[ OK ] Found device /dev/ttyS0. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.60' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 29.851098] kasan: CONFIG_KASAN_INLINE enabled [ 29.855923] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 29.864441] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 29.870795] Modules linked in: [ 29.873987] CPU: 0 PID: 7978 Comm: syz-executor906 Not tainted 4.14.202-syzkaller #0 [ 29.882032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.891548] task: ffff88809554e440 task.stack: ffff88809a4f8000 [ 29.898067] RIP: 0010:qp_release_pages+0x4f/0x280 [ 29.902898] RSP: 0018:ffff88809a4ff888 EFLAGS: 00010202 [ 29.908361] RAX: 0000000000000004 RBX: ffff8880ac00b100 RCX: 1ffff11012aa9d9e [ 29.916048] RDX: 0000000000000000 RSI: fffffffffffffff2 RDI: 0000000000000020 [ 29.923652] RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000001 [ 29.930991] R10: 0000000000000000 R11: ffff88809554e440 R12: dffffc0000000000 [ 29.939680] R13: 0000000000000000 R14: 0000000000000000 R15: fffffffffffffff2 [ 29.946945] FS: 0000000000c69880(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000 [ 29.955504] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 29.961387] CR2: 00007f34541f0018 CR3: 00000000aece2000 CR4: 00000000001406f0 [ 29.969465] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 29.980448] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 29.988763] Call Trace: [ 29.991773] qp_host_get_user_memory+0x235/0x470 [ 29.998881] qp_broker_alloc+0xfee/0x19a0 [ 30.003403] ? qp_dequeue_locked+0x3f0/0x3f0 [ 30.009216] ? lock_downgrade+0x740/0x740 [ 30.014600] vmci_qp_broker_alloc+0x48/0x60 [ 30.019083] vmci_host_do_alloc_queuepair.constprop.0+0x16b/0x350 [ 30.025708] ? drv_cp_harray_to_user+0x180/0x180 [ 30.030588] ? __mutex_unlock_slowpath+0x75/0x770 [ 30.035640] ? wait_for_completion_io+0x10/0x10 [ 30.040297] vmci_host_unlocked_ioctl+0xd08/0x1980 [ 30.045508] ? vmci_host_do_alloc_queuepair.constprop.0+0x350/0x350 [ 30.051919] ? kasan_slab_free+0xc3/0x1a0 [ 30.056049] ? kmem_cache_free+0x7c/0x2b0 [ 30.060191] ? putname+0xcd/0x110 [ 30.063625] ? do_sys_open+0x203/0x410 [ 30.067599] ? do_syscall_64+0x1d5/0x640 [ 30.071729] ? path_lookupat+0x780/0x780 [ 30.075773] ? debug_check_no_obj_freed+0x2c0/0x674 [ 30.080772] ? lock_acquire+0x170/0x3f0 [ 30.084741] ? lock_downgrade+0x740/0x740 [ 30.088872] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 30.094931] ? debug_check_no_obj_freed+0x2c0/0x674 [ 30.101916] ? vmci_host_do_alloc_queuepair.constprop.0+0x350/0x350 [ 30.108395] do_vfs_ioctl+0x75a/0xff0 [ 30.112265] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 30.117695] ? ioctl_preallocate+0x1a0/0x1a0 [ 30.122998] ? kmem_cache_free+0x23a/0x2b0 [ 30.127594] ? putname+0xcd/0x110 [ 30.131198] ? do_sys_open+0x208/0x410 [ 30.136107] ? filp_open+0x60/0x60 [ 30.139637] ? security_file_ioctl+0x83/0xb0 [ 30.145356] SyS_ioctl+0x7f/0xb0 [ 30.149045] ? do_vfs_ioctl+0xff0/0xff0 [ 30.153224] do_syscall_64+0x1d5/0x640 [ 30.157719] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 30.163065] RIP: 0033:0x4402f9 [ 30.166419] RSP: 002b:00007ffcdcf6be68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 30.174109] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004402f9 [ 30.182558] RDX: 0000000020000000 RSI: 00000000000007a8 RDI: 0000000000000003 [ 30.190549] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 30.198282] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401b00 [ 30.205619] R13: 0000000000401b90 R14: 0000000000000000 R15: 0000000000000000 [ 30.213573] Code: 89 3c 24 48 89 74 24 08 e8 6f 23 bc fd 4d 85 ff 0f 85 b1 00 00 00 e9 c6 01 00 00 e8 5c 23 bc fd 48 8d 7d 20 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 be 01 00 00 4c 8b 7d 20 41 f6 c7 01 0f 85 [ 30.232927] RIP: qp_release_pages+0x4f/0x280 RSP: ffff88809a4ff888 [ 30.241135] ---[ end trace cb5d9770e6aac118 ]--- [ 30.246020] Kernel panic - not syncing: Fatal exception [ 30.253100] Kernel Offset: disabled [ 30.258654] Rebooting in 86400 seconds..