[ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.57' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 68.355790][ T7022] ================================================================== [ 68.364113][ T7022] BUG: KASAN: null-ptr-deref in choke_reset+0x208/0x340 [ 68.371056][ T7022] Write of size 8 at addr 0000000000000000 by task syz-executor822/7022 [ 68.379383][ T7022] [ 68.381697][ T7022] CPU: 1 PID: 7022 Comm: syz-executor822 Not tainted 5.7.0-rc1-syzkaller #0 [ 68.390363][ T7022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.400451][ T7022] Call Trace: [ 68.403763][ T7022] dump_stack+0x188/0x20d [ 68.408079][ T7022] ? choke_reset+0x208/0x340 [ 68.412658][ T7022] __kasan_report.cold+0x5/0x4d [ 68.417494][ T7022] ? choke_reset+0x208/0x340 [ 68.422069][ T7022] ? choke_reset+0x208/0x340 [ 68.426655][ T7022] kasan_report+0x33/0x50 [ 68.430972][ T7022] check_memory_region+0x141/0x190 [ 68.436068][ T7022] memset+0x20/0x40 [ 68.439861][ T7022] choke_reset+0x208/0x340 [ 68.444262][ T7022] ? choke_destroy+0x40/0x40 [ 68.448836][ T7022] qdisc_reset+0x6b/0x520 [ 68.453152][ T7022] dev_deactivate_queue.constprop.0+0x13c/0x240 [ 68.459381][ T7022] dev_deactivate_many+0xe2/0xba0 [ 68.464407][ T7022] ? __is_module_percpu_address+0x257/0x350 [ 68.470286][ T7022] dev_deactivate+0xf8/0x1c0 [ 68.474860][ T7022] ? dev_deactivate_many+0xba0/0xba0 [ 68.480129][ T7022] ? is_dynamic_key+0x12a/0x1a0 [ 68.484983][ T7022] ? choke_dequeue+0x4b0/0x4b0 [ 68.489748][ T7022] qdisc_graft+0xd25/0x1120 [ 68.494238][ T7022] ? tc_dump_tclass+0x480/0x480 [ 68.499073][ T7022] ? tc_get_qdisc+0xaf0/0xaf0 [ 68.503742][ T7022] ? nla_memcpy+0xa0/0xa0 [ 68.508056][ T7022] ? ns_capable_common+0xe2/0x100 [ 68.513077][ T7022] tc_modify_qdisc+0xbab/0x1a00 [ 68.517926][ T7022] ? qdisc_create+0x1140/0x1140 [ 68.522760][ T7022] ? mutex_trylock+0x2c0/0x2c0 [ 68.527504][ T7022] ? find_held_lock+0x2d/0x110 [ 68.532273][ T7022] ? qdisc_create+0x1140/0x1140 [ 68.537108][ T7022] rtnetlink_rcv_msg+0x44e/0xad0 [ 68.542049][ T7022] ? rtnl_bridge_getlink+0x870/0x870 [ 68.547326][ T7022] ? lock_acquire+0x1f2/0x8f0 [ 68.551997][ T7022] ? netlink_deliver_tap+0x146/0xb50 [ 68.557270][ T7022] netlink_rcv_skb+0x15a/0x410 [ 68.562022][ T7022] ? rtnl_bridge_getlink+0x870/0x870 [ 68.567296][ T7022] ? netlink_ack+0xa10/0xa10 [ 68.571877][ T7022] netlink_unicast+0x537/0x740 [ 68.576643][ T7022] ? netlink_attachskb+0x810/0x810 [ 68.581777][ T7022] ? _copy_from_iter_full+0x25c/0x870 [ 68.587139][ T7022] ? __phys_addr_symbol+0x2c/0x70 [ 68.592147][ T7022] ? __check_object_size+0x171/0x437 [ 68.597426][ T7022] netlink_sendmsg+0x882/0xe10 [ 68.602283][ T7022] ? aa_af_perm+0x260/0x260 [ 68.606786][ T7022] ? netlink_unicast+0x740/0x740 [ 68.611713][ T7022] ? netlink_unicast+0x740/0x740 [ 68.616638][ T7022] sock_sendmsg+0xcf/0x120 [ 68.621044][ T7022] ____sys_sendmsg+0x6bf/0x7e0 [ 68.625804][ T7022] ? print_usage_bug+0x240/0x240 [ 68.630730][ T7022] ? kernel_sendmsg+0x50/0x50 [ 68.635419][ T7022] ___sys_sendmsg+0x100/0x170 [ 68.640093][ T7022] ? sendmsg_copy_msghdr+0x70/0x70 [ 68.645190][ T7022] ? mark_held_locks+0xe0/0xe0 [ 68.649941][ T7022] ? __this_cpu_preempt_check+0x28/0x190 [ 68.655693][ T7022] ? percpu_counter_add_batch+0x123/0x180 [ 68.661458][ T7022] ? find_held_lock+0x2d/0x110 [ 68.666211][ T7022] ? __fd_install+0x1b4/0x600 [ 68.670888][ T7022] ? lock_downgrade+0x840/0x840 [ 68.675740][ T7022] ? __fget_light+0x1ab/0x270 [ 68.680404][ T7022] __sys_sendmsg+0xec/0x1b0 [ 68.684895][ T7022] ? __sys_sendmsg_sock+0xb0/0xb0 [ 68.689955][ T7022] ? trace_hardirqs_off_caller+0x55/0x230 [ 68.695665][ T7022] ? do_syscall_64+0x21/0x7d0 [ 68.700327][ T7022] do_syscall_64+0xf6/0x7d0 [ 68.704821][ T7022] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 68.710697][ T7022] RIP: 0033:0x441499 [ 68.714607][ T7022] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 68.734212][ T7022] RSP: 002b:00007fff8f2fdf28 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 68.742604][ T7022] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441499 [ 68.750572][ T7022] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004 [ 68.758623][ T7022] RBP: 0000000000010add R08: 00000000004002c8 R09: 00000000004002c8 [ 68.766579][ T7022] R10: 00000000004002c8 R11: 0000000000000246 R12: 00000000004022c0 [ 68.774549][ T7022] R13: 0000000000402350 R14: 0000000000000000 R15: 0000000000000000 [ 68.782522][ T7022] ================================================================== [ 68.790564][ T7022] Disabling lock debugging due to kernel taint [ 68.796771][ T7022] Kernel panic - not syncing: panic_on_warn set ... [ 68.803361][ T7022] CPU: 1 PID: 7022 Comm: syz-executor822 Tainted: G B 5.7.0-rc1-syzkaller #0 [ 68.813414][ T7022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.823467][ T7022] Call Trace: [ 68.826741][ T7022] dump_stack+0x188/0x20d [ 68.831050][ T7022] panic+0x2e3/0x75c [ 68.834941][ T7022] ? add_taint.cold+0x16/0x16 [ 68.839598][ T7022] ? retint_kernel+0x2b/0x2b [ 68.844181][ T7022] ? choke_reset+0x208/0x340 [ 68.848751][ T7022] ? trace_hardirqs_on+0x55/0x220 [ 68.853770][ T7022] ? choke_reset+0x208/0x340 [ 68.858355][ T7022] end_report+0x4d/0x53 [ 68.862492][ T7022] __kasan_report.cold+0xd/0x4d [ 68.867319][ T7022] ? choke_reset+0x208/0x340 [ 68.871887][ T7022] ? choke_reset+0x208/0x340 [ 68.876454][ T7022] kasan_report+0x33/0x50 [ 68.880762][ T7022] check_memory_region+0x141/0x190 [ 68.885864][ T7022] memset+0x20/0x40 [ 68.889676][ T7022] choke_reset+0x208/0x340 [ 68.894085][ T7022] ? choke_destroy+0x40/0x40 [ 68.898700][ T7022] qdisc_reset+0x6b/0x520 [ 68.903022][ T7022] dev_deactivate_queue.constprop.0+0x13c/0x240 [ 68.909254][ T7022] dev_deactivate_many+0xe2/0xba0 [ 68.914264][ T7022] ? __is_module_percpu_address+0x257/0x350 [ 68.920230][ T7022] dev_deactivate+0xf8/0x1c0 [ 68.924805][ T7022] ? dev_deactivate_many+0xba0/0xba0 [ 68.930073][ T7022] ? is_dynamic_key+0x12a/0x1a0 [ 68.934904][ T7022] ? choke_dequeue+0x4b0/0x4b0 [ 68.939646][ T7022] qdisc_graft+0xd25/0x1120 [ 68.944133][ T7022] ? tc_dump_tclass+0x480/0x480 [ 68.949004][ T7022] ? tc_get_qdisc+0xaf0/0xaf0 [ 68.953670][ T7022] ? nla_memcpy+0xa0/0xa0 [ 68.957977][ T7022] ? ns_capable_common+0xe2/0x100 [ 68.962997][ T7022] tc_modify_qdisc+0xbab/0x1a00 [ 68.967835][ T7022] ? qdisc_create+0x1140/0x1140 [ 68.972668][ T7022] ? mutex_trylock+0x2c0/0x2c0 [ 68.977420][ T7022] ? find_held_lock+0x2d/0x110 [ 68.982165][ T7022] ? qdisc_create+0x1140/0x1140 [ 68.986993][ T7022] rtnetlink_rcv_msg+0x44e/0xad0 [ 68.991911][ T7022] ? rtnl_bridge_getlink+0x870/0x870 [ 68.997176][ T7022] ? lock_acquire+0x1f2/0x8f0 [ 69.001828][ T7022] ? netlink_deliver_tap+0x146/0xb50 [ 69.007091][ T7022] netlink_rcv_skb+0x15a/0x410 [ 69.011832][ T7022] ? rtnl_bridge_getlink+0x870/0x870 [ 69.017094][ T7022] ? netlink_ack+0xa10/0xa10 [ 69.021690][ T7022] netlink_unicast+0x537/0x740 [ 69.026439][ T7022] ? netlink_attachskb+0x810/0x810 [ 69.031529][ T7022] ? _copy_from_iter_full+0x25c/0x870 [ 69.036978][ T7022] ? __phys_addr_symbol+0x2c/0x70 [ 69.042003][ T7022] ? __check_object_size+0x171/0x437 [ 69.047299][ T7022] netlink_sendmsg+0x882/0xe10 [ 69.052044][ T7022] ? aa_af_perm+0x260/0x260 [ 69.056527][ T7022] ? netlink_unicast+0x740/0x740 [ 69.061446][ T7022] ? netlink_unicast+0x740/0x740 [ 69.066362][ T7022] sock_sendmsg+0xcf/0x120 [ 69.070759][ T7022] ____sys_sendmsg+0x6bf/0x7e0 [ 69.075512][ T7022] ? print_usage_bug+0x240/0x240 [ 69.080433][ T7022] ? kernel_sendmsg+0x50/0x50 [ 69.085091][ T7022] ___sys_sendmsg+0x100/0x170 [ 69.089895][ T7022] ? sendmsg_copy_msghdr+0x70/0x70 [ 69.094999][ T7022] ? mark_held_locks+0xe0/0xe0 [ 69.099745][ T7022] ? __this_cpu_preempt_check+0x28/0x190 [ 69.105358][ T7022] ? percpu_counter_add_batch+0x123/0x180 [ 69.111056][ T7022] ? find_held_lock+0x2d/0x110 [ 69.115797][ T7022] ? __fd_install+0x1b4/0x600 [ 69.120471][ T7022] ? lock_downgrade+0x840/0x840 [ 69.125301][ T7022] ? __fget_light+0x1ab/0x270 [ 69.129959][ T7022] __sys_sendmsg+0xec/0x1b0 [ 69.134445][ T7022] ? __sys_sendmsg_sock+0xb0/0xb0 [ 69.139450][ T7022] ? trace_hardirqs_off_caller+0x55/0x230 [ 69.145151][ T7022] ? do_syscall_64+0x21/0x7d0 [ 69.149815][ T7022] do_syscall_64+0xf6/0x7d0 [ 69.154441][ T7022] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 69.160326][ T7022] RIP: 0033:0x441499 [ 69.164217][ T7022] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 69.183807][ T7022] RSP: 002b:00007fff8f2fdf28 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 69.192203][ T7022] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441499 [ 69.200162][ T7022] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004 [ 69.208111][ T7022] RBP: 0000000000010add R08: 00000000004002c8 R09: 00000000004002c8 [ 69.216062][ T7022] R10: 00000000004002c8 R11: 0000000000000246 R12: 00000000004022c0 [ 69.224010][ T7022] R13: 0000000000402350 R14: 0000000000000000 R15: 0000000000000000 [ 69.233449][ T7022] Kernel Offset: disabled [ 69.237787][ T7022] Rebooting in 86400 seconds..