0x6b/0x520 [ 65.735948][ T7023] dev_deactivate_queue.constprop.0+0x13c/0x240 [ 65.742170][ T7023] dev_deactivate_many+0xe2/0xba0 [ 65.747185][ T7023] ? __is_module_percpu_address+0x257/0x350 [ 65.753084][ T7023] dev_deactivate+0xf8/0x1c0 [ 65.757674][ T7023] ? dev_deactivate_many+0xba0/0xba0 [ 65.762949][ T7023] ? qdisc_lookup_ops+0x100/0x100 [ 65.767966][ T7023] qdisc_graft+0xd25/0x1120 [ 65.772466][ T7023] ? tc_dump_tclass+0x480/0x480 [ 65.777298][ T7023] ? tc_get_qdisc+0xaf0/0xaf0 [ 65.782926][ T7023] ? nla_memcpy+0xa0/0xa0 [ 65.787241][ T7023] ? ns_capable_common+0xe2/0x100 [ 65.792262][ T7023] tc_modify_qdisc+0xbab/0x1a00 [ 65.797100][ T7023] ? qdisc_create+0x1140/0x1140 [ 65.801930][ T7023] ? mutex_trylock+0x2c0/0x2c0 [ 65.806692][ T7023] ? find_held_lock+0x2d/0x110 [ 65.811447][ T7023] ? qdisc_create+0x1140/0x1140 [ 65.816288][ T7023] rtnetlink_rcv_msg+0x44e/0xad0 [ 65.821338][ T7023] ? rtnl_bridge_getlink+0x870/0x870 [ 65.826606][ T7023] ? lock_acquire+0x1f2/0x8f0 [ 65.831261][ T7023] ? netlink_deliver_tap+0x146/0xb50 [ 65.836542][ T7023] netlink_rcv_skb+0x15a/0x410 [ 65.841291][ T7023] ? rtnl_bridge_getlink+0x870/0x870 [ 65.846567][ T7023] ? netlink_ack+0xa10/0xa10 [ 65.851174][ T7023] netlink_unicast+0x537/0x740 [ 65.855921][ T7023] ? netlink_attachskb+0x810/0x810 [ 65.861017][ T7023] ? _copy_from_iter_full+0x25c/0x870 [ 65.866382][ T7023] ? __phys_addr_symbol+0x2c/0x70 [ 65.871398][ T7023] ? __check_object_size+0x171/0x437 [ 65.876669][ T7023] netlink_sendmsg+0x882/0xe10 [ 65.881430][ T7023] ? aa_af_perm+0x260/0x260 [ 65.885924][ T7023] ? netlink_unicast+0x740/0x740 [ 65.890851][ T7023] ? netlink_unicast+0x740/0x740 [ 65.895808][ T7023] sock_sendmsg+0xcf/0x120 [ 65.900212][ T7023] ____sys_sendmsg+0x6bf/0x7e0 [ 65.904959][ T7023] ? print_usage_bug+0x240/0x240 [ 65.909881][ T7023] ? kernel_sendmsg+0x50/0x50 [ 65.914546][ T7023] ___sys_sendmsg+0x100/0x170 [ 65.919206][ T7023] ? sendmsg_copy_msghdr+0x70/0x70 [ 65.926824][ T7023] ? mark_held_locks+0xe0/0xe0 [ 65.931584][ T7023] ? __this_cpu_preempt_check+0x28/0x190 [ 65.937199][ T7023] ? percpu_counter_add_batch+0x123/0x180 [ 65.942907][ T7023] ? find_held_lock+0x2d/0x110 [ 65.947717][ T7023] ? __fd_install+0x1b4/0x600 [ 65.952378][ T7023] ? lock_downgrade+0x840/0x840 [ 65.957213][ T7023] ? __fget_light+0x1ab/0x270 [ 65.961886][ T7023] __sys_sendmsg+0xec/0x1b0 [ 65.966370][ T7023] ? __sys_sendmsg_sock+0xb0/0xb0 [ 65.971384][ T7023] ? trace_hardirqs_off_caller+0x55/0x230 [ 65.977086][ T7023] ? do_syscall_64+0x21/0x7d0 [ 65.981749][ T7023] do_syscall_64+0xf6/0x7d0 [ 65.986246][ T7023] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 65.992127][ T7023] RIP: 0033:0x4415c9 [ 65.996008][ T7023] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 66.015597][ T7023] RSP: 002b:00007ffd3a18c9d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 66.023986][ T7023] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004415c9 [ 66.032032][ T7023] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004 [ 66.039992][ T7023] RBP: 000000000001004f R08: 00000000004002c8 R09: 00000000004002c8 [ 66.047955][ T7023] R10: 00000000004002c8 R11: 0000000000000246 R12: 00000000004023f0 [ 66.056020][ T7023] R13: 0000000000402480 R14: 0000000000000000 R15: 0000000000000000 [ 66.064031][ T7023] ================================================================== [ 66.072073][ T7023] Disabling lock debugging due to kernel taint [ 66.078419][ T7023] Kernel panic - not syncing: panic_on_warn set ... [ 66.085010][ T7023] CPU: 1 PID: 7023 Comm: syz-executor416 Tainted: G B 5.7.0-rc1-syzkaller #0 [ 66.095064][ T7023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.105163][ T7023] Call Trace: [ 66.108477][ T7023] dump_stack+0x188/0x20d [ 66.112799][ T7023] panic+0x2e3/0x75c [ 66.116839][ T7023] ? add_taint.cold+0x16/0x16 [ 66.121502][ T7023] ? retint_kernel+0x2b/0x2b [ 66.126078][ T7023] ? choke_reset+0x208/0x340 [ 66.130650][ T7023] ? trace_hardirqs_on+0x55/0x220 [ 66.135671][ T7023] ? choke_reset+0x208/0x340 [ 66.140241][ T7023] end_report+0x4d/0x53 [ 66.144378][ T7023] __kasan_report.cold+0xd/0x4d [ 66.149213][ T7023] ? choke_reset+0x208/0x340 [ 66.153794][ T7023] ? choke_reset+0x208/0x340 [ 66.158406][ T7023] kasan_report+0x33/0x50 [ 66.162714][ T7023] check_memory_region+0x141/0x190 [ 66.167802][ T7023] memset+0x20/0x40 [ 66.171586][ T7023] choke_reset+0x208/0x340 [ 66.175998][ T7023] ? choke_destroy+0x40/0x40 [ 66.180573][ T7023] qdisc_reset+0x6b/0x520 [ 66.185325][ T7023] dev_deactivate_queue.constprop.0+0x13c/0x240 [ 66.191550][ T7023] dev_deactivate_many+0xe2/0xba0 [ 66.196555][ T7023] ? __is_module_percpu_address+0x257/0x350 [ 66.202427][ T7023] dev_deactivate+0xf8/0x1c0 [ 66.207163][ T7023] ? dev_deactivate_many+0xba0/0xba0 [ 66.212433][ T7023] ? qdisc_lookup_ops+0x100/0x100 [ 66.217439][ T7023] qdisc_graft+0xd25/0x1120 [ 66.221931][ T7023] ? tc_dump_tclass+0x480/0x480 [ 66.226758][ T7023] ? tc_get_qdisc+0xaf0/0xaf0 [ 66.231428][ T7023] ? nla_memcpy+0xa0/0xa0 [ 66.235743][ T7023] ? ns_capable_common+0xe2/0x100 [ 66.240746][ T7023] tc_modify_qdisc+0xbab/0x1a00 [ 66.245594][ T7023] ? qdisc_create+0x1140/0x1140 [ 66.250420][ T7023] ? mutex_trylock+0x2c0/0x2c0 [ 66.255170][ T7023] ? find_held_lock+0x2d/0x110 [ 66.259932][ T7023] ? qdisc_create+0x1140/0x1140 [ 66.264764][ T7023] rtnetlink_rcv_msg+0x44e/0xad0 [ 66.269682][ T7023] ? rtnl_bridge_getlink+0x870/0x870 [ 66.274950][ T7023] ? lock_acquire+0x1f2/0x8f0 [ 66.279612][ T7023] ? netlink_deliver_tap+0x146/0xb50 [ 66.284882][ T7023] netlink_rcv_skb+0x15a/0x410 [ 66.289628][ T7023] ? rtnl_bridge_getlink+0x870/0x870 [ 66.294910][ T7023] ? netlink_ack+0xa10/0xa10 [ 66.299480][ T7023] netlink_unicast+0x537/0x740 [ 66.304232][ T7023] ? netlink_attachskb+0x810/0x810 [ 66.309334][ T7023] ? _copy_from_iter_full+0x25c/0x870 [ 66.314683][ T7023] ? __phys_addr_symbol+0x2c/0x70 [ 66.319697][ T7023] ? __check_object_size+0x171/0x437 [ 66.324960][ T7023] netlink_sendmsg+0x882/0xe10 [ 66.329703][ T7023] ? aa_af_perm+0x260/0x260 [ 66.334181][ T7023] ? netlink_unicast+0x740/0x740 [ 66.339096][ T7023] ? netlink_unicast+0x740/0x740 [ 66.344532][ T7023] sock_sendmsg+0xcf/0x120 [ 66.348927][ T7023] ____sys_sendmsg+0x6bf/0x7e0 [ 66.353671][ T7023] ? print_usage_bug+0x240/0x240 [ 66.358582][ T7023] ? kernel_sendmsg+0x50/0x50 [ 66.363236][ T7023] ___sys_sendmsg+0x100/0x170 [ 66.367913][ T7023] ? sendmsg_copy_msghdr+0x70/0x70 [ 66.373000][ T7023] ? mark_held_locks+0xe0/0xe0 [ 66.377741][ T7023] ? __this_cpu_preempt_check+0x28/0x190 [ 66.383353][ T7023] ? percpu_counter_add_batch+0x123/0x180 [ 66.389055][ T7023] ? find_held_lock+0x2d/0x110 [ 66.393795][ T7023] ? __fd_install+0x1b4/0x600 [ 66.398450][ T7023] ? lock_downgrade+0x840/0x840 [ 66.403368][ T7023] ? __fget_light+0x1ab/0x270 [ 66.408028][ T7023] __sys_sendmsg+0xec/0x1b0 [ 66.412514][ T7023] ? __sys_sendmsg_sock+0xb0/0xb0 [ 66.417525][ T7023] ? trace_hardirqs_off_caller+0x55/0x230 [ 66.423224][ T7023] ? do_syscall_64+0x21/0x7d0 [ 66.427881][ T7023] do_syscall_64+0xf6/0x7d0 [ 66.432372][ T7023] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 66.438240][ T7023] RIP: 0033:0x4415c9 [ 66.442111][ T7023] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 66.461691][ T7023] RSP: 002b:00007ffd3a18c9d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 66.470080][ T7023] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004415c9 [ 66.478026][ T7023] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004 [ 66.485978][ T7023] RBP: 000000000001004f R08: 00000000004002c8 R09: 00000000004002c8 [ 66.493931][ T7023] R10: 00000000004002c8 R11: 0000000000000246 R12: 00000000004023f0 [ 66.501882][ T7023] R13: 0000000000402480 R14: 0000000000000000 R15: 0000000000000000 [ 66.511013][ T7023] Kernel Offset: disabled [ 66.515343][ T7023] Rebooting in 86400 seconds..