Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok [ 40.970831] audit: type=1800 audit(1580221097.752:33): pid=7813 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 45.304022] kauditd_printk_skb: 1 callbacks suppressed [ 45.304037] audit: type=1400 audit(1580221102.082:35): avc: denied { map } for pid=7987 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.123' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program [ 84.749436] audit: type=1400 audit(1580221141.532:36): avc: denied { map } for pid=7999 comm="syz-executor463" path="/root/syz-executor463020308" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 84.775209] ================================================================== [ 84.783121] BUG: KASAN: null-ptr-deref in __tcf_idr_release+0x92/0xf0 [ 84.789748] Read of size 4 at addr 0000000000000010 by task syz-executor463/8009 [ 84.797375] [ 84.799022] CPU: 0 PID: 8009 Comm: syz-executor463 Not tainted 4.19.99-syzkaller #0 [ 84.806816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 84.816160] Call Trace: [ 84.818740] dump_stack+0x197/0x210 [ 84.822446] ? __tcf_idr_release+0x92/0xf0 [ 84.826667] kasan_report.cold+0x199/0x2ba [ 84.830899] check_memory_region+0x123/0x190 [ 84.835298] kasan_check_read+0x11/0x20 [ 84.839270] __tcf_idr_release+0x92/0xf0 [ 84.843336] tcf_generic_walker+0x6c6/0xa60 [ 84.847702] ? tcf_ife_walker+0x166/0x2b0 [ 84.856542] ? find_held_lock+0x35/0x130 [ 84.860602] ? tcf_action_dump_1+0x700/0x700 [ 84.865037] ? lock_downgrade+0x880/0x880 [ 84.869175] ? kasan_check_read+0x11/0x20 [ 84.873326] tcf_ife_walker+0x1a5/0x2b0 [ 84.877296] tca_action_gd+0x945/0x1690 [ 84.881261] ? tca_get_fill.constprop.0+0x4f0/0x4f0 [ 84.886297] ? avc_has_perm_noaudit+0x38f/0x570 [ 84.890964] ? kasan_check_read+0x11/0x20 [ 84.895102] ? avc_has_perm_noaudit+0x3b6/0x570 [ 84.899761] ? avc_has_extended_perms+0x10f0/0x10f0 [ 84.904782] ? selinux_ipv4_output+0x50/0x50 [ 84.909179] ? __bpf_address_lookup+0x2c3/0x310 [ 84.913951] ? memset+0x32/0x40 [ 84.917238] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 84.922777] ? nla_parse+0x1fc/0x2f0 [ 84.926569] tc_ctl_action+0x297/0x43b [ 84.930453] ? tcf_action_add+0x3b0/0x3b0 [ 84.934598] ? __lock_is_held+0xb6/0x140 [ 84.938650] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 84.944185] ? tcf_action_add+0x3b0/0x3b0 [ 84.948321] rtnetlink_rcv_msg+0x463/0xb00 [ 84.952561] ? rtnetlink_put_metrics+0x560/0x560 [ 84.957404] ? netlink_deliver_tap+0x22d/0xc20 [ 84.961983] ? find_held_lock+0x35/0x130 [ 84.966112] netlink_rcv_skb+0x17d/0x460 [ 84.970187] ? rtnetlink_put_metrics+0x560/0x560 [ 84.974971] ? netlink_ack+0xb30/0xb30 [ 84.978852] ? kasan_check_read+0x11/0x20 [ 84.982998] ? netlink_deliver_tap+0x254/0xc20 [ 84.987596] rtnetlink_rcv+0x1d/0x30 [ 84.991376] netlink_unicast+0x53a/0x730 [ 84.995439] ? netlink_attachskb+0x770/0x770 [ 84.999843] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 85.005378] netlink_sendmsg+0x8ae/0xd70 [ 85.009474] ? netlink_unicast+0x730/0x730 [ 85.013733] ? selinux_socket_sendmsg+0x36/0x40 [ 