[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining dae[ 40.971118] audit: type=1800 audit(1574584162.898:33): pid=7442 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 mon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [ 41.000197] audit: type=1800 audit(1574584162.898:34): pid=7442 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 44.247538] audit: type=1400 audit(1574584166.168:35): avc: denied { map } for pid=7618 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.10.25' (ECDSA) to the list of known hosts. [ 79.954401] audit: type=1400 audit(1574584201.878:36): avc: denied { map } for pid=7630 comm="syz-executor501" path="/root/syz-executor501520066" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 79.980758] IPVS: ftp: loaded support on port[0] = 21 [ 80.004441] audit: type=1400 audit(1574584201.928:37): avc: denied { create } for pid=7631 comm="syz-executor501" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 80.033988] audit: type=1400 audit(1574584201.928:38): avc: denied { write } for pid=7631 comm="syz-executor501" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 80.059449] audit: type=1400 audit(1574584201.928:39): avc: denied { read } for pid=7631 comm="syz-executor501" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 80.107210] chnl_net:caif_netlink_parms(): no params data found [ 80.139192] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.145721] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.152913] device bridge_slave_0 entered promiscuous mode [ 80.160092] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.166465] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.173547] device bridge_slave_1 entered promiscuous mode [ 80.188136] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 80.196895] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 80.213044] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 80.220714] team0: Port device team_slave_0 added [ 80.226118] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 80.233376] team0: Port device team_slave_1 added [ 80.238852] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 80.246163] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 80.299809] device hsr_slave_0 entered promiscuous mode [ 80.367840] device hsr_slave_1 entered promiscuous mode [ 80.408245] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 80.415297] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 80.431014] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.437402] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.444277] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.450660] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.481818] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 80.488882] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.496668] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 80.506035] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 80.524607] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.531909] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.539732] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 80.550130] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 80.556189] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.566338] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 80.574241] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.580624] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.598295] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 80.605884] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.612275] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.619949] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 80.627506] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 80.636108] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 80.646102] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 80.655620] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 80.664955] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 80.671160] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready executing program [ 80.684153] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 80.691728] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 80.698592] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 80.708966] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.721678] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 80.742466] audit: type=1400 audit(1574584202.668:40): avc: denied { prog_load } for pid=7631 comm="syz-executor501" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 80.775602] audit: type=1400 audit(1574584202.698:41): avc: