[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.116' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
syzkaller login: [   35.308280] list_del corruption, ffff8880a1607738->next is LIST_POISON1 (dead000000000100)
[   35.317068] ------------[ cut here ]------------
[   35.321814] kernel BUG at lib/list_debug.c:45!
[   35.326478] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   35.331823] CPU: 1 PID: 8119 Comm: syz-executor336 Not tainted 4.19.211-syzkaller #0
[   35.339680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   35.349021] RIP: 0010:__list_del_entry_valid.cold+0x23/0x4a
[   35.354709] Code: e8 11 43 f7 ff 0f 0b 48 89 ee 48 c7 c7 40 e4 b3 88 e8 00 43 f7 ff 0f 0b 4c 89 ea 48 89 ee 48 c7 c7 80 e3 b3 88 e8 ec 42 f7 ff <0f> 0b 4c 89 e2 48 89 ee 48 c7 c7 e0 e3 b3 88 e8 d8 42 f7 ff 0f 0b
[   35.373597] RSP: 0018:ffff8880a1607610 EFLAGS: 00010086
[   35.378952] RAX: 000000000000004e RBX: ffff8880a1607720 RCX: 0000000000000000
[   35.386208] RDX: 0000000000000000 RSI: ffffffff814dff01 RDI: ffffed10142c0eb4
[   35.393463] RBP: ffff8880a1607738 R08: 000000000000004e R09: 0000000000000000
[   35.400712] R10: 0000000000000005 R11: 0000000000000000 R12: dead000000000200
[   35.407967] R13: dead000000000100 R14: ffff8880a1607740 R15: 0000000000000007
[   35.415233] FS:  00007fc416761700(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
[   35.423438] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   35.429299] CR2: 0000000020000100 CR3: 00000000aafbf000 CR4: 00000000003406e0
[   35.436549] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   35.443937] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   35.451191] Call Trace:
[   35.453773]  remove_wait_queue+0x2c/0x180
[   35.457903]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[   35.462475]  tipc_send_group_bcast+0x317/0xa10
[   35.467049]  ? tipc_shutdown+0x310/0x310
[   35.467995] list_del corruption, ffff88809ff5f738->next is LIST_POISON1 (dead000000000100)
[   35.471102]  ? __lock_acquire+0x6de/0x3ff0
[   35.479785] ------------[ cut here ]------------
[   35.483704]  ? do_wait_intr_irq+0x270/0x270
[   35.488433] kernel BUG at lib/list_debug.c:45!
[   35.492737]  ? pick_next_entity+0x27e/0x580
[   35.501607]  ? __lock_acquire+0x6de/0x3ff0
[   35.505822]  __tipc_sendmsg+0xa2b/0x1320
[   35.509865]  ? mark_held_locks+0xf0/0xf0
[   35.513904]  ? rw_copy_check_uvector+0x27c/0x340
[   35.518645]  ? tipc_sendmcast+0xba0/0xba0
[   35.522772]  ? lock_sock_nested+0xa6/0x110
[   35.527004]  ? mark_held_locks+0xa6/0xf0
[   35.531053]  ? __local_bh_enable_ip+0x159/0x270
[   35.535713]  tipc_sendmsg+0x4c/0x70
[   35.540411]  ? __tipc_sendmsg+0x1320/0x1320
[   35.544715]  sock_sendmsg+0xc3/0x120
[   35.548407]  ___sys_sendmsg+0x3b3/0x8e0
[   35.552375]  ? lock_downgrade+0x720/0x720
[   35.556501]  ? copy_msghdr_from_user+0x440/0x440
[   35.561233]  ? __fget+0x32f/0x510
[   35.564670]  ? lock_downgrade+0x720/0x720
[   35.568797]  ? check_preemption_disabled+0x41/0x280
[   35.573792]  ? check_preemption_disabled+0x41/0x280
[   35.578799]  ? __fget+0x356/0x510
[   35.582229]  ? do_dup2+0x450/0x450
[   35.585761]  ? do_futex+0x171/0x1880
[   35.589468]  ? __fdget+0x1d0/0x230
[   35.592995]  __sys_sendmmsg+0x195/0x470
[   35.596948]  ? __ia32_sys_sendmsg+0x220/0x220
[   35.601422]  ? __local_bh_enable_ip+0x159/0x270
[   35.606070]  ? tipc_setsockopt+0x50a/0x9f0
[   35.610287]  ? __se_sys_futex+0x28f/0x3b0
[   35.614410]  ? __se_sys_futex+0x298/0x3b0
[   35.618553]  ? do_futex+0x1880/0x1880
[   35.622333]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   35.627692]  __x64_sys_sendmmsg+0x99/0x100
