[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.15.206' (ECDSA) to the list of known hosts. syzkaller login: [ 112.533266] audit: type=1400 audit(1596768090.824:8): avc: denied { execmem } for pid=6362 comm="syz-executor918" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 112.856007] IPVS: ftp: loaded support on port[0] = 21 executing program executing program executing program [ 114.841630] list_del corruption, ffff88809d5ced28->next is LIST_POISON1 (dead000000000100) [ 114.850627] ------------[ cut here ]------------ [ 114.855469] kernel BUG at lib/list_debug.c:45! [ 114.860100] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 114.865456] Modules linked in: [ 114.868635] CPU: 1 PID: 6390 Comm: kworker/u5:2 Not tainted 4.14.192-syzkaller #0 [ 114.876226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 114.885572] Workqueue: hci0 hci_rx_work [ 114.889538] task: ffff88809b500140 task.stack: ffff888097ad0000 [ 114.895693] RIP: 0010:__list_del_entry_valid.cold+0x23/0x55 [ 114.901389] RSP: 0018:ffff888097ad79b8 EFLAGS: 00010282 [ 114.906739] RAX: 000000000000004e RBX: ffff88809737a240 RCX: 0000000000000000 [ 114.914003] RDX: 0000000000000000 RSI: ffffffff86ac0dc0 RDI: ffffed1012f5af2d [ 114.921257] RBP: ffff88809d5ced28 R08: 000000000000004e R09: 0000000000000000 [ 114.928505] R10: 0000000000000000 R11: 0000000000000000 R12: dead000000000200 [ 114.935764] R13: dead000000000100 R14: ffff88809d5ce8c0 R15: ffff8880a08305c0 [ 114.943013] FS: 0000000000000000(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000 [ 114.951213] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 114.957071] CR2: 000055c1a5f55b18 CR3: 0000000099cb8000 CR4: 00000000001406e0 [ 114.964330] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 114.971576] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 114.978823] Call Trace: [ 114.981399] l2cap_chan_put+0x50/0x1b0 [ 114.985266] l2cap_recv_frame+0xb9a/0x95c0 [ 114.989502] ? trace_hardirqs_on+0x10/0x10 [ 114.993714] ? __lock_acquire+0x5fc/0x3f20 [ 114.997951] ? __lock_acquire+0x5fc/0x3f20 [ 115.002172] ? l2cap_ertm_init+0xb70/0xb70 [ 115.006390] ? lock_acquire+0x170/0x3f0 [ 115.010351] ? hci_rx_work+0x278/0x970 [ 115.014219] ? trace_hardirqs_on+0x10/0x10 [ 115.018439] ? hci_rx_work+0x278/0x970 [ 115.022389] ? hci_rx_work+0x3a2/0x970 [ 115.026255] ? lock_downgrade+0x740/0x740 [ 115.030379] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 115.035817] ? __mutex_unlock_slowpath+0x75/0x770 [ 115.040648] l2cap_recv_acldata+0x7a6/0x8b0 [ 115.044956] hci_rx_work+0x3d1/0x970 [ 115.048652] process_one_work+0x793/0x14a0 [ 115.052864] ? work_busy+0x320/0x320 [ 115.056574] ? worker_thread+0x158/0xff0 [ 115.060616] ? _raw_spin_unlock_irq+0x24/0x80 [ 115.065111] worker_thread+0x5cc/0xff0 [ 115.068991] ? rescuer_thread+0xc80/0xc80 [ 115.073121] kthread+0x30d/0x420 [ 115.076464] ? kthread_create_on_node+0xd0/0xd0 [ 115.081112] ret_from_fork+0x24/0x30 [ 115.084801] Code: e6 e8 68 b1 44 fe 0f 0b 48 89 ee 48 c7 c7 60 5e e4 86 e8 57 b1 44 fe 0f 0b 4c 89 ea 48 89 ee 48 c7 c7 a0 5d e4 86 e8 43 b1 44 fe <0f> 0b 4c 89 e2 48 89 ee 48 c7 c7 00 5e e4 86 e8 2f b1 44 fe 0f [ 115.105805] RIP: __list_del_entry_valid.cold+0x23/0x55 RSP: ffff888097ad79b8 [ 115.113050] ---[ end trace 4677a478695d41f5 ]--- [ 115.117797] Kernel panic - not syncing: Fatal exception [ 115.124789] Kernel Offset: disabled [ 115.128409] Rebooting in 86400 seconds..