Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 33.991244][ T27] audit: type=1400 audit(1603491473.384:8): avc: denied { execmem } for pid=6734 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 33.996317][ T6735] IPVS: ftp: loaded support on port[0] = 21 [ 34.313857][ T6719] can: request_module (can-proto-0) failed. [ 35.079146][ T6719] can: request_module (can-proto-0) failed. [ 35.087542][ T6719] can: request_module (can-proto-0) failed. [ 35.108692][ T27] audit: type=1400 audit(1603491474.505:9): avc: denied { create } for pid=6715 comm="syz-fuzzer" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dccp_socket permissive=1 Warning: Permanently added '10.128.0.147' (ECDSA) to the list of known hosts. 2020/10/23 22:18:00 parsed 1 programs 2020/10/23 22:18:01 executed programs: 0 [ 42.225470][ T27] audit: type=1400 audit(1603491481.627:10): avc: denied { execmem } for pid=6855 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 42.266994][ T6857] IPVS: ftp: loaded support on port[0] = 21 [ 42.280557][ T6858] IPVS: ftp: loaded support on port[0] = 21 [ 42.312778][ T6868] IPVS: ftp: loaded support on port[0] = 21 [ 42.324217][ T6857] chnl_net:caif_netlink_parms(): no params data found [ 42.324825][ T6887] IPVS: ftp: loaded support on port[0] = 21 [ 42.339152][ T6857] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.350844][ T6857] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.358181][ T6857] device bridge_slave_0 entered promiscuous mode [ 42.366115][ T6857] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.373293][ T6857] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.380689][ T6857] device bridge_slave_1 entered promiscuous mode [ 42.393415][ T6901] IPVS: ftp: loaded support on port[0] = 21 [ 42.394708][ T6885] IPVS: ftp: loaded support on port[0] = 21 [ 42.413316][ T6857] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 42.436587][ T6857] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 42.451335][ T6857] team0: Port device team_slave_0 added [ 42.457755][ T6857] team0: Port device team_slave_1 added [ 42.476175][ T6857] device hsr_slave_0 entered promiscuous mode [ 42.483402][ T6857] device hsr_slave_1 entered promiscuous mode [ 42.534538][ T6901] chnl_net:caif_netlink_parms(): no params data found [ 42.581278][ T6857] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 42.609433][ T6857] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 42.626109][ T6858] chnl_net:caif_netlink_parms(): no params data found [ 42.648568][ T6901] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.661261][ T6901] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.668511][ T6901] device bridge_slave_0 entered promiscuous mode [ 42.676274][ T6901] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.684003][ T6901] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.692156][ T6901] device bridge_slave_1 entered promiscuous mode [ 42.698617][ T6857] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 42.708003][ T6857] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 42.715563][ T6887] chnl_net:caif_netlink_parms(): no params data found [ 42.723288][ T6858] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.730752][ T6858] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.737970][ T6858] device bridge_slave_0 entered promiscuous mode [ 42.745641][ T6858] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.753053][ T6858] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.760568][ T6858] device bridge_slave_1 entered promiscuous mode [ 42.771895][ T6868] chnl_net:caif_netlink_parms(): no params data found [ 42.789881][ T6887] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.796948][ T6887] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.804372][ T6887] device bridge_slave_0 entered promiscuous mode [ 42.811506][ T6885] chnl_net:caif_netlink_parms(): no params data found [ 42.823166][ T6858] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 42.833779][ T6901] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 42.843665][ T6857] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.850772][ T6857] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.858230][ T6857] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.865281][ T6857] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.875575][ T6887] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.882971][ T6887] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.890466][ T6887] device bridge_slave_1 entered promiscuous mode [ 42.900574][ T6858] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 42.910129][ T6901] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 42.933595][ T6885] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.944936][ T6885] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.952801][ T6885] device bridge_slave_0 entered promiscuous mode [ 42.963089][ T6887] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 42.974531][ T6887] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 42.984186][ T6858] team0: Port device team_slave_0 added [ 42.993403][ T6857] 8021q: adding VLAN 0 to HW filter on device bond0 [ 43.003214][ T6885] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.010719][ T6885] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.017941][ T6885] device bridge_slave_1 entered promiscuous mode [ 43.024863][ T6868] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.032588][ T6868] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.040023][ T6868] device bridge_slave_0 entered promiscuous mode [ 43.047910][ T6868] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.055264][ T6868] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.062928][ T6868] device bridge_slave_1 entered promiscuous mode [ 43.071251][ T6858] team0: Port device team_slave_1 added [ 43.077464][ T6901] team0: Port device team_slave_0 added [ 43.093546][ T6887] team0: Port device team_slave_0 added [ 43.102388][ T6885] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 43.112392][ T6885] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 43.122379][ T6901] team0: Port device team_slave_1 added [ 43.129767][ T6868] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 43.139101][ T6887] team0: Port device team_slave_1 added [ 43.151677][ T6858] device hsr_slave_0 entered promiscuous mode [ 43.158247][ T6858] device hsr_slave_1 entered promiscuous mode [ 43.165300][ T6858] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 43.173171][ T6858] Cannot create hsr debugfs directory [ 43.179396][ T6868] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 43.190862][ T6885] team0: Port device team_slave_0 added [ 43.197205][ T6857] 8021q: adding VLAN 0 to HW filter on device team0 [ 43.206183][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 43.215127][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 43.224217][ T17] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.231946][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 43.248659][ T6887] device hsr_slave_0 entered promiscuous mode [ 43.255082][ T6887] device hsr_slave_1 entered promiscuous mode [ 43.262342][ T6887] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 43.270161][ T6887] Cannot create hsr debugfs directory [ 43.276101][ T6885] team0: Port device team_slave_1 added [ 43.286298][ T6868] team0: Port device team_slave_0 added [ 43.298167][ T6901] device hsr_slave_0 entered promiscuous mode [ 43.304926][ T6901] device hsr_slave_1 entered promiscuous mode [ 43.311512][ T6901] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 43.319037][ T6901] Cannot create hsr debugfs directory [ 43.326491][ T6868] team0: Port device team_slave_1 added [ 43.339075][ T6885] device hsr_slave_0 entered promiscuous mode [ 43.346479][ T6885] device hsr_slave_1 entered promiscuous mode [ 43.353058][ T6885] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 43.360663][ T6885] Cannot create hsr debugfs directory [ 43.377914][ T6857] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 43.388602][ T6857] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 43.401323][ T6868] device hsr_slave_0 entered promiscuous mode [ 43.407806][ T6868] device hsr_slave_1 entered promiscuous mode [ 43.414463][ T6868] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 43.422113][ T6868] Cannot create hsr debugfs directory [ 43.430150][ T6858] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 43.440512][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 43.448778][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 43.457246][ T47] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.464287][ T47] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.471792][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 43.480049][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 43.488091][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 43.496493][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 43.504544][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 43.512747][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 43.520815][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 43.528733][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 43.537106][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 43.545194][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 43.559191][ T6901] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 43.574251][ T6858] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 43.581633][ T6858] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 43.590705][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 43.598354][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 43.605858][ T6901] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 43.613354][ T6901] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 43.621334][ T6901] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 43.632138][ T6858] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 43.646907][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 43.656175][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 43.666384][ T6857] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 43.688039][ T7778] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 43.689546][ T6887] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 43.695829][ T7778] #PF: supervisor read access in kernel mode [ 43.708416][ T7778] #PF: error_code(0x0000) - not-present page [ 43.714363][ T7778] PGD 11db82067 P4D 11db82067 PUD 11db81067 PMD 0 [ 43.720827][ T7778] Oops: 0000 [#1] PREEMPT SMP [ 43.725461][ T7778] CPU: 0 PID: 7778 Comm: syz-executor.2 Not tainted 5.9.0-syzkaller #0 [ 43.733652][ T7778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.743674][ T7778] RIP: 0010:memcpy_erms+0x6/0x10 [ 43.748571][ T7778] Code: cc cc cc cc eb 1e 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 a4 c3 0f 1f 80 00 00 00 00 48 89 f8 48 83 fa 20 72 7e 40 38 fe [ 43.768170][ T7778] RSP: 0018:ffffc900025ffe50 EFLAGS: 00010286 [ 43.774196][ T7778] RAX: ffffc900025ffe92 RBX: ffffc900025ffe80 RCX: 000000000000002b [ 43.782127][ T7778] RDX: 000000000000002b RSI: 0000000000000000 RDI: ffffc900025ffe92 [ 43.790099][ T7778] RBP: ffffc900025ffe68 R08: 0000000000000001 R09: 0000000000000001 [ 43.798034][ T7778] R10: 0000000000002a05 R11: 0000000000000001 R12: ffff88811cdfd800 [ 43.805978][ T7778] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 43.813917][ T7778] FS: 00007f723f1c3700(0000) GS:ffff88813bc00000(0000) knlGS:0000000000000000 [ 43.822858][ T7778] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 43.829403][ T7778] CR2: 0000000000000000 CR3: 000000011db83000 CR4: 00000000001506f0 [ 43.837338][ T7778] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 43.845270][ T7778] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 43.853202][ T7778] Call Trace: [ 43.856451][ T7778] ? llcp_sock_getname+0xa8/0xd0 [ 43.861350][ T7778] __sys_getpeername+0x68/0xe0 [ 43.866088][ T7778] ? do_syscall_64+0x13/0x80 [ 43.870640][ T7778] ? trace_hardirqs_on+0x29/0x100 [ 43.875624][ T7778] __x64_sys_getpeername+0x15/0x20 [ 43.880696][ T7778] do_syscall_64+0x31/0x80 [ 43.885073][ T7778] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 43.890924][ T7778] RIP: 0033:0x45a779 [ 43.894792][ T7778] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 43.914356][ T7778] RSP: 002b:00007f723f1c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000034 [ 43.922740][ T7778] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a779 [ 43.930672][ T7778] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 43.938604][ T7778] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 43.946536][ T7778] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f723f1c36d4 [ 43.954482][ T7778] R13: 00000000004c14b0 R14: 00000000004d56d8 R15: 00000000ffffffff [ 43.962418][ T7778] Modules linked in: [ 43.966273][ T7778] CR2: 0000000000000000 [ 43.970971][ T7778] ---[ end trace 34436757d18a3aaa ]--- [ 43.971272][ T6887] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 43.976438][ T7778] RIP: 0010:memcpy_erms+0x6/0x10 [ 43.988057][ T7778] Code: cc cc cc cc eb 1e 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 a4 c3 0f 1f 80 00 00 00 00 48 89 f8 48 83 fa 20 72 7e 40 38 fe [ 43.992408][ T6858] 8021q: adding VLAN 0 to HW filter on device bond0 [ 44.014313][ T7778] RSP: 0018:ffffc900025ffe50 EFLAGS: 00010286 [ 44.021504][ T6885] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 44.028178][ T7778] RAX: ffffc900025ffe92 RBX: ffffc900025ffe80 RCX: 000000000000002b [ 44.036236][ T7778] RDX: 000000000000002b RSI: 0000000000000000 RDI: ffffc900025ffe92 [ 44.037237][ T6887] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 44.049110][ T7778] RBP: ffffc900025ffe68 R08: 0000000000000001 R09: 0000000000000001 [ 44.058832][ T7778] R10: 0000000000002a05 R11: 0000000000000001 R12: ffff88811cdfd800 [ 44.060292][ T6858] 8021q: adding VLAN 0 to HW filter on device team0 [ 44.073485][ T7778] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 44.079337][ T6868] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 44.081866][ T7778] FS: 00007f723f1c3700(0000) GS:ffff88813bc00000(0000) knlGS:0000000000000000 [ 44.097012][ T7778] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 44.098076][ T6901] 8021q: adding VLAN 0 to HW filter on device bond0 [ 44.103660][ T7778] CR2: 0000000000000000 CR3: 000000011db83000 CR4: 00000000001506f0 [ 44.111308][ T6885] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 44.118145][ T7778] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 44.132819][ T7778] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 44.133154][ T6885] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 44.147504][ T7778] Kernel panic - not syncing: Fatal exception [ 44.154794][ T7778] Kernel Offset: disabled [ 44.159092][ T7778] Rebooting in 86400 seconds..