[ 33.291558] audit: type=1800 audit(1580429248.447:33): pid=7183 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 33.318681] audit: type=1800 audit(1580429248.447:34): pid=7183 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 37.928736] random: sshd: uninitialized urandom read (32 bytes read) [ 38.164363] audit: type=1400 audit(1580429253.317:35): avc: denied { map } for pid=7357 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 38.208695] random: sshd: uninitialized urandom read (32 bytes read) [ 38.978980] random: sshd: uninitialized urandom read (32 bytes read) [ 45.713341] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.207' (ECDSA) to the list of known hosts. [ 51.262945] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 51.381607] audit: type=1400 audit(1580429266.537:36): avc: denied { map } for pid=7369 comm="syz-executor887" path="/root/syz-executor887796216" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 51.408161] audit: type=1400 audit(1580429266.537:37): avc: denied { create } for pid=7369 comm="syz-executor887" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 51.408401] kasan: CONFIG_KASAN_INLINE enabled [ 51.434741] audit: type=1400 audit(1580429266.537:38): avc: denied { write } for pid=7369 comm="syz-executor887" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 51.461206] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 51.461220] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 51.461224] Modules linked in: [ 51.461233] CPU: 1 PID: 7369 Comm: syz-executor887 Not tainted 4.14.169-syzkaller #0 [ 51.461236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.461240] task: ffff8880808b26c0 task.stack: ffff8880a8378000 [ 51.461252] RIP: 0010:nfnetlink_parse_nat_setup+0x1fb/0x3b0 [ 51.461255] RSP: 0018:ffff8880a837f208 EFLAGS: 00010202 [ 51.461260] RAX: dffffc0000000000 RBX: ffff8880a837f290 RCX: 0000000000000000 [ 51.461264] RDX: 0000000060000007 RSI: 0000000000000000 RDI: 000000030000003b [ 51.461272] RBP: ffff8880a837f308 R08: 1ffff1101506fe52 R09: ffff8880a837f290 [ 51.535610] R10: ffffed101506fe57 R11: ffff8880a837f2bf R12: ffff888090562dc0 [ 51.542874] R13: 0000000000000000 R14: ffff8880a837f2e0 R15: ffff8880a837f240 [ 51.550170] FS: 0000000001804880(0000) GS:ffff8880aed00000(0000) knlGS:0000000000000000 [ 51.558403] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 51.564397] CR2: 000055f04c7a3180 CR3: 000000008f54a000 CR4: 00000000001406e0 [ 51.571655] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 51.578905] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 51.586154] Call Trace: [ 51.588732] ? nf_nat_alloc_null_binding+0x50/0x50 [ 51.593660] ? rcu_read_lock_sched_held+0x110/0x130 [ 51.598669] ? __lock_is_held+0xb6/0x140 [ 51.602719] ? check_preemption_disabled+0x3c/0x250 [ 51.607729] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 51.613166] ? nf_nat_alloc_null_binding+0x50/0x50 [ 51.618072] ctnetlink_parse_nat_setup+0x76/0x4a0 [ 51.622894] ctnetlink_create_conntrack+0x468/0x10c0 [ 51.627988] ? queue_work_on+0xfd/0x1d0 [ 51.631941] ? ctnetlink_del_conntrack+0x5e0/0x5e0 [ 51.636858] ? hash_conntrack_raw+0x2c1/0x430 [ 51.641454] ? nf_ct_get_id+0x170/0x170 [ 51.645412] ctnetlink_new_conntrack+0x4af/0xcc0 [ 51.650167] ? ctnetlink_create_conntrack+0x10c0/0x10c0 [ 51.655605] ? ctnetlink_create_conntrack+0x10c0/0x10c0 [ 51.660966] nfnetlink_rcv_msg+0xa08/0xc00 [ 51.665295] netlink_rcv_skb+0x14f/0x3c0 [ 51.669463] ? nfnetlink_bind+0x240/0x240 [ 51.673614] ? netlink_ack+0x9a0/0x9a0 [ 51.677501] ? ns_capable_common+0x12c/0x160 [ 51.681957] ? __netlink_ns_capable+0xe2/0x130 [ 51.686543] nfnetlink_rcv+0x1ab/0x1650 [ 51.690520] ? netlink_deliver_tap+0x93/0x8f0 [ 51.695017] ? find_held_lock+0x35/0x130 [ 51.699078] ? netlink_deliver_tap+0x93/0x8f0 [ 51.703555] ? nfnl_err_del+0x160/0x160 [ 51.707526] ? lock_downgrade+0x740/0x740 [ 51.711670] ? netlink_deliver_tap+0xba/0x8f0 [ 51.716165] netlink_unicast+0x44d/0x650 [ 51.720216] ? netlink_attachskb+0x6a0/0x6a0 [ 51.724611] ? security_netlink_send+0x81/0xb0 [ 51.729225] netlink_sendmsg+0x7c4/0xc60 [ 51.733268] ? netlink_unicast+0x650/0x650 [ 51.737482] ? security_socket_sendmsg+0x89/0xb0 [ 51.742240] ? netlink_unicast+0x650/0x650 [ 51.746477] sock_sendmsg+0xce/0x110 [ 51.750186] ___sys_sendmsg+0x70a/0x840 [ 51.754159] ? lock_downgrade+0x740/0x740 [ 51.758305] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 51.763059] ? do_raw_spin_unlock+0x174/0x260 [ 51.767597] ? _raw_spin_unlock+0x2d/0x50 [ 51.771756] ? do_huge_pmd_anonymous_page+0x2f9/0x1200 [ 51.777029] ? save_trace+0x290/0x290 [ 51.780813] ? copy_page_range+0x1de0/0x1de0 [ 51.785199] ? __do_page_fault+0x4e9/0xb80 [ 51.789605] ? __fget_light+0x172/0x1f0 [ 51.793576] ? __fdget+0x1b/0x20 [ 51.796941] ? sockfd_lookup_light+0xb4/0x160 [ 51.801427] __sys_sendmsg+0xb9/0x140 [ 51.805228] ? SyS_shutdown+0x170/0x170 [ 51.809185] SyS_sendmsg+0x2d/0x50 [ 51.812717] ? __sys_sendmsg+0x140/0x140 [ 51.816775] do_syscall_64+0x1e8/0x640 [ 51.821089] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 51.825917] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 51.831086] RIP: 0033:0x440239 [ 51.834275] RSP: 002b:00007ffdaa0e2498 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 51.841959] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440239 [ 51.849205] RDX: 0000000000000000 RSI: 0000000020000640 RDI: 0000000000000003 [ 51.856473] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 51.864173] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401ac0 [ 51.871521] R13: 0000000000401b50 R14: 0000000000000000 R15: 0000000000000000 [ 51.878775] Code: d5 fd 85 c0 0f 88 44 01 00 00 e8 31 a0 15 fc 48 8b 85 10 ff ff ff 48 8d 78 38 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 98 01 00 00 48 8b 85 10 ff ff ff 4c 89 fe 48 [ 51.898044] RIP: nfnetlink_parse_nat_setup+0x1fb/0x3b0 RSP: ffff8880a837f208 [ 51.905643] ---[ end trace 9122328624a1bfef ]--- [ 51.910682] Kernel panic - not syncing: Fatal exception [ 51.917351] Kernel Offset: disabled [ 51.920975] Rebooting in 86400 seconds..