[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   72.129604][   T26] audit: type=1800 audit(1567821983.828:33): pid=10133 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   76.064193][   T26] kauditd_printk_skb: 1 callbacks suppressed
[   76.064207][   T26] audit: type=1400 audit(1567821987.758:35): avc:  denied  { map } for  pid=10310 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.10.2' (ECDSA) to the list of known hosts.
2019/09/07 02:06:34 parsed 1 programs
[   82.269650][   T26] audit: type=1400 audit(1567821993.968:36): avc:  denied  { map } for  pid=10322 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   82.333514][   T26] audit: type=1400 audit(1567821994.028:37): avc:  denied  { map } for  pid=10322 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=15592 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
2019/09/07 02:06:35 executed programs: 0
[   83.884641][T10338] IPVS: ftp: loaded support on port[0] = 21
[   83.937258][T10338] chnl_net:caif_netlink_parms(): no params data found
[   83.962353][T10338] bridge0: port 1(bridge_slave_0) entered blocking state
[   83.969680][T10338] bridge0: port 1(bridge_slave_0) entered disabled state
[   83.977285][T10338] device bridge_slave_0 entered promiscuous mode
[   83.984762][T10338] bridge0: port 2(bridge_slave_1) entered blocking state
[   83.992165][T10338] bridge0: port 2(bridge_slave_1) entered disabled state
[   84.000563][T10338] device bridge_slave_1 entered promiscuous mode
[   84.014587][T10338] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   84.025585][T10338] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   84.042473][T10338] team0: Port device team_slave_0 added
[   84.049546][T10338] team0: Port device team_slave_1 added
[   84.099869][T10338] device hsr_slave_0 entered promiscuous mode
[   84.138390][T10338] device hsr_slave_1 entered promiscuous mode
[   84.204704][T10338] bridge0: port 2(bridge_slave_1) entered blocking state
[   84.211839][T10338] bridge0: port 2(bridge_slave_1) entered forwarding state
[   84.219229][T10338] bridge0: port 1(bridge_slave_0) entered blocking state
[   84.226277][T10338] bridge0: port 1(bridge_slave_0) entered forwarding state
[   84.252222][T10338] 8021q: adding VLAN 0 to HW filter on device bond0
[   84.264183][T10340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   84.282964][T10340] bridge0: port 1(bridge_slave_0) entered disabled state
[   84.290788][T10340] bridge0: port 2(bridge_slave_1) entered disabled state
[   84.298906][T10340] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   84.310452][T10338] 8021q: adding VLAN 0 to HW filter on device team0
[   84.331813][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   84.340216][    T5] bridge0: port 1(bridge_slave_0) entered blocking state
[   84.347292][    T5] bridge0: port 1(bridge_slave_0) entered forwarding state
[   84.366989][T10338] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   84.377665][T10338] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   84.389603][T10340] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   84.398413][T10340] bridge0: port 2(bridge_slave_1) entered blocking state
[   84.405464][T10340] bridge0: port 2(bridge_slave_1) entered forwarding state
[   84.413579][T10340] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   84.422724][T10340] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   84.431351][T10340] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   84.439685][T10340] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   84.448095][T10340] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   84.455840][T10340] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   84.471015][T10338] 8021q: adding VLAN 0 to HW filter on device batadv0
[   84.503227][   T26] audit: type=1400 audit(1567821996.198:38): avc:  denied  { associate } for  pid=10338 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1
[   84.685161][T10371] BUG: kernel NULL pointer dereference, address: 0000000000000000
[   84.693009][T10371] #PF: supervisor instruction fetch in kernel mode
[   84.699498][T10371] #PF: error_code(0x0010) - not-present page
[   84.705469][T10371] PGD 8c06d067 P4D 8c06d067 PUD 8c104067 PMD 0 
[   84.711714][T10371] Oops: 0010 [#1] PREEMPT SMP KASAN
[   84.716895][T10371] CPU: 0 PID: 10371 Comm: syz-executor.0 Not tainted 5.3.0-rc7+ #0
[   84.724884][T10371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   84.735545][T10371] RIP: 0010:0x0
[   84.739013][T10371] Code: Bad RIP value.
