[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 31.678283] random: sshd: uninitialized urandom read (32 bytes read) [ 31.924480] kauditd_printk_skb: 9 callbacks suppressed [ 31.924489] audit: type=1400 audit(1566886785.089:35): avc: denied { map } for pid=6818 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 31.966126] random: sshd: uninitialized urandom read (32 bytes read) [ 32.475376] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.158' (ECDSA) to the list of known hosts. [ 38.058755] urandom_read: 1 callbacks suppressed [ 38.058761] random: sshd: uninitialized urandom read (32 bytes read) [ 38.245965] audit: type=1400 audit(1566886791.409:36): avc: denied { map } for pid=6832 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/08/27 06:19:52 parsed 1 programs [ 39.093505] audit: type=1400 audit(1566886792.259:37): avc: denied { map } for pid=6832 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=13801 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 40.014947] random: cc1: uninitialized urandom read (8 bytes read) 2019/08/27 06:19:54 executed programs: 0 [ 40.940491] audit: type=1400 audit(1566886794.109:38): avc: denied { map } for pid=6832 comm="syz-execprog" path="/root/syzkaller-shm785111018" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 41.210972] IPVS: ftp: loaded support on port[0] = 21 [ 41.995181] chnl_net:caif_netlink_parms(): no params data found [ 42.023695] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.030457] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.037437] device bridge_slave_0 entered promiscuous mode [ 42.044387] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.050827] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.057673] device bridge_slave_1 entered promiscuous mode [ 42.072034] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 42.080848] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 42.096060] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 42.103368] team0: Port device team_slave_0 added [ 42.109540] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 42.116676] team0: Port device team_slave_1 added [ 42.122193] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 42.129270] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 42.182042] device hsr_slave_0 entered promiscuous mode [ 42.220429] device hsr_slave_1 entered promiscuous mode [ 42.270691] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 42.277545] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 42.289869] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.296284] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.303217] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.309545] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.335154] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 42.341419] 8021q: adding VLAN 0 to HW filter on device bond0 [ 42.348742] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 42.357358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.365613] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.372754] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.381759] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 42.387811] 8021q: adding VLAN 0 to HW filter on device team0 [ 42.397048] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 42.404841] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.411187] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.419645] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 42.427589] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.433966] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.447494] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 42.455587] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 42.467846] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 42.477868] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 42.488697] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 42.495327] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 42.503161] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 42.510921] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 42.518350] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 42.530468] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 42.539457] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 42.991412] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 