[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [ 33.800759] kauditd_printk_skb: 9 callbacks suppressed [ 33.800768] audit: type=1800 audit(1563583147.470:33): pid=7107 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 33.827433] audit: type=1800 audit(1563583147.470:34): pid=7107 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 35.779156] audit: type=1400 audit(1563583149.450:35): avc: denied { map } for pid=7283 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.118' (ECDSA) to the list of known hosts. executing program [ 48.801058] audit: type=1400 audit(1563583162.470:36): avc: denied { map } for pid=7297 comm="syz-executor881" path="/root/syz-executor881698610" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 48.804255] netlink: 4 bytes leftover after parsing attributes in process `syz-executor881'. [ 48.836744] kasan: CONFIG_KASAN_INLINE enabled [ 48.841363] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 48.848983] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 48.855211] CPU: 0 PID: 7297 Comm: syz-executor881 Not tainted 4.19.59 #32 [ 48.862198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.871538] RIP: 0010:tcf_ife_init+0x221/0x17d0 [ 48.876182] Code: fb 48 c7 c2 99 43 81 85 be 01 00 00 00 48 c7 c7 60 da 79 88 e8 c0 26 d1 fb 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 14 02 48 89 d8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 83 [ 48.895058] RSP: 0018:ffff88807e28eee0 EFLAGS: 00010246 [ 48.900396] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 1ffff110105c096e [ 48.907639] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000282 [ 48.914882] RBP: ffff88807e28f068 R08: ffff888082e04300 R09: 0000000000000001 [ 48.922137] R10: ffffed1015d04732 R11: ffff8880ae823993 R12: 0000000000000001 [ 48.929387] R13: ffff8882162a7240 R14: ffff88807e28f040 R15: 0000000000000001 [ 48.936642] FS: 000000000129d880(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 48.944844] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 48.950700] CR2: 0000000020000180 CR3: 00000000a5760000 CR4: 00000000001406f0 [ 48.957950] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 48.965294] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 48.972542] Call Trace: [ 48.975114] ? __add_metainfo+0x480/0x480 [ 48.979242] ? lock_downgrade+0x810/0x810 [ 48.983572] ? kasan_check_write+0x14/0x20 [ 48.987869] ? do_raw_read_unlock+0x3f/0x70 [ 48.992185] tcf_action_init_1+0x804/0xc40 [ 48.996405] ? tcf_action_dump_old+0x80/0x80 [ 49.000790] ? __lock_acquire+0x6eb/0x48f0 [ 49.005000] ? __lock_acquire+0x6eb/0x48f0 [ 49.009210] ? memset+0x32/0x40 [ 49.012468] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 49.017986] tcf_action_init+0x23e/0x360 [ 49.022026] ? tcf_action_init_1+0xc40/0xc40 [ 49.026437] ? avc_has_extended_perms+0x10f0/0x10f0 [ 49.031427] ? lock_downgrade+0x810/0x810 [ 49.035554] tcf_action_add+0xe8/0x370 [ 49.039418] ? tca_action_gd+0x16b0/0x16b0 [ 49.043633] ? is_bpf_text_address+0xac/0x170 [ 49.048113] ? memset+0x32/0x40 [ 49.051371] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 49.056888] ? nla_parse+0x1fc/0x2f0 [ 49.060580] tc_ctl_action+0x37a/0x46f [ 49.064440] ? tcf_action_add+0x370/0x370 [ 49.068582] ? __lock_is_held+0xb6/0x140 [ 49.072620] ? selinux_inet_csk_clone+0xd0/0x1a0 [ 49.077367] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 49.082966] ? tcf_action_add+0x370/0x370 [ 49.087090] rtnetlink_rcv_msg+0x463/0xb00 [ 49.091295] ? rtnetlink_put_metrics+0x570/0x570 [ 49.096129] ? netlink_deliver_tap+0x22d/0xc20 [ 49.100687] ? find_held_lock+0x35/0x130 [ 