[ 32.217804] kauditd_printk_skb: 9 callbacks suppressed [ 32.217812] audit: type=1800 audit(1559943041.271:33): pid=6828 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 32.244828] audit: type=1800 audit(1559943041.281:34): pid=6828 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 36.060841] random: sshd: uninitialized urandom read (32 bytes read) [ 36.387888] audit: type=1400 audit(1559943045.441:35): avc: denied { map } for pid=7002 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 36.438839] random: sshd: uninitialized urandom read (32 bytes read) [ 37.111386] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.39' (ECDSA) to the list of known hosts. [ 42.692827] random: sshd: uninitialized urandom read (32 bytes read) 2019/06/07 21:30:51 fuzzer started [ 42.892242] audit: type=1400 audit(1559943051.951:36): avc: denied { map } for pid=7011 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 44.905486] random: cc1: uninitialized urandom read (8 bytes read) 2019/06/07 21:30:54 dialing manager at 10.128.0.105:44383 2019/06/07 21:30:54 syscalls: 2444 2019/06/07 21:30:54 code coverage: enabled 2019/06/07 21:30:54 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/06/07 21:30:54 extra coverage: extra coverage is not supported by the kernel 2019/06/07 21:30:54 setuid sandbox: enabled 2019/06/07 21:30:54 namespace sandbox: enabled 2019/06/07 21:30:54 Android sandbox: /sys/fs/selinux/policy does not exist 2019/06/07 21:30:54 fault injection: enabled 2019/06/07 21:30:54 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/06/07 21:30:54 net packet injection: enabled 2019/06/07 21:30:54 net device setup: enabled 21:30:56 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x20000000000001, 0x3, &(0x7f0000000340)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2e, 0xffffffd4, 0x0, 0x0, 0x10}}, &(0x7f0000000240)='EP\xd4\x00\x1f\x91\xeb/W\xb72$C0%\x03\x9c0\x96\xb2\fkC\x93H\xbfh\x9c\b`\x857\xd6\">c\xad\xc0bO\xba\xe2\xe1\t5\x9d\xcei\"2L\xcc\x13\x16\vh\xca\xe6C\x06\x97%\x9d\xd5-\x1fs\xe1j\xdc5\x92\xd0)%\xdf\xfa\xe8^\x9c\xd29\x8clg\xc8\x7f\xb5\xb1&\x02\xf1E\xb4\x84\xbeE\x91)f\xe8\xb7\xe2\xf6`i\xc5m\xd7l\x1d\xc1\x12\x01<:kM\xe9\x99\xcd\xcd\xc8\x85Z\xee47\xdc\xc8u\x80\xcf\xbeTo\xbb\xfb\xc0\xebV\xd8\xbb\xbe\xa2\x90J|s\xc2', 0x10000000000001, 0x39c, &(0x7f0000000580)=""/195, 0x0, 0x0, [0x42]}, 0x48) 21:30:56 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x5}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/protocols\x00') sendfile(r0, r1, 0x0, 0x8607) 21:30:56 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") utime(0x0, 0x0) 21:30:56 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") prctl$PR_GET_TID_ADDRESS(0x28, &(0x7f0000000000)) [ 47.622256] audit: type=1400 audit(1559943056.681:37): avc: denied { map } for pid=7011 comm="syz-fuzzer" path="/root/syzkaller-shm775131196" dev="sda1" ino=16493 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 21:30:56 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r1 = socket$netlink(0x10, 0x3, 0x1000000000004) writev(r1, &(0x7f0000000400)=[{&(0x7f0000000300)="750000001200192300bb4b80040d8c56286932324ba7e680129643c218fe59a2e04a03ca81cacde5d264243e890000000a215a0004fbf50dfff90003a5000004000000005e0000001d30221f1000010007008a96ff0000ec6b0f536e3a033562ee1614d71b06ec482ec3aab42097d5f1bbe895508d", 0x75}], 0x1) 21:30:56 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000000)='cpuset.cpus\x00', 0x2, 0x0) sendfile(r1, r1, 0x0, 0x1fffffc) [ 47.663513] audit: type=1400 audit(1559943056.721:38): avc: denied { map } for pid=7028 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=13790 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 48.420199] IPVS: ftp: loaded support on port[0] = 21 [ 48.711286] NET: Registered protocol family 30 [ 48.715940] Failed to register TIPC socket type [ 49.594068] IPVS: ftp: loaded support on port[0] = 21 [ 49.612815] NET: Registered protocol family 30 [ 49.617440] Failed to register TIPC socket type [ 49.792930] chnl_net:caif_netlink_parms(): no params data found [ 