[ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.95' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 60.802837][ T6792] general protection fault, probably for non-canonical address 0xdffffc0000000104: 0000 [#1] PREEMPT SMP KASAN [ 60.814562][ T6792] KASAN: null-ptr-deref in range [0x0000000000000820-0x0000000000000827] [ 60.823486][ T6792] CPU: 0 PID: 6792 Comm: syz-executor232 Not tainted 5.8.0-rc4-next-20200713-syzkaller #0 [ 60.833353][ T6792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.843432][ T6792] RIP: 0010:__xfrm6_tunnel_spi_lookup+0x22b/0x3b0 [ 60.849879][ T6792] Code: 89 e0 48 c1 e8 03 80 3c 28 00 0f 85 5b 01 00 00 4d 8b 24 24 4d 85 e4 74 53 e8 31 fa 7b fa 49 8d 7c 24 20 48 89 f8 48 c1 e8 03 <80> 3c 28 00 0f 85 2d 01 00 00 4d 8b 7c 24 20 49 8d 7c 24 28 48 89 [ 60.869650][ T6792] RSP: 0018:ffffc90001277580 EFLAGS: 00010202 [ 60.875717][ T6792] RAX: 0000000000000104 RBX: ffffffffffffffff RCX: ffffffff86f83788 [ 60.883694][ T6792] RDX: ffff8880947443c0 RSI: ffffffff86f8373f RDI: 0000000000000820 [ 60.891653][ T6792] RBP: dffffc0000000000 R08: 0000000000000001 R09: ffff888094744c90 [ 60.899612][ T6792] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000800 [ 60.907655][ T6792] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 60.915625][ T6792] FS: 000000000162d880(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000 [ 60.924546][ T6792] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 60.931119][ T6792] CR2: 0000000020000180 CR3: 0000000098519000 CR4: 00000000001506f0 [ 60.939083][ T6792] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 60.947037][ T6792] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 60.955001][ T6792] Call Trace: [ 60.958558][ T6792] xfrm6_tunnel_spi_lookup+0x8a/0x1d0 [ 60.963921][ T6792] ipcomp6_init_state+0x1de/0x700 [ 60.968979][ T6792] __xfrm_init_state+0x9a6/0x14b0 [ 60.974060][ T6792] xfrm_init_state+0x1a/0x70 [ 60.978644][ T6792] pfkey_add+0x1a10/0x2b70 [ 60.983478][ T6792] ? pfkey_get+0x700/0x700 [ 60.987968][ T6792] ? kfree_skbmem+0xef/0x1b0 [ 60.992561][ T6792] ? kfree_skb+0x7d/0x100 [ 60.996894][ T6792] ? pfkey_broadcast+0x3e1/0x630 [ 61.001824][ T6792] ? pfkey_get+0x700/0x700 [ 61.006245][ T6792] pfkey_process+0x66d/0x7a0 [ 61.010829][ T6792] ? pfkey_broadcast+0x630/0x630 [ 61.015752][ T6792] ? __mutex_lock+0x626/0x10d0 [ 61.020517][ T6792] ? _copy_from_iter_full+0x247/0x890 [ 61.026913][ T6792] ? __phys_addr+0x9a/0x110 [ 61.031411][ T6792] ? __phys_addr_symbol+0x2c/0x70 [ 61.036439][ T6792] ? __check_object_size+0x171/0x3e4 [ 61.041716][ T6792] pfkey_sendmsg+0x42d/0x800 [ 61.046292][ T6792] ? pfkey_send_new_mapping+0x11b0/0x11b0 [ 61.052182][ T6792] sock_sendmsg+0xcf/0x120 [ 61.056592][ T6792] ____sys_sendmsg+0x331/0x810 [ 61.061349][ T6792] ? kernel_sendmsg+0x50/0x50 [ 61.066004][ T6792] ? do_recvmmsg+0x6d0/0x6d0 [ 61.070574][ T6792] ? alloc_file_pseudo+0x165/0x250 [ 61.075676][ T6792] ? sock_alloc_file+0x4f/0x190 [ 61.080539][ T6792] ? __sys_socket+0x13d/0x200 [ 61.085219][ T6792] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 61.091295][ T6792] ? sock_alloc_file+0x4f/0x190 [ 61.096145][ T6792] ? __sys_socket+0x13d/0x200 [ 61.100801][ T6792] ? __x64_sys_socket+0x6f/0xb0 [ 61.105656][ T6792] ? do_syscall_64+0x60/0xe0 [ 61.110227][ T6792] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 61.116323][ T6792] ___sys_sendmsg+0xf3/0x170 [ 61.120916][ T6792] ? sendmsg_copy_msghdr+0x160/0x160 [ 61.126185][ T6792] ? find_held_lock+0x2d/0x110 [ 61.130958][ T6792] ? fs_reclaim_release+0x94/0xf0 [ 61.136168][ T6792] ? mark_lock+0xbc/0x1710 [ 61.140569][ T6792] ? lock_is_held_type+0xb0/0xe0 [ 61.145497][ T6792] ? __lock_acquire+0xc1e/0x56e0 [ 61.150445][ T6792] ? __fget_light+0x215/0x280 [ 61.155203][ T6792] __sys_sendmmsg+0x195/0x480 [ 61.164672][ T6792] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 61.169716][ T6792] ? find_held_lock+0x2d/0x110 [ 61.174511][ T6792] ? alloc_file_pseudo+0x1/0x250 [ 61.179465][ T6792] ? lock_is_held_type+0xb0/0xe0 [ 61.184390][ T6792] ? __fd_install+0x1e6/0x600 [ 61.189056][ T6792] ? __sys_socket+0x16d/0x200 [ 61.193905][ T6792] ? move_addr_to_kernel+0x70/0x70 [ 61.199090][ T6792] ? lock_is_held_type+0xb0/0xe0 [ 61.204026][ T6792] ? lock_is_held_type+0xb0/0xe0 [ 61.208952][ T6792] __x64_sys_sendmmsg+0x99/0x100 [ 61.213921][ T6792] ? lockdep_hardirqs_on+0x6a/0xe0 [ 61.219213][ T6792] do_syscall_64+0x60/0xe0 [ 61.223616][ T6792] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 61.229488][ T6792] RIP: 0033:0x4403d9 [ 61.235543][ T6792] Code: Bad RIP value. [ 61.239588][ T6792] RSP: 002b:00007ffeb96d2058 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 61.247981][ T6792] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004403d9 [ 61.256045][ T6792] RDX: 0000000000000393 RSI: 0000000020000180 RDI: 0000000000000003 [ 61.264025][ T6792] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 61.271997][ T6792] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401be0 [ 61.280001][ T6792] R13: 0000000000401c70 R14: 0000000000000000 R15: 0000000000000000 [ 61.287975][ T6792] Modules linked in: [ 61.291966][ T6792] ---[ end trace 224ae9c97b2f647b ]--- [ 61.297485][ T6792] RIP: 0010:__xfrm6_tunnel_spi_lookup+0x22b/0x3b0 [ 61.304016][ T6792] Code: 89 e0 48 c1 e8 03 80 3c 28 00 0f 85 5b 01 00 00 4d 8b 24 24 4d 85 e4 74 53 e8 31 fa 7b fa 49 8d 7c 24 20 48 89 f8 48 c1 e8 03 <80> 3c 28 00 0f 85 2d 01 00 00 4d 8b 7c 24 20 49 8d 7c 24 28 48 89 [ 61.323707][ T6792] RSP: 0018:ffffc90001277580 EFLAGS: 00010202 [ 61.329839][ T6792] RAX: 0000000000000104 RBX: ffffffffffffffff RCX: ffffffff86f83788 [ 61.338001][ T6792] RDX: ffff8880947443c0 RSI: ffffffff86f8373f RDI: 0000000000000820 [ 61.346108][ T6792] RBP: dffffc0000000000 R08: 0000000000000001 R09: ffff888094744c90 [ 61.354182][ T6792] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000800 [ 61.362242][ T6792] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 61.370270][ T6792] FS: 000000000162d880(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000 [ 61.379240][ T6792] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 61.385859][ T6792] CR2: 0000000020000180 CR3: 0000000098519000 CR4: 00000000001506f0 [ 61.393834][ T6792] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 61.401938][ T6792] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 61.409961][ T6792] Kernel panic - not syncing: Fatal exception in interrupt [ 61.418171][ T6792] Kernel Offset: disabled [ 61.422503][ T6792] Rebooting in 86400 seconds..