[ 68.010847][ T27] audit: type=1800 audit(1578426441.787:24): pid=9575 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="sudo" dev="sda1" ino=2454 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 68.753929][ T27] audit: type=1800 audit(1578426442.627:25): pid=9575 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 68.774190][ T27] audit: type=1800 audit(1578426442.627:26): pid=9575 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.29' (ECDSA) to the list of known hosts. syzkaller login: [ 79.890255][ T9726] IPVS: ftp: loaded support on port[0] = 21 [ 79.954781][ T9726] chnl_net:caif_netlink_parms(): no params data found [ 80.002350][ T9726] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.010037][ T9726] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.022160][ T9726] device bridge_slave_0 entered promiscuous mode [ 80.032997][ T9726] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.041318][ T9726] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.049426][ T9726] device bridge_slave_1 entered promiscuous mode [ 80.074661][ T9726] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.086415][ T9726] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.117310][ T9726] team0: Port device team_slave_0 added [ 80.125031][ T9726] team0: Port device team_slave_1 added [ 80.192470][ T9726] device hsr_slave_0 entered promiscuous mode [ 80.260148][ T9726] device hsr_slave_1 entered promiscuous mode [ 80.366574][ T9726] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 80.412653][ T9726] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 80.453261][ T9726] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 80.532420][ T9726] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 80.612340][ T9726] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.619611][ T9726] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.627817][ T9726] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.634943][ T9726] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.678461][ T9726] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.693054][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 80.703575][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.712004][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.721688][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 80.735249][ T9726] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.745837][ T2709] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 80.754845][ T2709] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.762153][ T2709] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.774663][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 80.784240][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.791349][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.810867][ T2709] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 80.819571][ T2709] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 80.837131][ T9726] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 80.848584][ T9726] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 80.862269][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 80.871155][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 80.879654][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 80.888787][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 80.910473][ T9726] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.919532][ T2634] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 80.927878][ T2634] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 80.947202][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 80.956626][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 80.976543][ T9726] device veth0_vlan entered promiscuous mode [ 80.984535][ T2709] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready executing program [ 80.992988][ T2709] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 81.002504][ T2709] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 81.011702][ T2709] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 81.023649][ T9726] device veth1_vlan entered promiscuous mode [ 81.040066][ T9726] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 81.048067][ T9726] #PF: supervisor instruction fetch in kernel mode [ 81.054551][ T9726] #PF: error_code(0x0010) - not-present page [ 81.060524][ T9726] PGD 97f54067 P4D 97f54067 PUD 97fa4067 PMD 0 [ 81.066763][ T9726] Oops: 0010 [#1] PREEMPT SMP