49.104963] netlink_rcv_skb+0x17d/0x460 [ 49.109005] ? rtnetlink_put_metrics+0x570/0x570 [ 49.113868] ? netlink_ack+0xb50/0xb50 [ 49.117730] ? kasan_check_read+0x11/0x20 [ 49.121956] ? netlink_deliver_tap+0x254/0xc20 [ 49.126509] rtnetlink_rcv+0x1d/0x30 [ 49.130194] netlink_unicast+0x537/0x720 [ 49.134238] ? netlink_attachskb+0x770/0x770 [ 49.138620] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 49.144129] netlink_sendmsg+0x8ae/0xd70 [ 49.148171] ? netlink_unicast+0x720/0x720 [ 49.152381] ? selinux_socket_sendmsg+0x36/0x40 [ 49.157028] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 49.162697] ? security_socket_sendmsg+0x8d/0xc0 [ 49.167435] ? netlink_unicast+0x720/0x720 [ 49.171648] sock_sendmsg+0xd7/0x130 [ 49.175337] ___sys_sendmsg+0x803/0x920 [ 49.179288] ? copy_msghdr_from_user+0x430/0x430 [ 49.184026] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 49.189540] ? __handle_mm_fault+0x7d1/0x3f80 [ 49.194022] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 49.198845] ? find_held_lock+0x35/0x130 [ 49.202883] ? __do_page_fault+0x676/0xe90 [ 49.207109] ? find_held_lock+0x35/0x130 [ 49.211221] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 49.216739] ? __fget_light+0x1a9/0x230 [ 49.220690] ? __fdget+0x1b/0x20 [ 49.224028] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 49.229627] __sys_sendmsg+0x105/0x1d0 [ 49.233492] ? __ia32_sys_shutdown+0x80/0x80 [ 49.237879] ? up_read+0x1a/0x110 [ 49.241315] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 49.246059] ? do_syscall_64+0x26/0x620 [ 49.250007] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.255340] ? do_syscall_64+0x26/0x620 [ 49.259287] __x64_sys_sendmsg+0x78/0xb0 [ 49.263320] do_syscall_64+0xfd/0x620 [ 49.267098] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.272309] RIP: 0033:0x4401d9 [ 49.275491] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 49.294366] RSP: 002b:00007ffda54408f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 49.302216] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004401d9 [ 49.309464] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 [ 49.316709] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 49.323955] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a60 [ 49.331201] R13: 0000000000401af0 R14: 0000000000000000 R15: 0000000000000000 [ 49.338450] Modules linked in: [ 49.342184] ---[ end trace 6c61622f074b4ede ]--- [ 49.347159] RIP: 0010:tcf_ife_init+0x221/0x17d0 [ 49.351806] Code: fb 48 c7 c2 99 43 81 85 be 01 00 00 00 48 c7 c7 60 da 79 88 e8 c0 26 d1 fb 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 14 02 48 89 d8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 83 [ 49.370900] RSP: 0018:ffff88807e28eee0 EFLAGS: 00010246 [ 49.376276] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 1ffff110105c096e [ 49.383523] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000282 [ 49.390817] RBP: ffff88807e28f068 R08: ffff888082e04300 R09: 0000000000000001 [ 49.398106] R10: ffffed1015d04732 R11: ffff8880ae823993 R12: 0000000000000001 [ 49.405351] R13: ffff8882162a7240 R14: ffff88807e28f040 R15: 0000000000000001 [ 49.412656] FS: 000000000129d880(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 49.420890] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 49.426771] CR2: ffffffffff600400 CR3: 00000000a5760000 CR4: 00000000001406f0 [ 49.434044] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 49.441443] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 49.448722] Kernel panic - not syncing: Fatal exception [ 49.455181] Kernel Offset: disabled [ 49.458842] Rebooting in 86400 seconds..