[ OK ] Started Getty on tty4. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.1' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 63.283059][ T7077] ================================================================== [ 63.291530][ T7077] BUG: KASAN: null-ptr-deref in choke_reset+0x208/0x340 [ 63.298454][ T7077] Write of size 8 at addr 0000000000000000 by task syz-executor045/7077 [ 63.306764][ T7077] [ 63.309078][ T7077] CPU: 1 PID: 7077 Comm: syz-executor045 Not tainted 5.7.0-rc1-next-20200415-syzkaller #0 [ 63.318939][ T7077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.328993][ T7077] Call Trace: [ 63.332284][ T7077] dump_stack+0x188/0x20d [ 63.336599][ T7077] ? choke_reset+0x208/0x340 [ 63.341170][ T7077] __kasan_report.cold+0x5/0x4d [ 63.346005][ T7077] ? choke_reset+0x208/0x340 [ 63.350715][ T7077] ? choke_reset+0x208/0x340 [ 63.355286][ T7077] kasan_report+0x33/0x50 [ 63.359614][ T7077] check_memory_region+0x141/0x190 [ 63.364708][ T7077] memset+0x20/0x40 [ 63.368552][ T7077] choke_reset+0x208/0x340 [ 63.372953][ T7077] ? lock_downgrade+0x840/0x840 [ 63.377892][ T7077] ? choke_destroy+0x40/0x40 [ 63.382474][ T7077] qdisc_reset+0x6b/0x520 [ 63.386811][ T7077] dev_deactivate_queue.constprop.0+0x13c/0x240 [ 63.393047][ T7077] dev_deactivate_many+0xe2/0xba0 [ 63.398060][ T7077] ? fq_resize+0x8e0/0x8e0 [ 63.402468][ T7077] dev_deactivate+0xf8/0x1c0 [ 63.407056][ T7077] ? dev_deactivate_many+0xba0/0xba0 [ 63.412318][ T7077] ? __hrtimer_init+0x13b/0x270 [ 63.417157][ T7077] qdisc_graft+0xd25/0x1120 [ 63.421655][ T7077] ? tc_dump_tclass+0x480/0x480 [ 63.426496][ T7077] ? tc_get_qdisc+0xaf0/0xaf0 [ 63.431148][ T7077] ? nla_memcpy+0xa0/0xa0 [ 63.435461][ T7077] ? ns_capable_common+0xe2/0x100 [ 63.440473][ T7077] tc_modify_qdisc+0xbab/0x1a00 [ 63.445326][ T7077] ? qdisc_create+0x1140/0x1140 [ 63.450153][ T7077] ? mutex_trylock+0x2c0/0x2c0 [ 63.454892][ T7077] ? find_held_lock+0x2d/0x110 [ 63.459659][ T7077] ? qdisc_create+0x1140/0x1140 [ 63.464583][ T7077] rtnetlink_rcv_msg+0x44e/0xad0 [ 63.469499][ T7077] ? rtnl_bridge_getlink+0x870/0x870 [ 63.474764][ T7077] ? lock_acquire+0x1f2/0x8f0 [ 63.479430][ T7077] ? netlink_deliver_tap+0x146/0xb50 [ 63.484757][ T7077] netlink_rcv_skb+0x15a/0x410 [ 63.489563][ T7077] ? rtnl_bridge_getlink+0x870/0x870 [ 63.494861][ T7077] ? netlink_ack+0xa10/0xa10 [ 63.499481][ T7077] netlink_unicast+0x537/0x740 [ 63.504267][ T7077] ? netlink_attachskb+0x810/0x810 [ 63.509386][ T7077] ? _copy_from_iter_full+0x25c/0x870 [ 63.514780][ T7077] ? __phys_addr_symbol+0x2c/0x70 [ 63.519808][ T7077] ? __check_object_size+0x171/0x437 [ 63.525103][ T7077] netlink_sendmsg+0x882/0xe10 [ 63.529879][ T7077] ? aa_af_perm+0x260/0x260 [ 63.534382][ T7077] ? netlink_unicast+0x740/0x740 [ 63.539332][ T7077] ? netlink_unicast+0x740/0x740 [ 63.544273][ T7077] sock_sendmsg+0xcf/0x120 [ 63.548707][ T7077] ____sys_sendmsg+0x6bf/0x7e0 [ 63.553477][ T7077] ? print_usage_bug+0x240/0x240 [ 63.558437][ T7077] ? kernel_sendmsg+0x50/0x50 [ 63.563245][ T7077] ___sys_sendmsg+0x100/0x170 [ 63.567922][ T7077] ? sendmsg_copy_msghdr+0x70/0x70 [ 63.573034][ T7077] ? mark_held_locks+0xe0/0xe0 [ 63.577801][ T7077] ? __this_cpu_preempt_check+0x28/0x190 [ 63.583419][ T7077] ? percpu_counter_add_batch+0x123/0x180 [ 63.589122][ T7077] ? find_held_lock+0x2d/0x110 [ 63.593888][ T7077] ? __fd_install+0x1b4/0x600 [ 63.598558][ T7077] ? lock_downgrade+0x840/0x840 [ 63.603394][ T7077] ? __fget_light+0x1ab/0x270 [ 63.608065][ T7077] __sys_sendmsg+0xec/0x1b0 [ 63.612549][ T7077] ? __sys_sendmsg_sock+0xb0/0xb0 [ 63.617557][ T7077] ? trace_hardirqs_off_caller+0x55/0x230 [ 63.623257][ T7077] ? do_syscall_64+0x21/0x7d0 [ 63.627913][ T7077] do_syscall_64+0xf6/0x7d0 [ 63.632422][ T7077] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 63.638504][ T7077] RIP: 0033:0x440719 [ 63.642386][ T7077] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 63.661986][ T7077] RSP: 002b:00007ffdc5b03ed8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 63.670378][ T7077] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000000440719 [ 63.678331][ T7077] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000006 [ 63.686369][ T7077] RBP: 0000000000000001 R08: 00000000ffffffff R09: 00000000004002c8 [ 63.694318][ T7077] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000007166 [ 63.702270][ T7077] R13: 0000000000402030 R14: 0000000000000000 R15: 0000000000000000 [ 63.710262][ T7077] ================================================================== [ 63.718335][ T7077] Disabling lock debugging due to kernel taint [ 63.724549][ T7077] Kernel panic - not syncing: panic_on_warn set ... [ 63.731154][ T7077] CPU: 1 PID: 7077 Comm: syz-executor045 Tainted: G B 5.7.0-rc1-next-20200415-syzkaller #0 [ 63.742596][ T7077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.752640][ T7077] Call Trace: [ 63.755907][ T7077] dump_stack+0x188/0x20d [ 63.760218][ T7077] panic+0x2e3/0x75c [ 63.764098][ T7077] ? add_taint.cold+0x16/0x16 [ 63.768748][ T7077] ? retint_kernel+0x2b/0x2b [ 63.773325][ T7077] ? choke_reset+0x208/0x340 [ 63.777889][ T7077] ? trace_hardirqs_on+0x55/0x220 [ 63.782900][ T7077] ? choke_reset+0x208/0x340 [ 63.787464][ T7077] end_report+0x4d/0x53 [ 63.791593][ T7077] __kasan_report.cold+0xd/0x4d [ 63.796417][ T7077] ? choke_reset+0x208/0x340 [ 63.801327][ T7077] ? choke_reset+0x208/0x340 [ 63.805904][ T7077] kasan_report+0x33/0x50 [ 63.810206][ T7077] check_memory_region+0x141/0x190 [ 63.815290][ T7077] memset+0x20/0x40 [ 63.819073][ T7077] choke_reset+0x208/0x340 [ 63.823478][ T7077] ? lock_downgrade+0x840/0x840 [ 63.828570][ T7077] ? choke_destroy+0x40/0x40 [ 63.833149][ T7077] qdisc_reset+0x6b/0x520 [ 63.837452][ T7077] dev_deactivate_queue.constprop.0+0x13c/0x240 [ 63.843673][ T7077] dev_deactivate_many+0xe2/0xba0 [ 63.848683][ T7077] ? fq_resize+0x8e0/0x8e0 [ 63.853116][ T7077] dev_deactivate+0xf8/0x1c0 [ 63.857687][ T7077] ? dev_deactivate_many+0xba0/0xba0 [ 63.862967][ T7077] ? __hrtimer_init+0x13b/0x270 [ 63.867806][ T7077] qdisc_graft+0xd25/0x1120 [ 63.872285][ T7077] ? tc_dump_tclass+0x480/0x480 [ 63.877108][ T7077] ? tc_get_qdisc+0xaf0/0xaf0 [ 63.881754][ T7077] ? nla_memcpy+0xa0/0xa0 [ 63.886058][ T7077] ? ns_capable_common+0xe2/0x100 [ 63.891054][ T7077] tc_modify_qdisc+0xbab/0x1a00 [ 63.895969][ T7077] ? qdisc_create+0x1140/0x1140 [ 63.900889][ T7077] ? mutex_trylock+0x2c0/0x2c0 [ 63.905639][ T7077] ? find_held_lock+0x2d/0x110 [ 63.910396][ T7077] ? qdisc_create+0x1140/0x1140 [ 63.915221][ T7077] rtnetlink_rcv_msg+0x44e/0xad0 [ 63.920320][ T7077] ? rtnl_bridge_getlink+0x870/0x870 [ 63.925604][ T7077] ? lock_acquire+0x1f2/0x8f0 [ 63.930255][ T7077] ? netlink_deliver_tap+0x146/0xb50 [ 63.935532][ T7077] netlink_rcv_skb+0x15a/0x410 [ 63.940270][ T7077] ? rtnl_bridge_getlink+0x870/0x870 [ 63.945527][ T7077] ? netlink_ack+0xa10/0xa10 [ 63.950179][ T7077] netlink_unicast+0x537/0x740 [ 63.954916][ T7077] ? netlink_attachskb+0x810/0x810 [ 63.959998][ T7077] ? _copy_from_iter_full+0x25c/0x870 [ 63.965361][ T7077] ? __phys_addr_symbol+0x2c/0x70 [ 63.970357][ T7077] ? __check_object_size+0x171/0x437 [ 63.975616][ T7077] netlink_sendmsg+0x882/0xe10 [ 63.980366][ T7077] ? aa_af_perm+0x260/0x260 [ 63.984843][ T7077] ? netlink_unicast+0x740/0x740 [ 63.989764][ T7077] ? netlink_unicast+0x740/0x740 [ 63.994675][ T7077] sock_sendmsg+0xcf/0x120 [ 63.999067][ T7077] ____sys_sendmsg+0x6bf/0x7e0 [ 64.003817][ T7077] ? print_usage_bug+0x240/0x240 [ 64.008996][ T7077] ? kernel_sendmsg+0x50/0x50 [ 64.013666][ T7077] ___sys_sendmsg+0x100/0x170 [ 64.018348][ T7077] ? sendmsg_copy_msghdr+0x70/0x70 [ 64.023430][ T7077] ? mark_held_locks+0xe0/0xe0 [ 64.028177][ T7077] ? __this_cpu_preempt_check+0x28/0x190 [ 64.033801][ T7077] ? percpu_counter_add_batch+0x123/0x180 [ 64.039493][ T7077] ? find_held_lock+0x2d/0x110 [ 64.044250][ T7077] ? __fd_install+0x1b4/0x600 [ 64.048899][ T7077] ? lock_downgrade+0x840/0x840 [ 64.053728][ T7077] ? __fget_light+0x1ab/0x270 [ 64.058395][ T7077] __sys_sendmsg+0xec/0x1b0 [ 64.062905][ T7077] ? __sys_sendmsg_sock+0xb0/0xb0 [ 64.067921][ T7077] ? trace_hardirqs_off_caller+0x55/0x230 [ 64.074137][ T7077] ? do_syscall_64+0x21/0x7d0 [ 64.078804][ T7077] do_syscall_64+0xf6/0x7d0 [ 64.083291][ T7077] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 64.089171][ T7077] RIP: 0033:0x440719 [ 64.093040][ T7077] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 64.112623][ T7077] RSP: 002b:00007ffdc5b03ed8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 64.121025][ T7077] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000000440719 [ 64.128985][ T7077] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000006 [ 64.136943][ T7077] RBP: 0000000000000001 R08: 00000000ffffffff R09: 00000000004002c8 [ 64.144915][ T7077] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000007166 [ 64.152862][ T7077] R13: 0000000000402030 R14: 0000000000000000 R15: 0000000000000000 [ 64.162416][ T7077] Kernel Offset: disabled [ 64.166732][ T7077] Rebooting in 86400 seconds..