[ 78.651030][ T27] audit: type=1800 audit(1580283539.934:24): pid=9792 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="sudo" dev="sda1" ino=2454 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 79.257123][ T27] audit: type=1800 audit(1580283540.634:25): pid=9792 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 79.277906][ T27] audit: type=1800 audit(1580283540.634:26): pid=9792 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.37' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 106.736862][ T9951] ================================================================== [ 106.745348][ T9951] BUG: KASAN: null-ptr-deref in tcf_generic_walker+0x73f/0xc00 [ 106.752912][ T9951] Read of size 4 at addr 0000000000000010 by task syz-executor400/9951 [ 106.761151][ T9951] [ 106.763496][ T9951] CPU: 1 PID: 9951 Comm: syz-executor400 Not tainted 5.5.0-syzkaller #0 [ 106.771813][ T9951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 106.781864][ T9951] Call Trace: [ 106.785203][ T9951] dump_stack+0x197/0x210 [ 106.789652][ T9951] ? tcf_generic_walker+0x73f/0xc00 [ 106.794871][ T9951] ? tcf_generic_walker+0x73f/0xc00 [ 106.800098][ T9951] __kasan_report.cold+0x5/0x41 [ 106.804946][ T9951] ? tcf_generic_walker+0x73f/0xc00 [ 106.810168][ T9951] kasan_report+0x12/0x20 [ 106.814575][ T9951] check_memory_region+0x134/0x1a0 [ 106.819744][ T9951] __kasan_check_read+0x11/0x20 [ 106.824595][ T9951] tcf_generic_walker+0x73f/0xc00 [ 106.829877][ T9951] ? find_held_lock+0x35/0x130 [ 106.834662][ T9951] ? tcf_action_dump_1+0x840/0x840 [ 106.839884][ T9951] ? rcu_read_lock_held+0x9c/0xb0 [ 106.845202][ T9951] ? __kasan_check_read+0x11/0x20 [ 106.850392][ T9951] tcf_ife_walker+0x1a0/0x2b0 [ 106.855085][ T9951] tca_action_gd+0xcec/0x1760 [ 106.859775][ T9951] ? tca_get_fill.constprop.0+0x4f0/0x4f0 [ 106.865676][ T9951] ? __kasan_check_read+0x11/0x20 [ 106.870725][ T9951] ? __kasan_check_read+0x11/0x20 [ 106.875836][ T9951] ? __kasan_check_read+0x11/0x20 [ 106.880886][ T9951] ? mark_lock+0xc2/0x1220 [ 106.885306][ T9951] ? __kasan_check_read+0x11/0x20 [ 106.890317][ T9951] ? __lock_acquire+0x8a0/0x4a00 [ 106.895280][ T9951] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 106.901638][ T9951] ? apparmor_capable+0x497/0x900 [ 106.906678][ T9951] ? __nla_parse+0x43/0x60 [ 106.911083][ T9951] tc_ctl_action+0x3be/0x488 [ 106.915672][ T9951] ? tcf_action_add+0x3b0/0x3b0 [ 106.920550][ T9951] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 106.926823][ T9951] ? tcf_action_add+0x3b0/0x3b0 [ 106.931690][ T9951] rtnetlink_rcv_msg+0x45e/0xaf0 [ 106.936706][ T9951] ? rtnl_bridge_getlink+0x910/0x910 [ 106.941979][ T9951] ? lock_downgrade+0x920/0x920 [ 106.946831][ T9951] ? netlink_deliver_tap+0x226/0xbe0 [ 106.952110][ T9951] ? find_held_lock+0x35/0x130 [ 106.956875][ T9951] netlink_rcv_skb+0x177/0x450 [ 106.961693][ T9951] ? rtnl_bridge_getlink+0x910/0x910 [ 106.966963][ T9951] ? netlink_ack+0xb50/0xb50 [ 106.971549][ T9951] ? __kasan_check_read+0x11/0x20 [ 106.976585][ T9951] ? netlink_deliver_tap+0x248/0xbe0 [ 106.981859][ T9951] rtnetlink_rcv+0x1d/0x30 [ 106.986259][ T9951] netlink_unicast+0x58c/0x7d0 [ 106.991188][ T9951] ? netlink_attachskb+0x870/0x870 [ 106.996294][ T9951] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 107.002093][ T9951] ? __check_object_size+0x3d/0x437 [ 107.007286][ T9951] netlink_sendmsg+0x91c/0xea0 [ 107.012080][ T9951] ? netlink_unicast+0x7d0/0x7d0 [ 107.017317][ T9951] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 107.022853][ T9951] ? apparmor_socket_sendmsg+0x2a/0x30 [ 107.028313][ T9951] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 107.034552][ T9951] ? security_socket_sendmsg+0x8d/0xc0 [ 107.040017][ T9951] ? netlink_unicast+0x7d0/0x7d0 [ 