[ 33.332362] audit: type=1800 audit(1580763639.695:33): pid=7130 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 33.360694] audit: type=1800 audit(1580763639.695:34): pid=7130 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 36.951967] random: sshd: uninitialized urandom read (32 bytes read) [ 37.386576] audit: type=1400 audit(1580763643.745:35): avc: denied { map } for pid=7304 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 37.443560] random: sshd: uninitialized urandom read (32 bytes read) [ 38.215306] random: sshd: uninitialized urandom read (32 bytes read) [ 38.414553] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.1.5' (ECDSA) to the list of known hosts. [ 43.934105] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 44.065548] audit: type=1400 audit(1580763650.425:36): avc: denied { map } for pid=7317 comm="syz-executor814" path="/root/syz-executor814252622" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 44.092987] audit: type=1400 audit(1580763650.425:37): avc: denied { create } for pid=7317 comm="syz-executor814" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 44.093315] kasan: CONFIG_KASAN_INLINE enabled [ 44.117406] audit: type=1400 audit(1580763650.425:38): avc: denied { write } for pid=7317 comm="syz-executor814" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 44.147660] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 44.147675] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 44.147680] Modules linked in: [ 44.147689] CPU: 0 PID: 7317 Comm: syz-executor814 Not tainted 4.14.169-syzkaller #0 [ 44.147693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.147697] task: ffff8880831de200 task.stack: ffff8880997b0000 [ 44.147707] RIP: 0010:get_unique_tuple+0x230/0x19e0 [ 44.147715] RSP: 0018:ffff8880997b6ea0 EFLAGS: 00010206 [ 44.199350] RAX: dffffc0000000000 RBX: ffff8880997b7028 RCX: 1ffffffff11660d8 [ 44.206698] RDX: 0000000080000000 RSI: ffffffff87f84ee0 RDI: ffffffff88b306c0 [ 44.214243] RBP: ffff8880997b6fc8 R08: 0000000000000000 R09: ffff8880831deaf0 [ 44.221546] R10: ffff8880831dead0 R11: ffff8880831de200 R12: 0000000400000002 [ 44.228816] R13: 00000000000000ec R14: ffff8880997b704e R15: ffff8880997b7078 [ 44.236200] FS: 0000000001fa0880(0000) GS:ffff8880aec00000(0000) knlGS:0000000000000000 [ 44.244426] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 44.250420] CR2: 000056243a21b180 CR3: 0000000090af3000 CR4: 00000000001406f0 [ 44.257731] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 44.265008] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 44.272266] Call Trace: [ 44.274859] ? find_held_lock+0x35/0x130 [ 44.278921] ? nf_ct_invert_tuplepr+0x17d/0x2c0 [ 44.283587] ? hash_by_src+0x360/0x360 [ 44.287477] ? lock_downgrade+0x740/0x740 [ 44.291622] ? nf_ct_invert_tuplepr+0x1a4/0x2c0 [ 44.296364] nf_nat_setup_info+0x1bd/0x7f0 [ 44.300587] ? nf_nat_proto_clean+0x1c0/0x1c0 [ 44.305274] ? kmem_cache_alloc+0x12e/0x780 [ 44.309606] ? __nf_conntrack_alloc+0xa2/0x5e0 [ 44.314183] ? nf_conntrack_alloc+0x38/0x50 [ 44.318503] ? netlink_unicast+0x44d/0x650 [ 44.322749] ? netlink_sendmsg+0x7c4/0xc60 [ 44.326968] ? sock_sendmsg+0xce/0x110 [ 44.330840] ? ___sys_sendmsg+0x70a/0x840 [ 44.334982] ? __sys_sendmsg+0xb9/0x140 [ 44.338949] ? SyS_sendmsg+0x2d/0x50 [ 44.342671] ? do_syscall_64+0x1e8/0x640 [ 44.346716] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 44.353141] ? save_trace+0x290/0x290 [ 44.356961] ? save_trace+0x290/0x290 [ 44.360858] __nf_nat_alloc_null_binding+0x13f/0x180 [ 44.366058] ? nf_nat_setup_info+0x7f0/0x7f0 [ 44.370484] ? __lock_is_held+0xb6/0x140 [ 