Starting Load/Save RF Kill Switch Status... Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.14' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 61.645726][ T6847] IPVS: ftp: loaded support on port[0] = 21 [ 61.703522][ T1542] ================================================================== [ 61.711776][ T1542] BUG: KASAN: null-ptr-deref in amp_read_loc_assoc_final_data+0x117/0x1f0 [ 61.720282][ T1542] Write of size 8 at addr 0000000000000030 by task kworker/u5:0/1542 [ 61.728334][ T1542] [ 61.730666][ T1542] CPU: 1 PID: 1542 Comm: kworker/u5:0 Not tainted 5.9.0-rc1-syzkaller #0 [ 61.739072][ T1542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.749161][ T1542] Workqueue: hci0 hci_rx_work [ 61.753920][ T1542] Call Trace: [ 61.757238][ T1542] dump_stack+0x18f/0x20d [ 61.761586][ T1542] ? amp_read_loc_assoc_final_data+0x117/0x1f0 [ 61.767757][ T1542] ? amp_read_loc_assoc_final_data+0x117/0x1f0 [ 61.773888][ T1542] kasan_report.cold+0x5/0x37 [ 61.778556][ T1542] ? amp_read_loc_assoc_final_data+0x117/0x1f0 [ 61.784712][ T1542] check_memory_region+0x13d/0x180 [ 61.789816][ T1542] amp_read_loc_assoc_final_data+0x117/0x1f0 [ 61.795793][ T1542] ? amp_read_loc_assoc+0x1a0/0x1a0 [ 61.800968][ T1542] ? find_held_lock+0x2d/0x110 [ 61.805719][ T1542] ? hci_event_packet+0x43cc/0x87a8 [ 61.810900][ T1542] ? lock_downgrade+0x830/0x830 [ 61.815738][ T1542] hci_event_packet+0x4407/0x87a8 [ 61.820746][ T1542] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 61.826705][ T1542] ? __lock_acquire+0x16cb/0x5640 [ 61.831712][ T1542] ? hci_cmd_complete_evt+0xc6d0/0xc6d0 [ 61.837238][ T1542] ? lock_acquire+0x1f1/0xad0 [ 61.841896][ T1542] ? skb_dequeue+0x1c/0x180 [ 61.846386][ T1542] ? find_held_lock+0x2d/0x110 [ 61.851144][ T1542] ? mark_lock+0xbc/0x1710 [ 61.855561][ T1542] ? mark_held_locks+0x9f/0xe0 [ 61.860336][ T1542] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 61.866124][ T1542] ? lockdep_hardirqs_on_prepare+0x354/0x530 [ 61.872083][ T1542] ? trace_hardirqs_on+0x5f/0x220 [ 61.877088][ T1542] ? lockdep_hardirqs_on+0x76/0xf0 [ 61.882184][ T1542] hci_rx_work+0x22e/0xb50 [ 61.886592][ T1542] process_one_work+0x94c/0x1670 [ 61.891511][ T1542] ? lock_release+0x8e0/0x8e0 [ 61.896192][ T1542] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 61.901544][ T1542] ? rwlock_bug.part.0+0x90/0x90 [ 61.906483][ T1542] worker_thread+0x64c/0x1120 [ 61.911188][ T1542] ? process_one_work+0x1670/0x1670 [ 61.916366][ T1542] kthread+0x3b5/0x4a0 [ 61.920420][ T1542] ? __kthread_bind_mask+0xc0/0xc0 [ 61.925508][ T1542] ? __kthread_bind_mask+0xc0/0xc0 [ 61.930603][ T1542] ret_from_fork+0x1f/0x30 [ 61.935000][ T1542] ================================================================== [ 61.943033][ T1542] Disabling