Warning: Permanently added '10.128.0.120' (ECDSA) to the list of known hosts. 2019/09/07 03:25:11 parsed 1 programs syzkaller login: [ 77.285583][ T26] kauditd_printk_skb: 3 callbacks suppressed [ 77.285597][ T26] audit: type=1400 audit(1567826711.179:36): avc: denied { map } for pid=10291 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 77.350285][ T26] audit: type=1400 audit(1567826711.239:37): avc: denied { map } for pid=10291 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=15821 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2019/09/07 03:25:12 executed programs: 0 [ 78.878993][T10307] IPVS: ftp: loaded support on port[0] = 21 [ 78.925220][T10307] chnl_net:caif_netlink_parms(): no params data found [ 78.946726][T10307] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.954399][T10307] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.961819][T10307] device bridge_slave_0 entered promiscuous mode [ 78.969285][T10307] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.976414][T10307] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.984127][T10307] device bridge_slave_1 entered promiscuous mode [ 78.998927][T10307] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.009160][T10307] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.024908][T10307] team0: Port device team_slave_0 added [ 79.031278][T10307] team0: Port device team_slave_1 added [ 79.085163][T10307] device hsr_slave_0 entered promiscuous mode [ 79.123751][T10307] device hsr_slave_1 entered promiscuous mode [ 79.168942][T10307] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.176132][T10307] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.183379][T10307] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.190431][T10307] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.215693][T10307] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.226883][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 79.235090][ T3517] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.242541][ T3517] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.250427][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 79.259949][T10307] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.269027][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 79.277354][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.284409][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.293620][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 79.301954][ T3517] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.309019][ T3517] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.321909][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 79.330872][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 79.340482][ T3517] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 79.350826][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 79.361707][T10307] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 79.372460][T10307] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 79.380641][T10309] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 79.394684][T10307] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.423918][ T26] audit: type=1400 audit(1567826713.319:38): avc: denied { associate } for pid=10307 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 79.492659][T10321] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 79.518895][T10326] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 79.526733][T10326] #PF: supervisor instruction fetch in kernel mode [ 79.533226][T10326] #PF: error_code(0x0010) - not-present page [ 79.539190][T10326] PGD a1df3067 P4D a1df3067 PUD 99be7067 PMD 0 [ 79.545520][T10326] Oops: 0010 [#1] PREEMPT SMP KASAN [ 79.550819][T10326] CPU: 1 PID: 10326 Comm: syz-executor.0 Not tainted 5.3.0-rc7+ #0 [ 79.558681][T10326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 79.568715][T10326] RIP: 0010:0x0 [ 79.572157][T10326] Code: Bad RIP value. [ 79.576199][T10326] RSP: 0018:ffff8880815df4d8 EFLAGS: 00010246 [ 79.582238][T10326] RAX: dffffc0000000000 RBX: ffffffff882a51a0 RCX: ffffffff85b3fc56 [ 79.590183][T10326] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8880a1c63640 [ 79.598129][T10326] RBP: ffff8880815df5d0 R08: ffff88808bf12200 R09: ffff8880815df658 [ 79.606072][T10326] R10: ffffed10102bbed9 R11: ffff8880815df6cf R12: ffff8880a1c63640 [ 79.614016][T10326] R13: 0000000000000001 R14: ffff8880815df5a8 R15: ffffffff882a51a0 [ 79.621997][T10326] FS: 00007f79e48e5700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 79.630898][T10326] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 79.637454][T10326] CR2: ffffffffffffffd6 CR3: 000000008f076000 CR4: 