Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.39' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 66.986436][ T7069] ================================================================== [ 66.994658][ T7069] BUG: KASAN: null-ptr-deref in choke_reset+0x208/0x340 [ 67.001583][ T7069] Write of size 8 at addr 0000000000000000 by task syz-executor690/7069 [ 67.009884][ T7069] [ 67.012216][ T7069] CPU: 0 PID: 7069 Comm: syz-executor690 Not tainted 5.7.0-rc1-next-20200415-syzkaller #0 [ 67.022081][ T7069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.032134][ T7069] Call Trace: [ 67.035414][ T7069] dump_stack+0x188/0x20d [ 67.039735][ T7069] ? choke_reset+0x208/0x340 [ 67.044312][ T7069] __kasan_report.cold+0x5/0x4d [ 67.049158][ T7069] ? choke_reset+0x208/0x340 [ 67.053760][ T7069] ? choke_reset+0x208/0x340 [ 67.058869][ T7069] kasan_report+0x33/0x50 [ 67.063236][ T7069] check_memory_region+0x141/0x190 [ 67.068331][ T7069] memset+0x20/0x40 [ 67.072126][ T7069] choke_reset+0x208/0x340 [ 67.076545][ T7069] ? choke_destroy+0x40/0x40 [ 67.081125][ T7069] qdisc_reset+0x6b/0x520 [ 67.085445][ T7069] dev_deactivate_queue.constprop.0+0x13c/0x240 [ 67.091706][ T7069] dev_deactivate_many+0xe2/0xba0 [ 67.096744][ T7069] ? __is_module_percpu_address+0x257/0x350 [ 67.102630][ T7069] dev_deactivate+0xf8/0x1c0 [ 67.107211][ T7069] ? dev_deactivate_many+0xba0/0xba0 [ 67.112487][ T7069] ? qdisc_lookup_ops+0x100/0x100 [ 67.117516][ T7069] qdisc_graft+0xd25/0x1120 [ 67.122012][ T7069] ? tc_dump_tclass+0x480/0x480 [ 67.126854][ T7069] ? tc_get_qdisc+0xaf0/0xaf0 [ 67.131519][ T7069] ? nla_memcpy+0xa0/0xa0 [ 67.135841][ T7069] ? ns_capable_common+0xe2/0x100 [ 67.141307][ T7069] tc_modify_qdisc+0xbab/0x1a00 [ 67.146173][ T7069] ? qdisc_create+0x1140/0x1140 [ 67.151023][ T7069] ? mutex_trylock+0x2c0/0x2c0 [ 67.155798][ T7069] ? find_held_lock+0x2d/0x110 [ 67.160569][ T7069] ? qdisc_create+0x1140/0x1140 [ 67.165424][ T7069] rtnetlink_rcv_msg+0x44e/0xad0 [ 67.170356][ T7069] ? rtnl_bridge_getlink+0x870/0x870 [ 67.175633][ T7069] ? lock_acquire+0x1f2/0x8f0 [ 67.180314][ T7069] ? netlink_deliver_tap+0x146/0xb50 [ 67.185604][ T7069] netlink_rcv_skb+0x15a/0x410 [ 67.190378][ T7069] ? rtnl_bridge_getlink+0x870/0x870 [ 67.195657][ T7069] ? netlink_ack+0xa10/0xa10 [ 67.200244][ T7069] netlink_unicast+0x537/0x740 [ 67.204998][ T7069] ? netlink_attachskb+0x810/0x810 [ 67.210093][ T7069] ? _copy_from_iter_full+0x25c/0x870 [ 67.215450][ T7069] ? __phys_addr_symbol+0x2c/0x70 [ 67.220472][ T7069] ? __check_object_size+0x171/0x437 [ 67.225773][ T7069] netlink_sendmsg+0x882/0xe10 [ 67.230534][ T7069] ? aa_af_perm+0x260/0x260 [ 67.235029][ T7069] ? netlink_unicast+0x740/0x740 [ 67.239971][ T7069] ? netlink_unicast+0x740/0x740 [ 67.244894][ T7069] sock_sendmsg+0xcf/0x120 [ 67.249305][ T7069] ____sys_sendmsg+0x6bf/0x7e0 [ 67.254095][ T7069] ? print_usage_bug+0x240/0x240 [ 67.259026][ T7069] ? kernel_sendmsg+0x50/0x50 [ 67.263695][ T7069] ___sys_sendmsg+0x100/0x170 [ 67.268384][ T7069] ? sendmsg_copy_msghdr+0x70/0x70 [ 67.273494][ T7069] ? mark_held_locks+0xe0/0xe0 [ 67.278249][ T7069] ? __this_cpu_preempt_check+0x28/0x190 [ 67.283866][ T7069] ? percpu_counter_add_batch+0x123/0x180 [ 67.289587][ T7069] ? find_held_lock+0x2d/0x110 [ 67.295664][ T7069] ? __fd_install+0x1b4/0x600 [ 67.300347][ T7069] ? lock_downgrade+0x840/0x840 [ 67.305194][ T7069] ? __fget_light+0x1ab/0x270 [ 67.309869][ T7069] __sys_sendmsg+0xec/0x1b0 [ 67.314358][ T7069] ? __sys_sendmsg_sock+0xb0/0xb0 [ 67.319374][ T7069] ? trace_hardirqs_off_caller+0x55/0x230 [ 67.325080][ T7069] ? do_syscall_64+0x21/0x7d0 [ 67.329748][ T7069] do_syscall_64+0xf6/0x7d0 [ 67.334241][ T7069] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 67.340181][ T7069] RIP: 0033:0x4415c9 [ 67.344061][ T7069] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 67.363653][ T7069] RSP: 002b:00007ffdff272d58 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 67.372049][ T7069] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004415c9 [ 67.380018][ T7069] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004 [ 67.387975][ T7069] RBP: 0000000000010580 R08: 00000000004002c8 R09: 00000000004002c8 [ 67.395944][ T7069] R10: 00000000004002c8 R11: 0000000000000246 R12: 00000000004023f0 [ 67.403903][ T7069] R13: 0000000000402480 R14: 0000000000000000 R15: 0000000000000000 [ 67.411889][ T7069] ================================================================== [ 67.419966][ T7069] Disabling lock debugging due to kernel taint [ 67.426163][ T7069] Kernel panic - not syncing: panic_on_warn set ... [ 67.432766][ T7069] CPU: 0 PID: 7069 Comm: syz-executor690 Tainted: G B 5.7.0-rc1-next-20200415-syzkaller #0 [ 67.444052][ T7069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.454119][ T7069] Call Trace: [ 67.457412][ T7069] dump_stack+0x188/0x20d [ 67.461996][ T7069] panic+0x2e3/0x75c [ 67.465878][ T7069] ? add_taint.cold+0x16/0x16 [ 67.470590][ T7069] ? retint_kernel+0x2b/0x2b [ 67.475203][ T7069] ? choke_reset+0x208/0x340 [ 67.479779][ T7069] ? trace_hardirqs_on+0x55/0x220 [ 67.484805][ T7069] ? choke_reset+0x208/0x340 [ 67.489395][ T7069] end_report+0x4d/0x53 [ 67.493542][ T7069] __kasan_report.cold+0xd/0x4d [ 67.498391][ T7069] ? choke_reset+0x208/0x340 [ 67.502975][ T7069] ? choke_reset+0x208/0x340 [ 67.508432][ T7069] kasan_report+0x33/0x50 [ 67.512876][ T7069] check_memory_region+0x141/0x190 [ 67.517979][ T7069] memset+0x20/0x40 [ 67.521805][ T7069] choke_reset+0x208/0x340 [ 67.526406][ T7069] ? choke_destroy+0x40/0x40 [ 67.531001][ T7069] qdisc_reset+0x6b/0x520 [ 67.535326][ T7069] dev_deactivate_queue.constprop.0+0x13c/0x240 [ 67.541568][ T7069] dev_deactivate_many+0xe2/0xba0 [ 67.546580][ T7069] ? __is_module_percpu_address+0x257/0x350 [ 67.552456][ T7069] dev_deactivate+0xf8/0x1c0 [ 67.557034][ T7069] ? dev_deactivate_many+0xba0/0xba0 [ 67.562317][ T7069] ? qdisc_lookup_ops+0x100/0x100 [ 67.567322][ T7069] qdisc_graft+0xd25/0x1120 [ 67.571822][ T7069] ? tc_dump_tclass+0x480/0x480 [ 67.576652][ T7069] ? tc_get_qdisc+0xaf0/0xaf0 [ 67.581309][ T7069] ? nla_memcpy+0xa0/0xa0 [ 67.585626][ T7069] ? ns_capable_common+0xe2/0x100 [ 67.590639][ T7069] tc_modify_qdisc+0xbab/0x1a00 [ 67.595534][ T7069] ? qdisc_create+0x1140/0x1140 [ 67.600373][ T7069] ? mutex_trylock+0x2c0/0x2c0 [ 67.605119][ T7069] ? find_held_lock+0x2d/0x110 [ 67.609970][ T7069] ? qdisc_create+0x1140/0x1140 [ 67.614808][ T7069] rtnetlink_rcv_msg+0x44e/0xad0 [ 67.619736][ T7069] ? rtnl_bridge_getlink+0x870/0x870 [ 67.625004][ T7069] ? lock_acquire+0x1f2/0x8f0 [ 67.629666][ T7069] ? netlink_deliver_tap+0x146/0xb50 [ 67.634954][ T7069] netlink_rcv_skb+0x15a/0x410 [ 67.639718][ T7069] ? rtnl_bridge_getlink+0x870/0x870 [ 67.644994][ T7069] ? netlink_ack+0xa10/0xa10 [ 67.649578][ T7069] netlink_unicast+0x537/0x740 [ 67.654428][ T7069] ? netlink_attachskb+0x810/0x810 [ 67.659520][ T7069] ? _copy_from_iter_full+0x25c/0x870 [ 67.664874][ T7069] ? __phys_addr_symbol+0x2c/0x70 [ 67.669879][ T7069] ? __check_object_size+0x171/0x437 [ 67.675144][ T7069] netlink_sendmsg+0x882/0xe10 [ 67.679908][ T7069] ? aa_af_perm+0x260/0x260 [ 67.684407][ T7069] ? netlink_unicast+0x740/0x740 [ 67.690298][ T7069] ? netlink_unicast+0x740/0x740 [ 67.695232][ T7069] sock_sendmsg+0xcf/0x120 [ 67.699649][ T7069] ____sys_sendmsg+0x6bf/0x7e0 [ 67.704412][ T7069] ? print_usage_bug+0x240/0x240 [ 67.709334][ T7069] ? kernel_sendmsg+0x50/0x50 [ 67.714004][ T7069] ___sys_sendmsg+0x100/0x170 [ 67.718697][ T7069] ? sendmsg_copy_msghdr+0x70/0x70 [ 67.723820][ T7069] ? mark_held_locks+0xe0/0xe0 [ 67.728593][ T7069] ? __this_cpu_preempt_check+0x28/0x190 [ 67.734330][ T7069] ? percpu_counter_add_batch+0x123/0x180 [ 67.740041][ T7069] ? find_held_lock+0x2d/0x110 [ 67.744961][ T7069] ? __fd_install+0x1b4/0x600 [ 67.749766][ T7069] ? lock_downgrade+0x840/0x840 [ 67.754604][ T7069] ? __fget_light+0x1ab/0x270 [ 67.759274][ T7069] __sys_sendmsg+0xec/0x1b0 [ 67.763788][ T7069] ? __sys_sendmsg_sock+0xb0/0xb0 [ 67.768802][ T7069] ? trace_hardirqs_off_caller+0x55/0x230 [ 67.774512][ T7069] ? do_syscall_64+0x21/0x7d0 [ 67.779177][ T7069] do_syscall_64+0xf6/0x7d0 [ 67.783678][ T7069] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 67.789574][ T7069] RIP: 0033:0x4415c9 [ 67.793460][ T7069] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 67.813079][ T7069] RSP: 002b:00007ffdff272d58 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 67.821652][ T7069] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004415c9 [ 67.829611][ T7069] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004 [ 67.837567][ T7069] RBP: 0000000000010580 R08: 00000000004002c8 R09: 00000000004002c8 [ 67.845530][ T7069] R10: 00000000004002c8 R11: 0000000000000246 R12: 00000000004023f0 [ 67.853510][ T7069] R13: 0000000000402480 R14: 0000000000000000 R15: 0000000000000000 [ 67.862147][ T7069] Kernel Offset: disabled [ 67.866487][ T7069] Rebooting in 86400 seconds..