[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 69.720488][ T26] kauditd_printk_skb: 7 callbacks suppressed [ 69.720499][ T26] audit: type=1800 audit(1567869537.313:29): pid=9770 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 69.747162][ T26] audit: type=1800 audit(1567869537.323:30): pid=9770 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.109' (ECDSA) to the list of known hosts. 2019/09/07 15:19:03 parsed 1 programs 2019/09/07 15:19:05 executed programs: 0 syzkaller login: [ 77.649930][ T9937] IPVS: ftp: loaded support on port[0] = 21 [ 77.700218][ T9937] chnl_net:caif_netlink_parms(): no params data found [ 77.725089][ T9937] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.732536][ T9937] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.740233][ T9937] device bridge_slave_0 entered promiscuous mode [ 77.747922][ T9937] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.755542][ T9937] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.763382][ T9937] device bridge_slave_1 entered promiscuous mode [ 77.777594][ T9937] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.788103][ T9937] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.804695][ T9937] team0: Port device team_slave_0 added [ 77.812178][ T9937] team0: Port device team_slave_1 added [ 77.894081][ T9937] device hsr_slave_0 entered promiscuous mode [ 77.962118][ T9937] device hsr_slave_1 entered promiscuous mode [ 78.007780][ T9937] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.015023][ T9937] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.022673][ T9937] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.029903][ T9937] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.055024][ T9937] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.066863][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 78.085664][ T17] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.094344][ T17] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.102849][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 78.114244][ T9937] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.124124][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 78.132838][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.140433][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.160329][ T9937] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 78.171150][ T9937] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 78.184025][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 78.192769][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.199822][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.208084][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 78.216634][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 78.225050][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 78.233649][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 78.242355][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 78.249971][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 78.264147][ T9937] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.342711][ T9951] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 78.350746][ T9951] #PF: supervisor instruction fetch in kernel mode [ 78.357411][ T9951] #PF: error_code(0x0010) - not-present page [ 78.363659][ T9951] PGD 9a20b067 P4D 9a20b067 PUD a8823067 PMD 0 [ 78.369977][ T9951] Oops: 0010 [#1] PREEMPT SMP KASAN [ 78.375426][ T9951] CPU: 0 PID: 9951 Comm: syz-executor.0 Not tainted 5.3.0-rc7+ #0 [ 78.383226][ T9951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 78.393368][ T9951] RIP: 0010:0x0 [ 78.396824][ T9951] Code: Bad RIP value. [ 78.401017][ T9951] RSP: 0018:ffff8880a92e74d8 EFLAGS: 00010246 [ 78.407119][ T9951] RAX: dffffc0000000000 RBX: ffffffff882a54e0 RCX: ffffffff85b3fcc6 [ 78.415189][ T9951] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff88808fb5b200 [ 78.423739][ T9951] RBP: ffff8880a92e75d0 R08: ffff8880a889c100 R09: ffff8880a92e7658 [ 78.432685][ T9951] R10: ffffed101525ced9 R11: ffff8880a92e76cf R12: ffff88808fb5b200 [ 78.440920][ T9951] R13: 0000000000000001 R14: ffff8880a92e75a8 R15: ffffffff882a54e0 [ 78.449086][ T9951] FS: 00007fd210141700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 78.458019][ T9951] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 78.464619][ T9951] CR2: ffffffffffffffd6 CR3: 000000008b3fc000 CR4: 00000000001406f0 [ 78.472679][ T9951] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 78.480725][ T9951] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 78.489142][ T9951] Call Trace: [ 78.492439][ T9951] tc_bind_tclass+0x13e/0x2f0 [ 78.497135][ T9951] ? qdisc_class_hash_init+0x110/0x110 [ 78.502884][ T9951] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 78.509251][ T9951] ? ns_capable_common+0x93/0x100 [ 78.514278][ T9951] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 78.520164][ T9951] ? qdisc_match_from_root+0x18a/0x280 [ 78.525919][ T9951] tc_ctl_tclass+0xadb/0xcd0 [ 78.530523][ T9951] ? qdisc_tree_reduce_backlog+0x570/0x570 [ 78.536478][ T9951] ? rtnetlink_rcv_msg+0x3d0/0xb00 [ 78.541608][ T9951] ? rtnetlink_rcv_msg+0x1ea/0xb00 [ 78.546877][ T9951] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 78.553381][ T9951] ? qdisc_tree_reduce_backlog+0x570/0x570 [ 78.559173][ T9951] rtnetlink_rcv_msg+0x463/0xb00 [ 78.564109][ T9951] ? rtnetlink_put_metrics+0x580/0x580 [ 78.569571][ T9951] ? netdev_core_pick_tx+0x2f0/0x2f0 [ 78.574850][ T9951] ? __copy_skb_header+0x250/0x550 [ 78.579974][ T9951] netlink_rcv_skb+0x177/0x450 [ 78.584869][ T9951] ? rtnetlink_put_metrics+0x580/0x580 [ 78.590350][ T9951] ? netlink_ack+0xb30/0xb30 [ 78.595040][ T9951] ? netlink_deliver_tap+0x254/0xbf0 [ 78.600328][ T9951] rtnetlink_rcv+0x1d/0x30 [ 78.604751][ T9951] netlink_unicast+0x531/0x710 [ 78.609588][ T9951] ? netlink_attachskb+0x7c0/0x7c0 [ 78.616374][ T9951] ? _copy_from_iter_full+0x25d/0x8a0 [ 78.621745][ T9951] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 78.627497][ T9951] ? __check_object_size+0x3d/0x437 [ 78.632689][ T9951] netlink_sendmsg+0x8a5/0xd60 [ 78.637675][ T9951] ? netlink_unicast+0x710/0x710 [ 78.642982][ T9951] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 78.648528][ T9951] ? apparmor_socket_sendmsg+0x2a/0x30 [ 78.654056][ T9951] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 78.660410][ T9951] ? security_socket_sendmsg+0x8d/0xc0 [ 78.665876][ T9951] ? netlink_unicast+0x710/0x710 [ 78.670816][ T9951] sock_sendmsg+0xd7/0x130 [ 78.675248][ T9951] ___sys_sendmsg+0x803/0x920 [ 78.679929][ T9951] ? copy_msghdr_from_user+0x440/0x440 [ 78.685411][ T9951] ? __fget+0xa3/0x560 [ 78.689530][ T9951] ? __fget+0x384/0x560 [ 78.693703][ T9951] ? ksys_dup3+0x3e0/0x3e0 [ 78.698114][ T9951] ? __might_fault+0xfb/0x1e0 [ 78.702796][ T9951] ? __fget_light+0x1a9/0x230 [ 78.707493][ T9951] ? __fdget+0x1b/0x20 [ 78.711751][ T9951] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 78.718076][ T9951] __sys_sendmsg+0x105/0x1d0 [ 78.722812][ T9951] ? __sys_sendmsg_sock+0xd0/0xd0 [ 78.727842][ T9951] ? __x64_sys_clock_gettime+0x16d/0x240 [ 78.733482][ T9951] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 78.739541][ T9951] __x64_sys_sendmsg+0x78/0xb0 [ 78.744319][ T9951] do_syscall_64+0xfd/0x6a0 [ 78.749297][ T9951] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 78.755192][ T9951] RIP: 0033:0x4598e9 [ 78.759215][ T9951] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 78.779134][ T9951] RSP: 002b:00007fd210140c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 78.787628][ T9951] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 78.795744][ T9951] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 78.803721][ T9951] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 78.811805][ T9951] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2101416d4 [ 78.819767][ T9951] R13: 00000000004c77fb R14: 00000000004dd098 R15: 00000000ffffffff [ 78.827862][ T9951] Modules linked in: [ 78.832086][ T9951] CR2: 0000000000000000 [ 78.839999][ T9951] ---[ end trace 622e865acd1e884c ]--- [ 78.845657][ T9951] RIP: 0010:0x0 [ 78.849165][ T9951] Code: Bad RIP value. [ 78.853323][ T9951] RSP: 0018:ffff8880a92e74d8 EFLAGS: 00010246 [ 78.859399][ T9951] RAX: dffffc0000000000 RBX: ffffffff882a54e0 RCX: ffffffff85b3fcc6 [ 78.867482][ T9951] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff88808fb5b200 [ 78.875547][ T9951] RBP: ffff8880a92e75d0 R08: ffff8880a889c100 R09: ffff8880a92e7658 [ 78.883559][ T9951] R10: ffffed101525ced9 R11: ffff8880a92e76cf R12: ffff88808fb5b200 [ 78.891701][ T9951] R13: 0000000000000001 R14: ffff8880a92e75a8 R15: ffffffff882a54e0 [ 78.899758][ T9951] FS: 00007fd210141700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 78.908826][ T9951] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 78.916344][ T9951] CR2: ffffffffffffffd6 CR3: 000000008b3fc000 CR4: 00000000001406f0 [ 78.924589][ T9951] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 78.932870][ T9951] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 78.940853][ T9951] Kernel panic - not syncing: Fatal exception [ 78.948986][ T9951] Kernel Offset: disabled [ 78.953338][ T9951] Rebooting in 86400 seconds..