[   35.631905]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[   35.636466]  do_syscall_64+0xf9/0x620
[   35.640262]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   35.645445] RIP: 0033:0x7fc4167af9c9
[   35.649136] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   35.668015] RSP: 002b:00007fc416761318 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   35.675714] RAX: ffffffffffffffda RBX: 00007fc416837408 RCX: 00007fc4167af9c9
[   35.682965] RDX: 08000000000000b0 RSI: 0000000020000a40 RDI: 0000000000000004
[   35.690210] RBP: 00007fc416837400 R08: 0000000000000000 R09: 0000000000000000
[   35.697473] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc416805074
[   35.704727] R13: 00007ffe2a4d526f R14: 00007fc416761400 R15: 0000000000022000
[   35.711991] Modules linked in:
[   35.715175] ---[ end trace 18ae4b082849b315 ]---
[   35.715203] invalid opcode: 0000 [#2] PREEMPT SMP KASAN
[   35.719922] RIP: 0010:__list_del_entry_valid.cold+0x23/0x4a
[   35.725265] CPU: 0 PID: 8121 Comm: syz-executor336 Tainted: G      D           4.19.211-syzkaller #0
[   35.730950] Code: e8 11 43 f7 ff 0f 0b 48 89 ee 48 c7 c7 40 e4 b3 88 e8 00 43 f7 ff 0f 0b 4c 89 ea 48 89 ee 48 c7 c7 80 e3 b3 88 e8 ec 42 f7 ff <0f> 0b 4c 89 e2 48 89 ee 48 c7 c7 e0 e3 b3 88 e8 d8 42 f7 ff 0f 0b
[   35.740207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   35.759087] RSP: 0018:ffff8880a1607610 EFLAGS: 00010086
[   35.768444] RIP: 0010:__list_del_entry_valid.cold+0x23/0x4a
[   35.773775] RAX: 000000000000004e RBX: ffff8880a1607720 RCX: 0000000000000000
[   35.779466] Code: e8 11 43 f7 ff 0f 0b 48 89 ee 48 c7 c7 40 e4 b3 88 e8 00 43 f7 ff 0f 0b 4c 89 ea 48 89 ee 48 c7 c7 80 e3 b3 88 e8 ec 42 f7 ff <0f> 0b 4c 89 e2 48 89 ee 48 c7 c7 e0 e3 b3 88 e8 d8 42 f7 ff 0f 0b
[   35.786713] RDX: 0000000000000000 RSI: ffffffff814dff01 RDI: ffffed10142c0eb4
[   35.805622] RSP: 0018:ffff88809ff5f610 EFLAGS: 00010086
[   35.812884] RBP: ffff8880a1607738 R08: 000000000000004e R09: 0000000000000000
[   35.818223] RAX: 000000000000004e RBX: ffff88809ff5f720 RCX: 0000000000000000
[   35.825470] R10: 0000000000000005 R11: 0000000000000000 R12: dead000000000200
[   35.832717] RDX: 0000000000000000 RSI: ffffffff814dff01 RDI: ffffed1013febeb4
[   35.839966] R13: dead000000000100 R14: ffff8880a1607740 R15: 0000000000000007
[   35.847229] RBP: ffff88809ff5f738 R08: 000000000000004e R09: 0000000000000000
[   35.854480] FS:  00007fc416761700(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
[   35.861729] R10: 0000000000000005 R11: ffffffff8c66501b R12: dead000000000200
[   35.869930] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   35.877179] R13: dead000000000100 R14: ffff88809ff5f740 R15: 0000000000000007
[   35.883044] CR2: 0000000020000100 CR3: 00000000aafbf000 CR4: 00000000003406e0
[   35.883054] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   35.890305] FS:  00007fc416761700(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000
[   35.897550] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   35.904798] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   35.913001] Kernel panic - not syncing: Fatal exception
[   35.920249] CR2: 00007fc416804ba8 CR3: 000000009b08e000 CR4: 00000000003406f0
[   35.938696] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   35.945952] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   35.953207] Call Trace:
[   35.955788]  remove_wait_queue+0x2c/0x180
[   35.959929]  tipc_send_group_bcast+0x317/0xa10
[   35.964504]  ? tipc_shutdown+0x310/0x310
