[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 61.209917][ T23] audit: type=1800 audit(1580114142.806:25): pid=8805 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 61.229051][ T23] audit: type=1800 audit(1580114142.806:26): pid=8805 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 61.277095][ T23] audit: type=1800 audit(1580114142.816:27): pid=8805 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.67' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 73.349741][ T8964] ================================================================== [ 73.358552][ T8964] BUG: KASAN: null-ptr-deref in tcf_generic_walker+0x611/0xb30 [ 73.366114][ T8964] Read of size 4 at addr 0000000000000010 by task syz-executor711/8964 [ 73.374359][ T8964] [ 73.376697][ T8964] CPU: 0 PID: 8964 Comm: syz-executor711 Not tainted 5.5.0-rc7-syzkaller #0 [ 73.385511][ T8964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 73.396190][ T8964] Call Trace: [ 73.399503][ T8964] dump_stack+0x1fb/0x318 [ 73.403861][ T8964] __kasan_report+0x167/0x1c0 [ 73.408558][ T8964] ? tcf_generic_walker+0x611/0xb30 [ 73.413883][ T8964] kasan_report+0x26/0x50 [ 73.418357][ T8964] check_memory_region+0x2b6/0x2f0 [ 73.423482][ T8964] __kasan_check_read+0x11/0x20 [ 73.428348][ T8964] tcf_generic_walker+0x611/0xb30 [ 73.433381][ T8964] ? rcu_lock_release+0x9/0x30 [ 73.438675][ T8964] tcf_ife_walker+0x4c/0x60 [ 73.443194][ T8964] tca_action_gd+0x135a/0x18f0 [ 73.448119][ T8964] ? __nla_parse+0x41/0x50 [ 73.452729][ T8964] tc_ctl_action+0x3b7/0x810 [ 73.457345][ T8964] ? __mutex_lock_common+0x53d/0x2f30 [ 73.462743][ T8964] ? rtnetlink_rcv_msg+0x83c/0xd40 [ 73.467962][ T8964] ? tcf_free_cookie_rcu+0x50/0x50 [ 73.473065][ T8964] rtnetlink_rcv_msg+0x889/0xd40 [ 73.478023][ T8964] ? rcu_lock_release+0x9/0x30 [ 73.482796][ T8964] netlink_rcv_skb+0x19e/0x3e0 [ 73.487561][ T8964] ? rtnetlink_bind+0x80/0x80 [ 73.492232][ T8964] rtnetlink_rcv+0x1c/0x20 [ 73.496652][ T8964] netlink_unicast+0x767/0x920 [ 73.501416][ T8964] netlink_sendmsg+0xa2c/0xd50 [ 73.506190][ T8964] ? netlink_getsockopt+0x9f0/0x9f0 [ 73.511453][ T8964] ____sys_sendmsg+0x4f7/0x7f0 [ 73.516373][ T8964] __sys_sendmsg+0x1ed/0x290 [ 73.520996][ T8964] ? rcu_read_lock_sched_held+0x10b/0x170 [ 73.526725][ T8964] ? __kasan_check_write+0x14/0x20 [ 73.531950][ T8964] ? __fpregs_load_activate+0x194/0x220 [ 73.537495][ T8964] ? switch_fpu_return+0xe/0x10 [ 73.542357][ T8964] ? prepare_exit_to_usermode+0x221/0x5b0 [ 73.548343][ T8964] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 73.554175][ T8964] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 73.559750][ T8964] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 73.565466][ T8964] ? do_syscall_64+0x1d/0x1c0 [ 73.570148][ T8964] __x64_sys_sendmsg+0x7f/0x90 [ 73.574927][ T8964] do_syscall_64+0xf7/0x1c0 [ 73.579428][ T8964] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 73.585316][ T8964] RIP: 0033:0x446939 [ 73.589319][ T8964] Code: e8 0c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 73.609093][ T8964] RSP: 002b:00007f31803a8da8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 73.617646][ T8964] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 0000000000446939 [ 73.625623][ T8964] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003 [ 73.633590][ T8964] RBP: 00000000006dbc20 R08: 0000000000000008 R09: 0000000000000000 [ 73.641560][ T8964] R10: 000000000000000c R11: 