[ 85.867321][ T27] audit: type=1800 audit(1580112830.451:27): pid=9795 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 85.907306][ T27] audit: type=1800 audit(1580112830.471:28): pid=9795 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 86.977166][ T27] audit: type=1800 audit(1580112831.591:29): pid=9795 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 86.997921][ T27] audit: type=1800 audit(1580112831.601:30): pid=9795 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.78' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 97.260398][ T9954] ================================================================== [ 97.268682][ T9954] BUG: KASAN: null-ptr-deref in tcf_generic_walker+0x73f/0xc00 [ 97.276236][ T9954] Read of size 4 at addr 0000000000000010 by task syz-executor659/9954 [ 97.284474][ T9954] [ 97.286831][ T9954] CPU: 0 PID: 9954 Comm: syz-executor659 Not tainted 5.5.0-rc7-syzkaller #0 [ 97.295625][ T9954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 97.305991][ T9954] Call Trace: [ 97.309294][ T9954] dump_stack+0x197/0x210 [ 97.313738][ T9954] ? tcf_generic_walker+0x73f/0xc00 [ 97.318949][ T9954] ? tcf_generic_walker+0x73f/0xc00 [ 97.324376][ T9954] __kasan_report.cold+0x5/0x41 [ 97.329251][ T9954] ? tcf_generic_walker+0x73f/0xc00 [ 97.334473][ T9954] kasan_report+0x12/0x20 [ 97.338832][ T9954] check_memory_region+0x134/0x1a0 [ 97.344466][ T9954] __kasan_check_read+0x11/0x20 [ 97.349325][ T9954] tcf_generic_walker+0x73f/0xc00 [ 97.354349][ T9954] ? find_held_lock+0x35/0x130 [ 97.359255][ T9954] ? tcf_action_dump_1+0x840/0x840 [ 97.364471][ T9954] ? rcu_read_lock_held+0x9c/0xb0 [ 97.369692][ T9954] ? __kasan_check_read+0x11/0x20 [ 97.374897][ T9954] tcf_ife_walker+0x1a0/0x2b0 [ 97.379679][ T9954] tca_action_gd+0xcec/0x1760 [ 97.384489][ T9954] ? tca_get_fill.constprop.0+0x4f0/0x4f0 [ 97.390503][ T9954] ? __kasan_check_read+0x11/0x20 [ 97.395618][ T9954] ? __kasan_check_read+0x11/0x20 [ 97.400637][ T9954] ? __kasan_check_read+0x11/0x20 [ 97.405661][ T9954] ? mark_lock+0xc2/0x1220 [ 97.410169][ T9954] ? __kasan_check_read+0x11/0x20 [ 97.415372][ T9954] ? __lock_acquire+0x8a0/0x4a00 [ 97.420442][ T9954] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 97.426775][ T9954] ? apparmor_capable+0x497/0x900 [ 97.431944][ T9954] ? __nla_parse+0x43/0x60 [ 97.436358][ T9954] tc_ctl_action+0x3be/0x488 [ 97.440943][ T9954] ? tcf_action_add+0x3b0/0x3b0 [ 97.445879][ T9954] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 97.452239][ T9954] ? tcf_action_add+0x3b0/0x3b0 [ 97.457250][ T9954] rtnetlink_rcv_msg+0x45e/0xaf0 [ 97.462186][ T9954] ? rtnl_bridge_getlink+0x910/0x910 [ 97.467458][ T9954] ? lock_downgrade+0x920/0x920 [ 97.472404][ T9954] ? netlink_deliver_tap+0x228/0xbe0 [ 97.477680][ T9954] ? find_held_lock+0x35/0x130 [ 97.482714][ T9954] netlink_rcv_skb+0x177/0x450 [ 97.487519][ T9954] ? rtnl_bridge_getlink+0x910/0x910 [ 97.493018][ T9954] ? netlink_ack+0xb50/0xb50 [ 97.497635][ T9954] ? __kasan_check_read+0x11/0x20 [ 97.502681][ T9954] ? netlink_deliver_tap+0x24a/0xbe0 [ 97.508071][ T9954] rtnetlink_rcv+0x1d/0x30 [ 97.512514][ T9954] netlink_unicast+0x58c/0x7d0 [ 97.517348][ T9954] ? netlink_attachskb+0x870/0x870 [ 97.522679][ T9954] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 97.528485][ T9954] ? __check_object_size+0x3d/0x437 [ 97.533832][ T9954] netlink_sendmsg+0x91c/0xea0 [ 97.538599][ T9954] ? netlink_unicast+0x7d0/0x7d0 [ 97.543644][ T9954] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 97.549331][ T9954] ? apparmor_socket_sendmsg+0x2a/0x30 [ 97.554863][ T9954] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 97.561243][ T9954] ? security_socket_sendmsg+0x8d/0xc0 [ 97.566697][ T9954] ? netlink_unicast+0x7d0/0x7d0 [ 97.571630][ T9954] sock_sendmsg+0xd7/0x130 [ 97.576188][ T9954] ____sys_sendmsg+0x753/0x880 [ 97.581039][ T9954] ? kernel_sendmsg+0x50/0x50 [ 97.586032][ T9954] ? __fget+0x35d/0x550 [ 97.590176][ T9954] ? find_held_lock+0x35/0x130 [ 97.594943][ T9954] ___sys_sendmsg+0x100/0x170 [ 97.599629][ T9954] ? sendmsg_copy_msghdr+0x70/0x70 [ 97.604933][ T9954] ? __kasan_check_read+0x11/0x20 [ 97.609973][ T9954] ? __fget+0x37f/0x550 [ 97.614261][ T9954] ? ksys_dup3+0x3e0/0x3e0 [ 97.618841][ T9954] ? __do_page_fault+0x56a/0xd80 [ 97.623781][ T9954] ? __fget_light+0x1a9/0x230 [ 97.628455][ T9954] ? __fdget+0x1b/0x20 [ 97.632528][ T9954] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 97.638761][ T9954] __sys_sendmsg+0x105/0x1d0 [ 97.643373][ T9954] ? __sys_sendmsg_sock+0xc0/0xc0 [ 97.648417][ T9954] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 97.654472][ T9954] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 97.660125][ T9954] ? do_syscall_64+0x26/0x790 [ 97.664901][ T9954] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 97.670957][ T9954] ? do_syscall_64+0x26/0x790 [ 97.675826][ T9954] __x64_sys_sendmsg+0x78/0xb0 [ 97.680587][ T9954] do_syscall_64+0xfa/0x790 [ 97.685091][ T9954] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 97.691074][ T9954] RIP: 0033:0x446939 [ 97.694980][ T9954] Code: e8 0c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 97.714810][ T9954] RSP: 002b:00007f7408d5fda8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 97.723226][ T9954] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 0000000000446939 [ 97.731217][ T9954] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003 [ 97.739467][ T9954] RBP: 00000000006dbc20 R08: 0000000000000008 R09: 0000000000000000 [ 97.747516][ T9954] R10: 000000000000000c R11: 0000000000000246 R12: 00000000006dbc2c [ 97.755608][ T9954] R13: 0000000020000400 R14: 00000000004ae7e8 R15: 000000000000002d [ 97.763730][ T9954] ================================================================== [ 97.772868][ T9954] Disabling lock debugging due to kernel taint [ 97.780983][ T9954] Kernel panic - not syncing: panic_on_warn set ... [ 97.788068][ T9954] CPU: 0 PID: 9954 Comm: syz-executor659 Tainted: G B 5.5.0-rc7-syzkaller #0 [ 97.798224][ T9954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 97.808392][ T9954] Call Trace: [ 97.811782][ T9954] dump_stack+0x197/0x210 [ 97.816117][ T9954] panic+0x2e3/0x75c [ 97.820007][ T9954] ? add_taint.cold+0x16/0x16 [ 97.824675][ T9954] ? tcf_generic_walker+0x73f/0xc00 [ 97.829876][ T9954] ? preempt_schedule+0x4b/0x60 [ 97.834726][ T9954] ? ___preempt_schedule+0x16/0x18 [ 97.839842][ T9954] ? trace_hardirqs_on+0x5e/0x240 [ 97.844988][ T9954] ? tcf_generic_walker+0x73f/0xc00 [ 97.850187][ T9954] end_report+0x47/0x4f [ 97.854336][ T9954] ? tcf_generic_walker+0x73f/0xc00 [ 97.859629][ T9954] __kasan_report.cold+0xe/0x41 [ 97.864479][ T9954] ? tcf_generic_walker+0x73f/0xc00 [ 97.869728][ T9954] kasan_report+0x12/0x20 [ 97.874044][ T9954] check_memory_region+0x134/0x1a0 [ 97.879144][ T9954] __kasan_check_read+0x11/0x20 [ 97.884110][ T9954] tcf_generic_walker+0x73f/0xc00 [ 97.889126][ T9954] ? find_held_lock+0x35/0x130 [ 97.894041][ T9954] ? tcf_action_dump_1+0x840/0x840 [ 97.899291][ T9954] ? rcu_read_lock_held+0x9c/0xb0 [ 97.904458][ T9954] ? __kasan_check_read+0x11/0x20 [ 97.909647][ T9954] tcf_ife_walker+0x1a0/0x2b0 [ 97.914414][ T9954] tca_action_gd+0xcec/0x1760 [ 97.919083][ T9954] ? tca_get_fill.constprop.0+0x4f0/0x4f0 [ 97.924829][ T9954] ? __kasan_check_read+0x11/0x20 [ 97.929849][ T9954] ? __kasan_check_read+0x11/0x20 [ 97.934874][ T9954] ? __kasan_check_read+0x11/0x20 [ 97.939882][ T9954] ? mark_lock+0xc2/0x1220 [ 97.944291][ T9954] ? __kasan_check_read+0x11/0x20 [ 97.949675][ T9954] ? __lock_acquire+0x8a0/0x4a00 [ 97.954973][ T9954] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 97.961206][ T9954] ? apparmor_capable+0x497/0x900 [ 97.966353][ T9954] ? __nla_parse+0x43/0x60 [ 97.970810][ T9954] tc_ctl_action+0x3be/0x488 [ 97.975409][ T9954] ? tcf_action_add+0x3b0/0x3b0 [ 97.980265][ T9954] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 97.986661][ T9954] ? tcf_action_add+0x3b0/0x3b0 [ 97.991586][ T9954] rtnetlink_rcv_msg+0x45e/0xaf0 [ 97.996791][ T9954] ? rtnl_bridge_getlink+0x910/0x910 [ 98.002066][ T9954] ? lock_downgrade+0x920/0x920 [ 98.006914][ T9954] ? netlink_deliver_tap+0x228/0xbe0 [ 98.012188][ T9954] ? find_held_lock+0x35/0x130 [ 98.017199][ T9954] netlink_rcv_skb+0x177/0x450 [ 98.022210][ T9954] ? rtnl_bridge_getlink+0x910/0x910 [ 98.027528][ T9954] ? netlink_ack+0xb50/0xb50 [ 98.032722][ T9954] ? __kasan_check_read+0x11/0x20 [ 98.037753][ T9954] ? netlink_deliver_tap+0x24a/0xbe0 [ 98.043122][ T9954] rtnetlink_rcv+0x1d/0x30 [ 98.047569][ T9954] netlink_unicast+0x58c/0x7d0 [ 98.052468][ T9954] ? netlink_attachskb+0x870/0x870 [ 98.057583][ T9954] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 98.063294][ T9954] ? __check_object_size+0x3d/0x437 [ 98.068499][ T9954] netlink_sendmsg+0x91c/0xea0 [ 98.073314][ T9954] ? netlink_unicast+0x7d0/0x7d0 [ 98.078250][ T9954] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 98.083811][ T9954] ? apparmor_socket_sendmsg+0x2a/0x30 [ 98.089390][ T9954] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 98.096384][ T9954] ? security_socket_sendmsg+0x8d/0xc0 [ 98.101950][ T9954] ? netlink_unicast+0x7d0/0x7d0 [ 98.106981][ T9954] sock_sendmsg+0xd7/0x130 [ 98.111427][ T9954] ____sys_sendmsg+0x753/0x880 [ 98.116182][ T9954] ? kernel_sendmsg+0x50/0x50 [ 98.120993][ T9954] ? __fget+0x35d/0x550 [ 98.125146][ T9954] ? find_held_lock+0x35/0x130 [ 98.129913][ T9954] ___sys_sendmsg+0x100/0x170 [ 98.134581][ T9954] ? sendmsg_copy_msghdr+0x70/0x70 [ 98.139789][ T9954] ? __kasan_check_read+0x11/0x20 [ 98.144815][ T9954] ? __fget+0x37f/0x550 [ 98.148984][ T9954] ? ksys_dup3+0x3e0/0x3e0 [ 98.153484][ T9954] ? __do_page_fault+0x56a/0xd80 [ 98.158428][ T9954] ? __fget_light+0x1a9/0x230 [ 98.163098][ T9954] ? __fdget+0x1b/0x20 [ 98.167165][ T9954] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 98.173584][ T9954] __sys_sendmsg+0x105/0x1d0 [ 98.178176][ T9954] ? __sys_sendmsg_sock+0xc0/0xc0 [ 98.183187][ T9954] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 98.189633][ T9954] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 98.195405][ T9954] ? do_syscall_64+0x26/0x790 [ 98.200085][ T9954] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 98.206364][ T9954] ? do_syscall_64+0x26/0x790 [ 98.211231][ T9954] __x64_sys_sendmsg+0x78/0xb0 [ 98.216270][ T9954] do_syscall_64+0xfa/0x790 [ 98.221153][ T9954] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 98.227050][ T9954] RIP: 0033:0x446939 [ 98.230967][ T9954] Code: e8 0c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 98.250567][ T9954] RSP: 002b:00007f7408d5fda8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 98.258996][ T9954] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 0000000000446939 [ 98.267049][ T9954] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003 [ 98.275142][ T9954] RBP: 00000000006dbc20 R08: 0000000000000008 R09: 0000000000000000 [ 98.283233][ T9954] R10: 000000000000000c R11: 0000000000000246 R12: 00000000006dbc2c [ 98.295186][ T9954] R13: 0000000020000400 R14: 00000000004ae7e8 R15: 000000000000002d [ 98.304777][ T9954] Kernel Offset: disabled [ 98.309224][ T9954] Rebooting in 86400 seconds..