[ 110.947246][ T27] audit: type=1800 audit(1580355070.555:36): pid=10612 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 114.832035][ T27] kauditd_printk_skb: 4 callbacks suppressed [ 114.832051][ T27] audit: type=1400 audit(1580355074.535:41): avc: denied { map } for pid=10787 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.97' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program [ 121.631459][ T27] audit: type=1400 audit(1580355081.325:42): avc: denied { map } for pid=10799 comm="syz-executor560" path="/root/syz-executor560323777" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 121.679487][T10809] ================================================================== [ 121.687758][T10809] BUG: KASAN: null-ptr-deref in tcf_generic_walker+0x73f/0xc00 [ 121.695319][T10809] Read of size 4 at addr 0000000000000010 by task syz-executor560/10809 [ 121.703676][T10809] [ 121.705991][T10809] CPU: 0 PID: 10809 Comm: syz-executor560 Not tainted 5.5.0-syzkaller #0 [ 121.714383][T10809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 121.724443][T10809] Call Trace: [ 121.727742][T10809] dump_stack+0x197/0x210 [ 121.732066][T10809] ? tcf_generic_walker+0x73f/0xc00 [ 121.737246][T10809] ? tcf_generic_walker+0x73f/0xc00 [ 121.742434][T10809] __kasan_report.cold+0x5/0x32 [ 121.747268][T10809] ? tcf_generic_walker+0x73f/0xc00 [ 121.752457][T10809] kasan_report+0x12/0x20 [ 121.756779][T10809] check_memory_region+0x134/0x1a0 [ 121.761885][T10809] __kasan_check_read+0x11/0x20 [ 121.766727][T10809] tcf_generic_walker+0x73f/0xc00 [ 121.771745][T10809] ? find_held_lock+0x35/0x130 [ 121.776502][T10809] ? tcf_action_dump_1+0x840/0x840 [ 121.781601][T10809] ? rcu_read_lock_held+0x9c/0xb0 [ 121.786610][T10809] ? __kasan_check_read+0x11/0x20 [ 121.791636][T10809] tcf_ife_walker+0x1a0/0x2b0 [ 121.796319][T10809] tca_action_gd+0xcec/0x1760 [ 121.800989][T10809] ? tca_get_fill.constprop.0+0x4f0/0x4f0 [ 121.806696][T10809] ? avc_has_perm_noaudit+0x38c/0x570 [ 121.812064][T10809] ? __kasan_check_read+0x11/0x20 [ 121.817085][T10809] ? avc_has_perm_noaudit+0x3b3/0x570 [ 121.822460][T10809] ? avc_has_extended_perms+0x10f0/0x10f0 [ 121.828229][T10809] ? selinux_sb_eat_lsm_opts+0x700/0x700 [ 121.833880][T10809] ? __nla_parse+0x43/0x60 [ 121.838292][T10809] tc_ctl_action+0x3be/0x488 [ 121.842867][T10809] ? tcf_action_add+0x3b0/0x3b0 [ 121.847712][T10809] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 121.853933][T10809] ? tcf_action_add+0x3b0/0x3b0 [ 121.858768][T10809] rtnetlink_rcv_msg+0x45e/0xaf0 [ 121.863690][T10809] ? rtnl_bridge_getlink+0x910/0x910 [ 121.868965][T10809] ? lock_downgrade+0x920/0x920 [ 121.873814][T10809] ? netlink_deliver_tap+0x226/0xbf0 [ 121.879102][T10809] ? find_held_lock+0x35/0x130 [ 121.883875][T10809] netlink_rcv_skb+0x177/0x450 [ 121.888643][T10809] ? rtnl_bridge_getlink+0x910/0x910 [ 121.893927][T10809] ? netlink_ack+0xb50/0xb50 [ 121.898564][T10809] ? __kasan_check_read+0x11/0x20 [ 121.903596][T10809] ? netlink_deliver_tap+0x248/0xbf0 [ 121.908872][T10809] rtnetlink_rcv+0x1d/0x30 [ 121.913271][T10809] netlink_unicast+0x59e/0x7e0 [ 121.918046][T10809] ? netlink_attachskb+0x870/0x870 [ 121.923156][T10809] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 121.929403][T10809] netlink_sendmsg+0x91c/0xea0 [ 121.934161][T10809] ? netlink_unicast+0x7e0/0x7e0 [ 121.939084][T10809] ? tomoyo_socket_sendmsg+0x26/0x30 [ 121.944354][T10809] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 121.950576][T10809] ? security_socket_sendmsg+0x8d/0xc0 [ 121.956016][T10809] ? netlink_unicast+0x7e0/0x7e0 [ 121.960945][T10809] sock_sendmsg+0xd7/0x130 [ 