[ 34.223472] audit: type=1800 audit(1578790538.275:33): pid=7075 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 34.250388] audit: type=1800 audit(1578790538.275:34): pid=7075 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 39.241094] random: sshd: uninitialized urandom read (32 bytes read) [ 39.593372] audit: type=1400 audit(1578790543.645:35): avc: denied { map } for pid=7249 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 39.635607] random: sshd: uninitialized urandom read (32 bytes read) [ 40.269738] random: sshd: uninitialized urandom read (32 bytes read) [ 71.671222] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.115' (ECDSA) to the list of known hosts. [ 96.827291] random: sshd: uninitialized urandom read (32 bytes read) [ 96.945837] audit: type=1400 audit(1578790600.995:36): avc: denied { map } for pid=7261 comm="syz-executor458" path="/root/syz-executor458064105" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 97.180992] IPVS: ftp: loaded support on port[0] = 21 [ 97.941646] chnl_net:caif_netlink_parms(): no params data found [ 97.973282] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.979901] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.987135] device bridge_slave_0 entered promiscuous mode [ 97.994197] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.000915] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.007817] device bridge_slave_1 entered promiscuous mode [ 98.022005] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 98.030978] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 98.046660] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 98.053926] team0: Port device team_slave_0 added [ 98.059371] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 98.066624] team0: Port device team_slave_1 added [ 98.072775] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 98.080245] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 98.151732] device hsr_slave_0 entered promiscuous mode [ 98.220422] device hsr_slave_1 entered promiscuous mode [ 98.260963] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 98.268068] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 98.305362] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.311786] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.318613] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.325165] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.353909] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 98.359994] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.369105] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 98.377275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 98.396558] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.403732] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.413991] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 98.420244] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.428213] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 98.436430] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.443052] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.453028] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 98.461294] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.467731] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.485744] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 98.495574] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 98.507159] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 98.514093] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 98.521757] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 98.531110] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 98.538567] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 98.546115] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 98.552861] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 98.565994] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 98.573446] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 98.580568] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 98.592194] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.646604] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 98.656218] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 98.688887] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 98.695936] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 98.703046] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 98.712233] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 98.719552] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 98.726821] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready executing program [ 98.735121] device veth0_vlan entered promiscuous mode [ 98.743965] device