[ 32.817096] audit: type=1800 audit(1565998719.645:33): pid=6873 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 32.844301] audit: type=1800 audit(1565998719.655:34): pid=6873 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 36.694715] random: sshd: uninitialized urandom read (32 bytes read) [ 37.040295] audit: type=1400 audit(1565998723.875:35): avc: denied { map } for pid=7049 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 37.154057] random: sshd: uninitialized urandom read (32 bytes read) [ 37.762172] random: sshd: uninitialized urandom read (32 bytes read) [ 37.955847] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.217' (ECDSA) to the list of known hosts. [ 43.494225] random: sshd: uninitialized urandom read (32 bytes read) [ 43.678527] audit: type=1400 audit(1565998730.505:36): avc: denied { map } for pid=7061 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/08/16 23:38:51 parsed 1 programs [ 44.531671] audit: type=1400 audit(1565998731.365:37): avc: denied { map } for pid=7061 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=94 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 45.377005] random: cc1: uninitialized urandom read (8 bytes read) 2019/08/16 23:38:53 executed programs: 0 [ 46.279990] audit: type=1400 audit(1565998733.105:38): avc: denied { map } for pid=7061 comm="syz-execprog" path="/root/syzkaller-shm048994620" dev="sda1" ino=16485 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 46.550973] IPVS: ftp: loaded support on port[0] = 21 [ 47.380836] chnl_net:caif_netlink_parms(): no params data found [ 47.409632] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.416585] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.423687] device bridge_slave_0 entered promiscuous mode [ 47.430594] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.437121] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.444229] device bridge_slave_1 entered promiscuous mode [ 47.457864] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 47.466431] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 47.481878] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 47.489058] team0: Port device team_slave_0 added [ 47.494561] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 47.501640] team0: Port device team_slave_1 added [ 47.506924] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 47.514187] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 47.571882] device hsr_slave_0 entered promiscuous mode [ 47.630382] device hsr_slave_1 entered promiscuous mode [ 47.670574] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 47.677505] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 47.690327] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.696745] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.703656] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.710090] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.736124] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 47.743403] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.752066] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 47.761845] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.780630] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.788128] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.798652] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 47.804925] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.812879] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.820507] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.826839] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.835788] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.843663] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.850147] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.865611] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 47.873317] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 47.883216] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 47.894823] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 47.905027] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 47.915867] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 47.923083] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 47.930980] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 47.938447] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 47.950881] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 47.959729] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.380817] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 49.087718] audit: type=1400 audit(1565998735.915:39): avc: denied { map } for pid=7092 comm="syz-executor.0" path="/root/syzkaller-testdir372868046/syzkaller.9Lgdep/0/file0/mem" dev="devtmpfs" ino=9 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:memory_device_t:s0 tclass=chr_file permissive=1 [ 49.092618] FAULT_INJECTION: forcing a failure. [ 49.092618] name failslab, interval 1, probability 0, space 0, times 1 [ 49.129516] CPU: 1 PID: 7092 Comm: syz-executor.0 Not tainted 4.14.139 #35 [ 49.136520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.145865] Call Trace: [ 49.148470] dump_stack+0x138/0x19c [ 