[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 77.127983][ T27] audit: type=1800 audit(1578379194.929:25): pid=9332 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 77.157584][ T27] audit: type=1800 audit(1578379194.929:26): pid=9332 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 77.198792][ T27] audit: type=1800 audit(1578379194.929:27): pid=9332 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.24' (ECDSA) to the list of known hosts. syzkaller login: [ 88.028843][ T9487] IPVS: ftp: loaded support on port[0] = 21 [ 88.089037][ T9487] chnl_net:caif_netlink_parms(): no params data found [ 88.121248][ T9487] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.128886][ T9487] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.136630][ T9487] device bridge_slave_0 entered promiscuous mode [ 88.145657][ T9487] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.152872][ T9487] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.161567][ T9487] device bridge_slave_1 entered promiscuous mode [ 88.179149][ T9487] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.189991][ T9487] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.210237][ T9487] team0: Port device team_slave_0 added [ 88.218070][ T9487] team0: Port device team_slave_1 added [ 88.319639][ T9487] device hsr_slave_0 entered promiscuous mode [ 88.377801][ T9487] device hsr_slave_1 entered promiscuous mode [ 88.483631][ T9487] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 88.540350][ T9487] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 88.589928][ T9487] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 88.640743][ T9487] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 88.709281][ T9487] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.716423][ T9487] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.724301][ T9487] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.731385][ T9487] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.773073][ T9487] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.785710][ T2722] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 88.796904][ T2722] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.804960][ T2722] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.812941][ T2722] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 88.826059][ T9487] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.836546][ T3103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 88.845981][ T3103] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.853097][ T3103] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.864743][ T2722] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 88.873792][ T2722] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.880942][ T2722] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.898696][ T2722] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 88.907481][ T2722] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 88.925613][ T9487] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 88.938292][ T9487] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 88.950671][ T3103] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 88.960397][ T3103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 88.969403][ T3103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 88.977827][ T3103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 88.998771][ T9487] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.005846][ T2722] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 89.013678][ T2722] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 89.032670][ T3103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 89.052160][ T2722] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 89.061311][ T2722] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 89.069249][ T2722] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready executing program [ 89.080577][ T9487] device veth0_vlan entered promiscuous mode [ 89.092496][ T9487] device veth1_vlan entered promiscuous mode [ 89.109470][ T9487] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 89.117335][ T9487] #PF: supervisor instruction fetch in kernel mode [ 89.123825][ T9487] #PF: error_code(0x0010) - not-present page [ 89.129781][ T9487] PGD a0bcb067 P4D a0bcb067 PUD a81e7067 PMD 0 [ 89.136008][ T9487] Oops: 0010 [#1] PREEMPT SMP KASAN [ 89.141198][ T9487] CPU: 1 PID: 9487 