[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.235' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 43.294488] audit: type=1400 audit(1599720663.918:9): avc: denied { execmem } for pid=6469 comm="syz-executor986" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 43.308151] IPVS: ftp: loaded support on port[0] = 21 executing program [ 43.351145] IPv6: ADDRCONF(NETDEV_CHANGE): gtp0: link becomes ready [ 43.361462] device vlan0 entered promiscuous mode [ 43.404454] IPv6: ADDRCONF(NETDEV_CHANGE): gtp1: link becomes ready [ 43.413819] device vlan0 entered promiscuous mode executing program [ 43.483599] IPv6: ADDRCONF(NETDEV_CHANGE): gtp2: link becomes ready [ 43.492967] device vlan0 entered promiscuous mode executing program executing program [ 43.553542] IPv6: ADDRCONF(NETDEV_CHANGE): gtp3: link becomes ready [ 43.562890] device vlan0 entered promiscuous mode [ 43.613212] IPv6: ADDRCONF(NETDEV_CHANGE): gtp4: link becomes ready [ 43.622519] device vlan0 entered promiscuous mode executing program executing program [ 43.683513] IPv6: ADDRCONF(NETDEV_CHANGE): gtp5: link becomes ready [ 43.693013] device vlan0 entered promiscuous mode executing program [ 43.745453] IPv6: ADDRCONF(NETDEV_CHANGE): gtp6: link becomes ready [ 43.754916] device vlan0 entered promiscuous mode executing program [ 43.803730] IPv6: ADDRCONF(NETDEV_CHANGE): gtp7: link becomes ready [ 43.812948] device vlan0 entered promiscuous mode executing program [ 43.852992] IPv6: ADDRCONF(NETDEV_CHANGE): gtp8: link becomes ready [ 43.862193] device vlan0 entered promiscuous mode executing program [ 43.912931] IPv6: ADDRCONF(NETDEV_CHANGE): gtp9: link becomes ready [ 43.921963] device gtp0 entered promiscuous mode [ 43.926867] device vlan0 entered promiscuous mode [ 43.932034] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 43.939272] device gtp0 left promiscuous mode executing program [ 43.993565] IPv6: ADDRCONF(NETDEV_CHANGE): gtp10: link becomes ready [ 44.005696] IPv6: ADDRCONF(NETDEV_CHANGE): gtp11: link becomes ready [ 44.014755] device gtp1 entered promiscuous mode [ 44.020082] device vlan0 entered promiscuous mode [ 44.025109] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 44.032133] device gtp1 left promiscuous mode executing program executing program [ 44.083070] IPv6: ADDRCONF(NETDEV_CHANGE): gtp12: link becomes ready [ 44.094643] IPv6: ADDRCONF(NETDEV_CHANGE): gtp13: link becomes ready [ 44.104683] device gtp2 entered promiscuous mode [ 44.109985] device vlan0 entered promiscuous mode [ 44.115040] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 44.123084] device gtp2 left promiscuous mode executing program executing program [ 44.183315] IPv6: ADDRCONF(NETDEV_CHANGE): gtp14: link becomes ready [ 44.195424] IPv6: ADDRCONF(NETDEV_CHANGE): gtp15: link becomes ready [ 44.204676] device gtp3 entered promiscuous mode [ 44.210121] device vlan0 entered promiscuous mode [ 44.215133] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 44.222180] device gtp3 left promiscuous mode executing program executing program [ 44.273473] IPv6: ADDRCONF(NETDEV_CHANGE): gtp16: link becomes ready [ 44.285726] IPv6: ADDRCONF(NETDEV_CHANGE): gtp17: link becomes ready [ 44.294915] device gtp4 entered promiscuous mode [ 44.300237] device vlan0 entered promiscuous mode [ 44.305906] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 44.313055] device gtp4 left promiscuous mode executing program executing program [ 44.363502] IPv6: ADDRCONF(NETDEV_CHANGE): gtp18: link becomes ready [ 44.375782] IPv6: ADDRCONF(NETDEV_CHANGE): gtp19: link becomes ready [ 44.384927] device gtp5 entered promiscuous mode [ 44.390201] device