50.169463] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.260183] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.356126] device bridge_slave_0 entered promiscuous mode [ 50.421929] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.428383] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.531776] device bridge_slave_1 entered promiscuous mode [ 50.913123] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 51.179065] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 51.601240] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 51.700758] team0: Port device team_slave_0 added [ 51.887831] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 52.040746] team0: Port device team_slave_1 added [ 52.175344] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 52.456134] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 52.768749] device hsr_slave_0 entered promiscuous mode [ 53.031689] device hsr_slave_1 entered promiscuous mode [ 53.188272] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 53.297781] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 53.574354] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 54.271162] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.444411] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.602696] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.608940] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.622137] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.771666] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 54.777819] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.030659] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 55.037920] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.061312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.121352] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.128109] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.282665] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 55.291505] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 55.362000] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.400589] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.450846] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.457266] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.543079] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 55.552550] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 55.577939] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 55.687118] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 55.752479] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 55.759668] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 55.790758] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 55.798942] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 55.901253] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 55.970838] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 55.979870] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.065587] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 56.136705] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 56.151583] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.243933] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 56.319743] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 56.331520] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.426303] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 56.461520] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 56.542195] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 56.662014] 8021q: adding VLAN 0 to HW filter on device batadv0 21:31:06 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") utime(0x0, 0x0) 21:31:06 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") utime(0x0, 0x0) 21:31:06 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") utime(0x0, 0x0) 21:31:06 executing program 2: socket$inet_udplite(0x2, 0x2, 0x88) utime(0x0, 0x0) 21:31:06 executing program 2: utime(0x0, 0x0) 21:31:07 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/protocols\x00') sendfile(r0, r1, 0x0, 0x8607) [ 58.213559] kasan: CONFIG_KASAN_INLINE enabled [ 