[ 31.171124] audit: type=1800 audit(1565296898.561:33): pid=6818 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 31.199281] audit: type=1800 audit(1565296898.561:34): pid=6818 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 34.334282] random: sshd: uninitialized urandom read (32 bytes read) [ 34.831936] audit: type=1400 audit(1565296902.221:35): avc: denied { map } for pid=6990 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 34.895518] random: sshd: uninitialized urandom read (32 bytes read) [ 35.453883] random: sshd: uninitialized urandom read (32 bytes read) [ 971.555012] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.158' (ECDSA) to the list of known hosts. [ 977.087067] random: sshd: uninitialized urandom read (32 bytes read) [ 977.264723] audit: type=1400 audit(1565297844.651:36): avc: denied { map } for pid=7003 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/08/08 20:57:25 parsed 1 programs [ 978.101747] audit: type=1400 audit(1565297845.491:37): avc: denied { map } for pid=7003 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=19 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 978.819008] random: cc1: uninitialized urandom read (8 bytes read) 2019/08/08 20:57:27 executed programs: 0 [ 980.131310] IPVS: ftp: loaded support on port[0] = 21 [ 981.034695] chnl_net:caif_netlink_parms(): no params data found [ 981.064731] bridge0: port 1(bridge_slave_0) entered blocking state [ 981.071373] bridge0: port 1(bridge_slave_0) entered disabled state [ 981.078444] device bridge_slave_0 entered promiscuous mode [ 981.085289] bridge0: port 2(bridge_slave_1) entered blocking state [ 981.092073] bridge0: port 2(bridge_slave_1) entered disabled state [ 981.099007] device bridge_slave_1 entered promiscuous mode [ 981.113381] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 981.122538] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 981.138078] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 981.145511] team0: Port device team_slave_0 added [ 981.153078] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 981.160365] team0: Port device team_slave_1 added [ 981.175467] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 981.182859] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 981.262117] device hsr_slave_0 entered promiscuous mode [ 981.300372] device hsr_slave_1 entered promiscuous mode [ 981.380639] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 981.387561] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 981.401126] bridge0: port 2(bridge_slave_1) entered blocking state [ 981.407565] bridge0: port 2(bridge_slave_1) entered forwarding state [ 981.414637] bridge0: port 1(bridge_slave_0) entered blocking state [ 981.421158] bridge0: port 1(bridge_slave_0) entered forwarding state [ 981.448641] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 981.455933] 8021q: adding VLAN 0 to HW filter on device bond0 [ 981.463928] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 981.473477] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 981.482258] bridge0: port 1(bridge_slave_0) entered disabled state [ 981.489712] bridge0: port 2(bridge_slave_1) entered disabled state [ 981.501869] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 981.508197] 8021q: adding VLAN 0 to HW filter on device team0 [ 981.517071] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 981.524774] bridge0: port 1(bridge_slave_0) entered blocking state [ 981.531168] bridge0: port 1(bridge_slave_0) entered forwarding state [ 981.540158] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 981.547888] bridge0: port 2(bridge_slave_1) entered blocking state [ 981.554520] bridge0: port 2(bridge_slave_1) entered forwarding state [ 981.568750] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 981.577306] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 981.586465] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 981.597182] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 981.607860] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 981.619287] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 981.625919] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 981.633650] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 981.646824] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 981.657027] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 982.030868] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 