[ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.23' (ECDSA) to the list of known hosts. syzkaller login: [ 32.169526] IPVS: ftp: loaded support on port[0] = 21 executing program [ 32.232771] netlink: 28 bytes leftover after parsing attributes in process `syz-executor254'. [ 32.242181] BUG: unable to handle kernel paging request at ffffffff81980ead [ 32.249271] PGD 9e6e067 P4D 9e6e067 PUD 9e6f063 PMD 18001e1 [ 32.255063] Oops: 0003 [#1] PREEMPT SMP KASAN [ 32.259537] CPU: 1 PID: 8097 Comm: syz-executor254 Not tainted 4.19.211-syzkaller #0 [ 32.267390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.276732] RIP: 0010:__lock_acquire+0x256/0x3ff0 [ 32.281552] Code: 00 49 8b 44 c6 08 48 85 c0 0f 84 38 ff ff ff 48 8d b8 38 01 00 00 be 04 00 00 00 48 89 44 24 10 e8 bf 54 4d 00 48 8b 44 24 10 ff 80 38 01 00 00 49 8d b5 80 08 00 00 48 ba 00 00 00 00 00 fc [ 32.300549] RSP: 0018:ffff888097fa6cb0 EFLAGS: 00010046 [ 32.305891] RAX: ffffffff81980d75 RBX: 0000000000000000 RCX: ffffffff814afa31 [ 32.313139] RDX: fffffbfff03301d7 RSI: 0000000000000004 RDI: ffffffff81980ead [ 32.320386] RBP: 0000000000000000 R08: 0000000000000001 R09: fffffbfff03301d6 [ 32.327630] R10: ffffffff81980eb0 R11: 0000000000000000 R12: 0000000000000000 [ 32.334878] R13: ffff8880abd54180 R14: ffff8882359a5ba0 R15: 0000000000000001 [ 32.342128] FS: 0000555556af0300(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 [ 32.352329] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 32.358188] CR2: ffffffff81980ead CR3: 00000000aa85e000 CR4: 00000000003406e0 [ 32.365442] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 32.372695] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 32.379943] Call Trace: [ 32.382520] ? __kmalloc_track_caller+0x155/0x3c0 [ 32.387343] ? mark_held_locks+0xf0/0xf0 [ 32.391379] ? check_usage+0x19a/0x670 [ 32.395245] ? check_usage_backwards+0x300/0x300 [ 32.399981] ? __kernel_text_address+0x9/0x30 [ 32.404458] ? check_usage_forwards+0x310/0x310 [ 32.409104] ? __save_stack_trace+0xaf/0x190 [ 32.413490] lock_acquire+0x170/0x3c0 [ 32.417267] ? xt_find_match+0xa3/0x280 [ 32.421216] ? xt_find_match+0xa3/0x280 [ 32.425164] __mutex_lock+0xd7/0x1190 [ 32.428944] ? xt_find_match+0xa3/0x280 [ 32.432897] ? check_usage_forwards+0x310/0x310 [ 32.437540] ? xt_find_match+0xa3/0x280 [ 32.441584] ? mutex_trylock+0x1a0/0x1a0 [ 32.445625] ? mark_held_locks+0xf0/0xf0 [ 32.449666] ? mark_held_locks+0xf0/0xf0 [ 32.453712] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 32.458796] ? __sanitizer_cov_trace_switch+0x4b/0x80 [ 32.463980] xt_find_match+0xa3/0x280 [ 32.467763] xt_request_find_match+0x88/0x110 [ 32.472239] em_ipt_change+0x1c7/0x470 [ 32.476105] ? check_match+0x1e0/0x1e0 [ 32.479967] ? lock_acquire+0x170/0x3c0 [ 32.483924] ? tcf_em_lookup+0x1c/0x150 [ 32.487879] ? do_raw_read_unlock+0x3b/0x70 [ 32.492177] ? _raw_read_unlock+0x29/0x40 [ 32.496297] ? check_match+0x1e0/0x1e0 [ 32.500161] tcf_em_tree_validate+0x8fa/0xea0 [ 32.504633] ? tcf_em_tree_destroy+0x50/0x50 [ 32.509106] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 32.514105] ? kmem_cache_alloc_trace+0x323/0x380 [ 32.518956] flow_change+0x2a4/0x1ca0 [ 32.522822] ? flow_init+0xf0/0xf0 [ 32.526340] ? kmem_cache_alloc_trace+0x323/0x380 [ 32.531159] ? flow_init+0xf0/0xf0 [ 32.534677] tc_new_tfilter+0xb52/0x16c0 [ 32.538713] ? tcf_chain_tp_remove+0x2c0/0x2c0 [ 32.543269] ? __mutex_lock+0x368/0x1190 [ 32.547312] ? apparmor_capable+0x147/0x750 [ 32.551607] ? apparmor_capable+0x147/0x750 [ 32.555903] ? rtnetlink_rcv_msg+0x3fe/0xb80 [ 32.560288] ? mutex_trylock+0x1a0/0x1a0 [ 32.564326] ? tcf_chain_tp_remove+0x2c0/0x2c0 [ 32.568884] rtnetlink_rcv_msg+0x453/0xb80 [ 