[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 72.129604][ T26] audit: type=1800 audit(1567821983.828:33): pid=10133 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 76.064193][ T26] kauditd_printk_skb: 1 callbacks suppressed [ 76.064207][ T26] audit: type=1400 audit(1567821987.758:35): avc: denied { map } for pid=10310 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.10.2' (ECDSA) to the list of known hosts. 2019/09/07 02:06:34 parsed 1 programs [ 82.269650][ T26] audit: type=1400 audit(1567821993.968:36): avc: denied { map } for pid=10322 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 82.333514][ T26] audit: type=1400 audit(1567821994.028:37): avc: denied { map } for pid=10322 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=15592 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2019/09/07 02:06:35 executed programs: 0 [ 83.884641][T10338] IPVS: ftp: loaded support on port[0] = 21 [ 83.937258][T10338] chnl_net:caif_netlink_parms(): no params data found [ 83.962353][T10338] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.969680][T10338] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.977285][T10338] device bridge_slave_0 entered promiscuous mode [ 83.984762][T10338] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.992165][T10338] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.000563][T10338] device bridge_slave_1 entered promiscuous mode [ 84.014587][T10338] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.025585][T10338] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.042473][T10338] team0: Port device team_slave_0 added [ 84.049546][T10338] team0: Port device team_slave_1 added [ 84.099869][T10338] device hsr_slave_0 entered promiscuous mode [ 84.138390][T10338] device hsr_slave_1 entered promiscuous mode [ 84.204704][T10338] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.211839][T10338] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.219229][T10338] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.226277][T10338] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.252222][T10338] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.264183][T10340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 84.282964][T10340] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.290788][T10340] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.298906][T10340] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 84.310452][T10338] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.331813][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 84.340216][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.347292][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.366989][T10338] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 84.377665][T10338] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 84.389603][T10340] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 84.398413][T10340] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.405464][T10340] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.413579][T10340] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 84.422724][T10340] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 84.431351][T10340] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 84.439685][T10340] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 84.448095][T10340] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 84.455840][T10340] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 84.471015][T10338] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.503227][ T26] audit: type=1400 audit(1567821996.198:38): avc: denied { associate } for pid=10338 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 84.685161][T10371] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 84.693009][T10371] #PF: supervisor instruction fetch in kernel mode [ 84.699498][T10371] #PF: error_code(0x0010) - not-present page [ 84.705469][T10371] PGD 8c06d067 P4D 8c06d067 PUD 8c104067 PMD 0 [ 84.711714][T10371] Oops: 0010 [#1] PREEMPT SMP KASAN [ 84.716895][T10371] CPU: 0 PID: 10371 Comm: syz-executor.0 Not tainted 5.3.0-rc7+ #0 [ 84.724884][T10371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 84.735545][T10371] RIP: 0010:0x0 [ 84.739013][T10371] Code: Bad RIP value. [ 84.743058][T10371] RSP: 0018:ffff88808d6174d8 EFLAGS: 00010246 [ 84.749107][T10371] RAX: dffffc0000000000 RBX: ffffffff882a51a0 RCX: ffffffff85b3fc56 [ 84.757059][T10371] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8880a335e300 [ 84.765012][T10371] RBP: ffff88808d6175d0 R08: ffff8880a0d124c0 R09: ffff88808d617658 [ 84.773203][T10371] R10: ffffed1011ac2ed9 R11: ffff88808d6176cf R12: ffff8880a335e300 [ 84.781164][T10371] R13: 0000000000000001 R14: ffff88808d6175a8 R15: ffffffff882a51a0 [ 84.789122][T10371] FS: 00007f9d66813700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 