denied { prog_run } for pid=7631 comm="syz-executor501" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 80.825605] kasan: CONFIG_KASAN_INLINE enabled [ 80.830421] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 80.837782] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 80.844040] CPU: 1 PID: 7635 Comm: syz-executor501 Not tainted 4.19.85-syzkaller #0 [ 80.851813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 80.861166] RIP: 0010:skb_unlink+0xc4/0x160 [ 80.865470] Code: 00 00 49 8d 7d 08 4c 8b 63 08 48 b8 00 00 00 00 00 fc ff df 48 c7 43 08 00 00 00 00 48 89 fa 48 c7 03 00 00 00 00 48 c1 ea 03 <80> 3c 02 00 75 58 4c 89 e2 4d 89 65 08 48 b8 00 00 00 00 00 fc ff [ 80.884362] RSP: 0018:ffff88809ee67908 EFLAGS: 00010002 [ 80.889713] RAX: dffffc0000000000 RBX: ffff8880962d3c80 RCX: ffffffff81531da8 [ 80.896964] RDX: 0000000000000001 RSI: 0000000000000282 RDI: 0000000000000008 [ 80.904226] RBP: ffff88809ee67930 R08: 1ffff110131aab3c R09: ffffed10131aab3d [ 80.911504] R10: ffffed10131aab3c R11: ffff888098d559e3 R12: 0000000000000000 [ 80.918757] R13: 0000000000000000 R14: ffff888098d559e0 R15: ffff88809ee679d8 [ 80.926009] FS: 00007ff7a8648700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 80.934220] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 80.940090] CR2: 000055e4628f21b0 CR3: 00000000a55b5000 CR4: 00000000001406e0 [ 80.947398] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 80.954657] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 80.961906] Call Trace: [ 80.964480] kcm_recvmsg+0x462/0x560 [ 80.968177] ? kcm_splice_read+0x360/0x360 [ 80.972394] ? kcm_splice_read+0x360/0x360 [ 80.976608] sock_recvmsg_nosec+0x89/0xb0 [ 80.980742] ? __sock_tx_timestamp+0xd0/0xd0 [ 80.985140] ___sys_recvmsg+0x271/0x580 [ 80.989101] ? ___sys_sendmsg+0x920/0x920 [ 80.993231] ? kasan_check_read+0x11/0x20 [ 80.997361] ? __might_fault+0x12b/0x1e0 [ 81.001411] ? find_held_lock+0x35/0x130 [ 81.005458] ? __might_fault+0x12b/0x1e0 [ 81.009507] __sys_recvmmsg+0x27e/0x790 [ 81.013471] ? __ia32_sys_recvmsg+0xb0/0xb0 [ 81.017789] ? lock_downgrade+0x880/0x880 [ 81.021929] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 81.027445] ? __fd_install+0x200/0x640 [ 81.031409] do_sys_recvmmsg+0x181/0x1a0 [ 81.035454] ? __sys_recvmmsg+0x790/0x790 [ 81.039590] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 81.044341] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 81.049078] ? do_syscall_64+0x26/0x620 [ 81.053033] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 81.058375] ? do_syscall_64+0x26/0x620 [ 81.062327] __x64_sys_recvmmsg+0xbe/0x150 [ 81.066541] do_syscall_64+0xfd/0x620 [ 81.070332] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 81.075501] RIP: 0033:0x448b29 [ 81.078677] Code: e8 0c 1b 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b 0c fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 81.097563] RSP: 002b:00007ff7a8647ce8 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 81.105264] RAX: ffffffffffffffda RBX: 00000000006dfc48 RCX: 0000000000448b29 [ 81.112604] RDX: 0400000000000310 RSI: 0000000020003540 RDI: 0000000000000005 [ 81.119867] RBP: 00000000006dfc40 R08: 0000000000000000 R09: 0000000000000000 [ 81.127132] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dfc4c [ 81.134379] R13: 00007ffc3828db3f R14: 00007ff7a86489c0 R15: 000000000000002d [ 81.141634] Modules linked in: [ 81.144816] ---[ end trace 5cc8695cf11eea5f ]--- [ 81.149555] RIP: 0010:skb_unlink+0xc4/0x160 [ 81.153868] Code: 00 00 49 8d 7d 08 4c 8b 63 08 48 b8 00 00 00 00 00 fc ff df 48 c7 43 08 00 00 00 00 48 89 fa 48 c7 03 00 00 00 00 48 c1 ea 03 <80> 3c 02 00 75 58 4c 89 e2 4d 89 65 08 48 b8 00 00 00 00 00 fc ff [ 81.172763] RSP: 0018:ffff88809ee67908 EFLAGS: 00010002 [ 81.178118] RAX: dffffc0000000000 RBX: ffff8880962d3c80 RCX: ffffffff81531da8 [ 81.185381] RDX: 0000000000000001 RSI: 0000000000000282 RDI: 0000000000000008 [ 81.192662] RBP: ffff88809ee67930 R08: 1ffff110131aab3c R09: ffffed10131aab3d [ 81.199920] R10: ffffed10131aab3c R11: ffff888098d559e3 R12: 0000000000000000 [ 81.207182] R13: 0000000000000000 R14: ffff888098d559e0 R15: ffff88809ee679d8 [ 81.214444] FS: 00007ff7a8648700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 81.222698] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 81.228570] CR2: 000055e4628f21b0 CR3: 00000000a55b5000 CR4: 00000000001406e0 [ 81.235834] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 81.243126] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 81.250383] Kernel panic - not syncing: Fatal exception [ 81.257207] Kernel Offset: disabled [ 81.260836] Rebooting in 86400 seconds..