[ 33.063276] audit: type=1800 audit(1561471039.995:33): pid=6884 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 33.085353] audit: type=1800 audit(1561471039.995:34): pid=6884 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 35.955329] random: sshd: uninitialized urandom read (32 bytes read) [ 36.308972] audit: type=1400 audit(1561471043.235:35): avc: denied { map } for pid=7058 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 36.354668] random: sshd: uninitialized urandom read (32 bytes read) [ 37.009009] random: sshd: uninitialized urandom read (32 bytes read) [ 37.209058] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.100' (ECDSA) to the list of known hosts. [ 43.027650] random: sshd: uninitialized urandom read (32 bytes read) [ 43.205487] audit: type=1400 audit(1561471050.135:36): avc: denied { map } for pid=7070 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/06/25 13:57:30 parsed 1 programs [ 44.050656] audit: type=1400 audit(1561471050.985:37): avc: denied { map } for pid=7070 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=3010 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 44.682689] random: cc1: uninitialized urandom read (8 bytes read) 2019/06/25 13:57:32 executed programs: 0 [ 45.603347] audit: type=1400 audit(1561471052.535:38): avc: denied { map } for pid=7070 comm="syz-execprog" path="/root/syzkaller-shm726673744" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 46.380220] IPVS: ftp: loaded support on port[0] = 21 [ 46.719324] chnl_net:caif_netlink_parms(): no params data found [ 46.750635] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.757359] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.765034] device bridge_slave_0 entered promiscuous mode [ 46.772257] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.778806] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.786000] device bridge_slave_1 entered promiscuous mode [ 46.800599] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 46.809300] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 46.825643] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 46.833052] team0: Port device team_slave_0 added [ 46.838496] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 46.845946] team0: Port device team_slave_1 added [ 46.851290] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 46.858521] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 46.941984] device hsr_slave_0 entered promiscuous mode [ 46.980459] device hsr_slave_1 entered promiscuous mode [ 47.020849] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 47.027863] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 47.041186] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.047616] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.054590] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.061003] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.089921] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 47.096831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.104891] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 47.114171] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.133809] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.141182] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.150952] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 47.157135] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.165926] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.173738] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.180151] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.189149] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.197224] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.203640] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.218187] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 47.225935] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 47.239255] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 47.249561] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 47.261224] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 47.267678] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 47.275677] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 47.283548] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 47.291535] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 47.303575] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 47.313316] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.711064] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 48.470322] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7103 comm=syz-executor.0 [ 48.483515] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7103 comm=syz-executor.0 [ 48.498553] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7103 comm=syz-executor.0 [ 48.511070] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7103 comm=syz-executor.0 [ 48.523517] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7103 comm=syz-executor.0 [ 48.535886] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7103 