[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.211' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 527.108951] audit: type=1400 audit(1602642873.463:8): avc: denied { execmem } for pid=6359 comm="syz-executor564" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 527.121200] netlink: 32 bytes leftover after parsing attributes in process `syz-executor564'. [ 527.142635] netlink: 32 bytes leftover after parsing attributes in process `syz-executor564'. [ 527.152367] netlink: 32 bytes leftover after parsing attributes in process `syz-executor564'. [ 527.161359] netlink: 32 bytes leftover after parsing attributes in process `syz-executor564'. [ 527.170800] netlink: 32 bytes leftover after parsing attributes in process `syz-executor564'. [ 527.185743] netlink: 32 bytes leftover after parsing attributes in process `syz-executor564'. [ 527.196881] kasan: CONFIG_KASAN_INLINE enabled [ 527.204617] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 527.213715] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 527.219959] Modules linked in: [ 527.223137] CPU: 0 PID: 6372 Comm: syz-executor564 Not tainted 4.14.198-syzkaller #0 [ 527.231013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 527.240381] task: ffff888097778400 task.stack: ffff888099cf0000 [ 527.246569] RIP: 0010:__tcf_idr_release+0x15e/0x260 [ 527.251603] RSP: 0018:ffff888099cf74f0 EFLAGS: 00010206 [ 527.256961] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 527.264344] RDX: 0000000000000009 RSI: 0000000000000000 RDI: 0000000000000048 [ 527.271617] RBP: ffff8880845277a0 R08: ffffffff8a096f08 R09: 0000000000000001 [ 527.278879] R10: 0000000000000000 R11: ffff888097778400 R12: 0000000000000000 [ 527.286152] R13: 0000000081413c7c R14: 0000000000000000 R15: 0000000000000000 [ 527.293429] FS: 00007f535a2a9700(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000 [ 527.302414] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 527.308532] CR2: 000055d91956a040 CR3: 00000000946a4000 CR4: 00000000001406f0 [ 527.316736] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 527.324179] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 527.332990] Call Trace: [ 527.337152] tcf_action_destroy+0xed/0x170 [ 527.342796] tcf_action_init+0x294/0x400 [ 527.347802] ? tcf_action_init_1+0x9e0/0x9e0 [ 527.353049] ? finish_task_switch+0x178/0x610 [ 527.358045] ? finish_task_switch+0x14d/0x610 [ 527.362609] ? memset+0x20/0x40 [ 527.365942] ? nla_parse+0x157/0x1f0 [ 527.369647] tc_ctl_action+0x2e3/0x50f [ 527.373544] ? tca_action_gd+0x790/0x790 [ 527.377649] ? rtnetlink_rcv_msg+0x2e8/0xb10 [ 527.382058] ? tca_action_gd+0x790/0x790 [ 527.386099] rtnetlink_rcv_msg+0x3be/0xb10 [ 527.390339] ? rtnl_calcit.isra.0+0x3a0/0x3a0 [ 527.394903] ? __netlink_lookup+0x345/0x5d0 [ 527.399417] netlink_rcv_skb+0x125/0x390 [ 527.403475] ? rtnl_calcit.isra.0+0x3a0/0x3a0 [ 527.408468] ? netlink_ack+0x9a0/0x9a0 [ 527.412336] netlink_unicast+0x437/0x610 [ 527.416382] ? netlink_sendskb+0xd0/0xd0 [ 527.420435] netlink_sendmsg+0x62e/0xb80 [ 527.424646] ? nlmsg_notify+0x170/0x170 [ 527.428661] ? kernel_recvmsg+0x210/0x210 [ 527.432845] ? security_socket_sendmsg+0x83/0xb0 [ 527.437606] ? nlmsg_notify+0x170/0x170 [ 527.441626] sock_sendmsg+0xb5/0x100 [ 527.445346] ___sys_sendmsg+0x6c8/0x800 [ 527.449332] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 527.455384] ? lock_downgrade+0x740/0x740 [ 527.459515] ? do_raw_spin_unlock+0x164/0x220 [ 527.464044] ? _raw_spin_unlock+0x29/0x40 [ 527.468317] ? do_huge_pmd_anonymous_page+0x732/0x1670 [ 527.473611] ? __fget+0x1fe/0x360 [ 527.477050] ? lock_acquire+0x170/0x3f0 [ 527.481029] ? lock_downgrade+0x740/0x740 [ 527.485305] ? __fget+0x225/0x360 [ 527.488756] ? __fdget+0x196/0x1f0 [ 527.492287] ? sockfd_lookup_light+0xb2/0x160 [ 527.496786] __sys_sendmsg+0xa3/0x120 [ 527.500687] ? SyS_shutdown+0x160/0x160 [ 527.504677] ? up_read+0x17/0x30 [ 527.508093] ? __do_page_fault+0x19a/0xb50 [ 527.512308] SyS_sendmsg+0x27/0x40 [ 527.515835] ? __sys_sendmsg+0x120/0x120 [ 527.519872] do_syscall_64+0x1d5/0x640 [ 527.523760] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 527.528936] RIP: 0033:0x446c19 [ 527.532144] RSP: 002b:00007f535a2a8d98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 527.540020] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 0000000000446c19 [ 527.547275] RDX: 0000000000000000 RSI: 0000000020002980 RDI: 0000000000000003 [ 527.554521] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000 [ 527.561779] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 527.569051] R13: 0001008400000000 R14: 0000000000000000 R15: 053b003000000098 [ 527.576323] Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 fc 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 65 00 49 8d 7c 24 48 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 c7 00 00 00 4d 8b 64 24 48 4d 85 e4 74 0e e8 [ 527.595444] RIP: __tcf_idr_release+0x15e/0x260 RSP: ffff888099cf74f0 [ 527.602586] ---[ end trace b6d660d2762ac47c ]--- [ 527.607486] Kernel panic - not syncing: Fatal exception [ 527.613968] Kernel Offset: disabled [ 527.617675] Rebooting in 86400 seconds..