[ 72.857751][ T28] audit: type=1800 audit(1578811745.630:26): pid=9748 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 73.863963][ T28] kauditd_printk_skb: 2 callbacks suppressed [ 73.863976][ T28] audit: type=1800 audit(1578811746.660:29): pid=9748 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 73.890542][ T28] audit: type=1800 audit(1578811746.670:30): pid=9748 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.23' (ECDSA) to the list of known hosts. syzkaller login: [ 84.522178][ T9901] IPVS: ftp: loaded support on port[0] = 21 [ 84.575940][ T9901] chnl_net:caif_netlink_parms(): no params data found [ 84.605796][ T9901] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.613519][ T9901] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.621592][ T9901] device bridge_slave_0 entered promiscuous mode [ 84.630981][ T9901] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.638090][ T9901] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.646063][ T9901] device bridge_slave_1 entered promiscuous mode [ 84.664917][ T9901] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.675789][ T9901] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.695602][ T9901] team0: Port device team_slave_0 added [ 84.703248][ T9901] team0: Port device team_slave_1 added [ 84.761302][ T9901] device hsr_slave_0 entered promiscuous mode [ 84.798680][ T9901] device hsr_slave_1 entered promiscuous mode [ 84.919153][ T9901] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 84.951760][ T9901] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 85.011824][ T9901] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 85.060712][ T9901] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 85.111197][ T9901] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.118426][ T9901] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.126304][ T9901] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.133451][ T9901] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.181213][ T9901] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.194486][ T3407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 85.205565][ T3407] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.213851][ T3407] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.222770][ T3407] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 85.236193][ T9901] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.248717][ T2830] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 85.257266][ T2830] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.264438][ T2830] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.276689][ T3407] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 85.286105][ T3407] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.293289][ T3407] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.313723][ T3407] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 85.322754][ T3407] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 85.339709][ T2830] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 85.348328][ T2830] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 85.362646][ T9901] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 85.374261][ T9901] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 85.382649][ T3407] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 85.402980][ T2830] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 85.410535][ T2830] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 85.424309][ T9901] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.443850][ T3407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready executing program [ 85.463435][ T2830] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 85.471806][ T2830] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 85.480148][ T2830] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 85.491133][ T9901] device veth0_vlan entered promiscuous mode [ 85.503397][ T9901] device veth1_vlan entered promiscuous mode [ 85.520202][ T9901] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 85.528021][ T9901] #PF: supervisor instruction fetch in kernel mode [ 85.534512][ T9901] #PF: error_code(0x0010) - not-present page [ 85.540530][ T9901] PGD a7585067 P4D a7585067 PUD 94afd067 PMD 0 [ 85.546754][ T9901] Oops: 0010 [#1] PREEMPT SMP KASAN [ 85.552031][ T9901] CPU: 1 PID: 9901 