107.044949][ T9951] sock_sendmsg+0xd7/0x130 [ 107.049368][ T9951] ____sys_sendmsg+0x753/0x880 [ 107.054134][ T9951] ? kernel_sendmsg+0x50/0x50 [ 107.058794][ T9951] ? __fget+0x35d/0x550 [ 107.062936][ T9951] ? find_held_lock+0x35/0x130 [ 107.067702][ T9951] ___sys_sendmsg+0x100/0x170 [ 107.072385][ T9951] ? sendmsg_copy_msghdr+0x70/0x70 [ 107.077508][ T9951] ? __kasan_check_read+0x11/0x20 [ 107.082807][ T9951] ? __fget+0x37f/0x550 [ 107.086965][ T9951] ? ksys_dup3+0x3e0/0x3e0 [ 107.091367][ T9951] ? __do_page_fault+0x56a/0xd80 [ 107.096331][ T9951] ? __fget_light+0x1a9/0x230 [ 107.101093][ T9951] ? __fdget+0x1b/0x20 [ 107.105151][ T9951] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 107.111503][ T9951] __sys_sendmsg+0x105/0x1d0 [ 107.116082][ T9951] ? __sys_sendmsg_sock+0xc0/0xc0 [ 107.121105][ T9951] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 107.127083][ T9951] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 107.132717][ T9951] ? do_syscall_64+0x26/0x790 [ 107.137405][ T9951] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 107.143463][ T9951] ? do_syscall_64+0x26/0x790 [ 107.148130][ T9951] __x64_sys_sendmsg+0x78/0xb0 [ 107.152924][ T9951] do_syscall_64+0xfa/0x790 [ 107.157416][ T9951] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 107.163375][ T9951] RIP: 0033:0x446939 [ 107.167255][ T9951] Code: e8 0c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 107.186852][ T9951] RSP: 002b:00007f1073242da8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 107.195268][ T9951] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 0000000000446939 [ 107.203300][ T9951] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003 [ 107.211368][ T9951] RBP: 00000000006dbc20 R08: 0000000000000008 R09: 0000000000000000 [ 107.219767][ T9951] R10: 000000000000000c R11: 0000000000000246 R12: 00000000006dbc2c [ 107.227776][ T9951] R13: 0000000020000400 R14: 00000000004ae7e8 R15: 000000000000002d [ 107.235787][ T9951] ================================================================== [ 107.243940][ T9951] Disabling lock debugging due to kernel taint [ 107.252665][ T9951] Kernel panic - not syncing: panic_on_warn set ... [ 107.259263][ T9951] CPU: 1 PID: 9951 Comm: syz-executor400 Tainted: G B 5.5.0-syzkaller #0 [ 107.268963][ T9951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 107.279000][ T9951] Call Trace: [ 107.282298][ T9951] dump_stack+0x197/0x210 [ 107.286616][ T9951] panic+0x2e3/0x75c [ 107.290491][ T9951] ? add_taint.cold+0x16/0x16 [ 107.295150][ T9951] ? tcf_generic_walker+0x73f/0xc00 [ 107.300410][ T9951] ? preempt_schedule+0x4b/0x60 [ 107.305276][ T9951] ? ___preempt_schedule+0x16/0x18 [ 107.310487][ T9951] ? trace_hardirqs_on+0x5e/0x240 [ 107.315602][ T9951] ? tcf_generic_walker+0x73f/0xc00 [ 107.320794][ T9951] end_report+0x47/0x4f [ 107.325065][ T9951] ? tcf_generic_walker+0x73f/0xc00 [ 107.330280][ T9951] __kasan_report.cold+0xe/0x41 [ 107.335624][ T9951] ? tcf_generic_walker+0x73f/0xc00 [ 107.341075][ T9951] kasan_report+0x12/0x20 [ 107.345411][ T9951] check_memory_region+0x134/0x1a0 [ 107.350558][ T9951] __kasan_check_read+0x11/0x20 [ 107.355406][ T9951] tcf_generic_walker+0x73f/0xc00 [ 107.360446][ T9951] ? find_held_lock+0x35/0x130 [ 107.365235][ T9951] ? tcf_action_dump_1+0x840/0x840 [ 107.370368][ T9951] ? rcu_read_lock_held+0x9c/0xb0 [ 107.375542][ T9951] ? __kasan_check_read+0x11/0x20 [ 107.380575][ T9951] tcf_ife_walker+0x1a0/0x2b0 [ 107.385599][ T9951] tca_action_gd+0xcec/0x1760 [ 107.390302][ T9951] ? tca_get_fill.constprop.0+0x4f0/0x4f0 [ 107.396123][ T9951] ? __kasan_check_read+0x11/0x20 [ 107.401161][ T9951] ? __kasan_check_read+0x11/0x20 [ 107.406192][ T9951] ? __kasan_check_read+0x11/0x20 [ 107.411378][ T9951] ? mark_lock+0xc2/0x1220 [ 