[ 94.001845][ T27] audit: type=1400 audit(1578560412.429:37): avc: denied { watch } for pid=10357 comm="restorecond" path="/root/.ssh" dev="sda1" ino=16179 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:object_r:ssh_home_t:s0 tclass=dir permissive=1 [ 94.026298][ T27] audit: type=1400 audit(1578560412.429:38): avc: denied { watch } for pid=10357 comm="restorecond" path="/etc/selinux/restorecond.conf" dev="sda1" ino=2232 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting O[ 94.282521][ T27] audit: type=1800 audit(1578560412.709:39): pid=10262 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 penBSD Secure Sh[ 94.309113][ T27] audit: type=1800 audit(1578560412.719:40): pid=10262 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 ell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 98.626438][ T27] audit: type=1400 audit(1578560417.059:41): avc: denied { map } for pid=10439 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.42' (ECDSA) to the list of known hosts. [ 105.302199][ T27] audit: type=1400 audit(1578560423.729:42): avc: denied { map } for pid=10451 comm="syz-executor700" path="/root/syz-executor700255058" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 105.332359][T10452] IPVS: ftp: loaded support on port[0] = 21 [ 105.391737][T10452] chnl_net:caif_netlink_parms(): no params data found [ 105.423983][T10452] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.431759][T10452] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.439995][T10452] device bridge_slave_0 entered promiscuous mode [ 105.449413][T10452] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.456876][T10452] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.464560][T10452] device bridge_slave_1 entered promiscuous mode [ 105.483604][T10452] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 105.495063][T10452] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 105.514473][T10452] team0: Port device team_slave_0 added [ 105.522877][T10452] team0: Port device team_slave_1 added [ 105.577813][T10452] device hsr_slave_0 entered promiscuous mode [ 105.645306][T10452] device hsr_slave_1 entered promiscuous mode [ 105.754509][ T27] audit: type=1400 audit(1578560424.179:43): avc: denied { create } for pid=10452 comm="syz-executor700" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 105.763866][T10452] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 105.782724][ T27] audit: type=1400 audit(1578560424.189:44): avc: denied { write } for pid=10452 comm="syz-executor700" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 105.812376][ T27] audit: type=1400 audit(1578560424.189:45): avc: denied { read } for pid=10452 comm="syz-executor700" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 105.897988][T10452] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 105.958072][T10452] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 106.017967][T10452] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 106.078607][T10452] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.085944][T10452] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.093624][T10452] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.100738][T10452] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.143918][T10452] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.159047][ T2675] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 106.170232][ T2675] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.179011][ T2675] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.188101][ T2675] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 106.201637][T10452] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.212724][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 106.221730][ T3074] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.229053][ T3074] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.240818][ T2675] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 106.250322][ T2675] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.257451][ T2675] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.276251][ T2675] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 106.284762][ T2675] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 106.306649][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 106.315863][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 106.324649][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 106.336404][T10452] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 106.355737][ T2675] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 106.363256][ T2675] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 106.377506][T10452] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 106.398268][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 106.408328][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 106.429768][ T2675] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 106.438720][ T2675] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 106.448398][ T2675] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready executing program [ 106.456332][ T2675] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 106.466118][T10452] device veth0_vlan entered promiscuous mode [ 106.478029][T10452] device veth1_vlan entered promiscuous mode [ 106.494110][ T27] audit: type=1400 audit(1578560424.919:46): avc: denied { open } for pid=10452 comm="syz-executor700" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 [ 106.587163][T10454] ================================================================== [ 106.587231][T10454] BUG: KASAN: null-ptr-deref in insert_char+0x206/0x400 [ 106.587243][T10454] Read of size 4294967294 at addr 0000000000000010 by task syz-executor700/10454 [ 106.587246][T10454] [ 106.587259][T10454] CPU: 0 PID: 10454 Comm: syz-executor700 Not tainted 5.5.0-rc5-syzkaller #0 [ 106.587266][T10454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 106.587270][T10454] Call Trace: [ 106.587284][T10454] dump_stack+0x197/0x210 [ 106.587295][T10454] ? insert_char+0x206/0x400 [ 106.587306][T10454] ? insert_char+0x206/0x400 [ 106.587320][T10454] __kasan_report.cold+0x5/0x41 [ 106.587333][T10454] ? insert_char+0x206/0x400 [ 106.587345][T10454] kasan_report+0x12/0x20 [ 106.587357][T10454] check_memory_region+0x134/0x1a0 [ 106.587369][T10454] memmove+0x24/0x50 [ 106.587386][T10454] insert_char+0x206/0x400 [ 106.587420][T10454] do_con_trol+0x41a6/0x61b0 [ 106.587442][T10454] ? reset_palette+0x190/0x190 [ 106.587459][T10454] ? __kasan_check_read+0x11/0x20 [ 106.587482][T10454] ? __atomic_notifier_call_chain+0xf8/0x1a0 [ 106.587504][T10454] do_con_write.part.0+0xfd9/0x1ef0 [ 106.587536][T10454] ? do_con_trol+0x61b0/0x61b0 [ 106.587551][T10454] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 106.587562][T10454] ? add_wait_queue+0x112/0x170 [ 106.587574][T10454] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 106.587593][T10454] ? trace_hardirqs_on+0x67/0x240 [ 106.587613][T10454] con_write+0x46/0xd0 [ 106.587632][T10454] n_tty_write+0x40e/0x1080 [ 106.587662][T10454] ? n_tty_read+0x1bf0/0x1bf0 [ 106.587677][T10454] ? prepare_to_wait_exclusive+0x320/0x320 [ 106.587698][T10454] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 106.587714][T10454] ? _copy_from_user+0x12c/0x1a0 [ 106.587732][T10454] tty_write+0x496/0x7f0 [ 106.587750][T10454] ? n_tty_read+0x1bf0/0x1bf0 [ 106.587770][T10454] __vfs_write+0x8a/0x110 [ 106.587783][T10454] ? put_tty_driver+0x20/0x20 [ 106.587799][T10454] vfs_write+0x268/0x5d0 [ 106.587818][T10454] ksys_write+0x14f/0x290 [ 106.587835][T10454] ? __ia32_sys_read+0xb0/0xb0 [ 106.587853][T10454] ? do_syscall_64+0x26/0x790 [ 106.587866][T10454] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 106.587880][T10454] ? do_syscall_64+0x26/0x790 [ 106.587898][T10454] __x64_sys_write+0x73/0xb0 [ 106.587916][T10454] do_syscall_64+0xfa/0x790 [ 106.587933][T10454] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 106.587944][T10454] RIP: 0033:0x447b99 [ 106.587959][T10454] Code: e8 cc 14 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 ab 0e fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 106.587967][T10454] RSP: 002b:00007ff82cd33db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 106.587981][T10454] RAX: ffffffffffffffda RBX: 00000000006ddc28 RCX: 0000000000447b99 [ 106.587989][T10454] RDX: 0000000000000078 RSI: 0000000020000000 RDI: 0000000000000004 [ 106.587997][T10454] RBP: 00000000006ddc20 R08: 0000000000000000 R09: 0000000000000000 [ 106.588005][T10454] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006ddc2c [ 106.588013][T10454] R13: 00007ffff0ce099f R14: 00007ff82cd349c0 R15: 0000000000000000 [ 106.588033][T10454] ================================================================== [ 106.588038][T10454] Disabling lock debugging due to kernel taint [ 106.588044][T10454] Kernel panic - not syncing: panic_on_warn set ... [ 106.588058][T10454] CPU: 0 PID: 10454 Comm: syz-executor700 Tainted: G B 5.5.0-rc5-syzkaller #0 [ 106.588065][T10454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 106.588068][T10454] Call Trace: [ 106.588080][T10454] dump_stack+0x197/0x210 [ 106.588095][T10454] panic+0x2e3/0x75c [ 106.588107][T10454] ? add_taint.cold+0x16/0x16 [ 106.588125][T10454] ? trace_hardirqs_on+0x67/0x240 [ 106.588137][T10454] ? trace_hardirqs_on+0x5e/0x240 [ 106.588152][T10454] ? insert_char+0x206/0x400 [ 106.588165][T10454] end_report+0x47/0x4f [ 106.588178][T10454] ? insert_char+0x206/0x400 [ 106.588189][T10454] __kasan_report.cold+0xe/0x41 [ 106.588201][T10454] ? insert_char+0x206/0x400 [ 106.588215][T10454] kasan_report+0x12/0x20 [ 106.588228][T10454] check_memory_region+0x134/0x1a0 [ 106.588240][T10454] memmove+0x24/0x50 [ 106.588254][T10454] insert_char+0x206/0x400 [ 106.588271][T10454] do_con_trol+0x41a6/0x61b0 [ 106.588288][T10454] ? reset_palette+0x190/0x190 [ 106.588302][T10454] ? __kasan_check_read+0x11/0x20 [ 106.588318][T10454] ? __atomic_notifier_call_chain+0xf8/0x1a0 [ 106.588337][T10454] do_con_write.part.0+0xfd9/0x1ef0 [ 106.588358][T10454] ? do_con_trol+0x61b0/0x61b0 [ 106.588370][T10454] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 106.588380][T10454] ? add_wait_queue+0x112/0x170 [ 106.588397][T10454] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 106.588412][T10454] ? trace_hardirqs_on+0x67/0x240 [ 106.588426][T10454] con_write+0x46/0xd0 [ 106.588441][T10454] n_tty_write+0x40e/0x1080 [ 106.588462][T10454] ? n_tty_read+0x1bf0/0x1bf0 [ 106.588476][T10454] ? prepare_to_wait_exclusive+0x320/0x320 [ 106.588493][T10454] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 106.588507][T10454] ? _copy_from_user+0x12c/0x1a0 [ 106.588522][T10454] tty_write+0x496/0x7f0 [ 106.588538][T10454] ? n_tty_read+0x1bf0/0x1bf0 [ 106.588551][T10454] __vfs_write+0x8a/0x110 [ 106.588564][T10454] ? put_tty_driver+0x20/0x20 [ 106.588576][T10454] vfs_write+0x268/0x5d0 [ 106.588590][T10454] ksys_write+0x14f/0x290 [ 106.588604][T10454] ? __ia32_sys_read+0xb0/0xb0 [ 106.588619][T10454] ? do_syscall_64+0x26/0x790 [ 106.588631][T10454] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 106.588644][T10454] ? do_syscall_64+0x26/0x790 [ 106.588658][T10454] __x64_sys_write+0x73/0xb0 [ 106.588673][T10454] do_syscall_64+0xfa/0x790 [ 106.588689][T10454] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 106.588697][T10454] RIP: 0033:0x447b99 [ 106.588710][T10454] Code: e8 cc 14 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 ab 0e fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 106.588718][T10454] RSP: 002b:00007ff82cd33db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 106.588730][T10454] RAX: ffffffffffffffda RBX: 00000000006ddc28 RCX: 0000000000447b99 [ 106.588738][T10454] RDX: 0000000000000078 RSI: 0000000020000000 RDI: 0000000000000004 [ 106.588745][T10454] RBP: 00000000006ddc20 R08: 0000000000000000 R09: 0000000000000000 [ 106.588753][T10454] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006ddc2c [ 106.588761][T10454] R13: 00007ffff0ce099f R14: 00007ff82cd349c0 R15: 0000000000000000 [ 106.590158][T10454] Kernel Offset: disabled [ 107.235092][T10454] Rebooting in 86400 seconds..