[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.15.204' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 33.927161] audit: type=1400 audit(1599593140.653:8): avc: denied { execmem } for pid=6369 comm="syz-executor932" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 33.949992] IPVS: ftp: loaded support on port[0] = 21 executing program [ 33.984683] IPv6: ADDRCONF(NETDEV_CHANGE): gtp0: link becomes ready [ 33.994667] device vlan0 entered promiscuous mode executing program [ 34.048473] IPv6: ADDRCONF(NETDEV_CHANGE): gtp1: link becomes ready [ 34.057902] device vlan0 entered promiscuous mode executing program [ 34.108367] IPv6: ADDRCONF(NETDEV_CHANGE): gtp2: link becomes ready [ 34.117755] device vlan0 entered promiscuous mode executing program [ 34.167870] IPv6: ADDRCONF(NETDEV_CHANGE): gtp3: link becomes ready [ 34.177179] device vlan0 entered promiscuous mode executing program [ 34.237243] IPv6: ADDRCONF(NETDEV_CHANGE): gtp4: link becomes ready [ 34.246478] device vlan0 entered promiscuous mode executing program [ 34.297640] IPv6: ADDRCONF(NETDEV_CHANGE): gtp5: link becomes ready [ 34.307283] device vlan0 entered promiscuous mode executing program [ 34.367029] IPv6: ADDRCONF(NETDEV_CHANGE): gtp6: link becomes ready [ 34.376501] device vlan0 entered promiscuous mode executing program [ 34.427103] IPv6: ADDRCONF(NETDEV_CHANGE): gtp7: link becomes ready [ 34.436539] device vlan0 entered promiscuous mode executing program [ 34.487150] IPv6: ADDRCONF(NETDEV_CHANGE): gtp8: link becomes ready [ 34.496405] device vlan0 entered promiscuous mode executing program executing program [ 34.547594] IPv6: ADDRCONF(NETDEV_CHANGE): gtp9: link becomes ready [ 34.556495] device gtp0 entered promiscuous mode [ 34.561376] device vlan0 entered promiscuous mode [ 34.567337] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 34.574736] device gtp0 left promiscuous mode executing program [ 34.616938] IPv6: ADDRCONF(NETDEV_CHANGE): gtp10: link becomes ready [ 34.628226] IPv6: ADDRCONF(NETDEV_CHANGE): gtp11: link becomes ready [ 34.637749] device gtp1 entered promiscuous mode [ 34.643032] device vlan0 entered promiscuous mode [ 34.648032] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 34.655006] device gtp1 left promiscuous mode executing program [ 34.707076] IPv6: ADDRCONF(NETDEV_CHANGE): gtp12: link becomes ready [ 34.718326] IPv6: ADDRCONF(NETDEV_CHANGE): gtp13: link becomes ready [ 34.728169] device gtp2 entered promiscuous mode [ 34.733447] device vlan0 entered promiscuous mode [ 34.738436] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 34.745960] device gtp2 left promiscuous mode executing program executing program [ 34.817883] IPv6: ADDRCONF(NETDEV_CHANGE): gtp14: link becomes ready [ 34.829123] IPv6: ADDRCONF(NETDEV_CHANGE): gtp15: link becomes ready [ 34.838157] device gtp3 entered promiscuous mode [ 34.843434] device vlan0 entered promiscuous mode [ 34.848492] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 34.855430] device gtp3 left promiscuous mode executing program executing program executing program executing program [ 34.917450] IPv6: ADDRCONF(NETDEV_CHANGE): gtp16: link becomes ready [ 34.928648] IPv6: ADDRCONF(NETDEV_CHANGE): gtp17: link becomes ready [ 34.937762] device gtp4 entered promiscuous mode [ 34.942649] device vlan0 entered promiscuous mode [ 34.947724] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 34.954782] device gtp4 left promiscuous mode [ 34.986783] IPv6: ADDRCONF(NETDEV_CHANGE): gtp18: link becomes ready [ 34.998093] IPv6: ADDRCONF(NETDEV_CHANGE): gtp19: link becomes ready [ 35.007909] device gtp5 entered promiscuous mode [ 35.013187] device