lock debugging due to kernel taint [ 61.949501][ T1542] Kernel panic - not syncing: panic_on_warn set ... [ 61.956107][ T1542] CPU: 1 PID: 1542 Comm: kworker/u5:0 Tainted: G B 5.9.0-rc1-syzkaller #0 [ 61.965900][ T1542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.975956][ T1542] Workqueue: hci0 hci_rx_work [ 61.980619][ T1542] Call Trace: [ 61.983904][ T1542] dump_stack+0x18f/0x20d [ 61.988235][ T1542] ? amp_read_loc_assoc_final_data+0x110/0x1f0 [ 61.994386][ T1542] panic+0x2e3/0x75c [ 61.998280][ T1542] ? __warn_printk+0xf3/0xf3 [ 62.002868][ T1542] ? preempt_schedule_common+0x59/0xc0 [ 62.008330][ T1542] ? amp_read_loc_assoc_final_data+0x117/0x1f0 [ 62.014471][ T1542] ? preempt_schedule_thunk+0x16/0x18 [ 62.019814][ T1542] ? trace_hardirqs_on+0x55/0x220 [ 62.024812][ T1542] ? amp_read_loc_assoc_final_data+0x117/0x1f0 [ 62.030939][ T1542] ? amp_read_loc_assoc_final_data+0x117/0x1f0 [ 62.037077][ T1542] end_report+0x4d/0x53 [ 62.041220][ T1542] kasan_report.cold+0xd/0x37 [ 62.045889][ T1542] ? amp_read_loc_assoc_final_data+0x117/0x1f0 [ 62.052017][ T1542] check_memory_region+0x13d/0x180 [ 62.057104][ T1542] amp_read_loc_assoc_final_data+0x117/0x1f0 [ 62.063072][ T1542] ? amp_read_loc_assoc+0x1a0/0x1a0 [ 62.068243][ T1542] ? find_held_lock+0x2d/0x110 [ 62.072999][ T1542] ? hci_event_packet+0x43cc/0x87a8 [ 62.078184][ T1542] ? lock_downgrade+0x830/0x830 [ 62.083010][ T1542] hci_event_packet+0x4407/0x87a8 [ 62.088013][ T1542] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 62.093992][ T1542] ? __lock_acquire+0x16cb/0x5640 [ 62.098990][ T1542] ? hci_cmd_complete_evt+0xc6d0/0xc6d0 [ 62.104527][ T1542] ? lock_acquire+0x1f1/0xad0 [ 62.109193][ T1542] ? skb_dequeue+0x1c/0x180 [ 62.113674][ T1542] ? find_held_lock+0x2d/0x110 [ 62.118415][ T1542] ? mark_lock+0xbc/0x1710 [ 62.122807][ T1542] ? mark_held_locks+0x9f/0xe0 [ 62.127553][ T1542] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 62.133338][ T1542] ? lockdep_hardirqs_on_prepare+0x354/0x530 [ 62.139292][ T1542] ? trace_hardirqs_on+0x5f/0x220 [ 62.144308][ T1542] ? lockdep_hardirqs_on+0x76/0xf0 [ 62.149413][ T1542] hci_rx_work+0x22e/0xb50 [ 62.154769][ T1542] process_one_work+0x94c/0x1670 [ 62.159698][ T1542] ? lock_release+0x8e0/0x8e0 [ 62.164354][ T1542] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 62.169715][ T1542] ? rwlock_bug.part.0+0x90/0x90 [ 62.174630][ T1542] worker_thread+0x64c/0x1120 [ 62.179303][ T1542] ? process_one_work+0x1670/0x1670 [ 62.184492][ T1542] kthread+0x3b5/0x4a0 [ 62.188539][ T1542] ? __kthread_bind_mask+0xc0/0xc0 [ 62.193623][ T1542] ? __kthread_bind_mask+0xc0/0xc0 [ 62.198710][ T1542] ret_from_fork+0x1f/0x30 [ 62.204225][ T1542] Kernel Offset: disabled [ 62.208546][ T1542] Rebooting in 86400 seconds..