49.152085] should_fail.cold+0x10f/0x159 [ 49.156270] should_failslab+0xdb/0x130 [ 49.160279] kmem_cache_alloc_trace+0x2e9/0x790 [ 49.165051] ? pat_pagerange_is_ram+0x90/0xf0 [ 49.169529] ? __init_cache_modes+0x240/0x240 [ 49.174023] reserve_memtype+0x164/0x640 [ 49.178070] ? pat_init+0x420/0x420 [ 49.181680] ? __init_cache_modes+0x240/0x240 [ 49.186208] reserve_pfn_range+0x11c/0x390 [ 49.190431] ? arch_io_reserve_memtype_wc+0x80/0x80 [ 49.195438] ? copy_process.part.0+0x444f/0x6a00 [ 49.200182] ? SyS_clone+0x37/0x50 [ 49.203703] ? do_syscall_64+0x1e8/0x640 [ 49.207752] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 49.213108] track_pfn_copy+0x14a/0x190 [ 49.217063] ? reserve_pfn_range+0x390/0x390 [ 49.221464] ? trace_hardirqs_on+0x10/0x10 [ 49.225693] copy_page_range+0x1255/0x1bd0 [ 49.229919] ? save_trace+0x290/0x290 [ 49.233714] ? copy_process.part.0+0x41de/0x6a00 [ 49.238457] ? find_held_lock+0x35/0x130 [ 49.242502] ? vma_compute_subtree_gap+0x190/0x1f0 [ 49.247421] ? vma_gap_callbacks_rotate+0x62/0x80 [ 49.252257] ? __rb_insert_augmented+0x22f/0xdf0 [ 49.257178] ? __pmd_alloc+0x410/0x410 [ 49.261106] ? __vma_link_rb+0x247/0x340 [ 49.265163] copy_process.part.0+0x4764/0x6a00 [ 49.269791] ? __cleanup_sighand+0x50/0x50 [ 49.274017] ? vfs_write+0x25f/0x500 [ 49.277791] _do_fork+0x19e/0xce0 [ 49.281239] ? fork_idle+0x280/0x280 [ 49.284940] ? vfs_write+0x104/0x500 [ 49.288638] ? SyS_write+0x15e/0x230 [ 49.292345] SyS_clone+0x37/0x50 [ 49.295690] ? sys_vfork+0x30/0x30 [ 49.299211] do_syscall_64+0x1e8/0x640 [ 49.303087] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 49.307926] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 49.313106] RIP: 0033:0x459829 [ 49.316282] RSP: 002b:00007ffca5033708 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 49.326057] RAX: ffffffffffffffda RBX: 00007ffca5033720 RCX: 0000000000459829 [ 49.333314] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 49.340576] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 49.347835] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000017bd914 [ 49.355092] R13: 00000000004bfce6 R14: 00000000004d1a58 R15: 0000000000000004 [ 49.363626] ------------[ cut here ]------------ [ 49.368386] WARNING: CPU: 1 PID: 7092 at arch/x86/mm/pat.c:1020 untrack_pfn+0x1dc/0x220 [ 49.376513] Kernel panic - not syncing: panic_on_warn set ... [ 49.376513] [ 49.383862] CPU: 1 PID: 7092 Comm: syz-executor.0 Not tainted 4.14.139 #35 [ 49.390865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.400211] Call Trace: [ 49.402797] dump_stack+0x138/0x19c [ 49.406415] panic+0x1f2/0x426 [ 49.409601] ? add_taint.cold+0x16/0x16 [ 49.413564] ? untrack_pfn+0x1dc/0x220 [ 49.417436] ? untrack_pfn+0x1dc/0x220 [ 49.421312] __warn.cold+0x2f/0x36 [ 49.424927] ? ist_end_non_atomic+0x10/0x10 [ 49.429246] ? untrack_pfn+0x1dc/0x220 [ 49.433177] report_bug+0x216/0x254 [ 49.436836] do_error_trap+0x1bb/0x310 [ 49.440725] ? math_error+0x360/0x360 [ 49.444519] ? lock_downgrade+0x6e0/0x6e0 [ 49.448655] ? unmap_page_range+0xbe7/0x1770 [ 49.453121] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 49.457964] do_invalid_op+0x1b/0x20 [ 49.461673] invalid_op+0x1b/0x40 [ 49.465121] RIP: 0010:untrack_pfn+0x1dc/0x220 [ 49.469599] RSP: 0018:ffff8880986df948 EFLAGS: 00010297 [ 49.474944] RAX: ffff88809495e240 RBX: ffff88809629c778 RCX: 0000000000000000 [ 49.482191] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001 [ 49.489439] RBP: ffff8880986df9d8 R08: ffff88809495e240 R09: 0000000000000000 [ 49.496698] R10: 0000000000000000 R11: ffff88809495e240 R12: 1ffff110130dbf2a [ 49.504009] R13: 0000000000000000 R14: 0000000000000000 R15: ffff8880986df9b0 [ 49.511292] ? untrack_pfn+0x1dc/0x220 [ 49.515170] ? track_pfn_insert+0x150/0x150 [ 49.519487] ? vm_normal_page_pmd+0x360/0x360 [ 49.523979] ? uprobe_munmap+0x94/0x210 [ 49.528007] unmap_single_vma+0x182/0x2c0 [ 49.532148] unmap_vmas+0xac/0x170 [ 49.535678] exit_mmap+0x285/0x4e0 [ 49.539206] ? SyS_munmap+0x30/0x30 [ 49.542829] ? kmem_cache_free+0x244/0x2b0 [ 49.547129] ? __khugepaged_exit+0xcf/0x3d0 [ 49.551541] ? lock_downgrade+0x6e0/0x6e0 [ 49.555686] mmput+0x114/0x440 [ 49.558907] copy_process.part.0+0x4743/0x6a00 [ 49.563487] ? __cleanup_sighand+0x50/0x50 [ 49.567706] ? vfs_write+0x25f/0x500 [ 49.571413] _do_fork+0x19e/0xce0 [ 49.574850] ? fork_idle+0x280/0x280 [ 49.578542] ? vfs_write+0x104/0x500 [ 49.582245] ? SyS_write+0x15e/0x230 [ 49.586025] SyS_clone+0x37/0x50 [ 49.589382] ? sys_vfork+0x30/0x30 [ 49.592905] do_syscall_64+0x1e8/0x640 [ 49.596780] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 49.601621] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 49.606794] RIP: 0033:0x459829 [ 49.610012] RSP: 002b:00007ffca5033708 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 49.617769] RAX: ffffffffffffffda RBX: 00007ffca5033720 RCX: 0000000000459829 [ 49.625134] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 49.632457] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 49.639822] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000017bd914 [ 49.647082] R13: 00000000004bfce6 R14: 00000000004d1a58 R15: 0000000000000004 [ 49.655507] Kernel Offset: disabled [ 49.659240] Rebooting in 86400 seconds..