[ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.50' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 67.814245][ T28] audit: type=1400 audit(1590404740.171:8): avc: denied { execmem } for pid=7040 comm="syz-executor943" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 67.838059][ T7040] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 67.850525][ T7040] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 67.858939][ T7040] CPU: 1 PID: 7040 Comm: syz-executor943 Not tainted 5.7.0-rc7-syzkaller #0 [ 67.868855][ T7040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.879502][ T7040] RIP: 0010:fq_codel_enqueue+0xa75/0x11b0 [ 67.885543][ T7040] Code: 27 fb 44 3b 64 24 70 0f 83 dd 00 00 00 e8 d3 70 27 fb 48 8b 44 24 40 80 38 00 0f 85 5a 05 00 00 49 8b 06 48 89 c2 48 c1 ea 03 <42> 80 3c 2a 00 0f 85 52 05 00 00 48 8b 10 49 89 16 48 89 c2 48 c1 [ 67.907150][ T7040] RSP: 0018:ffffc90001ca76a0 EFLAGS: 00010246 [ 67.913311][ T7040] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffc90001ca7880 [ 67.921508][ T7040] RDX: 0000000000000000 RSI: ffffffff864bcddd RDI: 0000000000000000 [ 67.930053][ T7040] RBP: ffffc90001ca77b0 R08: ffff8880a2d3a400 R09: fffffbfff185df45 [ 67.938478][ T7040] R10: ffffffff8c2efa27 R11: fffffbfff185df44 R12: 0000000000000400 [ 67.946604][ T7040] R13: dffffc0000000000 R14: ffff888083c00000 R15: ffffc90001ca7880 [ 67.955169][ T7040] FS: 000000000183d880(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000 [ 67.964637][ T7040] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 67.971484][ T7040] CR2: 0000000020000100 CR3: 00000000a6d1f000 CR4: 00000000001406e0 [ 67.979844][ T7040] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 67.988129][ T7040] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 67.996284][ T7040] Call Trace: [ 67.999583][ T7040] ? drop_func+0x60/0x60 [ 68.004140][ T7040] ? rwlock_bug.part.0+0x90/0x90 [ 68.009558][ T7040] ? rcu_read_lock_bh_held+0x5a/0xb0 [ 68.015079][ T7040] ? rcu_read_lock_sched_held+0xd0/0xd0 [ 68.020625][ T7040] __dev_queue_xmit+0x154a/0x30a0 [ 68.025746][ T7040] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 68.031110][ T7040] ? _copy_from_iter+0x307/0xb60 [ 68.036056][ T7040] ? __check_object_size+0x171/0x437 [ 68.041437][ T7040] ? packet_parse_headers.isra.0+0x11c/0x470 [ 68.047749][ T7040] ? packet_seq_start+0x150/0x150 [ 68.052861][ T7040] ? packet_sendmsg+0x24fd/0x5e90 [ 68.058325][ T7040] packet_sendmsg+0x24fd/0x5e90 [ 68.063473][ T7040] ? find_held_lock+0x2d/0x110 [ 68.068329][ T7040] ? sock_has_perm+0x1ec/0x280 [ 68.073382][ T7040] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 68.079515][ T7040] ? tomoyo_socket_sendmsg_permission+0x130/0x38e [ 68.086299][ T7040] ? tomoyo_socket_bind_permission+0x330/0x330 [ 68.092735][ T7040] ? packet_notifier+0x860/0x860 [ 68.097929][ T7040] ? packet_notifier+0x860/0x860 [ 68.103733][ T7040] sock_sendmsg+0xcf/0x120 [ 68.108403][ T7040] sock_write_iter+0x289/0x3c0 [ 68.113432][ T7040] ? sock_sendmsg+0x120/0x120 [ 68.118444][ T7040] ? inode_has_perm+0x1a6/0x230 [ 68.123473][ T7040] new_sync_write+0x4a2/0x700 [ 68.128153][ T7040] ? new_sync_read+0x7a0/0x7a0 [ 68.133140][ T7040] ? security_file_permission+0x8c/0x470 [ 68.138766][ T7040] __vfs_write+0xc9/0x100 [ 68.143139][ T7040] vfs_write+0x268/0x5d0 [ 68.147659][ T7040] ksys_write+0x1ee/0x250 [ 68.152062][ T7040] ? __ia32_sys_read+0xb0/0xb0 [ 68.156914][ T7040] ? trace_hardirqs_off_caller+0x55/0x230 [ 68.162762][ T7040] do_syscall_64+0xf6/0x7d0 [ 68.167318][ T7040] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 68.173813][ T7040] RIP: 0033:0x440599 [ 68.177746][ T7040] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 68.198775][ T7040] RSP: 002b:00007ffd1a13dc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 68.207735][ T7040] RAX: ffffffffffffffda RBX: 00000000004a173e RCX: 0000000000440599 [ 68.215955][ T7040] RDX: 000000000000006c RSI: 00000000200003c0 RDI: 0000000000000005 [ 68.224222][ T7040] RBP: 54c6c2ff093a6d32 R08: 00000000004002c8 R09: 00000000004002c8 [ 68.232587][ T7040] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000010000 [ 68.240729][ T7040] R13: 0000000000401eb0 R14: 0000000000000000 R15: 0000000000000000 [ 68.248998][ T7040] Modules linked in: [ 68.253087][ T7040] ---[ end trace cc872fad0fe7d088 ]--- [ 68.259125][ T7040] RIP: 0010:fq_codel_enqueue+0xa75/0x11b0 [ 68.265070][ T7040] Code: 27 fb 44 3b 64 24 70 0f 83 dd 00 00 00 e8 d3 70 27 fb 48 8b 44 24 40 80 38 00 0f 85 5a 05 00 00 49 8b 06 48 89 c2 48 c1 ea 03 <42> 80 3c 2a 00 0f 85 52 05 00 00 48 8b 10 49 89 16 48 89 c2 48 c1 [ 68.285220][ T7040] RSP: 0018:ffffc90001ca76a0 EFLAGS: 00010246 [ 68.292110][ T7040] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffc90001ca7880 [ 68.300329][ T7040] RDX: 0000000000000000 RSI: ffffffff864bcddd RDI: 0000000000000000 [ 68.308566][ T7040] RBP: ffffc90001ca77b0 R08: ffff8880a2d3a400 R09: fffffbfff185df45 [ 68.316853][ T7040] R10: ffffffff8c2efa27 R11: fffffbfff185df44 R12: 0000000000000400 [ 68.325480][ T7040] R13: dffffc0000000000 R14: ffff888083c00000 R15: ffffc90001ca7880 [ 68.334161][ T7040] FS: 000000000183d880(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000 [ 68.343638][ T7040] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 68.350665][ T7040] CR2: 0000000020000100 CR3: 00000000a6d1f000 CR4: 00000000001406e0 [ 68.359101][ T7040] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 68.367532][ T7040] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 68.376207][ T7040] Kernel panic - not syncing: Fatal exception in interrupt [ 68.385291][ T7040] Kernel Offset: disabled [ 68.389839][ T7040] Rebooting in 86400 seconds..