00000000001406e0 [ 79.645403][T10326] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 79.653347][T10326] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 79.661291][T10326] Call Trace: [ 79.664597][T10326] tc_bind_tclass+0x13e/0x2f0 [ 79.669333][T10326] ? qdisc_class_hash_init+0x110/0x110 [ 79.674779][T10326] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 79.681002][T10326] ? ns_capable_common+0x93/0x100 [ 79.686054][T10326] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 79.692363][T10326] ? qdisc_match_from_root+0x18a/0x280 [ 79.697797][T10326] tc_ctl_tclass+0xadb/0xcd0 [ 79.702364][T10326] ? qdisc_tree_reduce_backlog+0x570/0x570 [ 79.708144][T10326] ? rtnetlink_rcv_msg+0x3d0/0xb00 [ 79.713232][T10326] ? rtnetlink_rcv_msg+0x1ea/0xb00 [ 79.718315][T10326] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 79.724527][T10326] ? qdisc_tree_reduce_backlog+0x570/0x570 [ 79.730308][T10326] rtnetlink_rcv_msg+0x463/0xb00 [ 79.735220][T10326] ? rtnetlink_put_metrics+0x580/0x580 [ 79.740741][T10326] ? netdev_core_pick_tx+0x2f0/0x2f0 [ 79.746104][T10326] ? __copy_skb_header+0x250/0x550 [ 79.751194][T10326] netlink_rcv_skb+0x177/0x450 [ 79.755931][T10326] ? rtnetlink_put_metrics+0x580/0x580 [ 79.761373][T10326] ? netlink_ack+0xb30/0xb30 [ 79.765936][T10326] ? netlink_deliver_tap+0x254/0xbf0 [ 79.771281][T10326] rtnetlink_rcv+0x1d/0x30 [ 79.775670][T10326] netlink_unicast+0x531/0x710 [ 79.780409][T10326] ? netlink_attachskb+0x7c0/0x7c0 [ 79.785493][T10326] ? _copy_from_iter_full+0x25d/0x8a0 [ 79.790837][T10326] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 79.797050][T10326] netlink_sendmsg+0x8a5/0xd60 [ 79.801804][T10326] ? netlink_unicast+0x710/0x710 [ 79.806723][T10326] ? tomoyo_socket_sendmsg+0x26/0x30 [ 79.811991][T10326] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 79.818213][T10326] ? security_socket_sendmsg+0x8d/0xc0 [ 79.823695][T10326] ? netlink_unicast+0x710/0x710 [ 79.828609][T10326] sock_sendmsg+0xd7/0x130 [ 79.833000][T10326] ___sys_sendmsg+0x803/0x920 [ 79.837693][T10326] ? copy_msghdr_from_user+0x440/0x440 [ 79.843127][T10326] ? __fget+0xa3/0x560 [ 79.847172][T10326] ? __fget+0x384/0x560 [ 79.851334][T10326] ? ksys_dup3+0x3e0/0x3e0 [ 79.855757][T10326] ? __might_fault+0xfb/0x1e0 [ 79.860409][T10326] ? __fget_light+0x1a9/0x230 [ 79.865057][T10326] ? __fdget+0x1b/0x20 [ 79.869098][T10326] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 79.875310][T10326] __sys_sendmsg+0x105/0x1d0 [ 79.879875][T10326] ? __sys_sendmsg_sock+0xd0/0xd0 [ 79.884876][T10326] ? __x64_sys_clock_gettime+0x16d/0x240 [ 79.890483][T10326] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 79.896519][T10326] __x64_sys_sendmsg+0x78/0xb0 [ 79.901255][T10326] do_syscall_64+0xfd/0x6a0 [ 79.905733][T10326] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 79.911597][T10326] RIP: 0033:0x4598e9 [ 79.915467][T10326] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 79.935043][T10326] RSP: 002b:00007f79e48e4c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 79.943432][T10326] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 79.951382][T10326] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003 [ 79.959326][T10326] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 79.967270][T10326] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f79e48e56d4 [ 79.975215][T10326] R13: 00000000004c77fb R14: 00000000004dd098 R15: 00000000ffffffff [ 79.983159][T10326] Modules linked in: [ 79.987028][T10326] CR2: 0000000000000000 [ 79.994134][T10326] ---[ end trace 1eb3100a665365c3 ]--- [ 79.999601][T10326] RIP: 0010:0x0 [ 80.003042][T10326] Code: Bad RIP value. [ 80.007482][T10326] RSP: 0018:ffff8880815df4d8 EFLAGS: 00010246 [ 80.013562][T10326] RAX: dffffc0000000000 RBX: ffffffff882a51a0 RCX: ffffffff85b3fc56 [ 80.021525][T10326] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8880a1c63640 [ 80.029549][T10326] RBP: ffff8880815df5d0 R08: ffff88808bf12200 R09: ffff8880815df658 [ 80.037792][T10326] R10: ffffed10102bbed9 R11: ffff8880815df6cf R12: ffff8880a1c63640 [ 80.045797][T10326] R13: 0000000000000001 R14: ffff8880815df5a8 R15: ffffffff882a51a0 [ 80.053774][T10326] FS: 00007f79e48e5700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 80.062683][T10326] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 80.069285][T10326] CR2: ffffffffffffffd6 CR3: 000000008f076000 CR4: 00000000001406e0 [ 80.077287][T10326] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 80.085258][T10326] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 80.093206][T10326] Kernel panic - not syncing: Fatal exception [ 80.100654][T10326] Kernel Offset: disabled [ 80.104993][T10326] Rebooting in 86400 seconds..