0000000000000246 R12: 00000000006dbc2c [ 73.649641][ T8964] R13: 0000000020000400 R14: 00000000004ae7e8 R15: 000000000000002d [ 73.657623][ T8964] ================================================================== [ 73.665751][ T8964] Disabling lock debugging due to kernel taint [ 73.672256][ T8964] Kernel panic - not syncing: panic_on_warn set ... [ 73.678875][ T8964] CPU: 1 PID: 8964 Comm: syz-executor711 Tainted: G B 5.5.0-rc7-syzkaller #0 [ 73.689008][ T8964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 73.699257][ T8964] Call Trace: [ 73.702561][ T8964] dump_stack+0x1fb/0x318 [ 73.706883][ T8964] panic+0x264/0x7a9 [ 73.710772][ T8964] ? __kasan_report+0x193/0x1c0 [ 73.715742][ T8964] ? trace_hardirqs_on+0x34/0x80 [ 73.720729][ T8964] ? __kasan_report+0x193/0x1c0 [ 73.725565][ T8964] __kasan_report+0x1b9/0x1c0 [ 73.730284][ T8964] ? tcf_generic_walker+0x611/0xb30 [ 73.735513][ T8964] kasan_report+0x26/0x50 [ 73.740011][ T8964] check_memory_region+0x2b6/0x2f0 [ 73.745117][ T8964] __kasan_check_read+0x11/0x20 [ 73.750147][ T8964] tcf_generic_walker+0x611/0xb30 [ 73.755168][ T8964] ? rcu_lock_release+0x9/0x30 [ 73.759930][ T8964] tcf_ife_walker+0x4c/0x60 [ 73.764423][ T8964] tca_action_gd+0x135a/0x18f0 [ 73.769220][ T8964] ? __nla_parse+0x41/0x50 [ 73.773684][ T8964] tc_ctl_action+0x3b7/0x810 [ 73.778273][ T8964] ? __mutex_lock_common+0x53d/0x2f30 [ 73.783711][ T8964] ? rtnetlink_rcv_msg+0x83c/0xd40 [ 73.788828][ T8964] ? tcf_free_cookie_rcu+0x50/0x50 [ 73.793925][ T8964] rtnetlink_rcv_msg+0x889/0xd40 [ 73.798862][ T8964] ? rcu_lock_release+0x9/0x30 [ 73.803615][ T8964] netlink_rcv_skb+0x19e/0x3e0 [ 73.808370][ T8964] ? rtnetlink_bind+0x80/0x80 [ 73.813032][ T8964] rtnetlink_rcv+0x1c/0x20 [ 73.817440][ T8964] netlink_unicast+0x767/0x920 [ 73.822209][ T8964] netlink_sendmsg+0xa2c/0xd50 [ 73.826968][ T8964] ? netlink_getsockopt+0x9f0/0x9f0 [ 73.832255][ T8964] ____sys_sendmsg+0x4f7/0x7f0 [ 73.837098][ T8964] __sys_sendmsg+0x1ed/0x290 [ 73.841778][ T8964] ? rcu_read_lock_sched_held+0x10b/0x170 [ 73.847970][ T8964] ? __kasan_check_write+0x14/0x20 [ 73.853111][ T8964] ? __fpregs_load_activate+0x194/0x220 [ 73.858654][ T8964] ? switch_fpu_return+0xe/0x10 [ 73.863655][ T8964] ? prepare_exit_to_usermode+0x221/0x5b0 [ 73.869379][ T8964] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 73.875139][ T8964] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 73.880714][ T8964] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 73.886698][ T8964] ? do_syscall_64+0x1d/0x1c0 [ 73.891376][ T8964] __x64_sys_sendmsg+0x7f/0x90 [ 73.896356][ T8964] do_syscall_64+0xf7/0x1c0 [ 73.900860][ T8964] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 73.906744][ T8964] RIP: 0033:0x446939 [ 73.910627][ T8964] Code: e8 0c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 73.930480][ T8964] RSP: 002b:00007f31803a8da8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 73.938883][ T8964] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 0000000000446939 [ 73.946902][ T8964] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003 [ 73.955386][ T8964] RBP: 00000000006dbc20 R08: 0000000000000008 R09: 0000000000000000 [ 73.964043][ T8964] R10: 000000000000000c R11: 0000000000000246 R12: 00000000006dbc2c [ 73.972068][ T8964] R13: 0000000020000400 R14: 00000000004ae7e8 R15: 000000000000002d [ 73.981409][ T8964] Kernel Offset: disabled [ 73.985756][ T8964] Rebooting in 86400 seconds..