[ 35.021033] audit: type=1800 audit(1579575525.579:33): pid=7302 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 35.048470] audit: type=1800 audit(1579575525.579:34): pid=7302 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 36.715383] random: sshd: uninitialized urandom read (32 bytes read) [ 37.026334] audit: type=1400 audit(1579575527.579:35): avc: denied { map } for pid=7477 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 37.079649] random: sshd: uninitialized urandom read (32 bytes read) [ 37.816264] random: sshd: uninitialized urandom read (32 bytes read) [ 38.014093] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.136' (ECDSA) to the list of known hosts. [ 43.606562] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 43.735391] audit: type=1400 audit(1579575534.289:36): avc: denied { map } for pid=7490 comm="syz-executor947" path="/root/syz-executor947476990" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 43.762118] kasan: CONFIG_KASAN_INLINE enabled [ 43.762136] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 43.762149] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 43.762156] Modules linked in: [ 43.767207] audit: type=1400 audit(1579575534.289:37): avc: denied { create } for pid=7490 comm="syz-executor947" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 43.774421] CPU: 0 PID: 7490 Comm: syz-executor947 Not tainted 4.14.166-syzkaller #0 [ 43.774425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.774430] task: ffff88809be28500 task.stack: ffff88809ea20000 [ 43.774446] RIP: 0010:nfnetlink_parse_nat_setup+0x1fb/0x3b0 [ 43.774449] RSP: 0018:ffff88809ea27208 EFLAGS: 00010203 [ 43.774455] RAX: dffffc0000000000 RBX: ffff88809ea27290 RCX: 0000000000000000 [ 43.774463] RDX: 0000000000000007 RSI: 0000000000000000 RDI: 000000000000003e [ 43.774466] RBP: ffff88809ea27308 R08: 1ffff11013d44e52 R09: ffff88809ea27290 [ 43.774469] R10: ffffed1013d44e57 R11: ffff88809ea272bf R12: ffff88808fa0bdc0 [ 43.774472] R13: 0000000000000000 R14: ffff88809ea272e0 R15: ffff88809ea27240 [ 43.774478] FS: 00000000007e7880(0000) GS:ffff8880aec00000(0000) knlGS:0000000000000000 [ 43.774481] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 43.774491] CR2: 0000000020000280 CR3: 000000008a788000 CR4: 00000000001406f0 [ 43.774497] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 43.774500] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 43.774502] Call Trace: [ 43.774514] ? nf_nat_alloc_null_binding+0x50/0x50 [ 43.774524] ? rcu_read_lock_sched_held+0x110/0x130 [ 43.774534] ? __lock_is_held+0xb6/0x140 [ 43.774544] ? check_preemption_disabled+0x3c/0x250 [ 43.774554] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 43.774561] ? nf_nat_alloc_null_binding+0x50/0x50 [ 43.774568] ctnetlink_parse_nat_setup+0x76/0x4a0 [ 43.774575] ctnetlink_create_conntrack+0x468/0x10c0 [ 43.774587] ? queue_work_on+0xfd/0x1d0 [ 43.781370] audit: type=1400 audit(1579575534.289:38): avc: denied { write } for pid=7490 comm="syz-executor947" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 43.784401] ? ctnetlink_del_conntrack+0x5e0/0x5e0 [ 43.784412] ? hash_conntrack_raw+0x2c1/0x430 [ 43.784418] ? nf_ct_get_id+0x170/0x170 [ 43.784427] ctnetlink_new_conntrack+0x4af/0xcc0 [ 43.784435] ? ctnetlink_create_conntrack+0x10c0/0x10c0 [ 43.784446] ? ctnetlink_create_conntrack+0x10c0/0x10c0 [ 43.784452] nfnetlink_rcv_msg+0xa08/0xc00 [ 43.784468] netlink_rcv_skb+0x14f/0x3c0 [ 43.784473] ? nfnetlink_bind+0x240/0x240 [ 43.784479] ? netlink_ack+0x9a0/0x9a0 [ 43.784501] ? ns_capable_common+0x12c/0x160 [ 43.784510] ? __netlink_ns_capable+0xe2/0x130 [ 43.784524] nfnetlink_rcv+0x1ab/0x1650 [ 44.046150] ? netlink_deliver_tap+0x93/0x8f0 [ 44.050635] ? find_held_lock+0x35/0x130 [ 44.055384] ? netlink_deliver_tap+0x93/0x8f0 [ 44.059879] ? nfnl_err_del+0x160/0x160 [ 44.063855] ? lock_downgrade+0x740/0x740 [ 44.067996] ? netlink_deliver_tap+0xba/0x8f0 [ 44.072487] netlink_unicast+0x44d/0x650 [ 44.076531] ? netlink_attachskb+0x6a0/0x6a0 [ 44.080935] ? security_netlink_send+0x81/0xb0 [ 44.085501] netlink_sendmsg+0x7c4/0xc60 [ 44.089632] ? netlink_unicast+0x650/0x650 [ 44.093860] ? security_socket_sendmsg+0x89/0xb0 [ 44.098613] ? netlink_unicast+0x650/0x650 [ 44.102830] sock_sendmsg+0xce/0x110 [ 44.106526] ___sys_sendmsg+0x70a/0x840 [ 44.110492] ? lock_downgrade+0x740/0x740 [ 44.114878] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 44.119652] ? do_raw_spin_unlock+0x174/0x260 [ 44.124144] ? _raw_spin_unlock+0x2d/0x50 [ 44.128275] ? do_huge_pmd_anonymous_page+0x2f9/0x1200 [ 44.133547] ? thp_get_unmapped_area+0x1c0/0x1c0 [ 44.138301] ? __handle_mm_fault+0x692/0x33d0 [ 44.142831] ? save_trace+0x290/0x290 [ 44.146621] ? copy_page_range+0x1de0/0x1de0 [ 44.151024] ? __do_page_fault+0x4e9/0xb80 [ 44.155267] ? __fget_light+0x172/0x1f0 [ 44.159227] ? __fdget+0x1b/0x20 [ 44.162580] ? sockfd_lookup_light+0xb4/0x160 [ 44.167074] __sys_sendmsg+0xb9/0x140 [ 44.170896] ? SyS_shutdown+0x170/0x170 [ 44.174866] SyS_sendmsg+0x2d/0x50 [ 44.178403] ? __sys_sendmsg+0x140/0x140 [ 44.182465] do_syscall_64+0x1e8/0x640 [ 44.186352] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 44.191211] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 44.196379] RIP: 0033:0x440289 [ 44.199560] RSP: 002b:00007ffd94f8fba8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 44.207342] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440289 [ 44.214591] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 44.221840] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 44.229114] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b10 [ 44.237413] R13: 0000000000401ba0 R14: 0000000000000000 R15: 0000000000000000 [ 44.244687] Code: d4 fd 85 c0 0f 88 44 01 00 00 e8 01 60 14 fc 48 8b 85 10 ff ff ff 48 8d 78 38 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 98 01 00 00 48 8b 85 10 ff ff ff 4c 89 fe 48 [ 44.265522] RIP: nfnetlink_parse_nat_setup+0x1fb/0x3b0 RSP: ffff88809ea27208 [ 44.273502] ---[ end trace 52818e237b69b39c ]--- [ 44.278256] Kernel panic - not syncing: Fatal exception [ 44.284890] Kernel Offset: disabled [ 44.288518] Rebooting in 86400 seconds..