43.698070] kasan: CONFIG_KASAN_INLINE enabled [ 43.702974] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 43.710610] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 43.716831] Modules linked in: [ 43.720015] CPU: 0 PID: 6872 Comm: syz-executor.0 Not tainted 4.14.140 #36 [ 43.727007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.736336] task: ffff8880808f0400 task.stack: ffff888099c60000 [ 43.742376] RIP: 0010:__smc_diag_dump.isra.0+0x342/0x17b0 [ 43.747883] RSP: 0018:ffff888099c674f0 EFLAGS: 00010203 [ 43.753225] RAX: dffffc0000000000 RBX: ffff8880817c0cc0 RCX: 0000000000000001 [ 43.760476] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000e [ 43.767728] RBP: ffff888099c676c8 R08: 0000000000000040 R09: ffff8880817c0d10 [ 43.774974] R10: ffff8880808f0cf8 R11: ffff8880808f0400 R12: ffff888099c676a0 [ 43.782221] R13: ffff8880964265d0 R14: ffff888096cfca40 R15: ffff888096cfce90 [ 43.789469] FS: 00007f8b882e4700(0000) GS:ffff8880aee00000(0000) knlGS:0000000000000000 [ 43.797930] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 43.803789] CR2: 00007ffc20b370c8 CR3: 000000008a982000 CR4: 00000000001406f0 [ 43.811036] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 43.818287] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 43.825552] Call Trace: [ 43.828127] ? smc_diag_handler_dump+0x200/0x200 [ 43.832863] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 43.838290] ? __kmalloc_node_track_caller+0x3d/0x80 [ 43.843374] ? rcu_read_lock_sched_held+0x110/0x130 [ 43.848368] ? kmem_cache_alloc_node_trace+0x379/0x770 [ 43.853624] ? kasan_unpoison_shadow+0x35/0x50 [ 43.858178] ? kasan_kmalloc+0xce/0xf0 [ 43.862040] ? lock_acquire+0x16f/0x430 [ 43.866006] ? smc_diag_dump+0x8d/0x2a0 [ 43.869961] smc_diag_dump+0x1e5/0x2a0 [ 43.873830] netlink_dump+0x3fa/0xb10 [ 43.877606] __netlink_dump_start+0x4ff/0x750 [ 43.882079] smc_diag_handler_dump+0x1b7/0x200 [ 43.886636] ? smc_gid_be16_convert+0x2c0/0x2c0 [ 43.891277] ? __smc_diag_dump.isra.0+0x17b0/0x17b0 [ 43.896275] sock_diag_rcv_msg+0x29e/0x3a0 [ 43.900489] netlink_rcv_skb+0x14f/0x3c0 [ 43.904539] ? sock_diag_bind+0x90/0x90 [ 43.908504] ? lock_downgrade+0x6e0/0x6e0 [ 43.912631] ? netlink_ack+0x9a0/0x9a0 [ 43.916497] sock_diag_rcv+0x2b/0x40 [ 43.920190] netlink_unicast+0x45d/0x640 [ 43.924235] ? netlink_attachskb+0x6a0/0x6a0 [ 43.928625] ? security_netlink_send+0x81/0xb0 [ 43.933183] netlink_sendmsg+0x7c4/0xc60 [ 43.937217] ? netlink_unicast+0x640/0x640 [ 43.941430] ? security_socket_sendmsg+0x89/0xb0 [ 43.946161] ? netlink_unicast+0x640/0x640 [ 43.950369] sock_sendmsg+0xce/0x110 [ 43.954055] ___sys_sendmsg+0x70a/0x840 [ 43.958003] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 43.962736] ? __fget+0x210/0x370 [ 43.966166] ? find_held_lock+0x35/0x130 [ 43.970213] ? __fget+0x210/0x370 [ 43.973642] ? lock_downgrade+0x6e0/0x6e0 [ 43.977767] ? __fget+0x237/0x370 [ 43.981216] ? __fget_light+0x172/0x1f0 [ 43.985164] ? __fdget+0x1b/0x20 [ 43.988503] ? sockfd_lookup_light+0xb4/0x160 [ 43.992978] __sys_sendmsg+0xb9/0x140 [ 43.996761] ? SyS_shutdown+0x170/0x170 [ 44.000722] ? put_timespec64+0xb4/0x100 [ 44.004767] ? SyS_clock_gettime+0xf8/0x180 [ 44.009065] SyS_sendmsg+0x2d/0x50 [ 44.012594] ? __sys_sendmsg+0x140/0x140 [ 44.016633] do_syscall_64+0x1e8/0x640 [ 44.020495] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 44.025331] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 44.030498] RIP: 0033:0x459879 [ 44.033663] RSP: 002b:00007f8b882e3c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 44.041350] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 [ 44.048597] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004 [ 44.055853] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 44.063100] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8b882e46d4 [ 44.070342] R13: 00000000004c773e R14: 00000000004dcf58 R15: 00000000ffffffff [ 44.077597] Code: 20 48 89 f9 48 c1 e9 03 80 3c 11 00 0f 85 b2 13 00 00 48 8b 50 20 48 b8 00 00 00 00 00 fc ff df 48 8d 7a 0e 48 89 f9 48 c1 e9 03 <0f> b6 0c 01 48 89 f8 83 e0 07 83 c0 01 38 c8 7c 08 84 c9 0f 85 [ 44.096680] RIP: __smc_diag_dump.isra.0+0x342/0x17b0 RSP: ffff888099c674f0 [ 44.103713] ---[ end trace 4e2bc5fe2c097bb8 ]--- [ 44.108457] Kernel panic - not syncing: Fatal exception [ 44.114999] Kernel Offset: disabled [ 44.118621] Rebooting in 86400 seconds..