85.018398] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 85.023937] ? security_socket_sendmsg+0x8d/0xc0 [ 85.028690] ? netlink_unicast+0x730/0x730 [ 85.032919] sock_sendmsg+0xd7/0x130 [ 85.036629] ___sys_sendmsg+0x803/0x920 [ 85.041125] ? copy_msghdr_from_user+0x430/0x430 [ 85.045878] ? lock_downgrade+0x880/0x880 [ 85.050019] ? kasan_check_read+0x11/0x20 [ 85.054176] ? __fget+0x367/0x540 [ 85.057622] ? iterate_fd+0x360/0x360 [ 85.061429] ? __do_page_fault+0x676/0xe90 [ 85.065661] ? find_held_lock+0x35/0x130 [ 85.069721] ? __fget_light+0x1a9/0x230 [ 85.073690] ? __fdget+0x1b/0x20 [ 85.077054] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 85.082594] __sys_sendmsg+0x105/0x1d0 [ 85.086669] ? __ia32_sys_shutdown+0x80/0x80 [ 85.091087] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 85.095834] ? do_syscall_64+0x26/0x620 [ 85.099812] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 85.105190] ? do_syscall_64+0x26/0x620 [ 85.109209] __x64_sys_sendmsg+0x78/0xb0 [ 85.113274] do_syscall_64+0xfd/0x620 [ 85.117076] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 85.122295] RIP: 0033:0x446939 [ 85.125519] Code: e8 0c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 85.144843] RSP: 002b:00007f47b7a69da8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 85.152585] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 0000000000446939 [ 85.159854] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003 [ 85.167117] RBP: 00000000006dbc20 R08: 0000000000000008 R09: 0000000000000000 [ 85.174372] R10: 000000000000000c R11: 0000000000000246 R12: 00000000006dbc2c [ 85.181627] R13: 0000000020000400 R14: 00000000004ae7e8 R15: 000000000000002d [ 85.188896] ================================================================== [ 85.196276] Disabling lock debugging due to kernel taint [ 85.203435] Kernel panic - not syncing: panic_on_warn set ... [ 85.203435] [ 85.210866] CPU: 1 PID: 8009 Comm: syz-executor463 Tainted: G B 4.19.99-syzkaller #0 [ 85.220033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 85.229368] Call Trace: [ 85.231984] dump_stack+0x197/0x210 [ 85.235598] ? __tcf_idr_release+0x92/0xf0 [ 85.239860] panic+0x26a/0x50e [ 85.243038] ? __warn_printk+0xf3/0xf3 [ 85.246909] ? __tcf_idr_release+0x92/0xf0 [ 85.251149] ? preempt_schedule+0x4b/0x60 [ 85.255290] ? ___preempt_schedule+0x16/0x18 [ 85.259703] ? trace_hardirqs_on+0x5e/0x220 [ 85.264026] ? __tcf_idr_release+0x92/0xf0 [ 85.268255] kasan_end_report+0x47/0x4f [ 85.272271] kasan_report.cold+0xa9/0x2ba [ 85.276455] check_memory_region+0x123/0x190 [ 85.280872] kasan_check_read+0x11/0x20 [ 85.284841] __tcf_idr_release+0x92/0xf0 [ 85.288903] tcf_generic_walker+0x6c6/0xa60 [ 85.293210] ? tcf_ife_walker+0x166/0x2b0 [ 85.297345] ? find_held_lock+0x35/0x130 [ 85.303834] ? tcf_action_dump_1+0x700/0x700 [ 85.308320] ? lock_downgrade+0x880/0x880 [ 85.312453] ? kasan_check_read+0x11/0x20 [ 85.316589] tcf_ife_walker+0x1a5/0x2b0 [ 85.320586] tca_action_gd+0x945/0x1690 [ 85.324547] ? tca_get_fill.constprop.0+0x4f0/0x4f0 [ 85.329548] ? avc_has_perm_noaudit+0x38f/0x570 [ 