[ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Warning: Permanently added '10.128.1.93' (ECDSA) to the list of known hosts. [ 80.963687][ T38] audit: type=1400 audit(1619990965.566:8): avc: denied { execmem } for pid=8388 comm="syz-executor170" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 Debian GNU/Linux 9 syzkaller ttyS0 executing program syzkaller login: [ 82.116828][ T8389] IPVS: ftp: loaded support on port[0] = 21 [ 82.216153][ T8389] list_del corruption. prev->next should be ffff888025585c68, but was ffff88801cf6ec40 [ 82.226576][ T8389] ------------[ cut here ]------------ [ 82.232155][ T8389] kernel BUG at lib/list_debug.c:51! [ 82.237465][ T8389] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 82.243548][ T8389] CPU: 1 PID: 8389 Comm: syz-executor170 Not tainted 5.12.0-syzkaller #0 [ 82.251985][ T8389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 82.262174][ T8389] RIP: 0010:__list_del_entry_valid.cold+0xf/0x4a [ 82.268556][ T8389] Code: e8 91 a1 f2 ff 0f 0b 48 89 f1 48 c7 c7 c0 f5 c1 89 4c 89 e6 e8 7d a1 f2 ff 0f 0b 48 89 ee 48 c7 c7 60 f7 c1 89 e8 6c a1 f2 ff <0f> 0b 4c 89 ea 48 89 ee 48 c7 c7 a0 f6 c1 89 e8 58 a1 f2 ff 0f 0b [ 82.288177][ T8389] RSP: 0018:ffffc90001397928 EFLAGS: 00010282 [ 82.294289][ T8389] RAX: 0000000000000054 RBX: 0000000000000001 RCX: 0000000000000000 [ 82.302295][ T8389] RDX: ffff888027b30040 RSI: ffffffff815bb075 RDI: fffff52000272f17 [ 82.310282][ T8389] RBP: ffff888025585c68 R08: 0000000000000054 R09: 0000000000000000 [ 82.318274][ T8389] R10: ffffffff815b4eae R11: 0000000000000000 R12: ffff888015c96868 [ 82.326271][ T8389] R13: ffff888015c96868 R14: ffff888025585c60 R15: 0000000000000000 [ 82.334261][ T8389] FS: 0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 [ 82.343217][ T8389] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 82.349817][ T8389] CR2: 00005590d06d3b38 CR3: 00000000246a5000 CR4: 00000000001506e0 [ 82.357811][ T8389] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 82.365799][ T8389] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 82.373803][ T8389] Call Trace: [ 82.377107][ T8389] klist_release+0x66/0x480 [ 82.381642][ T8389] ? __device_link_free_srcu+0x120/0x120 [ 82.387294][ T8389] klist_put+0xf7/0x1d0 [ 82.391489][ T8389] device_del+0x245/0xd40 [ 82.395836][ T8389] ? klist_iter_exit+0xc/0x80 [ 82.400551][ T8389] ? __device_links_queue_sync_state+0x3f0/0x3f0 [ 82.406922][ T8389] hci_conn_del_sysfs+0xdc/0x180 [ 82.411875][ T8389] hci_conn_cleanup+0x2e7/0x6c0 [ 82.416730][ T8389] hci_conn_del+0x2a0/0x790 [ 82.421243][ T8389] hci_conn_hash_flush+0x19c/0x260 [ 82.426371][ T8389] hci_dev_do_close+0x569/0x1110 [ 82.431323][ T8389] ? hci_dev_open+0x300/0x300 [ 82.436033][ T8389] ? do_raw_read_unlock+0x70/0x70 [ 82.441075][ T8389] hci_unregister_dev+0x263/0x1130 [ 82.446215][ T8389] ? fsnotify+0x1070/0x1070 [ 82.450748][ T8389] ? hci_bdaddr_list_clear+0x200/0x200 [ 82.456221][ T8389] ? fcntl_setlk+0xe90/0xe90 [ 82.460822][ T8389] vhci_release+0x70/0xe0 [ 82.465170][ T8389] __fput+0x288/0x920 [ 82.469161][ T8389] ? vhci_close_dev+0x50/0x50 [ 82.473850][ T8389] task_work_run+0xdd/0x1a0 [ 82.478388][ T8389] do_exit+0xbfc/0x2a60 [ 82.482552][ T8389] ? mm_update_next_owner+0x7a0/0x7a0 [ 82.487929][ T8389] ? lock_downgrade+0x6e0/0x6e0 [ 82.492809][ T8389] ? lock_downgrade+0x6e0/0x6e0 [ 82.497677][ T8389] do_group_exit+0x125/0x310 [ 82.502301][ T8389] __x64_sys_exit_group+0x3a/0x50 [ 82.507368][ T8389] do_syscall_64+0x3a/0xb0 [ 82.511810][ T8389] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 82.517722][ T8389] RIP: 0033:0x4443b9 [ 82.521647][ T8389] Code: Unable to access opcode bytes at RIP 0x44438f. [ 82.528533][ T8389] RSP: 002b:00007ffee83852d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 82.536965][ T8389] RAX: ffffffffffffffda RBX: 00000000004cb370 RCX: 00000000004443b9 [ 82.545449][ T8389] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001 [ 82.554212][ T8389] RBP: 0000000000000001 R08: ffffffffffffffb8 R09: 000000ff004c5fe0 [ 82.562588][ T8389] R10: 00007ffee8384da0 R11: 0000000000000246 R12: 00000000004cb370 [ 82.570574][ T8389] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 82.578564][ T8389] Modules linked in: [ 82.582566][ T8389] ---[ end trace a27fd10b9de818c0 ]--- [ 82.591366][ T8389] RIP: 0010:__list_del_entry_valid.cold+0xf/0x4a [ 82.597736][ T8389] Code: e8 91 a1 f2 ff 0f 0b 48 89 f1 48 c7 c7 c0 f5 c1 89 4c 89 e6 e8 7d a1 f2 ff 0f 0b 48 89 ee 48 c7 c7 60 f7 c1 89 e8 6c a1 f2 ff <0f> 0b 4c 89 ea 48 89 ee 48 c7 c7 a0 f6 c1 89 e8 58 a1 f2 ff 0f 0b [ 82.617566][ T8389] RSP: 0018:ffffc90001397928 EFLAGS: 00010282 [ 82.623759][ T8389] RAX: 0000000000000054 RBX: 0000000000000001 RCX: 0000000000000000 [ 82.631940][ T8389] RDX: ffff888027b30040 RSI: ffffffff815bb075 RDI: fffff52000272f17 [ 82.640029][ T8389] RBP: ffff888025585c68 R08: 0000000000000054 R09: 0000000000000000 [ 82.648055][ T8389] R10: ffffffff815b4eae R11: 0000000000000000 R12: ffff888015c96868 [ 82.656108][ T8389] R13: ffff888015c96868 R14: ffff888025585c60 R15: 0000000000000000 [ 82.664294][ T8389] FS: 0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 [ 82.673335][ T8389] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 82.680005][ T8389] CR2: 00005590d06d3b38 CR3: 00000000246a5000 CR4: 00000000001506e0 [ 82.688013][ T8389] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 82.696110][ T8389] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 82.704183][ T8389] Kernel panic - not syncing: Fatal exception [ 82.710641][ T8389] Kernel Offset: disabled [ 82.714980][ T8389] Rebooting in 86400 seconds..