32.573095] ? rtnl_calcit.isra.0+0x430/0x430 [ 32.578868] ? __netlink_lookup+0x3fc/0x730 [ 32.583169] ? lock_downgrade+0x720/0x720 [ 32.587292] ? check_preemption_disabled+0x41/0x280 [ 32.592288] netlink_rcv_skb+0x160/0x440 [ 32.596325] ? rtnl_calcit.isra.0+0x430/0x430 [ 32.600797] ? netlink_ack+0xae0/0xae0 [ 32.604660] netlink_unicast+0x4d5/0x690 [ 32.608699] ? netlink_sendskb+0x110/0x110 [ 32.612907] ? _copy_from_iter_full+0x229/0x7c0 [ 32.617554] ? __phys_addr_symbol+0x2c/0x70 [ 32.621871] ? __check_object_size+0x17b/0x3e0 [ 32.626437] netlink_sendmsg+0x6c3/0xc50 [ 32.630479] ? aa_af_perm+0x230/0x230 [ 32.634259] ? nlmsg_notify+0x1f0/0x1f0 [ 32.638209] ? kernel_recvmsg+0x220/0x220 [ 32.642337] ? nlmsg_notify+0x1f0/0x1f0 [ 32.646290] sock_sendmsg+0xc3/0x120 [ 32.649999] ___sys_sendmsg+0x3b3/0x8e0 [ 32.653952] ? copy_msghdr_from_user+0x440/0x440 [ 32.658687] ? fs_reclaim_release+0xd0/0x110 [ 32.663084] ? mark_held_locks+0xf0/0xf0 [ 32.667122] ? check_preemption_disabled+0x41/0x280 [ 32.672117] ? apparmor_file_alloc_security+0x394/0xad0 [ 32.677458] ? __lockdep_init_map+0x100/0x5a0 [ 32.681947] ? __might_fault+0x11f/0x1d0 [ 32.685986] ? lock_downgrade+0x720/0x720 [ 32.690140] ? lock_acquire+0x170/0x3c0 [ 32.694097] __sys_sendmmsg+0x195/0x470 [ 32.698050] ? __ia32_sys_sendmsg+0x220/0x220 [ 32.702524] ? alloc_file+0x326/0x4d0 [ 32.706301] ? check_preemption_disabled+0x41/0x280 [ 32.711297] ? __fd_install+0x1eb/0x610 [ 32.715248] ? __sys_socket+0x16d/0x200 [ 32.719201] ? move_addr_to_kernel+0x70/0x70 [ 32.723587] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 32.728930] __x64_sys_sendmmsg+0x99/0x100 [ 32.733148] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 32.737706] do_syscall_64+0xf9/0x620 [ 32.741484] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.746649] RIP: 0033:0x7f1348a69d49 [ 32.750340] Code: 28 c3 e8 1a 15 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 32.769219] RSP: 002b:00007ffdace28048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 32.776901] RAX: ffffffffffffffda RBX: 00007f1348ad7ed0 RCX: 00007f1348a69d49 [ 32.784145] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 32.791389] RBP: 00007ffdace28058 R08: 00007f1348ad7e40 R09: 00007f1348ad7e40 [ 32.798729] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdace28060 [ 32.805987] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 32.813236] Modules linked in: [ 32.816411] CR2: ffffffff81980ead [ 32.819844] ---[ end trace e08482747d60391e ]--- [ 32.824581] RIP: 0010:__lock_acquire+0x256/0x3ff0 [ 32.829400] Code: 00 49 8b 44 c6 08 48 85 c0 0f 84 38 ff ff ff 48 8d b8 38 01 00 00 be 04 00 00 00 48 89 44 24 10 e8 bf 54 4d 00 48 8b 44 24 10 ff 80 38 01 00 00 49 8d b5 80 08 00 00 48 ba 00 00 00 00 00 fc [ 32.848279] RSP: 0018:ffff888097fa6cb0 EFLAGS: 00010046 [ 32.853618] RAX: ffffffff81980d75 RBX: 0000000000000000 RCX: ffffffff814afa31 [ 32.860873] RDX: fffffbfff03301d7 RSI: 0000000000000004 RDI: ffffffff81980ead [ 32.868484] RBP: 0000000000000000 R08: 0000000000000001 R09: fffffbfff03301d6 [ 32.875734] R10: ffffffff81980eb0 R11: 0000000000000000 R12: 0000000000000000 [ 32.882996] R13: ffff8880abd54180 R14: ffff8882359a5ba0 R15: 0000000000000001 [ 32.890249] FS: 0000555556af0300(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 [ 32.898454] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 32.904333] CR2: ffffffff81980ead CR3: 00000000aa85e000 CR4: 00000000003406e0 [ 32.911583] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 32.918831] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 32.926087] Kernel panic - not syncing: Fatal exception [ 32.931583] Kernel Offset: disabled [ 32.935190] Rebooting in 86400 seconds..