vlan0 entered promiscuous mode [ 44.395219] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 44.402381] device gtp5 left promiscuous mode executing program executing program [ 44.462630] IPv6: ADDRCONF(NETDEV_CHANGE): gtp20: link becomes ready [ 44.474975] IPv6: ADDRCONF(NETDEV_CHANGE): gtp21: link becomes ready [ 44.484074] device gtp6 entered promiscuous mode [ 44.489531] device vlan0 entered promiscuous mode [ 44.494593] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 44.501652] device gtp6 left promiscuous mode executing program executing program [ 44.552715] IPv6: ADDRCONF(NETDEV_CHANGE): gtp22: link becomes ready [ 44.564834] IPv6: ADDRCONF(NETDEV_CHANGE): gtp23: link becomes ready [ 44.574243] device gtp7 entered promiscuous mode [ 44.579142] device vlan0 entered promiscuous mode [ 44.584158] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 44.591209] device gtp7 left promiscuous mode executing program executing program [ 44.642849] IPv6: ADDRCONF(NETDEV_CHANGE): gtp24: link becomes ready [ 44.655151] IPv6: ADDRCONF(NETDEV_CHANGE): gtp25: link becomes ready [ 44.664251] device gtp8 entered promiscuous mode [ 44.669598] device vlan0 entered promiscuous mode [ 44.674641] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 44.681703] device gtp8 left promiscuous mode executing program executing program [ 44.733271] IPv6: ADDRCONF(NETDEV_CHANGE): gtp26: link becomes ready [ 44.745570] IPv6: ADDRCONF(NETDEV_CHANGE): gtp27: link becomes ready [ 44.754800] device gtp9 entered promiscuous mode [ 44.760052] device vlan0 entered promiscuous mode [ 44.765090] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 44.772126] device gtp9 left promiscuous mode executing program executing program executing program [ 44.832842] IPv6: ADDRCONF(NETDEV_CHANGE): gtp28: link becomes ready [ 44.843907] IPv6: ADDRCONF(NETDEV_CHANGE): gtp29: link becomes ready [ 44.853012] device gtp10 entered promiscuous mode [ 44.858025] device vlan0 entered promiscuous mode [ 44.863089] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 44.870493] device gtp10 left promiscuous mode [ 44.912562] IPv6: ADDRCONF(NETDEV_CHANGE): gtp30: link becomes ready [ 44.921636] device gtp11 entered promiscuous mode [ 44.926511] device vlan0 entered promiscuous mode [ 44.931702] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 44.938368] kasan: CONFIG_KASAN_INLINE enabled [ 44.938426] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 44.938441] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 44.938453] CPU: 0 PID: 6663 Comm: syz-executor986 Not tainted 4.19.144-syzkaller #0 [ 44.938459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.938476] RIP: 0010:skb_release_data+0x237/0x920 [ 44.938494] Code: 48 c1 e8 03 42 80 3c 28 00 0f 85 d9 05 00 00 48 8b 0c 24 49 63 c4 48 c1 e0 04 48 8b 6c 08 30 48 8d 7d 08 48 89 f8 48 c1 e8 03 <42> 80 3c 28 00 0f 85 c0 05 00 00 48 8b 5d 08 31 ff 49 89 de 41 83 [ 44.938501] RSP: 0018:ffff8880ae607a48 EFLAGS: 00010202 [ 44.938510] RAX: 0000000000000001 RBX: 0000000000000003 RCX: ffff88808982e640 [ 44.938516] RDX: 0000000000000100 RSI: ffffffff85b479fa RDI: 0000000000000008 [ 44.938523] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 44.938529] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000 [ 44.938536] R13: dffffc0000000000 R14: ffff88808982e640 R15: ffff88808982e670 [ 44.938546] FS: 0000000002257880(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000 [ 44.938554] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 44.938560] CR2: 00000000200004c0 CR3: 000000008b4e7000 CR4: 00000000001406f0 [ 44.938573] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 