[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 67.407898][ T27] audit: type=1800 audit(1584681880.971:25): pid=9295 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 67.439153][ T27] audit: type=1800 audit(1584681880.971:26): pid=9295 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 67.498993][ T27] audit: type=1800 audit(1584681880.971:27): pid=9295 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.207' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 80.401271][ T9450] IPVS: ftp: loaded support on port[0] = 21 [ 80.433641][ T9450] general protection fault, probably for non-canonical address 0xdffffc001fffffff: 0000 [#1] PREEMPT SMP KASAN [ 80.445382][ T9450] KASAN: probably user-memory-access in range [0x00000000fffffff8-0x00000000ffffffff] [ 80.454911][ T9450] CPU: 0 PID: 9450 Comm: syz-executor229 Not tainted 5.6.0-rc6-syzkaller #0 [ 80.463562][ T9450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 80.473600][ T9450] RIP: 0010:tcf_action_destroy+0x6a/0x150 [ 80.479296][ T9450] Code: 47 fb 83 c5 01 bf 20 00 00 00 48 83 c3 08 89 ee e8 7b 75 47 fb 83 fd 20 0f 84 ae 00 00 00 e8 fd 73 47 fb 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 0f 85 ae 00 00 00 4c 8b 3b 4d 85 ff 0f 84 8b 00 00 [ 80.499057][ T9450] RSP: 0018:ffffc900020f7028 EFLAGS: 00010207 [ 80.505111][ T9450] RAX: 000000001fffffff RBX: 00000000ffffffff RCX: 0000000000000000 [ 80.513057][ T9450] RDX: 0000000000000000 RSI: ffffffff862ab123 RDI: 00000000ffffffff [ 80.521102][ T9450] RBP: 0000000000000000 R08: ffff888096c0c380 R09: ffffed1015cc7074 [ 80.529048][ T9450] R10: ffffed1015cc7073 R11: ffff8880ae63839b R12: 0000000000000000 [ 80.536993][ T9450] R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000000000000 [ 80.544950][ T9450] FS: 000000000150a940(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000 [ 80.553851][ T9450] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 80.560419][ T9450] CR2: 0000000020000280 CR3: 00000000a4102000 CR4: 00000000001406f0 [ 80.568379][ T9450] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 80.576324][ T9450] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 80.584275][ T9450] Call Trace: [ 80.587567][ T9450] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 80.593706][ T9450] tcf_exts_destroy+0x42/0xc0 [ 80.598370][ T9450] tcf_exts_change+0xf4/0x150 [ 80.603080][ T9450] ? tcf_exts_destroy+0xc0/0xc0 [ 80.608022][ T9450] tcindex_set_parms+0xed8/0x1a00 [ 80.613041][ T9450] ? tcindex_alloc_perfect_hash+0x320/0x320 [ 80.618922][ T9450] ? mark_held_locks+0xe0/0xe0 [ 80.623675][ T9450] ? nla_memcpy+0xa0/0xa0 [ 80.628004][ T9450] ? tcindex_change+0x203/0x2e0 [ 80.632841][ T9450] tcindex_change+0x203/0x2e0 [ 80.637546][ T9450] ? tcindex_set_parms+0x1a00/0x1a00 [ 80.642879][ T9450] tc_new_tfilter+0xa59/0x20b0 [ 80.647626][ T9450] ? tcindex_set_parms+0x1a00/0x1a00 [ 80.652905][ T9450] ? tc_del_tfilter+0x1430/0x1430 [ 80.657931][ T9450] ? __lock_acquire+0x80b/0x3ca0 [ 80.662857][ T9450] ? apparmor_capable+0x454/0x8a0 [ 80.667873][ T9450] ? rcu_read_lock_held+0x9c/0xb0 [ 80.672887][ T9450] ? tc_del_tfilter+0x1430/0x1430 [ 80.677888][ T9450] rtnetlink_rcv_msg+0x810/0xad0 [ 80.682804][ T9450] ? rtnl_bridge_getlink+0x880/0x880 [ 80.688081][ T9450] ? mark_held_locks+0xe0/0xe0 [ 80.692819][ T9450] ? netlink_deliver_tap+0x146/0xb50 [ 80.698098][ T9450] netlink_rcv_skb+0x15a/0x410 [ 80.702848][ T9450] ? rtnl_bridge_getlink+0x880/0x880 [ 80.708119][ T9450] ? netlink_ack+0xa80/0xa80 [ 80.712713][ T9450] netlink_unicast+0x537/0x740 [ 80.717455][ T9450] ? netlink_attachskb+0x810/0x810 [ 80.722549][ T9450] ? _copy_from_iter_full+0x25c/0x870 [ 80.728331][ T9450] ? __phys_addr_symbol+0x2c/0x70 [ 80.733333][ T9450] ? __check_object_size+0x171/0x437 [ 80.738697][ T9450] netlink_sendmsg+0x882/0xe10 [ 80.743452][ T9450] ? aa_af_perm+0x260/0x260 [ 80.747951][ T9450] ? netlink_unicast+0x740/0x740 [ 80.752881][ T9450] ? netlink_unicast+0x740/0x740 [ 80.757820][ T9450] sock_sendmsg+0xcf/0x120 [ 80.762215][ T9450] ____sys_sendmsg+0x6b9/0x7d0 [ 80.766954][ T9450] ? kernel_sendmsg+0x50/0x50 [ 80.771609][ T9450] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 80.777130][ T9450] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 80.783100][ T9450] ___sys_sendmsg+0x100/0x170 [ 80.788379][ T9450] ? sendmsg_copy_msghdr+0x70/0x70 [ 80.793487][ T9450] ? lock_downgrade+0x7f0/0x7f0 [ 80.798329][ T9450] ? lock_acquire+0x197/0x420 [ 80.803035][ T9450] ? __might_fault+0xef/0x1d0 [ 80.807793][ T9450] ? __might_fault+0x190/0x1d0 [ 80.812538][ T9450] ? _copy_to_user+0x107/0x150 [ 80.817286][ T9450] ? move_addr_to_user+0xb3/0x200 [ 80.822294][ T9450] ? __fget_light+0x1a5/0x270 [ 80.826951][ T9450] __sys_sendmsg+0xec/0x1b0 [ 80.831432][ T9450] ? __sys_sendmsg_sock+0xb0/0xb0 [ 80.836434][ T9450] ? mark_held_locks+0x9f/0xe0 [ 80.841177][ T9450] ? trace_hardirqs_off_caller+0x55/0x230 [ 80.847129][ T9450] ? do_syscall_64+0x21/0x7d0 [ 80.851780][ T9450] do_syscall_64+0xf6/0x7d0 [ 80.856269][ T9450] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 80.862134][ T9450] RIP: 0033:0x442109 [ 80.866006][ T9450] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 80.885670][ T9450] RSP: 002b:00007ffe3ae4b758 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 80.894188][ T9450] RAX: ffffffffffffffda RBX: 00000000004a3790 RCX: 0000000000442109 [ 80.902190][ T9450] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003 [ 80.910208][ T9450] RBP: 00007ffe3ae4b770 R08: 0000000000442109 R09: 0000000000442109 [ 80.918171][ T9450] R10: 0000000000442109 R11: 0000000000000246 R12: 00007ffe3ae4b780 [ 80.926125][ T9450] R13: 00000000004036a0 R14: 0000000000000000 R15: 0000000000000000 [ 80.934095][ T9450] Modules linked in: [ 80.938318][ T9450] ---[ end trace 9f278510330f5f1b ]--- [ 80.943927][ T9450] RIP: 0010:tcf_action_destroy+0x6a/0x150 [ 80.949685][ T9450] Code: 47 fb 83 c5 01 bf 20 00 00 00 48 83 c3 08 89 ee e8 7b 75 47 fb 83 fd 20 0f 84 ae 00 00 00 e8 fd 73 47 fb 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 0f 85 ae 00 00 00 4c 8b 3b 4d 85 ff 0f 84 8b 00 00 [ 80.969304][ T9450] RSP: 0018:ffffc900020f7028 EFLAGS: 00010207 [ 80.975350][ T9450] RAX: 000000001fffffff RBX: 00000000ffffffff RCX: 0000000000000000 [ 80.983336][ T9450] RDX: 0000000000000000 RSI: ffffffff862ab123 RDI: 00000000ffffffff [ 80.991319][ T9450] RBP: 0000000000000000 R08: ffff888096c0c380 R09: ffffed1015cc7074 [ 80.999315][ T9450] R10: ffffed1015cc7073 R11: ffff8880ae63839b R12: 0000000000000000 [ 81.007277][ T9450] R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000000000000 [ 81.015279][ T9450] FS: 000000000150a940(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000 [ 81.024219][ T9450] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 81.030852][ T9450] CR2: 0000000020000280 CR3: 00000000a4102000 CR4: 00000000001406f0 [ 81.039357][ T9450] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 81.047309][ T9450] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 81.055294][ T9450] Kernel panic - not syncing: Fatal exception [ 81.062672][ T9450] Kernel Offset: disabled [ 81.066994][ T9450] Rebooting in 86400 seconds..