[ 32.390136] audit: type=1800 audit(1561444312.922:33): pid=6910 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0
[ 32.417456] audit: type=1800 audit(1561444312.932:34): pid=6910 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 44.738465] random: sshd: uninitialized urandom read (32 bytes read)
[ 45.273768] audit: type=1400 audit(1561444325.812:35): avc: denied { map } for pid=7085 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[ 45.325668] random: sshd: uninitialized urandom read (32 bytes read)
[ 45.899963] random: sshd: uninitialized urandom read (32 bytes read)
[ 46.098932] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.134' (ECDSA) to the list of known hosts.
[ 51.785959] random: sshd: uninitialized urandom read (32 bytes read)
[ 51.978398] audit: type=1400 audit(1561444332.512:36): avc: denied { map } for pid=7097 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2019/06/25 06:32:13 parsed 1 programs
[ 52.791362] audit: type=1400 audit(1561444333.332:37): avc: denied { map } for pid=7097 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=33 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
[ 53.490271] random: cc1: uninitialized urandom read (8 bytes read)
2019/06/25 06:32:15 executed programs: 0
[ 54.581379] audit: type=1400 audit(1561444335.122:38): avc: denied { map } for pid=7097 comm="syz-execprog" path="/root/syzkaller-shm694926480" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
[ 55.380165] IPVS: ftp: loaded support on port[0] = 21
[ 55.685110] chnl_net:caif_netlink_parms(): no params data found
[ 55.714246] bridge0: port 1(bridge_slave_0) entered blocking state
[ 55.721120] bridge0: port 1(bridge_slave_0) entered disabled state
[ 55.728038] device bridge_slave_0 entered promiscuous mode
[ 55.735239] bridge0: port 2(bridge_slave_1) entered blocking state
[ 55.741752] bridge0: port 2(bridge_slave_1) entered disabled state
[ 55.748646] device bridge_slave_1 entered promiscuous mode
[ 55.762710] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 55.771302] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 55.786571] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[ 55.793812] team0: Port device team_slave_0 added
[ 55.799166] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[ 55.806273] team0: Port device team_slave_1 added
[ 55.811538] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[ 55.818769] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[ 55.871858] device hsr_slave_0 entered promiscuous mode
[ 55.910344] device hsr_slave_1 entered promiscuous mode
[ 55.960522] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[ 55.967485] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[ 55.980299] bridge0: port 2(bridge_slave_1) entered blocking state
[ 55.986702] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 55.993557] bridge0: port 1(bridge_slave_0) entered blocking state
[ 55.999884] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 56.027142] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[ 56.034047] 8021q: adding VLAN 0 to HW filter on device bond0
[ 56.042690] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 56.051084] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 56.069335] bridge0: port 1(bridge_slave_0) entered disabled state
[ 56.077214] bridge0: port 2(bridge_slave_1) entered disabled state
[ 56.087978] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[ 56.094734] 8021q: adding VLAN 0 to HW filter on device team0
[ 56.102960] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 56.111921] bridge0: port 1(bridge_slave_0) entered blocking state
[ 56.118246] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 56.130908] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 56.138563] bridge0: port 2(bridge_slave_1) entered blocking state
[ 56.144946] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 56.154650] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 56.163628] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 56.176654] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 56.187162] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 56.197579] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[ 56.204501] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 56.212284] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 56.219735] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 56.227493] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 56.238707] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[ 56.248267] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 56.681333] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 57.503795] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7129 comm=syz-executor.0
[ 57.516437] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7129 comm=syz-executor.0
[ 57.528767] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7129 comm=syz-executor.0
[ 57.541120] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7129 comm=syz-executor.0
[ 57.553644] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7129 comm=syz-executor.0
