[ OK ] Started OpenBSD Secure Shell server. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.8' (ECDSA) to the list of known hosts. 2020/09/08 02:05:43 parsed 1 programs 2020/09/08 02:05:43 executed programs: 0 syzkaller login: [ 33.361359] audit: type=1400 audit(1599530743.506:8): avc: denied { execmem } for pid=6368 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 34.509682] IPVS: ftp: loaded support on port[0] = 21 [ 34.591648] chnl_net:caif_netlink_parms(): no params data found [ 34.643515] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.650642] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.658981] device bridge_slave_0 entered promiscuous mode [ 34.666192] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.672566] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.679858] device bridge_slave_1 entered promiscuous mode [ 34.695783] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 34.704528] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 34.722873] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 34.730136] team0: Port device team_slave_0 added [ 34.735578] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 34.742967] team0: Port device team_slave_1 added [ 34.758287] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 34.764983] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.790869] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 34.802168] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 34.808465] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.833787] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 34.844662] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 34.852289] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 34.870027] device hsr_slave_0 entered promiscuous mode [ 34.875607] device hsr_slave_1 entered promiscuous mode [ 34.881971] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 34.889323] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 34.952449] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.959200] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.966261] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.972755] bridge0: port 1(bridge_slave_0) entered forwarding state [ 35.001149] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 35.007953] 8021q: adding VLAN 0 to HW filter on device bond0 [ 35.017083] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 35.025126] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 35.035257] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.052779] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.062925] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 35.069429] 8021q: adding VLAN 0 to HW filter on device team0 [ 35.077959] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 35.085540] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.091954] bridge0: port 1(bridge_slave_0) entered forwarding state [ 35.100963] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 35.108979] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.115294] bridge0: port 2(bridge_slave_1) entered forwarding state [ 35.133875] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 35.144271] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 35.155517] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 35.162602] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 35.170434] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 35.178638] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 35.186429] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 35.193831] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 35.200665] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 35.212921] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 35.220701] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 35.227646] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 35.239256] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 35.293923] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 35.303780] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 35.330600] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 35.338770] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 35.346710] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 35.355408] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 35.363952] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 35.371177] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 35.379943] device veth0_vlan entered promiscuous mode [ 35.388934] device veth1_vlan entered promiscuous mode [ 35.394692] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 35.403156] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 35.414003] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 35.423446] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 35.430954] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 35.438250] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 35.448779] device veth0_macvtap entered promiscuous mode [ 35.454773] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 35.463031] device veth1_macvtap entered promiscuous mode [ 35.471381] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 35.480859] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 35.491262] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 35.498257] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 35.506572] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 35.517187] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 35.524078] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 35.576282] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 36.525781] Bluetooth: hci0 command 0x0409 tx timeout 2020/09/08 02:05:48 executed programs: 161 [ 38.603639] Bluetooth: hci0 command 0x041b tx timeout [ 40.233437] kasan: CONFIG_KASAN_INLINE enabled [ 40.238375] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 40.246017] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 40.252336] Modules linked in: [ 40.255520] CPU: 1 PID: 7739 Comm: syz-executor.0 Not tainted 4.14.196-syzkaller #0 [ 40.263314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.272901] task: ffff88808ca044c0 task.stack: ffff8880832f0000 [ 40.279132] RIP: 0010:tty_release+0xf0/0xe20 [ 40.283576] RSP: 0018:ffff8880832f7d80 EFLAGS: 00010246 [ 40.288938] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 40.296186] RDX: 0000000000000000 RSI: 0000000000000002 RDI: ffff888096427160 [ 40.303436] RBP: ffff888096426d00 R08: ffffffff8a088e20 R09: 0000000000000001 [ 40.310682] R10: 0000000000000000 R11: ffff88808ca044c0 R12: ffff8880a4013100 [ 40.317943] R13: ffff888094cfa07c R14: ffffffff83429070 R15: ffff8880a6968420 [ 40.325211] FS: 0000000002c83940(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000 [ 40.333411] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 40.339269] CR2: 00007f7ee517cdb8 CR3: 00000000a1720000 CR4: 00000000001406e0 [ 40.346519] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 40.353776] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 40.361034] Call Trace: [ 40.363604] ? ima_file_free+0x4f/0x330 [ 40.367567] ? do_tty_hangup+0x30/0x30 [ 40.371436] __fput+0x25f/0x7a0 [ 40.374713] task_work_run+0x11f/0x190 [ 40.378585] exit_to_usermode_loop+0x1ad/0x200 [ 40.383164] do_syscall_64+0x4a3/0x640 [ 40.387170] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 40.392336] RIP: 0033:0x416f01 [ 40.395503] RSP: 002b:00007ffdfef0ecc0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 40.403288] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000416f01 [ 40.410542] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 0000000000000003 [ 40.417791] RBP: 0000000000000000 R08: 0000000001190370 R09: 0000000000000000 [ 40.425065] R10: 00007ffdfef0eda0 R11: 0000000000000293 R12: 0000000001190378 [ 40.432327] R13: 0000000000000000 R14: ffffffffffffffff R15: 000000000118cf4c [ 40.439678] Code: df 48 c1 ea 03 80 3c 02 00 0f 85 10 0c 00 00 48 8b 04 24 48 8b 98 90 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <80> 3c 02 00 0f 85 ab 0b 00 00 48 8b 04 24 48 8b 1b 48 8d 78 20 [ 40.458868] RIP: tty_release+0xf0/0xe20 RSP: ffff8880832f7d80 [ 40.465858] ---[ end trace 0cfe432021707aba ]--- [ 40.470609] Kernel panic - not syncing: Fatal exception [ 40.476816] Kernel Offset: disabled [ 40.480688] Rebooting in 86400 seconds..