KASAN [ 81.071954][ T9726] CPU: 0 PID: 9726 Comm: syz-executor664 Not tainted 5.5.0-rc5-syzkaller #0 [ 81.080605][ T9726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 81.090665][ T9726] RIP: 0010:0x0 [ 81.094131][ T9726] Code: Bad RIP value. [ 81.099315][ T9726] RSP: 0018:ffffc900023d7a78 EFLAGS: 00010246 [ 81.105366][ T9726] RAX: dffffc0000000000 RBX: ffff8882187e8540 RCX: ffffffff876a3fd1 [ 81.113324][ T9726] RDX: 1ffffffff1148ae4 RSI: 0000000000000004 RDI: ffff8882187e8540 [ 81.121282][ T9726] RBP: ffffc900023d7ab8 R08: ffff88809814a180 R09: ffffed1015d0703d [ 81.129329][ T9726] R10: ffffed1015d0703c R11: ffff8880ae8381e3 R12: ffffffff88a455a0 [ 81.137304][ T9726] R13: ffff888093231000 R14: ffffc900023d7bb0 R15: 0000000000000000 [ 81.145301][ T9726] FS: 0000000000c14880(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 81.154310][ T9726] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 81.160889][ T9726] CR2: ffffffffffffffd6 CR3: 000000009f328000 CR4: 00000000001406f0 [ 81.168848][ T9726] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 81.176821][ T9726] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 81.184862][ T9726] Call Trace: [ 81.188241][ T9726] cfg80211_wext_siwfrag+0x279/0x910 [ 81.193531][ T9726] ioctl_standard_call+0xca/0x1d0 [ 81.198749][ T9726] ? cfg80211_wext_siwrts+0x8f0/0x8f0 [ 81.204149][ T9726] ? cfg80211_wext_siwrts+0x8f0/0x8f0 [ 81.210042][ T9726] wireless_process_ioctl.constprop.0+0x236/0x2b0 [ 81.216970][ T9726] ? ioctl_standard_iw_point+0xc20/0xc20 [ 81.222594][ T9726] wext_handle_ioctl+0x106/0x1c0 [ 81.227521][ T9726] ? call_commit_handler+0x10/0x10 [ 81.232626][ T9726] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 81.238850][ T9726] ? tomoyo_path_number_perm+0x25e/0x520 [ 81.244472][ T9726] sock_ioctl+0x47d/0x790 [ 81.248797][ T9726] ? dlci_ioctl_set+0x40/0x40 [ 81.253461][ T9726] ? __do_page_fault+0x56a/0xd80 [ 81.258387][ T9726] ? dlci_ioctl_set+0x40/0x40 [ 81.263052][ T9726] do_vfs_ioctl+0x977/0x14e0 [ 81.267633][ T9726] ? compat_ioctl_preallocate+0x220/0x220 [ 81.273352][ T9726] ? __kasan_check_write+0x14/0x20 [ 81.278584][ T9726] ? up_read+0x1cd/0x810 [ 81.282841][ T9726] ? tomoyo_file_ioctl+0x23/0x30 [ 81.287784][ T9726] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 81.294041][ T9726] ? security_file_ioctl+0x8d/0xc0 [ 81.299161][ T9726] ksys_ioctl+0xab/0xd0 [ 81.303307][ T9726] __x64_sys_ioctl+0x73/0xb0 [ 81.307890][ T9726] do_syscall_64+0xfa/0x790 [ 81.312383][ T9726] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 81.318260][ T9726] RIP: 0033:0x4421f9 [ 81.322151][ T9726] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 81.341752][ T9726] RSP: 002b:00007ffd6194ae58 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 81.350157][ T9726] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004421f9 [ 81.358394][ T9726] RDX: 0000000020000040 RSI: 0800000000008b24 RDI: 0000000000000003 [ 81.366360][ T9726] RBP: 00007ffd6194ae70 R08: 0000000001bbbbbb R09: 0000000001bbbbbb [ 81.374321][ T9726] R10: 0000000001bbbbbb R11: 0000000000000246 R12: 0000000000000000 [ 81.382451][ T9726] R13: 0000000000403790 R14: 0000000000000000 R15: 0000000000000000 [ 81.390411][ T9726] Modules linked in: [ 81.394290][ T9726] CR2: 0000000000000000 [ 81.400570][ T9726] ---[ end trace 7eb87b9362ddb8ef ]--- [ 81.406033][ T9726] RIP: 0010:0x0 [ 81.409565][ T9726] Code: Bad RIP value. [ 81.413800][ T9726] RSP: 0018:ffffc900023d7a78 EFLAGS: 00010246 [ 81.420250][ T9726] RAX: dffffc0000000000 RBX: ffff8882187e8540 RCX: ffffffff876a3fd1 [ 81.428359][ T9726] RDX: 1ffffffff1148ae4 RSI: 0000000000000004 RDI: ffff8882187e8540 [ 81.436388][ T9726] RBP: ffffc900023d7ab8 R08: ffff88809814a180 R09: ffffed1015d0703d [ 81.444526][ T9726] R10: ffffed1015d0703c R11: ffff8880ae8381e3 R12: ffffffff88a455a0 [ 81.452528][ T9726] R13: ffff888093231000 R14: ffffc900023d7bb0 R15: 0000000000000000 [ 81.460542][ T9726] FS: 0000000000c14880(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 81.469459][ T9726] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 81.476129][ T9726] CR2: ffffffffffffffd6 CR3: 000000009f328000 CR4: 00000000001406f0 [ 81.484135][ T9726] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 81.492166][ T9726] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 81.500438][ T9726] Kernel panic - not syncing: Fatal exception [ 81.507961][ T9726] Kernel Offset: disabled [ 81.512296][ T9726] Rebooting in 86400 seconds..