[ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.238' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 57.395860][ T7042] ================================================================== [ 57.404319][ T7042] BUG: KASAN: null-ptr-deref in choke_reset+0x208/0x340 [ 57.412033][ T7042] Write of size 8 at addr 0000000000000000 by task syz-executor684/7042 [ 57.420630][ T7042] [ 57.423063][ T7042] CPU: 1 PID: 7042 Comm: syz-executor684 Not tainted 5.7.0-rc1-syzkaller #0 [ 57.432564][ T7042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.444014][ T7042] Call Trace: [ 57.447505][ T7042] dump_stack+0x188/0x20d [ 57.452001][ T7042] ? choke_reset+0x208/0x340 [ 57.456582][ T7042] __kasan_report.cold+0x5/0x4d [ 57.461446][ T7042] ? choke_reset+0x208/0x340 [ 57.466041][ T7042] ? choke_reset+0x208/0x340 [ 57.471206][ T7042] kasan_report+0x33/0x50 [ 57.475658][ T7042] check_memory_region+0x141/0x190 [ 57.481494][ T7042] memset+0x20/0x40 [ 57.485502][ T7042] choke_reset+0x208/0x340 [ 57.490268][ T7042] ? choke_destroy+0x40/0x40 [ 57.494861][ T7042] qdisc_reset+0x6b/0x520 [ 57.499294][ T7042] dev_deactivate_queue.constprop.0+0x13c/0x240 [ 57.505775][ T7042] dev_deactivate_many+0xe2/0xba0 [ 57.510812][ T7042] ? __is_module_percpu_address+0x257/0x350 [ 57.516824][ T7042] dev_deactivate+0xf8/0x1c0 [ 57.521420][ T7042] ? dev_deactivate_many+0xba0/0xba0 [ 57.526707][ T7042] ? qdisc_lookup_ops+0x100/0x100 [ 57.531725][ T7042] qdisc_graft+0xd25/0x1120 [ 57.536407][ T7042] ? tc_dump_tclass+0x480/0x480 [ 57.541262][ T7042] ? tc_get_qdisc+0xaf0/0xaf0 [ 57.545999][ T7042] ? nla_memcpy+0xa0/0xa0 [ 57.550330][ T7042] ? ns_capable_common+0xe2/0x100 [ 57.555482][ T7042] tc_modify_qdisc+0xbab/0x1a00 [ 57.560372][ T7042] ? qdisc_create+0x1140/0x1140 [ 57.565222][ T7042] ? mutex_trylock+0x2c0/0x2c0 [ 57.570119][ T7042] ? find_held_lock+0x2d/0x110 [ 57.574891][ T7042] ? qdisc_create+0x1140/0x1140 [ 57.579824][ T7042] rtnetlink_rcv_msg+0x44e/0xad0 [ 57.584783][ T7042] ? rtnl_bridge_getlink+0x870/0x870 [ 57.590075][ T7042] ? lock_acquire+0x1f2/0x8f0 [ 57.594765][ T7042] ? netlink_deliver_tap+0x146/0xb50 [ 57.600061][ T7042] netlink_rcv_skb+0x15a/0x410 [ 57.604827][ T7042] ? rtnl_bridge_getlink+0x870/0x870 [ 57.610510][ T7042] ? netlink_ack+0xa10/0xa10 [ 57.615221][ T7042] netlink_unicast+0x537/0x740 [ 57.619986][ T7042] ? netlink_attachskb+0x810/0x810 [ 57.625095][ T7042] ? _copy_from_iter_full+0x25c/0x870 [ 57.630460][ T7042] ? __phys_addr_symbol+0x2c/0x70 [ 57.635849][ T7042] ? __check_object_size+0x171/0x437 [ 57.641310][ T7042] netlink_sendmsg+0x882/0xe10 [ 57.646093][ T7042] ? aa_af_perm+0x260/0x260 [ 57.650596][ T7042] ? netlink_unicast+0x740/0x740 [ 57.655612][ T7042] ? netlink_unicast+0x740/0x740 [ 57.660543][ T7042] sock_sendmsg+0xcf/0x120 [ 57.664960][ T7042] ____sys_sendmsg+0x6bf/0x7e0 [ 57.669971][ T7042] ? print_usage_bug+0x240/0x240 [ 57.675209][ T7042] ? kernel_sendmsg+0x50/0x50 [ 57.679920][ T7042] ___sys_sendmsg+0x100/0x170 [ 57.684735][ T7042] ? sendmsg_copy_msghdr+0x70/0x70 [ 57.690032][ T7042] ? mark_held_locks+0xe0/0xe0 [ 57.694809][ T7042] ? __this_cpu_preempt_check+0x28/0x190 [ 57.700489][ T7042] ? percpu_counter_add_batch+0x123/0x180 [ 57.706230][ T7042] ? find_held_lock+0x2d/0x110 [ 57.710994][ T7042] ? __fd_install+0x1b4/0x600 [ 57.715663][ T7042] ? lock_downgrade+0x840/0x840 [ 57.720502][ T7042] ? __fget_light+0x1ab/0x270 [ 57.725170][ T7042] __sys_sendmsg+0xec/0x1b0 [ 57.729658][ T7042] ? __sys_sendmsg_sock+0xb0/0xb0 [ 57.734834][ T7042] ? trace_hardirqs_off_caller+0x55/0x230 [ 57.740559][ T7042] ? do_syscall_64+0x21/0x7d0 [ 57.745420][ T7042] do_syscall_64+0xf6/0x7d0 [ 57.750375][ T7042] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 57.757145][ T7042] RIP: 0033:0x4415c9 [ 57.761406][ T7042] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 57.781368][ T7042] RSP: 002b:00007ffe8f61eb58 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 57.789806][ T7042] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004415c9 [ 57.797798][ T7042] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004 [ 57.805914][ T7042] RBP: 000000000000e006 R08: 00000000004002c8 R09: 00000000004002c8 [ 57.813973][ T7042] R10: 00000000004002c8 R11: 0000000000000246 R12: 00000000004023f0 [ 57.822056][ T7042] R13: 0000000000402480 R14: 0000000000000000 R15: 0000000000000000 [ 57.830034][ T7042] ================================================================== [ 57.838190][ T7042] Disabling lock debugging due to kernel taint [ 57.844467][ T7042] Kernel panic - not syncing: panic_on_warn set ... [ 57.851069][ T7042] CPU: 1 PID: 7042 Comm: syz-executor684 Tainted: G B 5.7.0-rc1-syzkaller #0 [ 57.861158][ T7042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.871215][ T7042] Call Trace: [ 57.874503][ T7042] dump_stack+0x188/0x20d [ 57.879223][ T7042] panic+0x2e3/0x75c [ 57.883123][ T7042] ? add_taint.cold+0x16/0x16 [ 57.887818][ T7042] ? retint_kernel+0x2b/0x2b [ 57.892487][ T7042] ? choke_reset+0x208/0x340 [ 57.897215][ T7042] ? trace_hardirqs_on+0x55/0x220 [ 57.902233][ T7042] ? choke_reset+0x208/0x340 [ 57.906818][ T7042] end_report+0x4d/0x53 [ 57.911153][ T7042] __kasan_report.cold+0xd/0x4d [ 57.916401][ T7042] ? choke_reset+0x208/0x340 [ 57.921074][ T7042] ? choke_reset+0x208/0x340 [ 57.925660][ T7042] kasan_report+0x33/0x50 [ 57.930040][ T7042] check_memory_region+0x141/0x190 [ 57.935235][ T7042] memset+0x20/0x40 [ 57.939039][ T7042] choke_reset+0x208/0x340 [ 57.943552][ T7042] ? choke_destroy+0x40/0x40 [ 57.948135][ T7042] qdisc_reset+0x6b/0x520 [ 57.952726][ T7042] dev_deactivate_queue.constprop.0+0x13c/0x240 [ 57.958958][ T7042] dev_deactivate_many+0xe2/0xba0 [ 57.964170][ T7042] ? __is_module_percpu_address+0x257/0x350 [ 57.970060][ T7042] dev_deactivate+0xf8/0x1c0 [ 57.974648][ T7042] ? dev_deactivate_many+0xba0/0xba0 [ 57.979920][ T7042] ? qdisc_lookup_ops+0x100/0x100 [ 57.984948][ T7042] qdisc_graft+0xd25/0x1120 [ 