vlan0 entered promiscuous mode [ 35.018222] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 35.025834] device gtp5 left promiscuous mode executing program executing program [ 35.088248] IPv6: ADDRCONF(NETDEV_CHANGE): gtp20: link becomes ready [ 35.099634] IPv6: ADDRCONF(NETDEV_CHANGE): gtp21: link becomes ready [ 35.108656] device gtp6 entered promiscuous mode [ 35.113818] device vlan0 entered promiscuous mode [ 35.118836] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 35.125535] kasan: CONFIG_KASAN_INLINE enabled [ 35.125599] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 35.125611] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 35.125614] Modules linked in: [ 35.125625] CPU: 1 PID: 6514 Comm: syz-executor932 Not tainted 4.14.196-syzkaller #0 [ 35.125629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.125634] task: ffff888095f0a0c0 task.stack: ffff8880975e0000 [ 35.125648] RIP: 0010:skb_release_data+0x1e3/0x820 [ 35.125652] RSP: 0018:ffff8880aeb07ad8 EFLAGS: 00010202 [ 35.125658] RAX: 0000000000000004 RBX: dffffc0000000000 RCX: 0000000000000002 [ 35.125662] RDX: 0000000000000100 RSI: 0000000000000002 RDI: 0000000000000020 [ 35.125665] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000004 [ 35.125669] R10: 0000000000000000 R11: ffff888095f0a0c0 R12: 0000000000000000 [ 35.125673] R13: ffff888092d3b0c0 R14: ffff888092d3b0f0 R15: ffff88808617c240 [ 35.125679] FS: 0000000001710880(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000 [ 35.125682] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 35.125686] CR2: 00000000200004c0 CR3: 000000009f552000 CR4: 00000000001406e0 [ 35.125693] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 35.125697] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 35.125699] Call Trace: [ 35.125702] [ 35.125714] ? validate_xmit_skb+0x78f/0x9f0 [ 35.125721] kfree_skb+0xe7/0x390 [ 35.125728] validate_xmit_skb+0x78f/0x9f0 [ 35.125742] ? check_preemption_disabled+0x35/0x240 [ 35.125748] __dev_queue_xmit+0x816/0x2480 [ 35.125758] ? sock_getsockopt+0x214/0x1a20 [ 35.125764] ? netdev_pick_tx+0x2e0/0x2e0 [ 35.125774] ? mark_held_locks+0xa6/0xf0 [ 35.125783] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 35.125790] ? trace_hardirqs_on_caller+0x288/0x580 [ 35.125797] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 35.125805] garp_join_timer+0xb9/0xf0 [ 35.125815] call_timer_fn+0x14a/0x650 [ 35.125820] ? garp_pdu_rcv+0xa70/0xa70 [ 35.125827] ? collect_expired_timers+0x250/0x250 [ 35.125836] ? _raw_spin_unlock_irq+0x24/0x80 [ 35.125844] ? garp_pdu_rcv+0xa70/0xa70 [ 35.125850] expire_timers+0x232/0x4d0 [ 35.125859] run_timer_softirq+0x1d5/0x5a0 [ 35.125866] ? expire_timers+0x4d0/0x4d0 [ 35.125875] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 35.125884] __do_softirq+0x254/0xa1d [ 35.125892] ? check_preemption_disabled+0x35/0x240 [ 35.125904] irq_exit+0x193/0x240 [ 35.125910] smp_apic_timer_interrupt+0x141/0x5e0 [ 35.125918] apic_timer_interrupt+0x93/0xa0 [ 35.125921] [ 35.125929] RIP: 0010:console_unlock+0xbeb/0xf20 [ 35.125933] RSP: 0018:ffff8880975e70d8 EFLAGS: 00000297 ORIG_RAX: ffffffffffffff10 [ 35.125940] RAX: ffff888095f0a0c0 RBX: 0000000000000200 RCX: 1ffff11012be1532 [ 35.125945] RDX: 0000000000000000 RSI: ffff888095f0a970 RDI: 0000000000000297 [ 35.125949] RBP: 0000000000000000 R08: ffffffff8a095d68 R09: 0000000000000000 [ 35.125953] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff83e31c30 [ 35.125958] R13: ffffffff883a0490 R14: dffffc0000000000 R15: 0000000000000048 [ 35.125966] ? netconsole_netdev_event+0x250/0x250 [ 35.125983] vprintk_emit+0x224/0x620 [ 35.126003] vprintk_func+0x58/0x152 [ 