44.938579] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 44.938583] Call Trace: [ 44.938588] [ 44.938607] ? validate_xmit_skb+0x96a/0xd50 [ 44.938616] kfree_skb+0x11a/0x3d0 [ 44.938628] validate_xmit_skb+0x96a/0xd50 [ 44.938643] ? check_preemption_disabled+0x41/0x280 [ 44.938655] __dev_queue_xmit+0x963/0x2e00 [ 44.938670] ? netdev_pick_tx+0x2f0/0x2f0 [ 44.938682] ? skb_dequeue+0x120/0x170 [ 44.938700] ? mark_held_locks+0xa6/0xf0 [ 44.938715] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 44.938728] ? lockdep_hardirqs_on+0x288/0x5c0 [ 44.938740] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 44.938754] garp_join_timer+0xb6/0xf0 [ 44.938767] call_timer_fn+0x177/0x700 [ 44.938777] ? garp_pdu_rcv+0xc00/0xc00 [ 44.938788] ? process_timeout+0x40/0x40 [ 44.938801] ? mark_held_locks+0xa6/0xf0 [ 44.938812] ? _raw_spin_unlock_irq+0x24/0x80 [ 44.938822] ? garp_pdu_rcv+0xc00/0xc00 [ 44.938833] ? garp_pdu_rcv+0xc00/0xc00 [ 44.938844] expire_timers+0x243/0x4e0 [ 44.938858] run_timer_softirq+0x21c/0x670 [ 44.938882] ? expire_timers+0x4e0/0x4e0 [ 44.938899] ? check_preemption_disabled+0x41/0x280 [ 44.938915] __do_softirq+0x26c/0x9a0 [ 44.938933] irq_exit+0x215/0x260 [ 44.938945] smp_apic_timer_interrupt+0x136/0x550 [ 44.938957] apic_timer_interrupt+0xf/0x20 [ 44.938961] [ 44.938973] RIP: 0010:console_unlock+0xe7b/0x1110 [ 44.938985] Code: ff df 48 c1 e8 03 80 3c 08 00 0f 85 66 02 00 00 48 83 3d 9f d3 7d 07 00 0f 84 9e 00 00 00 e8 1c 2a 15 00 48 8b 7c 24 30 57 9d <0f> 1f 44 00 00 e9 9b fc ff ff e8 06 2a 15 00 0f 0b e8 ff 29 15 00 [ 44.938991] RSP: 0018:ffff88808ef1ec80 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13 [ 44.939002] RAX: ffff8880a472e300 RBX: 0000000000000200 RCX: dffffc0000000000 [ 44.939009] RDX: 0000000000000000 RSI: ffffffff815487b4 RDI: 0000000000000293 [ 44.939015] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 44.939021] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff845cd060 [ 44.939028] R13: 0000000000000048 R14: 0000000000000000 R15: ffffffff89460d70 [ 44.939041] ? netconsole_netdev_event+0x280/0x280 [ 44.939054] ? console_unlock+0xe74/0x1110 [ 44.939073] vprintk_emit+0x2d1/0x740 [ 44.939086] vprintk_func+0x79/0x17e [ 44.939098] ? mark_held_locks+0xf0/0xf0 [ 44.939108] printk+0xba/0xed [ 44.939119] ? log_store.cold+0x16/0x16 [ 44.939133] ? lock_downgrade+0x720/0x720 [ 44.939150] addrconf_notify.cold+0x29/0x6b [ 44.939163] ? mark_held_locks+0xa6/0xf0 [ 44.939179] ? get_netdev_for_sock+0x430/0x430 [ 44.939189] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 44.939200] ? inet6_ifinfo_notify+0x140/0x140 [ 44.939212] ? clusterip_netdev_event+0x46f/0x640 [ 44.939224] ? tee_netdev_event+0x412/0x5b0 [ 44.939237] ? ip6mr_device_event+0x1ab/0x220 [ 44.939248] ? rtnl_is_locked+0x2c/0x40 [ 44.939260] notifier_call_chain+0xc0/0x230 [ 44.939276] __dev_notify_flags+0x280/0x2b0 [ 44.939288] ? dev_change_name+0x780/0x780 [ 44.939299] ? __dev_change_flags+0x4b7/0x660 [ 44.939318] rtnl_configure_link+0x169/0x230 [ 44.939338] rtnl_newlink+0x104e/0x15b0 [ 44.939355] ? rtnl_getlink+0x620/0x620 [ 44.939367] ? deref_stack_reg+0x134/0x1d0 [ 44.939382] ? unwind_next_frame+0x10a9/0x1c60 [ 44.939392] ? __save_stack_trace+0x72/0x190 [ 44.939403] ? deref_stack_reg+0x134/0x1d0 [ 44.939416] ? __lock_acquire+0x6de/0x3ff0 [ 44.939431] ? __lock_acquire+0x6de/0x3ff0 [ 44.939442] ? deref_stack_reg+0x134/0x1d0 [ 44.939455] ? __lock_acquire+0x6de/0x3ff0 [ 44.939472] ? __lock_acquire+0x6de/0x3ff0 [ 44.939484] ? mark_held_locks+0xf0/0xf0 [ 44.939496] ? mark_held_locks+0xf0/0xf0 [ 44.939508] ? __lock_acquire+0x6de/0x3ff0 [ 44.939521] ? __lock_acquire+0x6de/0x3ff0 [ 