[   35.968552]  ? __lock_acquire+0x6de/0x3ff0
[   35.972776]  ? do_wait_intr_irq+0x270/0x270
[   35.977091]  ? __lock_acquire+0x6de/0x3ff0
[   35.981315]  __tipc_sendmsg+0xa2b/0x1320
[   35.985377]  ? mark_held_locks+0xf0/0xf0
[   35.989427]  ? rw_copy_check_uvector+0x27c/0x340
[   35.994188]  ? tipc_sendmcast+0xba0/0xba0
[   35.998325]  ? lock_sock_nested+0xa6/0x110
[   36.002550]  ? mark_held_locks+0xa6/0xf0
[   36.006597]  ? __local_bh_enable_ip+0x159/0x270
[   36.011262]  tipc_sendmsg+0x4c/0x70
[   36.014879]  ? __tipc_sendmsg+0x1320/0x1320
[   36.019189]  sock_sendmsg+0xc3/0x120
[   36.022889]  ___sys_sendmsg+0x3b3/0x8e0
[   36.026850]  ? copy_msghdr_from_user+0x440/0x440
[   36.031589]  ? __fget+0x32f/0x510
[   36.035031]  ? mark_held_locks+0xf0/0xf0
[   36.039080]  ? lock_downgrade+0x720/0x720
[   36.043217]  ? check_preemption_disabled+0x41/0x280
[   36.048223]  ? check_preemption_disabled+0x41/0x280
[   36.053239]  ? __fget+0x356/0x510
[   36.056688]  ? __might_fault+0x11f/0x1d0
[   36.060741]  ? lock_downgrade+0x720/0x720
[   36.064901]  ? lock_acquire+0x170/0x3c0
[   36.068895]  __sys_sendmmsg+0x195/0x470
[   36.072867]  ? __ia32_sys_sendmsg+0x220/0x220
[   36.077360]  ? __local_bh_enable_ip+0x159/0x270
[   36.082021]  ? tipc_setsockopt+0x50a/0x9f0
[   36.086261]  ? __se_sys_futex+0x28f/0x3b0
[   36.090396]  ? __se_sys_futex+0x298/0x3b0
[   36.094533]  ? do_futex+0x1880/0x1880
[   36.098322]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   36.103673]  __x64_sys_sendmmsg+0x99/0x100
[   36.107988]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[   36.112557]  do_syscall_64+0xf9/0x620
[   36.116351]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   36.121535] RIP: 0033:0x7fc4167af9c9
[   36.125240] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   36.144129] RSP: 002b:00007fc416761318 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   36.151832] RAX: ffffffffffffffda RBX: 00007fc416837408 RCX: 00007fc4167af9c9
[   36.159087] RDX: 08000000000000b0 RSI: 0000000020000a40 RDI: 0000000000000004
[   36.166346] RBP: 00007fc416837400 R08: 0000000000000000 R09: 0000000000000000
[   36.173612] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc416805074
[   36.180880] R13: 00007ffe2a4d526f R14: 00007fc416761400 R15: 0000000000022000
[   36.188147] Modules linked in:
[   36.191341] ---[ end trace 18ae4b082849b316 ]---
[   36.196096] RIP: 0010:__list_del_entry_valid.cold+0x23/0x4a
[   36.201797] Code: e8 11 43 f7 ff 0f 0b 48 89 ee 48 c7 c7 40 e4 b3 88 e8 00 43 f7 ff 0f 0b 4c 89 ea 48 89 ee 48 c7 c7 80 e3 b3 88 e8 ec 42 f7 ff <0f> 0b 4c 89 e2 48 89 ee 48 c7 c7 e0 e3 b3 88 e8 d8 42 f7 ff 0f 0b
[   36.220691] RSP: 0018:ffff8880a1607610 EFLAGS: 00010086
[   36.226041] RAX: 000000000000004e RBX: ffff8880a1607720 RCX: 0000000000000000
[   36.233296] RDX: 0000000000000000 RSI: ffffffff814dff01 RDI: ffffed10142c0eb4
[   36.240555] RBP: ffff8880a1607738 R08: 000000000000004e R09: 0000000000000000
[   36.247814] R10: 0000000000000005 R11: 0000000000000000 R12: dead000000000200
[   36.255067] R13: dead000000000100 R14: ffff8880a1607740 R15: 0000000000000007
[   36.262325] FS:  00007fc416761700(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000
[   36.270541] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   36.276410] CR2: 00007fc416804ba8 CR3: 000000009b08e000 CR4: 00000000003406f0
[   36.283772] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   36.291033] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   37.044148] Shutting down cpus with NMI
[   37.048298] Kernel Offset: disabled
[   37.051907] Rebooting in 86400 seconds..