85.334289] ? kasan_check_read+0x11/0x20 [ 85.338420] ? avc_has_perm_noaudit+0x3b6/0x570 [ 85.343074] ? avc_has_extended_perms+0x10f0/0x10f0 [ 85.348194] ? selinux_ipv4_output+0x50/0x50 [ 85.352608] ? __bpf_address_lookup+0x2c3/0x310 [ 85.357274] ? memset+0x32/0x40 [ 85.360564] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 85.366089] ? nla_parse+0x1fc/0x2f0 [ 85.369804] tc_ctl_action+0x297/0x43b [ 85.374139] ? tcf_action_add+0x3b0/0x3b0 [ 85.378440] ? __lock_is_held+0xb6/0x140 [ 85.382555] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 85.388085] ? tcf_action_add+0x3b0/0x3b0 [ 85.392224] rtnetlink_rcv_msg+0x463/0xb00 [ 85.396448] ? rtnetlink_put_metrics+0x560/0x560 [ 85.401197] ? netlink_deliver_tap+0x22d/0xc20 [ 85.405830] ? find_held_lock+0x35/0x130 [ 85.409892] netlink_rcv_skb+0x17d/0x460 [ 85.413954] ? rtnetlink_put_metrics+0x560/0x560 [ 85.418710] ? netlink_ack+0xb30/0xb30 [ 85.422586] ? kasan_check_read+0x11/0x20 [ 85.426815] ? netlink_deliver_tap+0x254/0xc20 [ 85.431389] rtnetlink_rcv+0x1d/0x30 [ 85.436225] netlink_unicast+0x53a/0x730 [ 85.440273] ? netlink_attachskb+0x770/0x770 [ 85.444796] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 85.450335] netlink_sendmsg+0x8ae/0xd70 [ 85.454485] ? netlink_unicast+0x730/0x730 [ 85.458893] ? selinux_socket_sendmsg+0x36/0x40 [ 85.463561] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 85.469103] ? security_socket_sendmsg+0x8d/0xc0 [ 85.473869] ? netlink_unicast+0x730/0x730 [ 85.478102] sock_sendmsg+0xd7/0x130 [ 85.481832] ___sys_sendmsg+0x803/0x920 [ 85.485799] ? copy_msghdr_from_user+0x430/0x430 [ 85.490546] ? lock_downgrade+0x880/0x880 [ 85.494681] ? kasan_check_read+0x11/0x20 [ 85.498848] ? __fget+0x367/0x540 [ 85.502289] ? iterate_fd+0x360/0x360 [ 85.506102] ? __do_page_fault+0x676/0xe90 [ 85.510322] ? find_held_lock+0x35/0x130 [ 85.514379] ? __fget_light+0x1a9/0x230 [ 85.518349] ? __fdget+0x1b/0x20 [ 85.521699] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 85.527225] __sys_sendmsg+0x105/0x1d0 [ 85.531095] ? __ia32_sys_shutdown+0x80/0x80 [ 85.535492] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 85.540232] ? do_syscall_64+0x26/0x620 [ 85.544194] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 85.549764] ? do_syscall_64+0x26/0x620 [ 85.553743] __x64_sys_sendmsg+0x78/0xb0 [ 85.557799] do_syscall_64+0xfd/0x620 [ 85.561591] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 85.566766] RIP: 0033:0x446939 [ 85.570041] Code: e8 0c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 85.588926] RSP: 002b:00007f47b7a69da8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 85.596663] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 0000000000446939 [ 85.603917] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003 [ 85.611214] RBP: 00000000006dbc20 R08: 0000000000000008 R09: 0000000000000000 [ 85.618476] R10: 000000000000000c R11: 0000000000000246 R12: 00000000006dbc2c [ 85.625730] R13: 0000000020000400 R14: 00000000004ae7e8 R15: 000000000000002d [ 85.634565] Kernel Offset: disabled [ 85.638209] Rebooting in 86400 seconds..