44.939538] ? avc_has_perm_noaudit+0x1c5/0x390 [ 44.939553] ? mark_held_locks+0xf0/0xf0 [ 44.939564] ? lock_acquire+0x170/0x3c0 [ 44.939576] ? avc_has_perm_noaudit+0x9c/0x390 [ 44.939586] ? check_preemption_disabled+0x41/0x280 [ 44.939618] ? __mutex_add_waiter+0x160/0x160 [ 44.939631] ? rtnetlink_rcv_msg+0x3c3/0xb80 [ 44.939648] ? rtnl_getlink+0x620/0x620 [ 44.939660] rtnetlink_rcv_msg+0x453/0xb80 [ 44.939675] ? rtnl_calcit.isra.0+0x430/0x430 [ 44.939688] ? __netlink_lookup+0x3fc/0x730 [ 44.939702] ? lock_downgrade+0x720/0x720 [ 44.939712] ? check_preemption_disabled+0x41/0x280 [ 44.939727] netlink_rcv_skb+0x160/0x440 [ 44.939745] ? rtnl_calcit.isra.0+0x430/0x430 [ 44.939758] ? netlink_ack+0xae0/0xae0 [ 44.939776] netlink_unicast+0x4d5/0x690 [ 44.939788] ? netlink_sendskb+0x110/0x110 [ 44.939803] netlink_sendmsg+0x6bb/0xc40 [ 44.939817] ? nlmsg_notify+0x1a0/0x1a0 [ 44.939826] ? kernel_recvmsg+0x220/0x220 [ 44.939842] ? nlmsg_notify+0x1a0/0x1a0 [ 44.939854] sock_sendmsg+0xc3/0x120 [ 44.939864] ___sys_sendmsg+0x7bb/0x8e0 [ 44.939885] ? mark_held_locks+0xf0/0xf0 [ 44.939896] ? copy_msghdr_from_user+0x440/0x440 [ 44.939913] ? __might_fault+0x11f/0x1d0 [ 44.939927] ? lock_downgrade+0x720/0x720 [ 44.939938] ? lock_acquire+0x170/0x3c0 [ 44.939949] ? __might_fault+0xef/0x1d0 [ 44.939964] ? __might_fault+0x192/0x1d0 [ 44.939976] ? _copy_to_user+0xb8/0x100 [ 44.939990] ? move_addr_to_user+0x190/0x1d0 [ 44.940003] ? __fdget+0x1a0/0x230 [ 44.940017] __x64_sys_sendmsg+0x132/0x220 [ 44.940027] ? __sys_sendmsg+0x1b0/0x1b0 [ 44.940045] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 44.940057] ? trace_hardirqs_off_caller+0x69/0x210 [ 44.940070] ? do_syscall_64+0x21/0x620 [ 44.940083] do_syscall_64+0xf9/0x620 [ 44.940098] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 44.940107] RIP: 0033:0x441929 [ 44.940125] Code: e8 5c ad 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 44.940132] RSP: 002b:00007fff1d67e8f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 44.940143] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441929 [ 44.940149] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000005 [ 44.940156] RBP: 00007fff1d67e900 R08: 0000000100000000 R09: 0000000100000000 [ 44.940162] R10: 0000000100000000 R11: 0000000000000246 R12: 000000000000af22 [ 44.940169] R13: 0000000000402800 R14: 0000000000000000 R15: 0000000000000000 [ 44.940179] Modules linked in: [ 44.940196] ---[ end trace 768330f5d74022b2 ]--- [ 44.940208] RIP: 0010:skb_release_data+0x237/0x920 [ 44.940219] Code: 48 c1 e8 03 42 80 3c 28 00 0f 85 d9 05 00 00 48 8b 0c 24 49 63 c4 48 c1 e0 04 48 8b 6c 08 30 48 8d 7d 08 48 89 f8 48 c1 e8 03 <42> 80 3c 28 00 0f 85 c0 05 00 00 48 8b 5d 08 31 ff 49 89 de 41 83 [ 44.940226] RSP: 0018:ffff8880ae607a48 EFLAGS: 00010202 [ 44.940234] RAX: 0000000000000001 RBX: 0000000000000003 RCX: ffff88808982e640 [ 44.940242] RDX: 0000000000000100 RSI: ffffffff85b479fa RDI: 0000000000000008 [ 44.940248] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 44.940255] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000 [ 44.940262] R13: dffffc0000000000 R14: ffff88808982e640 R15: ffff88808982e670 [ 44.940272] FS: 0000000002257880(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000 [ 44.940279] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 44.940286] CR2: 00000000200004c0 CR3: 000000008b4e7000 CR4: 00000000001406f0 [ 44.940298] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 44.940304] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 44.940309] Kernel panic - not syncing: Fatal exception in interrupt [ 44.941354] Kernel Offset: disabled [ 45.779341] Rebooting in 86400 seconds..