comm=syz-executor.0 [ 48.548367] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7103 comm=syz-executor.0 [ 48.561617] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7103 comm=syz-executor.0 [ 48.574001] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7103 comm=syz-executor.0 [ 48.586396] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7103 comm=syz-executor.0 [ 50.842341] kasan: CONFIG_KASAN_INLINE enabled [ 50.847139] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 50.854599] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 50.860860] Modules linked in: [ 50.864075] CPU: 0 PID: 7117 Comm: syz-executor.0 Not tainted 4.14.130 #24 [ 50.871139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 50.880479] task: ffff88808f146680 task.stack: ffff88807e4b0000 [ 50.886527] RIP: 0010:__smc_diag_dump.isra.0+0x342/0x17b0 [ 50.892132] RSP: 0018:ffff88807e4b7340 EFLAGS: 00010203 [ 50.897481] RAX: dffffc0000000000 RBX: ffff888096d20ac0 RCX: 0000000000000001 [ 50.904761] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000e [ 50.912046] RBP: ffff88807e4b7518 R08: 0000000000000040 R09: ffff888096d20b10 [ 50.919303] R10: ffff88808f146fa0 R11: ffff88808f146680 R12: ffff88807e4b74f0 [ 50.926559] R13: ffff8880a8de4ad0 R14: ffff888096b42980 R15: ffff888096b42dd0 [ 50.933835] FS: 00007f29e7686700(0000) GS:ffff8880aee00000(0000) knlGS:0000000000000000 [ 50.942044] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 50.947906] CR2: 0000000000000000 CR3: 00000000a912f000 CR4: 00000000001406f0 [ 50.955158] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 50.962436] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 50.969697] Call Trace: [ 50.972297] ? smc_diag_handler_dump+0x200/0x200 [ 50.977077] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 50.982516] ? __kmalloc_node_track_caller+0x3d/0x80 [ 50.987608] ? rcu_read_lock_sched_held+0x110/0x130 [ 50.992625] ? kmem_cache_alloc_node_trace+0x379/0x770 [ 50.997914] ? kasan_unpoison_shadow+0x35/0x50 [ 51.002482] ? kasan_kmalloc+0xce/0xf0 [ 51.006358] ? lock_acquire+0x16f/0x430 [ 51.010317] ? smc_diag_dump+0x8d/0x2a0 [ 51.014297] smc_diag_dump+0x1e5/0x2a0 [ 51.018171] netlink_dump+0x3fa/0xb10 [ 51.022044] __netlink_dump_start+0x4ff/0x750 [ 51.026639] smc_diag_handler_dump+0x1b7/0x200 [ 51.031210] ? smc_gid_be16_convert+0x2c0/0x2c0 [ 51.035967] ? __smc_diag_dump.isra.0+0x17b0/0x17b0 [ 51.040972] sock_diag_rcv_msg+0x29e/0x3a0 [ 51.045189] netlink_rcv_skb+0x14f/0x3c0 [ 51.050710] ? sock_diag_bind+0x90/0x90 [ 51.054671] ? netlink_ack+0x9a0/0x9a0 [ 51.058542] sock_diag_rcv+0x2b/0x40 [ 51.062237] netlink_unicast+0x45d/0x780 [ 51.066289] ? netlink_attachskb+0x6a0/0x6a0 [ 51.070690] ? security_netlink_send+0x81/0xb0 [ 51.075256] netlink_sendmsg+0x7c4/0xc60 [ 51.079333] ? netlink_unicast+0x780/0x780 [ 51.083557] ? security_socket_sendmsg+0x89/0xb0 [ 51.088298] ? netlink_unicast+0x780/0x780 [ 51.092516] sock_sendmsg+0xce/0x110 [ 51.096217] kernel_sendmsg+0x44/0x50 [ 51.100012] sock_no_sendpage+0x107/0x130 [ 51.104152] ? sock_kzfree_s+0x50/0x50 [ 51.108028] ? pipe_lock+0x63/0x80 [ 51.111552] kernel_sendpage+0x92/0xf0 [ 51.115422] ? sock_kzfree_s+0x50/0x50 [ 51.119310] sock_sendpage+0x8b/0xc0 [ 51.123025] ? kernel_sendpage+0xf0/0xf0 [ 51.127070] pipe_to_sendpage+0x242/0x340 [ 51.131199] ? direct_splice_actor+0x190/0x190 [ 51.135763] __splice_from_pipe+0x348/0x780 [ 51.140072] ? direct_splice_actor+0x190/0x190 [ 51.144646] ? direct_splice_actor+0x190/0x190 [ 51.149211] splice_from_pipe+0xf0/0x150 [ 51.153255] ? splice_shrink_spd+0xb0/0xb0 [ 51.157497] ? security_file_permission+0x89/0x1f0 [ 51.162583] generic_splice_sendpage+0x3c/0x50 [ 51.167149] ? splice_from_pipe+0x150/0x150 [ 51.171485] SyS_splice+0xd92/0x1430 [ 51.175192] ? put_timespec64+0xb4/0x100 [ 51.179251] ? compat_SyS_vmsplice+0x250/0x250 [ 51.183857] ? do_syscall_64+0x53/0x640 [ 51.187921] ? compat_SyS_vmsplice+0x250/0x250 [ 51.192505] do_syscall_64+0x1e8/0x640 [ 51.196377] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 51.201238] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 51.206494] RIP: 0033:0x459519 [ 51.209745] RSP: 002b:00007f29e7685c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 51.217525] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000459519 [ 51.225753] RDX: 0000000000000007 RSI: 0000000000000000 RDI: 0000000000000005 [ 51.233070] RBP: 000000000075bf20 R08: 0000000080000001 R09: 0000000000000000 [ 51.240724] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f29e76866d4 [ 51.248035] R13: 00000000004c8a66 R14: 00000000004deb70 R15: 00000000ffffffff [ 51.255308] Code: 20 48 89 f9 48 c1 e9 03 80 3c 11 00 0f 85 b2 13 00 00 48 8b 50 20 48 b8 00 00 00 00 00 fc ff df 48 8d 7a 0e 48 89 f9 48 c1 e9 03 <0f> b6 0c 01 48 89 f8 83 e0 07 83 c0 01 38 c8 7c 08 84 c9 0f 85 [ 51.274618] RIP: __smc_diag_dump.isra.0+0x342/0x17b0 RSP: ffff88807e4b7340 [ 51.283010] ---[ end trace 39067cf796aa81a6 ]--- [ 51.287834] Kernel panic - not syncing: Fatal exception [ 51.294503] Kernel Offset: disabled [ 51.298311] Rebooting in 86400 seconds..