107.415777][ T9951] ? __kasan_check_read+0x11/0x20 [ 107.420779][ T9951] ? __lock_acquire+0x8a0/0x4a00 [ 107.425805][ T9951] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 107.432038][ T9951] ? apparmor_capable+0x497/0x900 [ 107.437072][ T9951] ? __nla_parse+0x43/0x60 [ 107.441491][ T9951] tc_ctl_action+0x3be/0x488 [ 107.446069][ T9951] ? tcf_action_add+0x3b0/0x3b0 [ 107.450909][ T9951] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 107.457129][ T9951] ? tcf_action_add+0x3b0/0x3b0 [ 107.461963][ T9951] rtnetlink_rcv_msg+0x45e/0xaf0 [ 107.466894][ T9951] ? rtnl_bridge_getlink+0x910/0x910 [ 107.472162][ T9951] ? lock_downgrade+0x920/0x920 [ 107.476995][ T9951] ? netlink_deliver_tap+0x226/0xbe0 [ 107.482286][ T9951] ? find_held_lock+0x35/0x130 [ 107.487037][ T9951] netlink_rcv_skb+0x177/0x450 [ 107.491796][ T9951] ? rtnl_bridge_getlink+0x910/0x910 [ 107.497064][ T9951] ? netlink_ack+0xb50/0xb50 [ 107.501638][ T9951] ? __kasan_check_read+0x11/0x20 [ 107.506818][ T9951] ? netlink_deliver_tap+0x248/0xbe0 [ 107.512439][ T9951] rtnetlink_rcv+0x1d/0x30 [ 107.517904][ T9951] netlink_unicast+0x58c/0x7d0 [ 107.522735][ T9951] ? netlink_attachskb+0x870/0x870 [ 107.527936][ T9951] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 107.533831][ T9951] ? __check_object_size+0x3d/0x437 [ 107.539033][ T9951] netlink_sendmsg+0x91c/0xea0 [ 107.543816][ T9951] ? netlink_unicast+0x7d0/0x7d0 [ 107.548755][ T9951] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 107.554360][ T9951] ? apparmor_socket_sendmsg+0x2a/0x30 [ 107.559858][ T9951] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 107.566202][ T9951] ? security_socket_sendmsg+0x8d/0xc0 [ 107.571775][ T9951] ? netlink_unicast+0x7d0/0x7d0 [ 107.576839][ T9951] sock_sendmsg+0xd7/0x130 [ 107.581268][ T9951] ____sys_sendmsg+0x753/0x880 [ 107.586056][ T9951] ? kernel_sendmsg+0x50/0x50 [ 107.590731][ T9951] ? __fget+0x35d/0x550 [ 107.594884][ T9951] ? find_held_lock+0x35/0x130 [ 107.599652][ T9951] ___sys_sendmsg+0x100/0x170 [ 107.605273][ T9951] ? sendmsg_copy_msghdr+0x70/0x70 [ 107.610377][ T9951] ? __kasan_check_read+0x11/0x20 [ 107.615398][ T9951] ? __fget+0x37f/0x550 [ 107.619532][ T9951] ? ksys_dup3+0x3e0/0x3e0 [ 107.623931][ T9951] ? __do_page_fault+0x56a/0xd80 [ 107.628852][ T9951] ? __fget_light+0x1a9/0x230 [ 107.633516][ T9951] ? __fdget+0x1b/0x20 [ 107.637581][ T9951] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 107.643905][ T9951] __sys_sendmsg+0x105/0x1d0 [ 107.648526][ T9951] ? __sys_sendmsg_sock+0xc0/0xc0 [ 107.653568][ T9951] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 107.659545][ T9951] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 107.664987][ T9951] ? do_syscall_64+0x26/0x790 [ 107.669645][ T9951] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 107.675695][ T9951] ? do_syscall_64+0x26/0x790 [ 107.680373][ T9951] __x64_sys_sendmsg+0x78/0xb0 [ 107.685493][ T9951] do_syscall_64+0xfa/0x790 [ 107.689985][ T9951] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 107.695856][ T9951] RIP: 0033:0x446939 [ 107.699732][ T9951] Code: e8 0c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 107.719340][ T9951] RSP: 002b:00007f1073242da8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 107.727821][ T9951] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 0000000000446939 [ 107.735795][ T9951] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003 [ 107.743786][ T9951] RBP: 00000000006dbc20 R08: 0000000000000008 R09: 0000000000000000 [ 107.751769][ T9951] R10: 000000000000000c R11: 0000000000000246 R12: 00000000006dbc2c [ 107.759743][ T9951] R13: 0000000020000400 R14: 00000000004ae7e8 R15: 000000000000002d [ 107.769478][ T9951] Kernel Offset: disabled [ 107.773823][ T9951] Rebooting in 86400 seconds..