44.374537] ? check_preemption_disabled+0x3c/0x250 [ 44.379818] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 44.385265] nfnetlink_parse_nat_setup+0x34a/0x3b0 [ 44.390183] ? nf_nat_alloc_null_binding+0x50/0x50 [ 44.395096] ? rcu_read_lock_sched_held+0x110/0x130 [ 44.400113] ? __lock_is_held+0xb6/0x140 [ 44.404164] ? check_preemption_disabled+0x3c/0x250 [ 44.409174] ? nf_nat_alloc_null_binding+0x50/0x50 [ 44.414362] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 44.419797] ? nf_nat_alloc_null_binding+0x50/0x50 [ 44.424723] ctnetlink_parse_nat_setup+0x76/0x4a0 [ 44.429652] ctnetlink_create_conntrack+0x468/0x10c0 [ 44.434853] ? queue_work_on+0xfd/0x1d0 [ 44.438938] ? ctnetlink_del_conntrack+0x5e0/0x5e0 [ 44.443866] ? hash_conntrack_raw+0x2c1/0x430 [ 44.448703] ? nf_ct_get_id+0x170/0x170 [ 44.452806] ctnetlink_new_conntrack+0x4af/0xcc0 [ 44.457549] ? ctnetlink_create_conntrack+0x10c0/0x10c0 [ 44.462947] ? ctnetlink_create_conntrack+0x10c0/0x10c0 [ 44.468316] nfnetlink_rcv_msg+0xa08/0xc00 [ 44.472572] netlink_rcv_skb+0x14f/0x3c0 [ 44.476621] ? nfnetlink_bind+0x240/0x240 [ 44.481028] ? netlink_ack+0x9a0/0x9a0 [ 44.484906] ? ns_capable_common+0x12c/0x160 [ 44.489303] ? __netlink_ns_capable+0xe2/0x130 [ 44.493891] nfnetlink_rcv+0x1ab/0x1650 [ 44.498001] ? netlink_deliver_tap+0x93/0x8f0 [ 44.502496] ? find_held_lock+0x35/0x130 [ 44.506570] ? netlink_deliver_tap+0x93/0x8f0 [ 44.511086] ? nfnl_err_del+0x160/0x160 [ 44.515045] ? lock_downgrade+0x740/0x740 [ 44.519175] ? netlink_deliver_tap+0xba/0x8f0 [ 44.523673] netlink_unicast+0x44d/0x650 [ 44.527745] ? netlink_attachskb+0x6a0/0x6a0 [ 44.532147] ? security_netlink_send+0x81/0xb0 [ 44.536709] netlink_sendmsg+0x7c4/0xc60 [ 44.540756] ? netlink_unicast+0x650/0x650 [ 44.544976] ? security_socket_sendmsg+0x89/0xb0 [ 44.549753] ? netlink_unicast+0x650/0x650 [ 44.554038] sock_sendmsg+0xce/0x110 [ 44.557751] ___sys_sendmsg+0x70a/0x840 [ 44.561810] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 44.566544] ? save_trace+0x290/0x290 [ 44.570334] ? selinux_file_alloc_security+0xb4/0x190 [ 44.576307] ? __fd_install+0x1fb/0x5f0 [ 44.580392] ? find_held_lock+0x35/0x130 [ 44.584509] ? __fd_install+0x236/0x5f0 [ 44.588483] ? errseq_sample+0x4d/0x60 [ 44.592356] ? __fget_light+0x172/0x1f0 [ 44.596335] ? __fdget+0x1b/0x20 [ 44.599681] ? sockfd_lookup_light+0xb4/0x160 [ 44.604204] __sys_sendmsg+0xb9/0x140 [ 44.608006] ? SyS_shutdown+0x170/0x170 [ 44.611979] ? fd_install+0x4d/0x60 [ 44.615597] SyS_sendmsg+0x2d/0x50 [ 44.619118] ? __sys_sendmsg+0x140/0x140 [ 44.623314] do_syscall_64+0x1e8/0x640 [ 44.627186] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 44.632888] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 44.638054] RIP: 0033:0x440239 [ 44.641245] RSP: 002b:00007ffcd888a338 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 44.648937] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440239 [ 44.656280] RDX: 0000000000000000 RSI: 0000000020000640 RDI: 0000000000000003 [ 44.663531] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 44.670795] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401ac0 [ 44.678669] R13: 0000000000401b50 R14: 0000000000000000 R15: 0000000000000000 [ 44.686919] Code: 48 c1 e9 03 80 3c 11 00 0f 85 91 14 00 00 4a 8b 14 e5 60 ff b2 88 4c 8d 24 c2 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 81 14 00 00 49 8b 04 24 48 89 85 30 ff ff ff [ 44.706452] RIP: get_unique_tuple+0x230/0x19e0 RSP: ffff8880997b6ea0 [ 44.714112] ---[ end trace 7a2b991410e18817 ]--- [ 44.719350] Kernel panic - not syncing: Fatal exception [ 44.726806] Kernel Offset: disabled [ 44.730716] Rebooting in 86400 seconds..