121.965346][T10809] ____sys_sendmsg+0x753/0x880 [ 121.970098][T10809] ? kernel_sendmsg+0x50/0x50 [ 121.974754][T10809] ? __fget+0x35d/0x550 [ 121.978889][T10809] ? find_held_lock+0x35/0x130 [ 121.983642][T10809] ___sys_sendmsg+0x100/0x170 [ 121.988324][T10809] ? sendmsg_copy_msghdr+0x70/0x70 [ 121.993431][T10809] ? __kasan_check_read+0x11/0x20 [ 121.998440][T10809] ? __fget+0x37f/0x550 [ 122.002590][T10809] ? ksys_dup3+0x3e0/0x3e0 [ 122.007003][T10809] ? find_held_lock+0x35/0x130 [ 122.011751][T10809] ? do_page_fault+0x579/0x12e1 [ 122.016689][T10809] ? __fget_light+0x1a9/0x230 [ 122.021369][T10809] ? __fdget+0x1b/0x20 [ 122.025422][T10809] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 122.031650][T10809] __sys_sendmsg+0x105/0x1d0 [ 122.036220][T10809] ? __sys_sendmsg_sock+0xc0/0xc0 [ 122.041227][T10809] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 122.047198][T10809] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 122.052917][T10809] ? do_syscall_64+0x26/0x790 [ 122.057589][T10809] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 122.063647][T10809] ? do_syscall_64+0x26/0x790 [ 122.068315][T10809] __x64_sys_sendmsg+0x78/0xb0 [ 122.073064][T10809] do_syscall_64+0xfa/0x790 [ 122.077555][T10809] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 122.083440][T10809] RIP: 0033:0x446939 [ 122.087315][T10809] Code: e8 0c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 122.106913][T10809] RSP: 002b:00007f7b06402da8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 122.115419][T10809] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 0000000000446939 [ 122.123397][T10809] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003 [ 122.131656][T10809] RBP: 00000000006dbc20 R08: 0000000000000008 R09: 0000000000000000 [ 122.139620][T10809] R10: 000000000000000c R11: 0000000000000246 R12: 00000000006dbc2c [ 122.147577][T10809] R13: 0000000020000400 R14: 00000000004ae7e8 R15: 000000000000002d [ 122.155553][T10809] ================================================================== [ 122.163634][T10809] Disabling lock debugging due to kernel taint [ 122.171616][T10809] Kernel panic - not syncing: panic_on_warn set ... [ 122.178220][T10809] CPU: 0 PID: 10809 Comm: syz-executor560 Tainted: G B 5.5.0-syzkaller #0 [ 122.188004][T10809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 122.198104][T10809] Call Trace: [ 122.201386][T10809] dump_stack+0x197/0x210 [ 122.205746][T10809] panic+0x2e3/0x75c [ 122.209634][T10809] ? add_taint.cold+0x16/0x16 [ 122.214306][T10809] ? tcf_generic_walker+0x73f/0xc00 [ 122.219551][T10809] ? preempt_schedule+0x4b/0x60 [ 122.224438][T10809] ? ___preempt_schedule+0x16/0x18 [ 122.229539][T10809] ? trace_hardirqs_on+0x5e/0x240 [ 122.234566][T10809] ? tcf_generic_walker+0x73f/0xc00 [ 122.239755][T10809] end_report+0x47/0x4f [ 122.243899][T10809] ? tcf_generic_walker+0x73f/0xc00 [ 122.249083][T10809] __kasan_report.cold+0xe/0x32 [ 122.253921][T10809] ? tcf_generic_walker+0x73f/0xc00 [ 122.259115][T10809] kasan_report+0x12/0x20 [ 122.263426][T10809] check_memory_region+0x134/0x1a0 [ 122.268518][T10809] __kasan_check_read+0x11/0x20 [ 122.273348][T10809] tcf_generic_walker+0x73f/0xc00 [ 122.278353][T10809] ? find_held_lock+0x35/0x130 [ 122.283114][T10809] ? tcf_action_dump_1+0x840/0x840 [ 122.288219][T10809] ? rcu_read_lock_held+0x9c/0xb0 [ 122.293238][T10809] ? __kasan_check_read+0x11/0x20 [ 122.298255][T10809] tcf_ife_walker+0x1a0/0x2b0 [ 122.302916][T10809] tca_action_gd+0xcec/0x1760 [ 122.307576][T10809] ? tca_get_fill.constprop.0+0x4f0/0x4f0 [ 122.313335][T10809] ? avc_has_perm_noaudit+0x38c/0x570 [ 122.318691][T10809] ? __kasan_check_read+0x11/0x20 [ 122.323718][T10809] ? avc_has_perm_noaudit+0x3b3/0x570 [ 122.329139][T10809] ? avc_has_extended_perms+0x10f0/0x10f0 [ 122.334861][T10809] ? selinux_sb_eat_lsm_opts+0x700/0x700 [ 122.340492][T10809] ? __nla_parse+0x43/0x60 [ 122.344892][T10809] tc_ctl_action+0x3be/0x488 [ 122.349462][T10809] ? tcf_action_add+0x3b0/0x3b0 [ 122.354298][T10809] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 122.360516][T10809] ? tcf_action_add+0x3b0/0x3b0 [ 122.365347][T10809] rtnetlink_rcv_msg+0x45e/0xaf0 [ 122.370274][T10809] ? rtnl_bridge_getlink+0x910/0x910 [ 122.375548][T10809] ? lock_downgrade+0x920/0x920 [ 122.380388][T10809] ? netlink_deliver_tap+0x226/0xbf0 [ 122.385689][T10809] ? find_held_lock+0x35/0x130 [ 122.390435][T10809] netlink_rcv_skb+0x177/0x450 [ 122.395179][T10809] ? rtnl_bridge_getlink+0x910/0x910 [ 122.400445][T10809] ? netlink_ack+0xb50/0xb50 [ 122.405014][T10809] ? __kasan_check_read+0x11/0x20 [ 122.410017][T10809] ? netlink_deliver_tap+0x248/0xbf0 [ 122.415322][T10809] rtnetlink_rcv+0x1d/0x30 [ 122.419719][T10809] netlink_unicast+0x59e/0x7e0 [ 122.424462][T10809] ? netlink_attachskb+0x870/0x870 [ 122.429575][T10809] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 122.435813][T10809] netlink_sendmsg+0x91c/0xea0 [ 122.440560][T10809] ? netlink_unicast+0x7e0/0x7e0 [ 122.445475][T10809] ? tomoyo_socket_sendmsg+0x26/0x30 [ 122.450740][T10809] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 122.456969][T10809] ? security_socket_sendmsg+0x8d/0xc0 [ 122.462466][T10809] ? netlink_unicast+0x7e0/0x7e0 [ 122.467402][T10809] sock_sendmsg+0xd7/0x130 [ 122.471802][T10809] ____sys_sendmsg+0x753/0x880 [ 122.476571][T10809] ? kernel_sendmsg+0x50/0x50 [ 122.481227][T10809] ? __fget+0x35d/0x550 [ 122.485362][T10809] ? find_held_lock+0x35/0x130 [ 122.490153][T10809] ___sys_sendmsg+0x100/0x170 [ 122.494816][T10809] ? sendmsg_copy_msghdr+0x70/0x70 [ 122.499906][T10809] ? __kasan_check_read+0x11/0x20 [ 122.504913][T10809] ? __fget+0x37f/0x550 [ 122.509061][T10809] ? ksys_dup3+0x3e0/0x3e0 [ 122.513494][T10809] ? find_held_lock+0x35/0x130 [ 122.518250][T10809] ? do_page_fault+0x579/0x12e1 [ 122.523106][T10809] ? __fget_light+0x1a9/0x230 [ 122.527769][T10809] ? __fdget+0x1b/0x20 [ 122.531878][T10809] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 122.538114][T10809] __sys_sendmsg+0x105/0x1d0 [ 122.542711][T10809] ? __sys_sendmsg_sock+0xc0/0xc0 [ 122.547715][T10809] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 122.553694][T10809] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 122.559134][T10809] ? do_syscall_64+0x26/0x790 [ 122.563800][T10809] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 122.569849][T10809] ? do_syscall_64+0x26/0x790 [ 122.574517][T10809] __x64_sys_sendmsg+0x78/0xb0 [ 122.579281][T10809] do_syscall_64+0xfa/0x790 [ 122.583780][T10809] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 122.589691][T10809] RIP: 0033:0x446939 [ 122.593578][T10809] Code: e8 0c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 122.613272][T10809] RSP: 002b:00007f7b06402da8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 122.621664][T10809] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 0000000000446939 [ 122.629614][T10809] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003 [ 122.637579][T10809] RBP: 00000000006dbc20 R08: 0000000000000008 R09: 0000000000000000 [ 122.645528][T10809] R10: 000000000000000c R11: 0000000000000246 R12: 00000000006dbc2c [ 122.653478][T10809] R13: 0000000020000400 R14: 00000000004ae7e8 R15: 000000000000002d [ 122.662755][T10809] Kernel Offset: disabled [ 122.667097][T10809] Rebooting in 86400 seconds..