58.218277] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 58.228897] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 58.235182] Modules linked in: [ 58.238425] CPU: 0 PID: 7659 Comm: syz-executor.2 Not tainted 4.14.123 #17 [ 58.245445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.254845] task: ffff8880978a64c0 task.stack: ffff88806f6a0000 [ 58.261068] RIP: 0010:proto_seq_show+0x52/0x8c0 [ 58.265731] RSP: 0018:ffff88806f6a7478 EFLAGS: 00010a06 [ 58.271166] RAX: dffffc0000000000 RBX: dead000000000100 RCX: ffffc90007e4d000 [ 58.278419] RDX: 1bd5a0000000000c RSI: ffffffff84cc851f RDI: dead000000000060 [ 58.285765] RBP: ffff88806f6a7508 R08: ffff8880a1e08a08 R09: ffffed100e74a5cc [ 58.293043] R10: ffffed100e74a5cb R11: ffff888073a52e5d R12: dffffc0000000000 [ 58.300302] R13: dead000000000100 R14: 0000000000000004 R15: ffffffff86ee3fe0 [ 58.307560] FS: 00007f18c75d0700(0000) GS:ffff8880aee00000(0000) knlGS:0000000000000000 [ 58.315879] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 58.321747] CR2: 0000001b33122000 CR3: 000000008bcb6000 CR4: 00000000001406f0 [ 58.329022] Call Trace: [ 58.331602] ? seq_list_next+0x5e/0x80 [ 58.335475] seq_read+0xb46/0x1280 [ 58.339004] ? seq_lseek+0x3c0/0x3c0 [ 58.342746] ? avc_policy_seqno+0x9/0x20 [ 58.346800] ? selinux_file_permission+0x85/0x480 [ 58.351632] proc_reg_read+0xfa/0x170 [ 58.355442] ? seq_lseek+0x3c0/0x3c0 [ 58.359168] do_iter_read+0x3e2/0x5b0 [ 58.362963] vfs_readv+0xd3/0x130 [ 58.366421] ? compat_rw_copy_check_uvector+0x310/0x310 [ 58.371798] ? push_pipe+0x3e6/0x780 [ 58.375513] ? iov_iter_get_pages_alloc+0x2c9/0xef0 [ 58.380519] ? iov_iter_revert+0x9c0/0x9c0 [ 58.384779] ? iov_iter_pipe+0x9f/0x2c0 [ 58.388739] default_file_splice_read+0x421/0x7b0 [ 58.393590] ? __kmalloc+0x15d/0x7a0 [ 58.397305] ? alloc_pipe_info+0x15c/0x380 [ 58.401541] ? splice_direct_to_actor+0x5d2/0x7b0 [ 58.406369] ? do_splice_direct+0x18d/0x230 [ 58.410673] ? do_splice_direct+0x230/0x230 [ 58.414976] ? trace_hardirqs_on+0x10/0x10 [ 58.419195] ? save_trace+0x290/0x290 [ 58.422983] ? save_trace+0x290/0x290 [ 58.426789] ? avc_policy_seqno+0x9/0x20 [ 58.430864] ? selinux_file_permission+0x85/0x480 [ 58.435699] ? security_file_permission+0x89/0x1f0 [ 58.440650] ? rw_verify_area+0xea/0x2b0 [ 58.444699] ? do_splice_direct+0x230/0x230 [ 58.449007] do_splice_to+0x105/0x170 [ 58.452797] splice_direct_to_actor+0x222/0x7b0 [ 58.457447] ? generic_pipe_buf_nosteal+0x10/0x10 [ 58.462271] ? do_splice_to+0x170/0x170 [ 58.472936] ? rw_verify_area+0xea/0x2b0 [ 58.476979] do_splice_direct+0x18d/0x230 [ 58.481108] ? splice_direct_to_actor+0x7b0/0x7b0 [ 58.485954] ? rw_verify_area+0xea/0x2b0 [ 58.490024] do_sendfile+0x4db/0xbd0 [ 58.493761] ? do_compat_pwritev64+0x140/0x140 [ 58.498326] ? put_timespec64+0xb4/0x100 [ 58.502373] ? nsecs_to_jiffies+0x30/0x30 [ 58.506505] SyS_sendfile64+0x102/0x110 [ 58.510486] ? SyS_sendfile+0x130/0x130 [ 58.514468] ? do_syscall_64+0x53/0x640 [ 58.518450] ? SyS_sendfile+0x130/0x130 [ 58.522411] do_syscall_64+0x1e8/0x640 [ 58.526295] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 58.531129] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 58.536328] RIP: 0033:0x459279 [ 58.539600] RSP: 002b:00007f18c75cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 58.547445] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000459279 [ 58.554761] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 58.562370] RBP: 000000000075bfc0 R08: 0000000000000000 R09: 0000000000000000 [ 58.569837] R10: 0000000000008607 R11: 0000000000000246 R12: 00007f18c75d06d4 [ 58.577097] R13: 00000000004c6835 R14: 00000000004db7a8 R15: 00000000ffffffff [ 58.584380] Code: 06 00 00 e8 a1 20 90 fc 48 8d bb 60 ff ff ff 48 8d 83 90 fe ff ff 48 89 fa 48 89 45 c8 48 c1 ea 03 48 b8 00 00 00 00 00 fc ff df <80> 3c 02 00 0f 85 b3 07 00 00 48 83 bb 60 ff ff ff 01 19 c0 83 [ 58.603526] RIP: proto_seq_show+0x52/0x8c0 RSP: ffff88806f6a7478 [ 58.610970] ---[ end trace 0bc9f983e20dac3a ]--- [ 58.615748] Kernel panic - not syncing: Fatal exception [ 58.621941] Kernel Offset: disabled [ 58.625565] Rebooting in 86400 seconds..