983.224246] kasan: CONFIG_KASAN_INLINE enabled [ 983.229074] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 983.236595] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 983.242910] Modules linked in: [ 983.246175] CPU: 1 PID: 7080 Comm: syz-executor.0 Not tainted 4.14.137 #33 [ 983.253178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 983.262510] task: ffff888092996540 task.stack: ffff8880a7210000 [ 983.268983] RIP: 0010:__smc_diag_dump.isra.0+0x342/0x17b0 [ 983.274654] RSP: 0018:ffff8880a72174f0 EFLAGS: 00010203 [ 983.280101] RAX: dffffc0000000000 RBX: ffff8880942f0ec0 RCX: 0000000000000001 [ 983.287401] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000e [ 983.295070] RBP: ffff8880a72176c8 R08: 0000000000000040 R09: ffff8880942f0f10 [ 983.302334] R10: ffff888092996e38 R11: ffff888092996540 R12: ffff8880a72176a0 [ 983.309699] R13: ffff8880a6ecd890 R14: ffff888088954100 R15: ffff888088954550 [ 983.317068] FS: 00007f33a8bb8700(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000 [ 983.325404] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 983.331282] CR2: 0000000000000000 CR3: 000000008c61f000 CR4: 00000000001406e0 [ 983.338645] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 983.345909] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 983.353168] Call Trace: [ 983.355745] ? smc_diag_handler_dump+0x200/0x200 [ 983.360668] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 983.366217] ? __kmalloc_node_track_caller+0x3d/0x80 [ 983.371491] ? rcu_read_lock_sched_held+0x110/0x130 [ 983.376508] ? kmem_cache_alloc_node_trace+0x379/0x770 [ 983.381767] ? kasan_unpoison_shadow+0x35/0x50 [ 983.386330] ? kasan_kmalloc+0xce/0xf0 [ 983.390626] ? lock_acquire+0x16f/0x430 [ 983.394602] ? smc_diag_dump+0x8d/0x2a0 [ 983.398661] smc_diag_dump+0x1e5/0x2a0 [ 983.402614] netlink_dump+0x3fa/0xb10 [ 983.406408] __netlink_dump_start+0x4ff/0x750 [ 983.410891] smc_diag_handler_dump+0x1b7/0x200 [ 983.415457] ? smc_gid_be16_convert+0x2c0/0x2c0 [ 983.420128] ? __smc_diag_dump.isra.0+0x17b0/0x17b0 [ 983.425300] sock_diag_rcv_msg+0x29e/0x3a0 [ 983.429526] netlink_rcv_skb+0x14f/0x3c0 [ 983.433587] ? sock_diag_bind+0x90/0x90 [ 983.437591] ? lock_downgrade+0x6e0/0x6e0 [ 983.441724] ? netlink_ack+0x9a0/0x9a0 [ 983.445600] sock_diag_rcv+0x2b/0x40 [ 983.449600] netlink_unicast+0x45d/0x640 [ 983.453650] ? netlink_attachskb+0x6a0/0x6a0 [ 983.458128] ? security_netlink_send+0x81/0xb0 [ 983.462709] netlink_sendmsg+0x7c4/0xc60 [ 983.466753] ? netlink_unicast+0x640/0x640 [ 983.470971] ? security_socket_sendmsg+0x89/0xb0 [ 983.475720] ? netlink_unicast+0x640/0x640 [ 983.480020] sock_sendmsg+0xce/0x110 [ 983.483723] ___sys_sendmsg+0x70a/0x840 [ 983.487675] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 983.492433] ? __fget+0x210/0x370 [ 983.495941] ? find_held_lock+0x35/0x130 [ 983.499992] ? __fget+0x210/0x370 [ 983.503565] ? lock_downgrade+0x6e0/0x6e0 [ 983.507701] ? __fget+0x237/0x370 [ 983.511174] ? __fget_light+0x172/0x1f0 [ 983.515218] ? __fdget+0x1b/0x20 [ 983.518562] ? sockfd_lookup_light+0xb4/0x160 [ 983.523131] __sys_sendmsg+0xb9/0x140 [ 983.527053] ? SyS_shutdown+0x170/0x170 [ 983.531178] ? put_timespec64+0xb4/0x100 [ 983.535243] ? SyS_clock_gettime+0xf8/0x180 [ 983.539547] SyS_sendmsg+0x2d/0x50 [ 983.543068] ? __sys_sendmsg+0x140/0x140 [ 983.547190] do_syscall_64+0x1e8/0x640 [ 983.551063] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 983.555945] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 983.561223] RIP: 0033:0x459829 [ 983.564399] RSP: 002b:00007f33a8bb7c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 983.572088] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 983.579339] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000006 [ 983.586589] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 983.593839] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f33a8bb86d4 [ 983.601092] R13: 00000000004c76d0 R14: 00000000004dce00 R15: 00000000ffffffff [ 983.608429] Code: 20 48 89 f9 48 c1 e9 03 80 3c 11 00 0f 85 b2 13 00 00 48 8b 50 20 48 b8 00 00 00 00 00 fc ff df 48 8d 7a 0e 48 89 f9 48 c1 e9 03 <0f> b6 0c 01 48 89 f8 83 e0 07 83 c0 01 38 c8 7c 08 84 c9 0f 85 [ 983.627631] RIP: __smc_diag_dump.isra.0+0x342/0x17b0 RSP: ffff8880a72174f0 [ 983.635287] ---[ end trace 2a5a4e818b12e145 ]--- [ 983.640057] Kernel panic - not syncing: Fatal exception [ 983.646579] Kernel Offset: disabled [ 983.650198] Rebooting in 86400 seconds..