57.989462][ T7042] ? tc_dump_tclass+0x480/0x480 [ 57.994356][ T7042] ? tc_get_qdisc+0xaf0/0xaf0 [ 57.999039][ T7042] ? nla_memcpy+0xa0/0xa0 [ 58.003358][ T7042] ? ns_capable_common+0xe2/0x100 [ 58.008368][ T7042] tc_modify_qdisc+0xbab/0x1a00 [ 58.013270][ T7042] ? qdisc_create+0x1140/0x1140 [ 58.018285][ T7042] ? mutex_trylock+0x2c0/0x2c0 [ 58.023094][ T7042] ? find_held_lock+0x2d/0x110 [ 58.027858][ T7042] ? qdisc_create+0x1140/0x1140 [ 58.032704][ T7042] rtnetlink_rcv_msg+0x44e/0xad0 [ 58.037647][ T7042] ? rtnl_bridge_getlink+0x870/0x870 [ 58.042931][ T7042] ? lock_acquire+0x1f2/0x8f0 [ 58.047598][ T7042] ? netlink_deliver_tap+0x146/0xb50 [ 58.052886][ T7042] netlink_rcv_skb+0x15a/0x410 [ 58.057645][ T7042] ? rtnl_bridge_getlink+0x870/0x870 [ 58.062919][ T7042] ? netlink_ack+0xa10/0xa10 [ 58.067499][ T7042] netlink_unicast+0x537/0x740 [ 58.072385][ T7042] ? netlink_attachskb+0x810/0x810 [ 58.077485][ T7042] ? _copy_from_iter_full+0x25c/0x870 [ 58.082843][ T7042] ? __phys_addr_symbol+0x2c/0x70 [ 58.088038][ T7042] ? __check_object_size+0x171/0x437 [ 58.093404][ T7042] netlink_sendmsg+0x882/0xe10 [ 58.098164][ T7042] ? aa_af_perm+0x260/0x260 [ 58.102918][ T7042] ? netlink_unicast+0x740/0x740 [ 58.108544][ T7042] ? netlink_unicast+0x740/0x740 [ 58.113481][ T7042] sock_sendmsg+0xcf/0x120 [ 58.117886][ T7042] ____sys_sendmsg+0x6bf/0x7e0 [ 58.122646][ T7042] ? print_usage_bug+0x240/0x240 [ 58.127578][ T7042] ? kernel_sendmsg+0x50/0x50 [ 58.132239][ T7042] ___sys_sendmsg+0x100/0x170 [ 58.136939][ T7042] ? sendmsg_copy_msghdr+0x70/0x70 [ 58.142043][ T7042] ? mark_held_locks+0xe0/0xe0 [ 58.146791][ T7042] ? __this_cpu_preempt_check+0x28/0x190 [ 58.152437][ T7042] ? percpu_counter_add_batch+0x123/0x180 [ 58.158147][ T7042] ? find_held_lock+0x2d/0x110 [ 58.162914][ T7042] ? __fd_install+0x1b4/0x600 [ 58.162927][ T7042] ? lock_downgrade+0x840/0x840 [ 58.162938][ T7042] ? __fget_light+0x1ab/0x270 [ 58.162952][ T7042] __sys_sendmsg+0xec/0x1b0 [ 58.162965][ T7042] ? __sys_sendmsg_sock+0xb0/0xb0 [ 58.162983][ T7042] ? trace_hardirqs_off_caller+0x55/0x230 [ 58.162998][ T7042] ? do_syscall_64+0x21/0x7d0 [ 58.163012][ T7042] do_syscall_64+0xf6/0x7d0 [ 58.163028][ T7042] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 58.163036][ T7042] RIP: 0033:0x4415c9 [ 58.163059][ T7042] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 58.231393][ T7042] RSP: 002b:00007ffe8f61eb58 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 58.239897][ T7042] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004415c9 [ 58.247964][ T7042] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004 [ 58.255936][ T7042] RBP: 000000000000e006 R08: 00000000004002c8 R09: 00000000004002c8 [ 58.263974][ T7042] R10: 00000000004002c8 R11: 0000000000000246 R12: 00000000004023f0 [ 58.272046][ T7042] R13: 0000000000402480 R14: 0000000000000000 R15: 0000000000000000 [ 58.281363][ T7042] Kernel Offset: disabled [ 58.285704][ T7042] Rebooting in 86400 seconds..