[ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.212' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 59.043194][ T7048] ================================================================== [ 59.051520][ T7048] BUG: KASAN: null-ptr-deref in choke_reset+0x208/0x340 [ 59.058449][ T7048] Write of size 8 at addr 0000000000000000 by task syz-executor648/7048 [ 59.066871][ T7048] [ 59.069191][ T7048] CPU: 0 PID: 7048 Comm: syz-executor648 Not tainted 5.7.0-rc1-syzkaller #0 [ 59.077842][ T7048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.088106][ T7048] Call Trace: [ 59.091407][ T7048] dump_stack+0x188/0x20d [ 59.095738][ T7048] ? choke_reset+0x208/0x340 [ 59.100334][ T7048] __kasan_report.cold+0x5/0x4d [ 59.105169][ T7048] ? choke_reset+0x208/0x340 [ 59.109799][ T7048] ? choke_reset+0x208/0x340 [ 59.114370][ T7048] kasan_report+0x33/0x50 [ 59.118694][ T7048] check_memory_region+0x141/0x190 [ 59.123793][ T7048] memset+0x20/0x40 [ 59.127600][ T7048] choke_reset+0x208/0x340 [ 59.132016][ T7048] ? choke_destroy+0x40/0x40 [ 59.136598][ T7048] qdisc_reset+0x6b/0x520 [ 59.140922][ T7048] dev_deactivate_queue.constprop.0+0x13c/0x240 [ 59.147146][ T7048] dev_deactivate_many+0xe2/0xba0 [ 59.152288][ T7048] ? __is_module_percpu_address+0x257/0x350 [ 59.158248][ T7048] dev_deactivate+0xf8/0x1c0 [ 59.162854][ T7048] ? dev_deactivate_many+0xba0/0xba0 [ 59.168145][ T7048] ? is_dynamic_key+0x12a/0x1a0 [ 59.172990][ T7048] ? choke_dequeue+0x4b0/0x4b0 [ 59.177759][ T7048] qdisc_graft+0xd25/0x1120 [ 59.182264][ T7048] ? tc_dump_tclass+0x480/0x480 [ 59.187104][ T7048] ? tc_get_qdisc+0xaf0/0xaf0 [ 59.191770][ T7048] ? nla_memcpy+0xa0/0xa0 [ 59.196359][ T7048] ? ns_capable_common+0xe2/0x100 [ 59.201381][ T7048] tc_modify_qdisc+0xbab/0x1a00 [ 59.206228][ T7048] ? qdisc_create+0x1140/0x1140 [ 59.211129][ T7048] ? mutex_trylock+0x2c0/0x2c0 [ 59.215888][ T7048] ? find_held_lock+0x2d/0x110 [ 59.220675][ T7048] ? qdisc_create+0x1140/0x1140 [ 59.225620][ T7048] rtnetlink_rcv_msg+0x44e/0xad0 [ 59.230564][ T7048] ? rtnl_bridge_getlink+0x870/0x870 [ 59.235847][ T7048] ? lock_acquire+0x1f2/0x8f0 [ 59.240521][ T7048] ? netlink_deliver_tap+0x146/0xb50 [ 59.245818][ T7048] netlink_rcv_skb+0x15a/0x410 [ 59.250601][ T7048] ? rtnl_bridge_getlink+0x870/0x870 [ 59.255892][ T7048] ? netlink_ack+0xa10/0xa10 [ 59.260483][ T7048] netlink_unicast+0x537/0x740 [ 59.265366][ T7048] ? netlink_attachskb+0x810/0x810 [ 59.270469][ T7048] ? _copy_from_iter_full+0x25c/0x870 [ 59.275860][ T7048] ? __phys_addr_symbol+0x2c/0x70 [ 59.280891][ T7048] ? __check_object_size+0x171/0x437 [ 59.286295][ T7048] netlink_sendmsg+0x882/0xe10 [ 59.291093][ T7048] ? aa_af_perm+0x260/0x260 [ 59.295588][ T7048] ? netlink_unicast+0x740/0x740 [ 59.300516][ T7048] ? netlink_unicast+0x740/0x740 [ 59.305453][ T7048] sock_sendmsg+0xcf/0x120 [ 59.309857][ T7048] ____sys_sendmsg+0x6bf/0x7e0 [ 59.314633][ T7048] ? print_usage_bug+0x240/0x240 [ 59.319556][ T7048] ? kernel_sendmsg+0x50/0x50 [ 59.324226][ T7048] ___sys_sendmsg+0x100/0x170 [ 59.328904][ T7048] ? sendmsg_copy_msghdr+0x70/0x70 [ 59.334101][ T7048] ? mark_held_locks+0xe0/0xe0 [ 59.338853][ T7048] ? __this_cpu_preempt_check+0x28/0x190 [ 59.344470][ T7048] ? percpu_counter_add_batch+0x123/0x180 [ 59.350212][ T7048] ? find_held_lock+0x2d/0x110 [ 59.354977][ T7048] ? __fd_install+0x1b4/0x600 [ 59.359782][ T7048] ? lock_downgrade+0x840/0x840 [ 59.364686][ T7048] ? __fget_light+0x1ab/0x270 [ 59.369366][ T7048] __sys_sendmsg+0xec/0x1b0 [ 59.373864][ T7048] ? __sys_sendmsg_sock+0xb0/0xb0 [ 59.378880][ T7048] ? trace_hardirqs_off_caller+0x55/0x230 [ 59.384589][ T7048] ? do_syscall_64+0x21/0x7d0 [ 59.389255][ T7048] do_syscall_64+0xf6/0x7d0 [ 59.393748][ T7048] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 59.399792][ T7048] RIP: 0033:0x441409 [ 59.403675][ T7048] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 59.423444][ T7048] RSP: 002b:00007fff43aeb6a8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 59.431870][ T7048] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441409 [ 59.439838][ T7048] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004 [ 59.447795][ T7048] RBP: 000000000000e684 R08: 00000000004002c8 R09: 00000000004002c8 [ 59.455748][ T7048] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000402230 [ 59.463713][ T7048] R13: 00000000004022c0 R14: 0000000000000000 R15: 0000000000000000 [ 59.471849][ T7048] ================================================================== [ 59.479907][ T7048] Disabling lock debugging due to kernel taint [ 59.486246][ T7048] Kernel panic - not syncing: panic_on_warn set ... [ 59.492857][ T7048] CPU: 0 PID: 7048 Comm: syz-executor648 Tainted: G B 5.7.0-rc1-syzkaller #0 [ 59.502918][ T7048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.512975][ T7048] Call Trace: [ 59.516511][ T7048] dump_stack+0x188/0x20d [ 59.520839][ T7048] panic+0x2e3/0x75c [ 59.524715][ T7048] ? add_taint.cold+0x16/0x16 [ 59.529371][ T7048] ? retint_kernel+0x2b/0x2b [ 59.534051][ T7048] ? choke_reset+0x208/0x340 [ 59.538674][ T7048] ? trace_hardirqs_on+0x55/0x220 [ 59.543695][ T7048] ? choke_reset+0x208/0x340 [ 59.548283][ T7048] end_report+0x4d/0x53 [ 59.552541][ T7048] __kasan_report.cold+0xd/0x4d [ 59.557405][ T7048] ? choke_reset+0x208/0x340 [ 59.561975][ T7048] ? choke_reset+0x208/0x340 [ 59.566558][ T7048] kasan_report+0x33/0x50 [ 59.570873][ T7048] check_memory_region+0x141/0x190 [ 59.575977][ T7048] memset+0x20/0x40 [ 59.579780][ T7048] choke_reset+0x208/0x340 [ 59.584189][ T7048] ? choke_destroy+0x40/0x40 [ 59.588912][ T7048] qdisc_reset+0x6b/0x520 [ 59.593247][ T7048] dev_deactivate_queue.constprop.0+0x13c/0x240 [ 59.599623][ T7048] dev_deactivate_many+0xe2/0xba0 [ 59.604692][ T7048] ? __is_module_percpu_address+0x257/0x350 [ 59.610572][ T7048] dev_deactivate+0xf8/0x1c0 [ 59.615279][ T7048] ? dev_deactivate_many+0xba0/0xba0 [ 59.620571][ T7048] ? is_dynamic_key+0x12a/0x1a0 [ 59.625415][ T7048] ? choke_dequeue+0x4b0/0x4b0 [ 59.630335][ T7048] qdisc_graft+0xd25/0x1120 [ 59.634890][ T7048] ? tc_dump_tclass+0x480/0x480 [ 59.639755][ T7048] ? tc_get_qdisc+0xaf0/0xaf0 [ 59.644424][ T7048] ? nla_memcpy+0xa0/0xa0 [ 59.648804][ T7048] ? ns_capable_common+0xe2/0x100 [ 59.653930][ T7048] tc_modify_qdisc+0xbab/0x1a00 [ 59.658791][ T7048] ? qdisc_create+0x1140/0x1140 [ 59.663763][ T7048] ? mutex_trylock+0x2c0/0x2c0 [ 59.668519][ T7048] ? find_held_lock+0x2d/0x110 [ 59.673273][ T7048] ? qdisc_create+0x1140/0x1140 [ 59.678165][ T7048] rtnetlink_rcv_msg+0x44e/0xad0 [ 59.683103][ T7048] ? rtnl_bridge_getlink+0x870/0x870 [ 59.688502][ T7048] ? lock_acquire+0x1f2/0x8f0 [ 59.693174][ T7048] ? netlink_deliver_tap+0x146/0xb50 [ 59.698456][ T7048] netlink_rcv_skb+0x15a/0x410 [ 59.703272][ T7048] ? rtnl_bridge_getlink+0x870/0x870 [ 59.708545][ T7048] ? netlink_ack+0xa10/0xa10 [ 59.713139][ T7048] netlink_unicast+0x537/0x740 [ 59.718204][ T7048] ? netlink_attachskb+0x810/0x810 [ 59.723411][ T7048] ? _copy_from_iter_full+0x25c/0x870 [ 59.728865][ T7048] ? __phys_addr_symbol+0x2c/0x70 [ 59.733891][ T7048] ? __check_object_size+0x171/0x437 [ 59.739163][ T7048] netlink_sendmsg+0x882/0xe10 [ 59.743960][ T7048] ? aa_af_perm+0x260/0x260 [ 59.748444][ T7048] ? netlink_unicast+0x740/0x740 [ 59.753386][ T7048] ? netlink_unicast+0x740/0x740 [ 59.758326][ T7048] sock_sendmsg+0xcf/0x120 [ 59.762858][ T7048] ____sys_sendmsg+0x6bf/0x7e0 [ 59.767634][ T7048] ? print_usage_bug+0x240/0x240 [ 59.772571][ T7048] ? kernel_sendmsg+0x50/0x50 [ 59.777261][ T7048] ___sys_sendmsg+0x100/0x170 [ 59.781933][ T7048] ? sendmsg_copy_msghdr+0x70/0x70 [ 59.787029][ T7048] ? mark_held_locks+0xe0/0xe0 [ 59.791913][ T7048] ? __this_cpu_preempt_check+0x28/0x190 [ 59.797653][ T7048] ? percpu_counter_add_batch+0x123/0x180 [ 59.803394][ T7048] ? find_held_lock+0x2d/0x110 [ 59.808147][ T7048] ? __fd_install+0x1b4/0x600 [ 59.812819][ T7048] ? lock_downgrade+0x840/0x840 [ 59.817758][ T7048] ? __fget_light+0x1ab/0x270 [ 59.822422][ T7048] __sys_sendmsg+0xec/0x1b0 [ 59.826908][ T7048] ? __sys_sendmsg_sock+0xb0/0xb0 [ 59.831934][ T7048] ? trace_hardirqs_off_caller+0x55/0x230 [ 59.837633][ T7048] ? do_syscall_64+0x21/0x7d0 [ 59.842309][ T7048] do_syscall_64+0xf6/0x7d0 [ 59.846989][ T7048] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 59.852945][ T7048] RIP: 0033:0x441409 [ 59.856817][ T7048] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 59.876414][ T7048] RSP: 002b:00007fff43aeb6a8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 59.884809][ T7048] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441409 [ 59.892886][ T7048] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004 [ 59.901200][ T7048] RBP: 000000000000e684 R08: 00000000004002c8 R09: 00000000004002c8 [ 59.909548][ T7048] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000402230 [ 59.918283][ T7048] R13: 00000000004022c0 R14: 0000000000000000 R15: 0000000000000000 [ 59.927770][ T7048] Kernel Offset: disabled [ 59.932096][ T7048] Rebooting in 86400 seconds..