[ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Reached target Login Prompts. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.189' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 32.332744] BUG: unable to handle kernel paging request at fffffffffffffff0 [ 32.339861] PGD 9e6e067 P4D 9e6e067 PUD 9e70067 PMD 0 [ 32.345145] Oops: 0000 [#1] PREEMPT SMP KASAN [ 32.349634] CPU: 0 PID: 8107 Comm: syz-executor299 Not tainted 4.19.211-syzkaller #0 [ 32.357500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.367016] RIP: 0010:tcf_action_dump_1+0x95/0x6e0 [ 32.371962] Code: 0f 8e 73 05 00 00 8b b5 c8 00 00 00 4c 89 e2 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 48 01 f3 80 3c 02 00 0f 85 c4 05 00 00 <49> 8b 04 24 4c 8d 78 10 4c 89 ff e8 1b 9b 63 01 4c 89 f9 be 01 00 [ 32.390855] RSP: 0018:ffff88809511f490 EFLAGS: 00010246 [ 32.396204] RAX: dffffc0000000000 RBX: ffff8880b0f92d64 RCX: 0000000000000000 [ 32.403466] RDX: 1ffffffffffffffe RSI: 0000000000000024 RDI: ffff8880a32d6700 [ 32.410720] RBP: ffff8880a32d6700 R08: 0000000000000000 R09: 0000000000000000 [ 32.417988] R10: 0000000000000005 R11: 0000000000000000 R12: fffffffffffffff0 [ 32.425256] R13: ffff8880a32d67c8 R14: ffff8880a32d67d0 R15: 0000000000000000 [ 32.432516] FS: 00007fd2030d5700(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000 [ 32.441246] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 32.447106] CR2: fffffffffffffff0 CR3: 00000000aaf77000 CR4: 00000000003406f0 [ 32.454384] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 32.461647] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 32.468979] Call Trace: [ 32.471548] ? nla_put+0x104/0x140 [ 32.475077] tcf_generic_walker+0x1ff/0xa20 [ 32.479395] ? tcf_action_dump_1+0x6e0/0x6e0 [ 32.483800] ? tcf_ife_walker+0x191/0x2c0 [ 32.488080] tc_dump_action+0x6b0/0xdb0 [ 32.492044] ? tc_lookup_action+0x110/0x110 [ 32.496350] ? kmem_cache_alloc_node_trace+0x351/0x3b0 [ 32.501616] ? memset+0x20/0x40 [ 32.504882] netlink_dump+0x3cf/0xc10 [ 32.508682] __netlink_dump_start+0x4e9/0x6f0 [ 32.513248] rtnetlink_rcv_msg+0x71e/0xb80 [ 32.517462] ? tc_lookup_action+0x110/0x110 [ 32.521764] ? rtnl_calcit.isra.0+0x430/0x430 [ 32.526326] ? __netlink_lookup+0x3fc/0x730 [ 32.530636] ? tc_lookup_action+0x110/0x110 [ 32.535003] ? lock_downgrade+0x720/0x720 [ 32.539131] ? check_preemption_disabled+0x41/0x280 [ 32.544129] netlink_rcv_skb+0x160/0x440 [ 32.548420] ? rtnl_calcit.isra.0+0x430/0x430 [ 32.552905] ? netlink_ack+0xae0/0xae0 [ 32.556863] netlink_unicast+0x4d5/0x690 [ 32.560915] ? netlink_sendskb+0x110/0x110 [ 32.565152] ? _copy_from_iter_full+0x229/0x7c0 [ 32.569808] ? __phys_addr_symbol+0x2c/0x70 [ 32.574112] ? __check_object_size+0x17b/0x3e0 [ 32.578681] netlink_sendmsg+0x6c3/0xc50 [ 32.582745] ? aa_af_perm+0x230/0x230 [ 32.586534] ? nlmsg_notify+0x1f0/0x1f0 [ 32.590496] ? kernel_recvmsg+0x220/0x220 [ 32.594644] ? nlmsg_notify+0x1f0/0x1f0 [ 32.598597] sock_sendmsg+0xc3/0x120 [ 32.602289] ___sys_sendmsg+0x7bb/0x8e0 [ 32.606243] ? copy_msghdr_from_user+0x440/0x440 [ 32.610977] ? __fget+0x32f/0x510 [ 32.614411] ? lock_downgrade+0x720/0x720 [ 32.618541] ? check_preemption_disabled+0x41/0x280 [ 32.623541] ? check_preemption_disabled+0x41/0x280 [ 32.628538] ? __fget+0x356/0x510 [ 32.631972] ? do_dup2+0x450/0x450 [ 32.635505] ? __fdget+0x1d0/0x230 [ 32.639040] __x64_sys_sendmsg+0x132/0x220 [ 32.643260] ? __sys_sendmsg+0x1b0/0x1b0 [ 32.647306] ? __se_sys_futex+0x298/0x3b0 [ 32.651433] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 32.656777] ? trace_hardirqs_off_caller+0x6e/0x210 [ 32.661778] ? do_syscall_64+0x21/0x620 [ 32.665733] do_syscall_64+0xf9/0x620 [ 32.669516] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.674709] RIP: 0033:0x7fd203123da9 [ 32.678414] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 32.697311] RSP: 002b:00007fd2030d5318 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 32.704997] RAX: ffffffffffffffda RBX: 00007fd2031ab408 RCX: 00007fd203123da9 [ 32.712245] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 32.719491] RBP: 00007fd2031ab400 R08: 000000000000002c R09: 0000000000000000 [ 32.726739] R10: 0000000000000001 R11: 0000000000000246 R12: 00007fd2031ab40c [ 32.733987] R13: 00007ffea7a4680f R14: 00007fd2030d5400 R15: 0000000000022000 [ 32.741236] Modules linked in: [ 32.744412] CR2: fffffffffffffff0 [ 32.747854] ---[ end trace 21cd12ff0dbf5402 ]--- [ 32.752590] RIP: 0010:tcf_action_dump_1+0x95/0x6e0 [ 32.757496] Code: 0f 8e 73 05 00 00 8b b5 c8 00 00 00 4c 89 e2 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 48 01 f3 80 3c 02 00 0f 85 c4 05 00 00 <49> 8b 04 24 4c 8d 78 10 4c 89 ff e8 1b 9b 63 01 4c 89 f9 be 01 00 [ 32.776374] RSP: 0018:ffff88809511f490 EFLAGS: 00010246 [ 32.781720] RAX: dffffc0000000000 RBX: ffff8880b0f92d64 RCX: 0000000000000000 [ 32.788968] RDX: 1ffffffffffffffe RSI: 0000000000000024 RDI: ffff8880a32d6700 [ 32.796216] RBP: ffff8880a32d6700 R08: 0000000000000000 R09: 0000000000000000 [ 32.803465] R10: 0000000000000005 R11: 0000000000000000 R12: fffffffffffffff0 [ 32.810717] R13: ffff8880a32d67c8 R14: ffff8880a32d67d0 R15: 0000000000000000 [ 32.818017] FS: 00007fd2030d5700(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000 [ 32.826220] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 32.832079] CR2: fffffffffffffff0 CR3: 00000000aaf77000 CR4: 00000000003406f0 [ 32.839329] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 32.846664] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 32.853913] Kernel panic - not syncing: Fatal exception [ 32.859488] Kernel Offset: disabled [ 32.863097] Rebooting in 86400 seconds..