Comm: syz-executor746 Not tainted 5.5.0-rc4-syzkaller #0 [ 89.149851][ T9487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 89.159902][ T9487] RIP: 0010:0x0 [ 89.163366][ T9487] Code: Bad RIP value. [ 89.167430][ T9487] RSP: 0018:ffffc90001d97a78 EFLAGS: 00010246 [ 89.173483][ T9487] RAX: dffffc0000000000 RBX: ffff88809f53c540 RCX: ffffffff876e5571 [ 89.181463][ T9487] RDX: 1ffffffff114903c RSI: 0000000000000004 RDI: ffff88809f53c540 [ 89.189428][ T9487] RBP: ffffc90001d97ab8 R08: ffff8880a059a500 R09: ffffed1015d2703d [ 89.197380][ T9487] R10: ffffed1015d2703c R11: ffff8880ae9381e3 R12: ffffffff88a48060 [ 89.205331][ T9487] R13: ffff8880a701a000 R14: ffffc90001d97bb0 R15: 0000000000000000 [ 89.213281][ T9487] FS: 000000000173b880(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 89.222199][ T9487] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 89.228760][ T9487] CR2: ffffffffffffffd6 CR3: 000000009305f000 CR4: 00000000001406e0 [ 89.237216][ T9487] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 89.245192][ T9487] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 89.253151][ T9487] Call Trace: [ 89.256518][ T9487] cfg80211_wext_siwfrag+0x279/0x910 [ 89.261802][ T9487] ioctl_standard_call+0xca/0x1d0 [ 89.266804][ T9487] ? cfg80211_wext_siwrts+0x8f0/0x8f0 [ 89.272154][ T9487] ? cfg80211_wext_siwrts+0x8f0/0x8f0 [ 89.277514][ T9487] wireless_process_ioctl.constprop.0+0x236/0x2b0 [ 89.283906][ T9487] ? ioctl_standard_iw_point+0xc20/0xc20 [ 89.289525][ T9487] wext_handle_ioctl+0x106/0x1c0 [ 89.294436][ T9487] ? call_commit_handler+0x10/0x10 [ 89.299524][ T9487] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 89.305740][ T9487] ? tomoyo_path_number_perm+0x25e/0x520 [ 89.311361][ T9487] sock_ioctl+0x47d/0x790 [ 89.315668][ T9487] ? dlci_ioctl_set+0x40/0x40 [ 89.320320][ T9487] ? __do_page_fault+0x56a/0xd80 [ 89.325330][ T9487] ? dlci_ioctl_set+0x40/0x40 [ 89.329992][ T9487] do_vfs_ioctl+0x977/0x14e0 [ 89.334557][ T9487] ? compat_ioctl_preallocate+0x220/0x220 [ 89.340270][ T9487] ? __kasan_check_write+0x14/0x20 [ 89.345379][ T9487] ? up_read+0x1cd/0x810 [ 89.349620][ T9487] ? tomoyo_file_ioctl+0x23/0x30 [ 89.354659][ T9487] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 89.360887][ T9487] ? security_file_ioctl+0x8d/0xc0 [ 89.366025][ T9487] ksys_ioctl+0xab/0xd0 [ 89.370163][ T9487] __x64_sys_ioctl+0x73/0xb0 [ 89.374754][ T9487] do_syscall_64+0xfa/0x790 [ 89.379242][ T9487] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 89.385116][ T9487] RIP: 0033:0x4423f9 [ 89.389001][ T9487] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 89.408582][ T9487] RSP: 002b:00007ffff8992cb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 89.416983][ T9487] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004423f9 [ 89.424951][ T9487] RDX: 0000000020000040 RSI: 0800000000008b24 RDI: 0000000000000003 [ 89.432909][ T9487] RBP: 0000000000000004 R08: 0000000000000025 R09: 0000000000000025 [ 89.440860][ T9487] R10: 0000000000000025 R11: 0000000000000246 R12: 0000000000000000 [ 89.448900][ T9487] R13: 0000000000403970 R14: 0000000000000000 R15: 0000000000000000 [ 89.456861][ T9487] Modules linked in: [ 89.460733][ T9487] CR2: 0000000000000000 [ 89.466291][ T9487] ---[ end trace bda9b59ba1990fef ]--- [ 89.471996][ T9487] RIP: 0010:0x0 [ 89.475474][ T9487] Code: Bad RIP value. [ 89.479755][ T9487] RSP: 0018:ffffc90001d97a78 EFLAGS: 00010246 [ 89.485832][ T9487] RAX: dffffc0000000000 RBX: ffff88809f53c540 RCX: ffffffff876e5571 [ 89.493838][ T9487] RDX: 1ffffffff114903c RSI: 0000000000000004 RDI: ffff88809f53c540 [ 89.501844][ T9487] RBP: ffffc90001d97ab8 R08: ffff8880a059a500 R09: ffffed1015d2703d [ 89.509829][ T9487] R10: ffffed1015d2703c R11: ffff8880ae9381e3 R12: ffffffff88a48060 [ 89.517974][ T9487] R13: ffff8880a701a000 R14: ffffc90001d97bb0 R15: 0000000000000000 [ 89.525952][ T9487] FS: 000000000173b880(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 89.535128][ T9487] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 89.541789][ T9487] CR2: ffffffffffffffd6 CR3: 000000009305f000 CR4: 00000000001406e0 [ 89.549848][ T9487] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 89.557882][ T9487] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 89.565968][ T9487] Kernel panic - not syncing: Fatal exception [ 89.573426][ T9487] Kernel Offset: disabled [ 89.577772][ T9487] Rebooting in 86400 seconds..