[ 88.625330][ T28] audit: type=1800 audit(1580113577.810:26): pid=9466 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 89.711610][ T28] kauditd_printk_skb: 2 callbacks suppressed [ 89.711622][ T28] audit: type=1800 audit(1580113578.920:29): pid=9466 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 89.738180][ T28] audit: type=1800 audit(1580113578.920:30): pid=9466 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.103' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 99.359483][ T9626] ================================================================== [ 99.367759][ T9626] BUG: KASAN: null-ptr-deref in tcf_generic_walker+0x73f/0xc00 [ 99.375321][ T9626] Read of size 4 at addr 0000000000000010 by task syz-executor142/9626 [ 99.383561][ T9626] [ 99.385896][ T9626] CPU: 0 PID: 9626 Comm: syz-executor142 Not tainted 5.5.0-rc7-syzkaller #0 [ 99.394572][ T9626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 99.404635][ T9626] Call Trace: [ 99.407946][ T9626] dump_stack+0x197/0x210 [ 99.412291][ T9626] ? tcf_generic_walker+0x73f/0xc00 [ 99.417502][ T9626] ? tcf_generic_walker+0x73f/0xc00 [ 99.422890][ T9626] __kasan_report.cold+0x5/0x41 [ 99.427789][ T9626] ? tcf_generic_walker+0x73f/0xc00 [ 99.433002][ T9626] kasan_report+0x12/0x20 [ 99.437334][ T9626] check_memory_region+0x134/0x1a0 [ 99.442461][ T9626] __kasan_check_read+0x11/0x20 [ 99.447330][ T9626] tcf_generic_walker+0x73f/0xc00 [ 99.452376][ T9626] ? find_held_lock+0x35/0x130 [ 99.457164][ T9626] ? tcf_action_dump_1+0x840/0x840 [ 99.462385][ T9626] ? rcu_read_lock_held+0x9c/0xb0 [ 99.467401][ T9626] ? __kasan_check_read+0x11/0x20 [ 99.472423][ T9626] tcf_ife_walker+0x1a0/0x2b0 [ 99.477206][ T9626] tca_action_gd+0xcec/0x1760 [ 99.481879][ T9626] ? tca_get_fill.constprop.0+0x4f0/0x4f0 [ 99.487855][ T9626] ? __kasan_check_read+0x11/0x20 [ 99.492882][ T9626] ? __kasan_check_read+0x11/0x20 [ 99.498031][ T9626] ? __kasan_check_read+0x11/0x20 [ 99.503190][ T9626] ? mark_lock+0xc2/0x1220 [ 99.507604][ T9626] ? __kasan_check_read+0x11/0x20 [ 99.512676][ T9626] ? __lock_acquire+0x8a0/0x4a00 [ 99.517676][ T9626] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 99.523911][ T9626] ? apparmor_capable+0x497/0x900 [ 99.528942][ T9626] ? __nla_parse+0x43/0x60 [ 99.533356][ T9626] tc_ctl_action+0x3be/0x488 [ 99.537937][ T9626] ? tcf_action_add+0x3b0/0x3b0 [ 99.542791][ T9626] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 99.549020][ T9626] ? tcf_action_add+0x3b0/0x3b0 [ 99.553860][ T9626] rtnetlink_rcv_msg+0x45e/0xaf0 [ 99.558818][ T9626] ? rtnl_bridge_getlink+0x910/0x910 [ 99.564157][ T9626] ? lock_downgrade+0x920/0x920 [ 99.569009][ T9626] ? netlink_deliver_tap+0x228/0xbf0 [ 99.574290][ T9626] ? find_held_lock+0x35/0x130 [ 99.579071][ T9626] netlink_rcv_skb+0x177/0x450 [ 99.583852][ T9626] ? rtnl_bridge_getlink+0x910/0x910 [ 99.589153][ T9626] ? netlink_ack+0xb50/0xb50 [ 99.593910][ T9626] ? __kasan_check_read+0x11/0x20 [ 99.598992][ T9626] ? netlink_deliver_tap+0x24a/0xbf0 [ 99.604271][ T9626] rtnetlink_rcv+0x1d/0x30 [ 99.608680][ T9626] netlink_unicast+0x59e/0x7e0 [ 99.613660][ T9626] ? netlink_attachskb+0x870/0x870 [ 99.618884][ T9626] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 99.624605][ T9626] ? __check_object_size+0x3d/0x437 [ 99.629801][ T9626] netlink_sendmsg+0x91c/0xea0 [ 99.634698][ T9626] ? netlink_unicast+0x7e0/0x7e0 [ 99.639692][ T9626] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 99.645240][ T9626] ? apparmor_socket_sendmsg+0x2a/0x30 [ 99.650723][ T9626] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 99.656975][ T9626] ? security_socket_sendmsg+0x8d/0xc0 [ 99.662438][ T9626] ? netlink_unicast+0x7e0/0x7e0 [ 99.667391][ T9626] sock_sendmsg+0xd7/0x130 [ 99.671808][ T9626] ____sys_sendmsg+0x753/0x880 [ 99.676690][ T9626] ? kernel_sendmsg+0x50/0x50 [ 99.681369][ T9626] ? __fget+0x35d/0x550 [ 99.685513][ T9626] ? find_held_lock+0x35/0x130 [ 99.690275][ T9626] ___sys_sendmsg+0x100/0x170 [ 99.694949][ T9626] ? sendmsg_copy_msghdr+0x70/0x70 [ 99.700171][ T9626] ? __kasan_check_read+0x11/0x20 [ 99.705194][ T9626] ? __fget+0x37f/0x550 [ 99.709398][ T9626] ? ksys_dup3+0x3e0/0x3e0 [ 99.713818][ T9626] ? __do_page_fault+0x56a/0xd80 [ 99.718756][ T9626] ? __fget_light+0x1a9/0x230 [ 99.723647][ T9626] ? __fdget+0x1b/0x20 [ 99.727723][ T9626] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 99.734063][ T9626] __sys_sendmsg+0x105/0x1d0 [ 99.738709][ T9626] ? __sys_sendmsg_sock+0xc0/0xc0 [ 99.743819][ T9626] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 99.749843][ T9626] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 99.755305][ T9626] ? do_syscall_64+0x26/0x790 [ 99.759974][ T9626] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 99.766428][ T9626] ? do_syscall_64+0x26/0x790 [ 99.771267][ T9626] __x64_sys_sendmsg+0x78/0xb0 [ 99.776094][ T9626] do_syscall_64+0xfa/0x790 [ 99.780600][ T9626] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 99.786481][ T9626] RIP: 0033:0x446939 [ 99.790367][ T9626] Code: e8 0c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 99.810314][ T9626] RSP: 002b:00007f978afaada8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 99.818830][ T9626] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 0000000000446939 [ 99.826795][ T9626] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003 [ 99.834771][ T9626] RBP: 00000000006dbc20 R08: 0000000000000008 R09: 0000000000000000 [ 99.842884][ T9626] R10: 000000000000000c R11: 0000000000000246 R12: 00000000006dbc2c [ 99.850849][ T9626] R13: 0000000020000400 R14: 00000000004ae7e8 R15: 000000000000002d [ 99.858827][ T9626] ================================================================== [ 99.867002][ T9626] Disabling lock debugging due to kernel taint [ 99.875214][ T9626] Kernel panic - not syncing: panic_on_warn set ... [ 99.881826][ T9626] CPU: 0 PID: 9626 Comm: syz-executor142 Tainted: G B 5.5.0-rc7-syzkaller #0 [ 99.891899][ T9626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 99.902000][ T9626] Call Trace: [ 99.905394][ T9626] dump_stack+0x197/0x210 [ 99.909759][ T9626] panic+0x2e3/0x75c [ 99.913657][ T9626] ? add_taint.cold+0x16/0x16 [ 99.918426][ T9626] ? tcf_generic_walker+0x73f/0xc00 [ 99.923700][ T9626] ? preempt_schedule+0x4b/0x60 [ 99.928604][ T9626] ? ___preempt_schedule+0x16/0x18 [ 99.933720][ T9626] ? trace_hardirqs_on+0x5e/0x240 [ 99.938751][ T9626] ? tcf_generic_walker+0x73f/0xc00 [ 99.944118][ T9626] end_report+0x47/0x4f [ 99.948278][ T9626] ? tcf_generic_walker+0x73f/0xc00 [ 99.953475][ T9626] __kasan_report.cold+0xe/0x41 [ 99.958331][ T9626] ? tcf_generic_walker+0x73f/0xc00 [ 99.963533][ T9626] kasan_report+0x12/0x20 [ 99.968006][ T9626] check_memory_region+0x134/0x1a0 [ 99.973172][ T9626] __kasan_check_read+0x11/0x20 [ 99.978016][ T9626] tcf_generic_walker+0x73f/0xc00 [ 99.983040][ T9626] ? find_held_lock+0x35/0x130 [ 99.987808][ T9626] ? tcf_action_dump_1+0x840/0x840 [ 99.992910][ T9626] ? rcu_read_lock_held+0x9c/0xb0 [ 99.998092][ T9626] ? __kasan_check_read+0x11/0x20 [ 100.003117][ T9626] tcf_ife_walker+0x1a0/0x2b0 [ 100.007920][ T9626] tca_action_gd+0xcec/0x1760 [ 100.012586][ T9626] ? tca_get_fill.constprop.0+0x4f0/0x4f0 [ 100.018341][ T9626] ? __kasan_check_read+0x11/0x20 [ 100.023448][ T9626] ? __kasan_check_read+0x11/0x20 [ 100.028470][ T9626] ? __kasan_check_read+0x11/0x20 [ 100.033485][ T9626] ? mark_lock+0xc2/0x1220 [ 100.037886][ T9626] ? __kasan_check_read+0x11/0x20 [ 100.043117][ T9626] ? __lock_acquire+0x8a0/0x4a00 [ 100.048073][ T9626] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 100.054300][ T9626] ? apparmor_capable+0x497/0x900 [ 100.059337][ T9626] ? __nla_parse+0x43/0x60 [ 100.063745][ T9626] tc_ctl_action+0x3be/0x488 [ 100.068330][ T9626] ? tcf_action_add+0x3b0/0x3b0 [ 100.073188][ T9626] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 100.079482][ T9626] ? tcf_action_add+0x3b0/0x3b0 [ 100.084391][ T9626] rtnetlink_rcv_msg+0x45e/0xaf0 [ 100.089412][ T9626] ? rtnl_bridge_getlink+0x910/0x910 [ 100.094696][ T9626] ? lock_downgrade+0x920/0x920 [ 100.099559][ T9626] ? netlink_deliver_tap+0x228/0xbf0 [ 100.104830][ T9626] ? find_held_lock+0x35/0x130 [ 100.109594][ T9626] netlink_rcv_skb+0x177/0x450 [ 100.114357][ T9626] ? rtnl_bridge_getlink+0x910/0x910 [ 100.119628][ T9626] ? netlink_ack+0xb50/0xb50 [ 100.124231][ T9626] ? __kasan_check_read+0x11/0x20 [ 100.129251][ T9626] ? netlink_deliver_tap+0x24a/0xbf0 [ 100.134542][ T9626] rtnetlink_rcv+0x1d/0x30 [ 100.139092][ T9626] netlink_unicast+0x59e/0x7e0 [ 100.143968][ T9626] ? netlink_attachskb+0x870/0x870 [ 100.149071][ T9626] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 100.154951][ T9626] ? __check_object_size+0x3d/0x437 [ 100.160143][ T9626] netlink_sendmsg+0x91c/0xea0 [ 100.164908][ T9626] ? netlink_unicast+0x7e0/0x7e0 [ 100.169838][ T9626] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 100.175443][ T9626] ? apparmor_socket_sendmsg+0x2a/0x30 [ 100.180908][ T9626] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 100.187192][ T9626] ? security_socket_sendmsg+0x8d/0xc0 [ 100.192634][ T9626] ? netlink_unicast+0x7e0/0x7e0 [ 100.197566][ T9626] sock_sendmsg+0xd7/0x130 [ 100.201997][ T9626] ____sys_sendmsg+0x753/0x880 [ 100.206771][ T9626] ? kernel_sendmsg+0x50/0x50 [ 100.211433][ T9626] ? __fget+0x35d/0x550 [ 100.215570][ T9626] ? find_held_lock+0x35/0x130 [ 100.220332][ T9626] ___sys_sendmsg+0x100/0x170 [ 100.224994][ T9626] ? sendmsg_copy_msghdr+0x70/0x70 [ 100.230137][ T9626] ? __kasan_check_read+0x11/0x20 [ 100.235168][ T9626] ? __fget+0x37f/0x550 [ 100.239349][ T9626] ? ksys_dup3+0x3e0/0x3e0 [ 100.243753][ T9626] ? __do_page_fault+0x56a/0xd80 [ 100.248680][ T9626] ? __fget_light+0x1a9/0x230 [ 100.253341][ T9626] ? __fdget+0x1b/0x20 [ 100.257406][ T9626] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 100.263638][ T9626] __sys_sendmsg+0x105/0x1d0 [ 100.268209][ T9626] ? __sys_sendmsg_sock+0xc0/0xc0 [ 100.273213][ T9626] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 100.279190][ T9626] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 100.284642][ T9626] ? do_syscall_64+0x26/0x790 [ 100.289306][ T9626] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 100.295378][ T9626] ? do_syscall_64+0x26/0x790 [ 100.300049][ T9626] __x64_sys_sendmsg+0x78/0xb0 [ 100.304804][ T9626] do_syscall_64+0xfa/0x790 [ 100.309306][ T9626] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 100.315177][ T9626] RIP: 0033:0x446939 [ 100.319051][ T9626] Code: e8 0c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 100.338754][ T9626] RSP: 002b:00007f978afaada8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 100.347354][ T9626] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 0000000000446939 [ 100.355320][ T9626] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003 [ 100.363277][ T9626] RBP: 00000000006dbc20 R08: 0000000000000008 R09: 0000000000000000 [ 100.371366][ T9626] R10: 000000000000000c R11: 0000000000000246 R12: 00000000006dbc2c [ 100.379336][ T9626] R13: 0000000020000400 R14: 00000000004ae7e8 R15: 000000000000002d [ 100.388963][ T9626] Kernel Offset: disabled [ 100.393285][ T9626] Rebooting in 86400 seconds..