35.126010] printk+0x9e/0xbc [ 35.126017] ? log_store.cold+0x16/0x16 [ 35.126025] ? rxe_notify+0x4ab/0x620 [ 35.126037] addrconf_notify.cold+0x5e/0x17c [ 35.126044] ? bond_open+0xb10/0xb10 [ 35.126052] ? nf_tables_netdev_init_net+0x140/0x140 [ 35.126060] ? inet6_ifinfo_notify+0x130/0x130 [ 35.126066] ? pppoe_device_event+0x223/0x700 [ 35.126073] ? cma_netdev_callback+0x87/0x330 [ 35.126080] ? ip6mr_device_event+0x174/0x1e0 [ 35.126088] ? rtnl_is_locked+0x5/0x20 [ 35.126098] notifier_call_chain+0x108/0x1a0 [ 35.126108] __dev_notify_flags+0x234/0x260 [ 35.126117] ? dev_change_name+0x6a0/0x6a0 [ 35.126124] ? dev_set_allmulti+0x30/0x30 [ 35.126134] rtnl_configure_link+0x141/0x200 [ 35.126142] rtnl_newlink+0xfa4/0x1830 [ 35.126150] ? __lock_acquire+0x5fc/0x3f20 [ 35.126163] ? vlan_changelink+0x430/0x430 [ 35.126169] ? trace_hardirqs_on+0x10/0x10 [ 35.126176] ? rtnl_dellink+0x6a0/0x6a0 [ 35.126183] ? trace_hardirqs_on+0x10/0x10 [ 35.126191] ? lock_acquire+0x170/0x3f0 [ 35.126217] ? lock_acquire+0x170/0x3f0 [ 35.126225] ? lock_downgrade+0x740/0x740 [ 35.126233] ? rtnl_dellink+0x6a0/0x6a0 [ 35.126240] rtnetlink_rcv_msg+0x3be/0xb10 [ 35.126249] ? rtnl_calcit.isra.0+0x3a0/0x3a0 [ 35.126258] ? __netlink_lookup+0x345/0x5d0 [ 35.126269] netlink_rcv_skb+0x125/0x390 [ 35.126276] ? rtnl_calcit.isra.0+0x3a0/0x3a0 [ 35.126284] ? netlink_ack+0x9a0/0x9a0 [ 35.126296] netlink_unicast+0x437/0x610 [ 35.126305] ? netlink_sendskb+0xd0/0xd0 [ 35.126314] netlink_sendmsg+0x62e/0xb80 [ 35.126323] ? nlmsg_notify+0x170/0x170 [ 35.126332] ? kernel_recvmsg+0x210/0x210 [ 35.126341] ? security_socket_sendmsg+0x83/0xb0 [ 35.126348] ? nlmsg_notify+0x170/0x170 [ 35.126355] sock_sendmsg+0xb5/0x100 [ 35.126362] ___sys_sendmsg+0x6c8/0x800 [ 35.126370] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 35.126376] ? trace_hardirqs_on+0x10/0x10 [ 35.126381] ? trace_hardirqs_on+0x10/0x10 [ 35.126387] ? trace_hardirqs_on+0x10/0x10 [ 35.126393] ? trace_hardirqs_on+0x10/0x10 [ 35.126402] ? fs_reclaim_release+0xd0/0x110 [ 35.126411] ? __might_fault+0x104/0x1b0 [ 35.126419] ? lock_acquire+0x170/0x3f0 [ 35.126426] ? lock_downgrade+0x740/0x740 [ 35.126436] ? __might_fault+0x177/0x1b0 [ 35.126443] ? _copy_to_user+0x82/0xd0 [ 35.126452] ? move_addr_to_user+0x13f/0x180 [ 35.126464] ? __fdget+0x167/0x1f0 [ 35.126472] ? sockfd_lookup_light+0xb2/0x160 [ 35.126479] __sys_sendmsg+0xa3/0x120 [ 35.126485] ? SyS_shutdown+0x160/0x160 [ 35.126496] ? move_addr_to_kernel+0x60/0x60 [ 35.126504] ? __do_page_fault+0x19a/0xb50 [ 35.126511] SyS_sendmsg+0x27/0x40 [ 35.126516] ? __sys_sendmsg+0x120/0x120 [ 35.126524] do_syscall_64+0x1d5/0x640 [ 35.126535] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 35.126541] RIP: 0033:0x441929 [ 35.126545] RSP: 002b:00007fffadbdc448 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 35.126552] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441929 [ 35.126556] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000005 [ 35.126560] RBP: 00007fffadbdc450 R08: 0000000100000000 R09: 0000000100000000 [ 35.126564] R10: 0000000100000000 R11: 0000000000000246 R12: 000000000000891f [ 35.126568] R13: 0000000000402800 R14: 0000000000000000 R15: 0000000000000000 [ 35.126576] Code: 58 4d fc 4c 89 f0 48 c1 e8 03 80 3c 18 00 0f 85 48 05 00 00 49 63 c4 48 c1 e0 04 4a 8b 6c 28 30 48 8d 7d 20 48 89 f8 48 c1 e8 03 <80> 3c 18 00 0f 85 1d 05 00 00 4c 8b 7d 20 41 f6 c7 01 0f 85 ef [ 35.126720] RIP: skb_release_data+0x1e3/0x820 RSP: ffff8880aeb07ad8 [ 35.126730] ---[ end trace c8ffed087b5aa8f0 ]--- [ 35.126734] Kernel panic - not syncing: Fatal exception in interrupt [ 35.127782] Kernel Offset: disabled [ 35.794543] Rebooting in 86400 seconds..