84.798049][T10371] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 84.804637][T10371] CR2: ffffffffffffffd6 CR3: 00000000a7694000 CR4: 00000000001406f0 [ 84.812631][T10371] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 84.820603][T10371] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 84.828581][T10371] Call Trace: [ 84.831883][T10371] tc_bind_tclass+0x13e/0x2f0 [ 84.836548][T10371] ? qdisc_class_hash_init+0x110/0x110 [ 84.841992][T10371] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 84.848235][T10371] ? ns_capable_common+0x93/0x100 [ 84.853252][T10371] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 84.858955][T10371] ? qdisc_match_from_root+0x18a/0x280 [ 84.864415][T10371] tc_ctl_tclass+0xadb/0xcd0 [ 84.868990][T10371] ? qdisc_tree_reduce_backlog+0x570/0x570 [ 84.874780][T10371] ? rtnetlink_rcv_msg+0x3d0/0xb00 [ 84.879886][T10371] ? rtnetlink_rcv_msg+0x1ea/0xb00 [ 84.884984][T10371] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 84.891206][T10371] ? qdisc_tree_reduce_backlog+0x570/0x570 [ 84.896996][T10371] rtnetlink_rcv_msg+0x463/0xb00 [ 84.901915][T10371] ? rtnetlink_put_metrics+0x580/0x580 [ 84.907352][T10371] ? netdev_core_pick_tx+0x2f0/0x2f0 [ 84.912617][T10371] ? __copy_skb_header+0x250/0x550 [ 84.917711][T10371] netlink_rcv_skb+0x177/0x450 [ 84.922454][T10371] ? rtnetlink_put_metrics+0x580/0x580 [ 84.927893][T10371] ? netlink_ack+0xb30/0xb30 [ 84.932530][T10371] ? netlink_deliver_tap+0x254/0xbf0 [ 84.937799][T10371] rtnetlink_rcv+0x1d/0x30 [ 84.942195][T10371] netlink_unicast+0x531/0x710 [ 84.946939][T10371] ? netlink_attachskb+0x7c0/0x7c0 [ 84.952055][T10371] ? _copy_from_iter_full+0x25d/0x8a0 [ 84.957448][T10371] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 84.963681][T10371] netlink_sendmsg+0x8a5/0xd60 [ 84.968429][T10371] ? netlink_unicast+0x710/0x710 [ 84.973346][T10371] ? tomoyo_socket_sendmsg+0x26/0x30 [ 84.979172][T10371] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 84.985561][T10371] ? security_socket_sendmsg+0x8d/0xc0 [ 84.991010][T10371] ? netlink_unicast+0x710/0x710 [ 84.995938][T10371] sock_sendmsg+0xd7/0x130 [ 85.000366][T10371] ___sys_sendmsg+0x803/0x920 [ 85.005025][T10371] ? copy_msghdr_from_user+0x440/0x440 [ 85.010489][T10371] ? __fget+0xa3/0x560 [ 85.014552][T10371] ? __fget+0x384/0x560 [ 85.018706][T10371] ? ksys_dup3+0x3e0/0x3e0 [ 85.023102][T10371] ? __might_fault+0xfb/0x1e0 [ 85.027759][T10371] ? __fget_light+0x1a9/0x230 [ 85.032420][T10371] ? __fdget+0x1b/0x20 [ 85.036465][T10371] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 85.042702][T10371] __sys_sendmsg+0x105/0x1d0 [ 85.047440][T10371] ? __sys_sendmsg_sock+0xd0/0xd0 [ 85.052522][T10371] ? __x64_sys_clock_gettime+0x16d/0x240 [ 85.058145][T10371] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 85.064205][T10371] __x64_sys_sendmsg+0x78/0xb0 [ 85.069029][T10371] do_syscall_64+0xfd/0x6a0 [ 85.073522][T10371] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 85.079398][T10371] RIP: 0033:0x4598e9 [ 85.083281][T10371] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 85.102910][T10371] RSP: 002b:00007f9d66812c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 85.111307][T10371] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 85.119432][T10371] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003 [ 85.127382][T10371] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 85.135541][T10371] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d668136d4 [ 85.143539][T10371] R13: 00000000004c77fb R14: 00000000004dd098 R15: 00000000ffffffff [ 85.151498][T10371] Modules linked in: [ 85.155371][T10371] CR2: 0000000000000000 [ 85.161831][T10371] ---[ end trace c5297d1c232b8b6d ]--- [ 85.167347][T10371] RIP: 0010:0x0 [ 85.171370][T10371] Code: Bad RIP value. [ 85.175419][T10371] RSP: 0018:ffff88808d6174d8 EFLAGS: 00010246 [ 85.182098][T10371] RAX: dffffc0000000000 RBX: ffffffff882a51a0 RCX: ffffffff85b3fc56 [ 85.190115][T10371] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8880a335e300 [ 85.198634][T10371] RBP: ffff88808d6175d0 R08: ffff8880a0d124c0 R09: ffff88808d617658 [ 85.206603][T10371] R10: ffffed1011ac2ed9 R11: ffff88808d6176cf R12: ffff8880a335e300 [ 85.214630][T10371] R13: 0000000000000001 R14: ffff88808d6175a8 R15: ffffffff882a51a0 [ 85.222617][T10371] FS: 00007f9d66813700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 85.231564][T10371] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.238368][T10371] CR2: ffffffffffffffd6 CR3: 00000000a7694000 CR4: 00000000001406e0 [ 85.246321][T10371] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 85.254326][T10371] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 85.262330][T10371] Kernel panic - not syncing: Fatal exception [ 85.269827][T10371] Kernel Offset: disabled [ 85.274163][T10371] Rebooting in 86400 seconds..