[ 32.944085] audit: type=1800 audit(1580315479.265:33): pid=7126 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 32.970726] audit: type=1800 audit(1580315479.265:34): pid=7126 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 37.778410] random: sshd: uninitialized urandom read (32 bytes read) [ 37.998488] audit: type=1400 audit(1580315484.315:35): avc: denied { map } for pid=7300 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 38.051151] random: sshd: uninitialized urandom read (32 bytes read) [ 38.760200] random: sshd: uninitialized urandom read (32 bytes read) [ 38.956464] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.1.5' (ECDSA) to the list of known hosts. [ 44.526453] random: sshd: uninitialized urandom read (32 bytes read) [ 44.645719] audit: type=1400 audit(1580315490.965:36): avc: denied { map } for pid=7312 comm="syz-executor857" path="/root/syz-executor857916191" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 44.920913] IPVS: ftp: loaded support on port[0] = 21 [ 45.785434] chnl_net:caif_netlink_parms(): no params data found [ 45.816855] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.823536] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.830951] device bridge_slave_0 entered promiscuous mode [ 45.838290] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.844869] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.852016] device bridge_slave_1 entered promiscuous mode [ 45.867243] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 45.876344] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 45.893561] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 45.900759] team0: Port device team_slave_0 added [ 45.907114] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 45.914426] team0: Port device team_slave_1 added [ 45.927101] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 45.933578] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.960092] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 45.970920] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 45.977156] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.002628] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.012995] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 46.020823] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 46.091808] device hsr_slave_0 entered promiscuous mode [ 46.160411] device hsr_slave_1 entered promiscuous mode [ 46.200960] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 46.208000] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 46.259532] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.266079] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.272982] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.279487] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.308485] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 46.315516] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.324667] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 46.335038] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 46.354020] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.361680] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.371381] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 46.378036] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.386745] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 46.394583] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.400970] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.409956] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 46.418131] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.424538] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.442051] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 46.449839] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 46.457611] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 46.466641] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 46.478010] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 46.489188] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 46.495472] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 46.502666] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 46.515461] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 46.523236] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 46.531204] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 46.542939] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.601631] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 46.612516] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 46.646882] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 46.654257] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 46.661337] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 46.669957] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 46.677863] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 46.684988] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 46.694987] device veth0_vlan entered promiscuous mode [ 46.703816] device veth1_vlan entered promiscuous mode [ 46.709732] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 46.718622] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 46.729303] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 46.738897] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 46.746277] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 46.753620] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 46.764189] device veth0_macvtap entered promiscuous mode [ 46.771265] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 46.779316] device veth1_macvtap entered promiscuous mode [ 46.785976] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 46.793862] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 46.803452] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 46.813803] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 46.822935] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 46.830558] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 46.839121] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready executing program [ 46.847231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 46.857100] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 46.864116] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 46.871684] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 46.879323] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 47.001107] audit: type=1400 audit(1580315493.325:37): avc: denied { write } for pid=7313 comm="syz-executor857" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=socket permissive=1 [ 47.463534] kasan: CONFIG_KASAN_INLINE enabled [ 47.468233] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 47.476886] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 47.483801] Modules linked in: [ 47.487073] CPU: 0 PID: 7341 Comm: syz-executor857 Not tainted 4.14.169-syzkaller #0 [ 47.494948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.505850] task: ffff8880968226c0 task.stack: ffff888088db8000 [ 47.513881] RIP: 0010:__lock_acquire+0x1ba/0x4620 [ 47.520489] RSP: 0018:ffff888088dbf9a0 EFLAGS: 00010006 [ 47.525950] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 47.533883] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000001 [ 47.541241] RBP: ffff888088dbfb48 R08: 0000000000000001 R09: 0000000000000001 [ 47.548794] R10: 0000000000000000 R11: ffff8880968226c0 R12: 0000000000000018 [ 47.556502] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000 [ 47.563955] FS: 00007efe5fa96700(0000) GS:ffff8880aec00000(0000) knlGS:0000000000000000 [ 47.572527] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 47.579133] CR2: 0000000020000002 CR3: 000000009e0b2000 CR4: 00000000001406f0 [ 47.586508] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 47.596505] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 47.604224] Call Trace: [ 47.606812] ? __lock_acquire+0x5f7/0x4620 [ 47.611622] ? trace_hardirqs_on+0x10/0x10 [ 47.615856] ? find_held_lock+0x35/0x130 [ 47.619945] ? trace_hardirqs_on+0x10/0x10 [ 47.625737] ? save_trace+0x290/0x290 [ 47.629534] ? trace_hardirqs_on_caller+0x400/0x590 [ 47.635064] lock_acquire+0x16f/0x430 [ 47.639154] ? prepare_to_wait+0x7c/0x320 [ 47.643382] ? lock_sock_nested+0x9e/0x110 [ 47.647690] _raw_spin_lock_irqsave+0x95/0xcd [ 47.652455] ? prepare_to_wait+0x7c/0x320 [ 47.657210] prepare_to_wait+0x7c/0x320 [ 47.661276] ? trace_hardirqs_on_caller+0x400/0x590 [ 47.666325] ? add_wait_queue_exclusive+0x1a0/0x1a0 [ 47.672217] ? __local_bh_enable_ip+0x99/0x1a0 [ 47.676905] nr_accept+0x1fa/0x6d0 [ 47.680438] ? nr_ioctl+0x300/0x300 [ 47.684147] ? _raw_spin_unlock+0x2d/0x50 [ 47.688296] ? finish_wait+0x260/0x260 [ 47.693200] ? security_socket_accept+0x81/0xb0 [ 47.697995] SYSC_accept4+0x30f/0x640 [ 47.701878] ? kernel_accept+0x300/0x300 [ 47.706022] ? release_sock+0x14a/0x1b0 [ 47.710106] ? trace_hardirqs_on+0xd/0x10 [ 47.714498] ? __local_bh_enable_ip+0x99/0x1a0 [ 47.720339] ? SyS_futex+0x215/0x310 [ 47.724218] ? SyS_futex+0x222/0x310 [ 47.727918] ? nr_listen+0x104/0x150 [ 47.732415] ? do_futex+0x19e0/0x19e0 [ 47.737205] SyS_accept+0x26/0x30 [ 47.741758] ? SyS_accept4+0x40/0x40 [ 47.746524] do_syscall_64+0x1e8/0x640 [ 47.750395] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 47.755285] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 47.760822] RIP: 0033:0x447fb9 [ 47.764198] RSP: 002b:00007efe5fa95db8 EFLAGS: 00000246 ORIG_RAX: 000000000000002b [ 47.773084] RAX: ffffffffffffffda RBX: 00000000006ddc68 RCX: 0000000000447fb9 [ 47.781597] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 47.789000] RBP: 00000000006ddc60 R08: 0000000000000000 R09: 0000000000000000 [ 47.796525] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006ddc6c [ 47.803973] R13: 00007ffc7a310b5f R14: 00007efe5fa969c0 R15: 000000000000002d [ 47.812475] Code: 00 c7 40 18 00 00 00 00 48 8d 65 d8 44 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d c3 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 ac 2e 00 00 49 81 3c 24 60 75 ea 88 0f 84 43 [ 47.834130] RIP: __lock_acquire+0x1ba/0x4620 RSP: ffff888088dbf9a0 [ 47.841050] ---[ end trace ec4dac0fc204cf5d ]--- [ 47.846120] Kernel panic - not syncing: Fatal exception [ 47.854239] Kernel Offset: disabled [ 47.857947] Rebooting in 86400 seconds..