[   84.743058][T10371] RSP: 0018:ffff88808d6174d8 EFLAGS: 00010246
[   84.749107][T10371] RAX: dffffc0000000000 RBX: ffffffff882a51a0 RCX: ffffffff85b3fc56
[   84.757059][T10371] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8880a335e300
[   84.765012][T10371] RBP: ffff88808d6175d0 R08: ffff8880a0d124c0 R09: ffff88808d617658
[   84.773203][T10371] R10: ffffed1011ac2ed9 R11: ffff88808d6176cf R12: ffff8880a335e300
[   84.781164][T10371] R13: 0000000000000001 R14: ffff88808d6175a8 R15: ffffffff882a51a0
[   84.789122][T10371] FS:  00007f9d66813700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
[   84.798049][T10371] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   84.804637][T10371] CR2: ffffffffffffffd6 CR3: 00000000a7694000 CR4: 00000000001406f0
[   84.812631][T10371] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   84.820603][T10371] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   84.828581][T10371] Call Trace:
[   84.831883][T10371]  tc_bind_tclass+0x13e/0x2f0
[   84.836548][T10371]  ? qdisc_class_hash_init+0x110/0x110
[   84.841992][T10371]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   84.848235][T10371]  ? ns_capable_common+0x93/0x100
[   84.853252][T10371]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   84.858955][T10371]  ? qdisc_match_from_root+0x18a/0x280
[   84.864415][T10371]  tc_ctl_tclass+0xadb/0xcd0
[   84.868990][T10371]  ? qdisc_tree_reduce_backlog+0x570/0x570
[   84.874780][T10371]  ? rtnetlink_rcv_msg+0x3d0/0xb00
[   84.879886][T10371]  ? rtnetlink_rcv_msg+0x1ea/0xb00
[   84.884984][T10371]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   84.891206][T10371]  ? qdisc_tree_reduce_backlog+0x570/0x570
[   84.896996][T10371]  rtnetlink_rcv_msg+0x463/0xb00
[   84.901915][T10371]  ? rtnetlink_put_metrics+0x580/0x580
[   84.907352][T10371]  ? netdev_core_pick_tx+0x2f0/0x2f0
[   84.912617][T10371]  ? __copy_skb_header+0x250/0x550
[   84.917711][T10371]  netlink_rcv_skb+0x177/0x450
[   84.922454][T10371]  ? rtnetlink_put_metrics+0x580/0x580
[   84.927893][T10371]  ? netlink_ack+0xb30/0xb30
[   84.932530][T10371]  ? netlink_deliver_tap+0x254/0xbf0
[   84.937799][T10371]  rtnetlink_rcv+0x1d/0x30
[   84.942195][T10371]  netlink_unicast+0x531/0x710
[   84.946939][T10371]  ? netlink_attachskb+0x7c0/0x7c0
[   84.952055][T10371]  ? _copy_from_iter_full+0x25d/0x8a0
[   84.957448][T10371]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   84.963681][T10371]  netlink_sendmsg+0x8a5/0xd60
[   84.968429][T10371]  ? netlink_unicast+0x710/0x710
[   84.973346][T10371]  ? tomoyo_socket_sendmsg+0x26/0x30
[   84.979172][T10371]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   84.985561][T10371]  ? security_socket_sendmsg+0x8d/0xc0
[   84.991010][T10371]  ? netlink_unicast+0x710/0x710
[   84.995938][T10371]  sock_sendmsg+0xd7/0x130
[   85.000366][T10371]  ___sys_sendmsg+0x803/0x920
[   85.005025][T10371]  ? copy_msghdr_from_user+0x440/0x440
[   85.010489][T10371]  ? __fget+0xa3/0x560
[   85.014552][T10371]  ? __fget+0x384/0x560
[   85.018706][T10371]  ? ksys_dup3+0x3e0/0x3e0
[   85.023102][T10371]  ? __might_fault+0xfb/0x1e0
[   85.027759][T10371]  ? __fget_light+0x1a9/0x230
[   85.032420][T10371]  ? __fdget+0x1b/0x20
[   85.036465][T10371]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   85.042702][T10371]  __sys_sendmsg+0x105/0x1d0
[   85.047440][T10371]  ? __sys_sendmsg_sock+0xd0/0xd0
[   85.052522][T10371]  ? __x64_sys_clock_gettime+0x16d/0x240
[   85.058145][T10371]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   85.064205][T10371]  __x64_sys_sendmsg+0x78/0xb0
[   85.069029][T10371]  do_syscall_64+0xfd/0x6a0
[   85.073522][T10371]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   85.079398][T10371] RIP: 0033:0x4598e9
[   85.083281][T10371] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   85.102910][T10371] RSP: 002b:00007f9d66812c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   85.111307][T10371] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9
[   85.119432][T10371] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003
[   85.127382][T10371] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[   85.135541][T10371] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d668136d4
[   85.143539][T10371] R13: 00000000004c77fb R14: 00000000004dd098 R15: 00000000ffffffff
[   85.151498][T10371] Modules linked in:
[   85.155371][T10371] CR2: 0000000000000000
[   85.161831][T10371] ---[ end trace c5297d1c232b8b6d ]---
[   85.167347][T10371] RIP: 0010:0x0
[   85.171370][T10371] Code: Bad RIP value.
[   85.175419][T10371] RSP: 0018:ffff88808d6174d8 EFLAGS: 00010246
[   85.182098][T10371] RAX: dffffc0000000000 RBX: ffffffff882a51a0 RCX: ffffffff85b3fc56
[   85.190115][T10371] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8880a335e300
[   85.198634][T10371] RBP: ffff88808d6175d0 R08: ffff8880a0d124c0 R09: ffff88808d617658
[   85.206603][T10371] R10: ffffed1011ac2ed9 R11: ffff88808d6176cf R12: ffff8880a335e300
[   85.214630][T10371] R13: 0000000000000001 R14: ffff88808d6175a8 R15: ffffffff882a51a0
[   85.222617][T10371] FS:  00007f9d66813700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
[   85.231564][T10371] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.238368][T10371] CR2: ffffffffffffffd6 CR3: 00000000a7694000 CR4: 00000000001406e0
[   85.246321][T10371] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   85.254326][T10371] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   85.262330][T10371] Kernel panic - not syncing: Fatal exception
[   85.269827][T10371] Kernel Offset: disabled
[   85.274163][T10371] Rebooting in 86400 seconds..