[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 77.750458][ T27] audit: type=1800 audit(1578363389.500:25): pid=9156 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 77.777335][ T27] audit: type=1800 audit(1578363389.500:26): pid=9156 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 77.817085][ T27] audit: type=1800 audit(1578363389.510:27): pid=9156 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.3' (ECDSA) to the list of known hosts. syzkaller login: [ 85.725765][ T9308] IPVS: ftp: loaded support on port[0] = 21 [ 85.784840][ T9308] chnl_net:caif_netlink_parms(): no params data found [ 85.815113][ T9308] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.822557][ T9308] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.830340][ T9308] device bridge_slave_0 entered promiscuous mode [ 85.838883][ T9308] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.845955][ T9308] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.853681][ T9308] device bridge_slave_1 entered promiscuous mode [ 85.871715][ T9308] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.882388][ T9308] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.902135][ T9308] team0: Port device team_slave_0 added [ 85.909421][ T9308] team0: Port device team_slave_1 added [ 85.979653][ T9308] device hsr_slave_0 entered promiscuous mode [ 86.047643][ T9308] device hsr_slave_1 entered promiscuous mode [ 86.147314][ T9308] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 86.199565][ T9308] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 86.259047][ T9308] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 86.310252][ T9308] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 86.397465][ T9308] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.404571][ T9308] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.412260][ T9308] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.419323][ T9308] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.459564][ T9308] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.472824][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 86.483248][ T2990] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.491464][ T2990] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.499451][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 86.512489][ T9308] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.522575][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 86.531646][ T2991] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.538744][ T2991] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.550177][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 86.558587][ T2990] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.565618][ T2990] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.587843][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 86.596432][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 86.608883][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 86.616578][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 86.628954][ T3004] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 86.640058][ T9308] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 86.656904][ T2996] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 86.664991][ T2996] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 86.677899][ T9308] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 86.694910][ T3004] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 86.714553][ T9308] device veth0_vlan entered promiscuous mode [ 86.722674][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 86.731606][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 86.739566][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 86.752267][ T9308] device veth1_vlan entered promiscuous mode executing program [ 86.760270][ T2996] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 86.777726][ T9308] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 86.785554][ T9308] #PF: supervisor instruction fetch in kernel mode [ 86.792037][ T9308] #PF: error_code(0x0010) - not-present page [ 86.797990][ T9308] PGD a066f067 P4D a066f067 PUD 958e3067 PMD 0 [ 86.804228][ T9308] Oops: 0010 [#1] PREEMPT SMP KASAN [ 86.809402][ T9308] CPU: 0 PID: 9308 Comm: syz-executor762 Not tainted 5.5.0-rc4-syzkaller #0 [ 86.818049][ T9308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 86.828088][ T9308] RIP: 0010:0x0 [ 86.831533][ T9308] Code: Bad RIP value. [ 86.835572][ T9308] RSP: 0018:ffffc90001d37a78 EFLAGS: 00010246 [ 86.841611][ T9308] RAX: dffffc0000000000 RBX: ffff8882186a6540 RCX: ffffffff876a3fd1 [ 86.849614][ T9308] RDX: 1ffffffff1148afc RSI: 0000000000000004 RDI: ffff8882186a6540 [ 86.857578][ T9308] RBP: ffffc90001d37ab8 R08: ffff88809f9ba580 R09: ffffed1015d0703d [ 86.865540][ T9308] R10: ffffed1015d0703c R11: ffff8880ae8381e3 R12: ffffffff88a45660 [ 86.873487][ T9308] R13: ffff8880a7aed000 R14: ffffc90001d37bb0 R15: 0000000000000000 [ 86.881492][ T9308] FS: 0000000001a01880(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 86.890400][ T9308] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 86.897004][ T9308] CR2: ffffffffffffffd6 CR3: 00000000a5220000 CR4: 00000000001406f0 [ 86.904967][ T9308] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 86.912954][ T9308] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 86.920904][ T9308] Call Trace: [ 86.924174][ T9308] cfg80211_wext_siwfrag+0x279/0x910 [ 86.929436][ T9308] ioctl_standard_call+0xca/0x1d0 [ 86.934434][ T9308] ? cfg80211_wext_siwrts+0x8f0/0x8f0 [ 86.939784][ T9308] ? cfg80211_wext_siwrts+0x8f0/0x8f0 [ 86.945129][ T9308] wireless_process_ioctl.constprop.0+0x236/0x2b0 [ 86.951517][ T9308] ? ioctl_standard_iw_point+0xc20/0xc20 [ 86.957132][ T9308] wext_handle_ioctl+0x106/0x1c0 [ 86.962107][ T9308] ? call_commit_handler+0x10/0x10 [ 86.967197][ T9308] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 86.973410][ T9308] ? tomoyo_path_number_perm+0x25e/0x520 [ 86.979019][ T9308] sock_ioctl+0x47d/0x790 [ 86.983324][ T9308] ? dlci_ioctl_set+0x40/0x40 [ 86.987982][ T9308] ? __do_page_fault+0x56a/0xd80 [ 86.992896][ T9308] ? dlci_ioctl_set+0x40/0x40 [ 86.997548][ T9308] do_vfs_ioctl+0x977/0x14e0 [ 87.002130][ T9308] ? compat_ioctl_preallocate+0x220/0x220 [ 87.007834][ T9308] ? __kasan_check_write+0x14/0x20 [ 87.012932][ T9308] ? up_read+0x1cd/0x810 [ 87.017171][ T9308] ? tomoyo_file_ioctl+0x23/0x30 [ 87.022101][ T9308] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 87.028366][ T9308] ? security_file_ioctl+0x8d/0xc0 [ 87.033452][ T9308] ksys_ioctl+0xab/0xd0 [ 87.037590][ T9308] __x64_sys_ioctl+0x73/0xb0 [ 87.042157][ T9308] do_syscall_64+0xfa/0x790 [ 87.046637][ T9308] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 87.052501][ T9308] RIP: 0033:0x4423f9 [ 87.056375][ T9308] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 87.075951][ T9308] RSP: 002b:00007ffd5699e578 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 87.084343][ T9308] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004423f9 [ 87.092290][ T9308] RDX: 0000000020000040 RSI: 0800000000008b24 RDI: 0000000000000003 [ 87.100240][ T9308] RBP: 0000000000000004 R08: 0000000000000025 R09: 0000000000000025 [ 87.108187][ T9308] R10: 0000000000000025 R11: 0000000000000246 R12: 0000000000000000 [ 87.116138][ T9308] R13: 0000000000403970 R14: 0000000000000000 R15: 0000000000000000 [ 87.124118][ T9308] Modules linked in: [ 87.127989][ T9308] CR2: 0000000000000000 [ 87.133768][ T9308] ---[ end trace d5d5f75393c2f62d ]--- [ 87.139247][ T9308] RIP: 0010:0x0 [ 87.142688][ T9308] Code: Bad RIP value. [ 87.146725][ T9308] RSP: 0018:ffffc90001d37a78 EFLAGS: 00010246 [ 87.152800][ T9308] RAX: dffffc0000000000 RBX: ffff8882186a6540 RCX: ffffffff876a3fd1 [ 87.160787][ T9308] RDX: 1ffffffff1148afc RSI: 0000000000000004 RDI: ffff8882186a6540 [ 87.168772][ T9308] RBP: ffffc90001d37ab8 R08: ffff88809f9ba580 R09: ffffed1015d0703d [ 87.176726][ T9308] R10: ffffed1015d0703c R11: ffff8880ae8381e3 R12: ffffffff88a45660 [ 87.185112][ T9308] R13: ffff8880a7aed000 R14: ffffc90001d37bb0 R15: 0000000000000000 [ 87.193108][ T9308] FS: 0000000001a01880(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 87.202034][ T9308] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 87.208626][ T9308] CR2: ffffffffffffffd6 CR3: 00000000a5220000 CR4: 00000000001406f0 [ 87.216603][ T9308] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 87.224579][ T9308] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 87.232560][ T9308] Kernel panic - not syncing: Fatal exception [ 87.239848][ T9308] Kernel Offset: disabled [ 87.244197][ T9308] Rebooting in 86400 seconds..