veth1_vlan entered promiscuous mode [ 98.749730] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 98.758257] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 98.768717] kasan: CONFIG_KASAN_INLINE enabled [ 98.773356] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 98.781718] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 98.787954] Modules linked in: [ 98.791128] CPU: 1 PID: 7288 Comm: syz-executor458 Not tainted 4.14.163-syzkaller #0 [ 98.799352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 98.808806] task: ffff888075b1e5c0 task.stack: ffff88809ff68000 [ 98.815011] RIP: 0010:ipt_init_target+0xa9/0x290 [ 98.819755] RSP: 0018:ffff88809ff6f108 EFLAGS: 00010202 [ 98.825100] RAX: 0000000000000005 RBX: dffffc0000000000 RCX: 0000000000000000 [ 98.832352] RDX: 0000000000000007 RSI: 0000000000000010 RDI: 000000000000002f [ 98.839615] RBP: ffff88809ff6f248 R08: 1ffff11014a47590 R09: ffffed1014a47591 [ 98.846900] R10: ffffed1014a47590 R11: ffff8880a523ac86 R12: 0000000000000010 [ 98.854200] R13: 1ffff11013fede24 R14: ffff88809ff6f220 R15: ffff88807cabc040 [ 98.861453] FS: 00007fc9a32f7700(0000) GS:ffff8880aed00000(0000) knlGS:0000000000000000 [ 98.869660] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 98.875519] CR2: 0000000020000344 CR3: 0000000091eab000 CR4: 00000000001406e0 [ 98.882769] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 98.890020] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 98.897274] Call Trace: [ 98.899865] ? tcf_ipt_release+0x130/0x130 [ 98.904094] ? __lock_is_held+0xb6/0x140 [ 98.908140] ? check_preemption_disabled+0x3c/0x250 [ 98.913135] ? memcpy+0x46/0x50 [ 98.916418] __tcf_ipt_init+0x48c/0xb50 [ 98.920548] ? ipt_init_target+0x290/0x290 [ 98.924832] ? lock_downgrade+0x740/0x740 [ 98.928968] ? rcu_read_lock_sched_held+0x110/0x130 [ 98.933966] tcf_xt_init+0x4e/0x60 [ 98.937497] tcf_action_init_1+0x53c/0xaa0 [ 98.941724] ? tcf_action_dump_old+0x80/0x80 [ 98.946167] ? lock_downgrade+0x740/0x740 [ 98.950309] ? nla_parse+0x186/0x240 [ 98.954006] tcf_action_init+0x2ab/0x480 [ 98.958122] ? tcf_action_init_1+0xaa0/0xaa0 [ 98.962533] ? memset+0x32/0x40 [ 98.965796] ? nla_parse+0x186/0x240 [ 98.969511] tc_ctl_action+0x30a/0x548 [ 98.973390] ? tca_action_gd+0x840/0x840 [ 98.977496] ? tca_action_gd+0x840/0x840 [ 98.981652] rtnetlink_rcv_msg+0x3da/0xb70 [ 98.985874] ? rtnl_bridge_getlink+0x7a0/0x7a0 [ 98.990440] ? netlink_deliver_tap+0x93/0x8f0 [ 98.994924] netlink_rcv_skb+0x14f/0x3c0 [ 98.999057] ? rtnl_bridge_getlink+0x7a0/0x7a0 [ 99.003627] ? lock_downgrade+0x740/0x740 [ 99.007774] ? netlink_ack+0x9a0/0x9a0 [ 99.011639] ? netlink_deliver_tap+0xba/0x8f0 [ 99.016201] rtnetlink_rcv+0x1d/0x30 [ 99.019918] netlink_unicast+0x44d/0x650 [ 99.023972] ? netlink_attachskb+0x6a0/0x6a0 [ 99.028461] ? security_netlink_send+0x81/0xb0 [ 99.033038] netlink_sendmsg+0x7c4/0xc60 [ 99.037097] ? netlink_unicast+0x650/0x650 [ 99.041324] ? security_socket_sendmsg+0x89/0xb0 [ 99.046059] ? netlink_unicast+0x650/0x650 [ 99.050273] sock_sendmsg+0xce/0x110 [ 99.053964] ___sys_sendmsg+0x70a/0x840 [ 99.057934] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 99.062771] ? __fget+0x210/0x370 [ 99.066207] ? find_held_lock+0x35/0x130 [ 99.070258] ? __fget+0x210/0x370 [ 99.073708] ? lock_downgrade+0x740/0x740 [ 99.077837] ? __fget+0x237/0x370 [ 99.081271] ? __fget_light+0x172/0x1f0 [ 99.085224] ? __fdget+0x1b/0x20 [ 99.088609] ? sockfd_lookup_light+0xb4/0x160 [ 99.093086] __sys_sendmsg+0xb9/0x140 [ 99.096875] ? SyS_shutdown+0x170/0x170 [ 99.100843] SyS_sendmsg+0x2d/0x50 [ 99.104359] ? __sys_sendmsg+0x140/0x140 [ 99.108399] do_syscall_64+0x1e8/0x640 [ 99.112274] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 99.117096] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 99.122279] RIP: 0033:0x448009 [ 99.125447] RSP: 002b:00007fc9a32f6d98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 99.133131] RAX: ffffffffffffffda RBX: 00000000006dec28 RCX: 0000000000448009 [ 99.140387] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003 [ 99.147726] RBP: 00000000006dec20 R08: 0000000000000007 R09: 0000000000000000 [ 99.154976] R10: 0000000000000006 R11: 0000000000000246 R12: 00000000006dec2c [ 99.162237] R13: 0000000000000000 R14: 0000000000000000 R15: 0000656c676e616d [ 99.169510] Code: f3 f3 f3 e8 4a 18 2d fc 31 c0 b9 0e 00 00 00 48 8d bd 48 ff ff ff f3 48 ab 49 8d 7c 24 1f 48 89 f8 48 89 fa 48 c1 e8 03 83 e2 07 <0f> b6 04 18 38 d0 7f 08 84 c0 0f 85 90 01 00 00 41 0f b6 54 24 [ 99.188590] RIP: ipt_init_target+0xa9/0x290 RSP: ffff88809ff6f108 [ 99.197135] ---[ end trace 936d6b12a27e10a8 ]--- [ 99.202022] Kernel panic - not syncing: Fatal exception [ 99.208744] Kernel Offset: disabled [ 99.212377] Rebooting in 86400 seconds..