[ 57.566454] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7129 comm=syz-executor.0
[ 57.578774] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7129 comm=syz-executor.0
[ 57.591498] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7129 comm=syz-executor.0
[ 57.603867] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7129 comm=syz-executor.0
[ 57.616140] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7129 comm=syz-executor.0
[ 59.032334] kasan: CONFIG_KASAN_INLINE enabled
[ 59.037069] kasan: GPF could be caused by NULL-ptr deref or user memory access
[ 59.044690] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[ 59.050915] Modules linked in:
[ 59.054102] CPU: 0 PID: 7139 Comm: syz-executor.0 Not tainted 4.14.130 #24
[ 59.061097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 59.070532] task: ffff88809ba14140 task.stack: ffff888095d18000
[ 59.076575] RIP: 0010:__smc_diag_dump.isra.0+0x342/0x17b0
[ 59.082093] RSP: 0018:ffff888095d1f340 EFLAGS: 00010203
[ 59.087440] RAX: dffffc0000000000 RBX: ffff88807d550cc0 RCX: 0000000000000001
[ 59.094691] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000e
[ 59.101950] RBP: ffff888095d1f518 R08: 0000000000000040 R09: ffff88807d550d10
[ 59.109205] R10: ffff88809ba14a60 R11: ffff88809ba14140 R12: ffff888095d1f4f0
[ 59.116458] R13: ffff8880a1694610 R14: ffff8880865d8040 R15: ffff8880865d8490
[ 59.123709] FS: 00007ff638990700(0000) GS:ffff8880aee00000(0000) knlGS:0000000000000000
[ 59.132032] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 59.137894] CR2: 00007ff63896edb8 CR3: 0000000090329000 CR4: 00000000001406f0
[ 59.145438] Call Trace:
[ 59.148016] ? smc_diag_handler_dump+0x200/0x200
[ 59.152847] ? rcu_lockdep_current_cpu_online+0xf2/0x140
[ 59.158289] ? __kmalloc_node_track_caller+0x3d/0x80
[ 59.163433] ? rcu_read_lock_sched_held+0x110/0x130
[ 59.168444] ? kmem_cache_alloc_node_trace+0x379/0x770
[ 59.173715] ? kasan_unpoison_shadow+0x35/0x50
[ 59.178327] ? kasan_kmalloc+0xce/0xf0
[ 59.182208] ? lock_acquire+0x16f/0x430
[ 59.186162] ? smc_diag_dump+0x8d/0x2a0
[ 59.190128] smc_diag_dump+0x1e5/0x2a0
[ 59.194005] netlink_dump+0x3fa/0xb10
[ 59.197784] __netlink_dump_start+0x4ff/0x750
[ 59.202257] smc_diag_handler_dump+0x1b7/0x200
[ 59.206816] ? smc_gid_be16_convert+0x2c0/0x2c0
[ 59.211479] ? __smc_diag_dump.isra.0+0x17b0/0x17b0
[ 59.216479] sock_diag_rcv_msg+0x29e/0x3a0
[ 59.220692] netlink_rcv_skb+0x14f/0x3c0
[ 59.224733] ? sock_diag_bind+0x90/0x90
[ 59.228790] ? netlink_ack+0x9a0/0x9a0
[ 59.232671] sock_diag_rcv+0x2b/0x40
[ 59.236362] netlink_unicast+0x45d/0x780
[ 59.240398] ? netlink_attachskb+0x6a0/0x6a0
[ 59.244798] ? security_netlink_send+0x81/0xb0
[ 59.249362] netlink_sendmsg+0x7c4/0xc60
[ 59.253519] ? netlink_unicast+0x780/0x780
[ 59.257733] ? security_socket_sendmsg+0x89/0xb0
[ 59.262467] ? netlink_unicast+0x780/0x780
[ 59.266973] sock_sendmsg+0xce/0x110
[ 59.270685] kernel_sendmsg+0x44/0x50
[ 59.274469] sock_no_sendpage+0x107/0x130
[ 59.278603] ? sock_kzfree_s+0x50/0x50
[ 59.283772] ? pipe_lock+0x63/0x80
[ 59.287439] kernel_sendpage+0x92/0xf0
[ 59.291307] ? sock_kzfree_s+0x50/0x50
[ 59.295177] sock_sendpage+0x8b/0xc0
[ 59.298970] ? kernel_sendpage+0xf0/0xf0
[ 59.303021] pipe_to_sendpage+0x242/0x340
[ 59.307242] ? direct_splice_actor+0x190/0x190
[ 59.311810] __splice_from_pipe+0x348/0x780
[ 59.316108] ? direct_splice_actor+0x190/0x190
[ 59.320673] ? direct_splice_actor+0x190/0x190
[ 59.325245] splice_from_pipe+0xf0/0x150
[ 59.329330] ? splice_shrink_spd+0xb0/0xb0
[ 59.333552] ? security_file_permission+0x89/0x1f0
[ 59.338463] generic_splice_sendpage+0x3c/0x50
[ 59.343039] ? splice_from_pipe+0x150/0x150
[ 59.347402] SyS_splice+0xd92/0x1430
[ 59.351109] ? put_timespec64+0xb4/0x100
[ 59.355159] ? compat_SyS_vmsplice+0x250/0x250
[ 59.359807] ? do_syscall_64+0x53/0x640
[ 59.363772] ? compat_SyS_vmsplice+0x250/0x250
[ 59.368375] do_syscall_64+0x1e8/0x640
[ 59.372250] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 59.377084] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 59.382254] RIP: 0033:0x459519
[ 59.385423] RSP: 002b:00007ff63898fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[ 59.393199] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000459519
[ 59.400449] RDX: 0000000000000007 RSI: 0000000000000000 RDI: 0000000000000005
[ 59.407693] RBP: 000000000075bfc8 R08: 0000000080000001 R09: 0000000000000000
[ 59.414947] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff6389906d4
[ 59.422200] R13: 00000000004c8a66 R14: 00000000004deb70 R15: 00000000ffffffff
[ 59.429536] Code: 20 48 89 f9 48 c1 e9 03 80 3c 11 00 0f 85 b2 13 00 00 48 8b 50 20 48 b8 00 00 00 00 00 fc ff df 48 8d 7a 0e 48 89 f9 48 c1 e9 03 <0f> b6 0c 01 48 89 f8 83 e0 07 83 c0 01 38 c8 7c 08 84 c9 0f 85
[ 59.448641] RIP: __smc_diag_dump.isra.0+0x342/0x17b0 RSP: ffff888095d1f340
[ 59.455906] ---[ end trace f6daabf12873434c ]---
[ 59.460664] Kernel panic - not syncing: Fatal exception
[ 59.466958] Kernel Offset: disabled
[ 59.470590] Rebooting in 86400 seconds..