Comm: syz-executor331 Not tainted 5.5.0-rc5-next-20200110-syzkaller #0 [ 85.561909][ T9901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 85.572022][ T9901] RIP: 0010:0x0 [ 85.576110][ T9901] Code: Bad RIP value. [ 85.580151][ T9901] RSP: 0018:ffffc90006237c08 EFLAGS: 00010246 [ 85.586193][ T9901] RAX: dffffc0000000000 RBX: ffff88809f4a6540 RCX: ffffffff877e0831 [ 85.594140][ T9901] RDX: 1ffffffff118a038 RSI: 0000000000000004 RDI: ffff88809f4a6540 [ 85.602087][ T9901] RBP: ffffc90006237c48 R08: ffff88809237a540 R09: ffffed1015d27074 [ 85.610048][ T9901] R10: ffffed1015d27073 R11: ffff8880ae93839b R12: ffffffff88c50040 [ 85.618021][ T9901] R13: ffff8880976cf000 R14: ffffc90006237d40 R15: 0000000000000000 [ 85.626019][ T9901] FS: 00000000015e0880(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 85.634926][ T9901] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.641504][ T9901] CR2: ffffffffffffffd6 CR3: 0000000098358000 CR4: 00000000001406e0 [ 85.649454][ T9901] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 85.657404][ T9901] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 85.665349][ T9901] Call Trace: [ 85.668623][ T9901] cfg80211_wext_siwfrag+0x279/0x910 [ 85.673892][ T9901] ioctl_standard_call+0xca/0x1d0 [ 85.678903][ T9901] ? cfg80211_wext_siwrts+0x8f0/0x8f0 [ 85.684248][ T9901] ? cfg80211_wext_siwrts+0x8f0/0x8f0 [ 85.689593][ T9901] wireless_process_ioctl.constprop.0+0x236/0x2b0 [ 85.695981][ T9901] ? ioctl_standard_iw_point+0xc20/0xc20 [ 85.701606][ T9901] wext_handle_ioctl+0x106/0x1c0 [ 85.706516][ T9901] ? call_commit_handler+0x10/0x10 [ 85.711605][ T9901] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 85.717819][ T9901] ? do_vfs_ioctl+0x11f/0x12e0 [ 85.722558][ T9901] ? ioctl_file_clone+0x180/0x180 [ 85.727556][ T9901] ? handle_mm_fault+0x292/0xa50 [ 85.732472][ T9901] sock_ioctl+0x47d/0x790 [ 85.736776][ T9901] ? dlci_ioctl_set+0x40/0x40 [ 85.741428][ T9901] ? __kasan_check_write+0x14/0x20 [ 85.746513][ T9901] ? up_read+0x1cd/0x810 [ 85.750734][ T9901] ? tomoyo_file_ioctl+0x23/0x30 [ 85.755650][ T9901] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 85.761950][ T9901] ? security_file_ioctl+0x8d/0xc0 [ 85.767038][ T9901] ? dlci_ioctl_set+0x40/0x40 [ 85.771692][ T9901] ksys_ioctl+0x123/0x180 [ 85.775994][ T9901] __x64_sys_ioctl+0x73/0xb0 [ 85.780559][ T9901] do_syscall_64+0xfa/0x790 [ 85.785040][ T9901] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 85.790920][ T9901] RIP: 0033:0x4421f9 [ 85.794795][ T9901] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 85.814373][ T9901] RSP: 002b:00007ffc5ec9a6c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 85.822755][ T9901] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004421f9 [ 85.830701][ T9901] RDX: 0000000020000040 RSI: 0800000000008b24 RDI: 0000000000000003 [ 85.838649][ T9901] RBP: 00007ffc5ec9a6e0 R08: 0000000001bbbbbb R09: 0000000001bbbbbb [ 85.846593][ T9901] R10: 0000000001bbbbbb R11: 0000000000000246 R12: 0000000000000000 [ 85.854550][ T9901] R13: 0000000000403790 R14: 0000000000000000 R15: 0000000000000000 [ 85.862500][ T9901] Modules linked in: [ 85.866370][ T9901] CR2: 0000000000000000 [ 85.872695][ T9901] ---[ end trace fde0aa10f4e9b0f2 ]--- [ 85.878415][ T9901] RIP: 0010:0x0 [ 85.881891][ T9901] Code: Bad RIP value. [ 85.885939][ T9901] RSP: 0018:ffffc90006237c08 EFLAGS: 00010246 [ 85.892083][ T9901] RAX: dffffc0000000000 RBX: ffff88809f4a6540 RCX: ffffffff877e0831 [ 85.900114][ T9901] RDX: 1ffffffff118a038 RSI: 0000000000000004 RDI: ffff88809f4a6540 [ 85.908083][ T9901] RBP: ffffc90006237c48 R08: ffff88809237a540 R09: ffffed1015d27074 [ 85.916131][ T9901] R10: ffffed1015d27073 R11: ffff8880ae93839b R12: ffffffff88c50040 [ 85.924145][ T9901] R13: ffff8880976cf000 R14: ffffc90006237d40 R15: 0000000000000000 [ 85.932143][ T9901] FS: 00000000015e0880(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 85.941090][ T9901] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.947651][ T9901] CR2: ffffffffffffffd6 CR3: 0000000098358000 CR4: 00000000001406e0 [ 85.955655][ T9901] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 85.963845][ T9901] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 85.971874][ T9901] Kernel panic - not syncing: Fatal exception [ 85.979265][ T9901] Kernel Offset: disabled [ 85.983593][ T9901] Rebooting in 86400 seconds..