[ 32.704948] audit: type=1800 audit(1569769150.992:33): pid=6869 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 32.732634] audit: type=1800 audit(1569769150.992:34): pid=6869 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 35.968164] random: sshd: uninitialized urandom read (32 bytes read) [ 36.204876] audit: type=1400 audit(1569769154.492:35): avc: denied { map } for pid=7044 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 36.256688] random: sshd: uninitialized urandom read (32 bytes read) [ 36.853152] random: sshd: uninitialized urandom read (32 bytes read) [ 45.939936] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.15.212' (ECDSA) to the list of known hosts. [ 51.374632] random: sshd: uninitialized urandom read (32 bytes read) 2019/09/29 14:59:29 parsed 1 programs [ 51.556509] audit: type=1400 audit(1569769169.842:36): avc: denied { map } for pid=7056 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 51.617777] audit: type=1400 audit(1569769169.902:37): avc: denied { map } for pid=7056 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=13798 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 52.294967] random: cc1: uninitialized urandom read (8 bytes read) 2019/09/29 14:59:31 executed programs: 0 [ 53.321027] IPVS: ftp: loaded support on port[0] = 21 [ 54.137018] chnl_net:caif_netlink_parms(): no params data found [ 54.168475] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.175794] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.183010] device bridge_slave_0 entered promiscuous mode [ 54.190516] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.197108] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.204611] device bridge_slave_1 entered promiscuous mode [ 54.218811] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 54.228045] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 54.244524] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 54.251919] team0: Port device team_slave_0 added [ 54.257335] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 54.264504] team0: Port device team_slave_1 added [ 54.270714] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.277917] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.332022] device hsr_slave_0 entered promiscuous mode [ 54.380493] device hsr_slave_1 entered promiscuous mode [ 54.430636] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 54.437898] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 54.451091] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.457534] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.464732] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.471373] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.499821] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 54.506968] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.516471] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.525770] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.545058] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.552505] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.562453] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 54.569738] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.578730] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.587139] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.593785] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.611141] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.619048] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.625490] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.633397] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 54.641060] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 54.651422] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 54.658307] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 54.668429] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 54.677796] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 54.684097] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 54.697791] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 54.708038] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.131540] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 55.963517] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 55.977584] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 56.000387] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 56.010721] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 56.037788] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 56.047719] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 56.068128] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 56.081245] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 56.102219] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 56.114099] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 56.607826] ------------[ cut here ]------------ [ 56.612950] WARNING: CPU: 1 PID: 7229 at net/xfrm/xfrm_policy.c:752 xfrm_policy_insert+0x679/0x11e0 [ 56.622126] Kernel panic - not syncing: panic_on_warn set ... [ 56.622126] [ 56.629500] CPU: 1 PID: 7229 Comm: syz-executor.0 Not tainted 4.14.146 #0 [ 56.636407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.645791] Call Trace: [ 56.648371] dump_stack+0x138/0x197 [ 56.651987] panic+0x1f2/0x426 [ 56.655161] ? add_taint.cold+0x16/0x16 [ 56.659122] ? xfrm_policy_insert+0x679/0x11e0 [ 56.663689] ? xfrm_policy_insert+0x679/0x11e0 [ 56.668274] __warn.cold+0x2f/0x36 [ 56.671807] ? ist_end_non_atomic+0x10/0x10 [ 56.676216] ? xfrm_policy_insert+0x679/0x11e0 [ 56.680792] report_bug+0x216/0x254 [ 56.684417] do_error_trap+0x1bb/0x310 [ 56.688295] ? math_error+0x360/0x360 [ 56.692162] ? mark_held_locks+0xb1/0x100 [ 56.696379] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 56.701467] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 56.706288] do_invalid_op+0x1b/0x20 [ 56.710258] invalid_op+0x1b/0x40 [ 56.713700] RIP: 0010:xfrm_policy_insert+0x679/0x11e0 [ 56.718874] RSP: 0018:ffff888086ddf560 EFLAGS: 00010297 [ 56.724315] RAX: ffff88808a562180 RBX: ffff8880a9191b40 RCX: 0000000000000000 [ 56.731585] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8880a9191d70 [ 56.738876] RBP: ffff888086ddf5f8 R08: 0000000000006fc3 R09: ffffffff88cb7298 [ 56.746166] R10: ffff88808a562a28 R11: ffff88808a562180 R12: dffffc0000000000 [ 56.753514] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 56.760939] xfrm_add_policy+0x230/0x4f0 [ 56.764984] ? xfrm_policy_construct+0x590/0x590 [ 56.769721] ? validate_nla+0x201/0x5f0 [ 56.773679] ? nla_parse+0x186/0x240 [ 56.777373] ? xfrm_policy_construct+0x590/0x590 [ 56.782110] xfrm_user_rcv_msg+0x3c9/0x690 [ 56.786325] ? xfrm_dump_sa_done+0xe0/0xe0 [ 56.790547] ? __dev_queue_xmit+0xd33/0x25e0 [ 56.794961] ? netlink_deliver_tap+0x93/0x8f0 [ 56.799447] ? xfrm_netlink_rcv+0x61/0x90 [ 56.803591] netlink_rcv_skb+0x14f/0x3c0 [ 56.808068] ? xfrm_dump_sa_done+0xe0/0xe0 [ 56.812297] ? netlink_ack+0x9a0/0x9a0 [ 56.816261] xfrm_netlink_rcv+0x70/0x90 [ 56.820241] netlink_unicast+0x45d/0x640 [ 56.824395] ? netlink_attachskb+0x6a0/0x6a0 [ 56.829011] ? security_netlink_send+0x81/0xb0 [ 56.833588] netlink_sendmsg+0x7c4/0xc60 [ 56.837635] ? netlink_unicast+0x640/0x640 [ 56.842030] ? security_socket_sendmsg+0x89/0xb0 [ 56.846770] ? netlink_unicast+0x640/0x640 [ 56.850989] sock_sendmsg+0xce/0x110 [ 56.854699] ___sys_sendmsg+0x70a/0x840 [ 56.858652] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 56.863410] ? __fget+0x210/0x370 [ 56.866932] ? find_held_lock+0x35/0x130 [ 56.870974] ? __fget+0x210/0x370 [ 56.874408] ? lock_downgrade+0x6e0/0x6e0 [ 56.878571] ? __fget+0x237/0x370 [ 56.882006] ? __fget_light+0x172/0x1f0 [ 56.886047] ? __fdget+0x1b/0x20 [ 56.889394] ? sockfd_lookup_light+0xb4/0x160 [ 56.893869] __sys_sendmsg+0xb9/0x140 [ 56.897675] ? SyS_shutdown+0x170/0x170 [ 56.901687] ? put_timespec64+0xb4/0x100 [ 56.905729] ? SyS_clock_gettime+0xf8/0x180 [ 56.910051] SyS_sendmsg+0x2d/0x50 [ 56.913568] ? __sys_sendmsg+0x140/0x140 [ 56.917608] do_syscall_64+0x1e8/0x640 [ 56.921472] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 56.926387] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 56.931555] RIP: 0033:0x459a29 [ 56.934740] RSP: 002b:00007f8e438c5c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 56.942541] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 56.949957] RDX: 0000000000000000 RSI: 000000002014f000 RDI: 0000000000000004 [ 56.957242] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 56.964785] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8e438c66d4 [ 56.972083] R13: 00000000004c7990 R14: 00000000004dd3b0 R15: 00000000ffffffff [ 56.981016] Kernel Offset: disabled [ 56.984697] Rebooting in 86400 seconds..