G[�[32m ok �[39;[ 35.863544] audit: type=1800 audit(1575245510.365:34): pid=7053 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0
49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 39.025315] random: sshd: uninitialized urandom read (32 bytes read)
[ 39.293804] audit: type=1400 audit(1575245513.825:35): avc: denied { map } for pid=7225 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[ 39.346806] random: sshd: uninitialized urandom read (32 bytes read)
[ 39.936300] random: sshd: uninitialized urandom read (32 bytes read)
[ 40.125425] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.18' (ECDSA) to the list of known hosts.
[ 45.658697] random: sshd: uninitialized urandom read (32 bytes read)
[ 45.844360] audit: type=1400 audit(1575245520.375:36): avc: denied { map } for pid=7237 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2019/12/02 00:12:00 parsed 1 programs
[ 46.587040] random: cc1: uninitialized urandom read (8 bytes read)
[ 47.452302] audit: type=1400 audit(1575245521.985:37): avc: denied { map } for pid=7237 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=15668 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
2019/12/02 00:12:02 executed programs: 0
[ 47.496587] audit: type=1400 audit(1575245522.025:38): avc: denied { map } for pid=7237 comm="syz-execprog" path="/root/syzkaller-shm341129248" dev="sda1" ino=16492 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
[ 47.771022] IPVS: ftp: loaded support on port[0] = 21
[ 48.642733] chnl_net:caif_netlink_parms(): no params data found
[ 48.675012] bridge0: port 1(bridge_slave_0) entered blocking state
[ 48.681979] bridge0: port 1(bridge_slave_0) entered disabled state
[ 48.689095] device bridge_slave_0 entered promiscuous mode
[ 48.696567] bridge0: port 2(bridge_slave_1) entered blocking state
[ 48.703143] bridge0: port 2(bridge_slave_1) entered disabled state
[ 48.710310] device bridge_slave_1 entered promiscuous mode
[ 48.725158] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 48.734298] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 48.751275] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[ 48.758541] team0: Port device team_slave_0 added
[ 48.764360] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[ 48.771558] team0: Port device team_slave_1 added
[ 48.776979] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[ 48.784583] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[ 48.832202] device hsr_slave_0 entered promiscuous mode
[ 48.880456] device hsr_slave_1 entered promiscuous mode
[ 48.920992] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[ 48.928154] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[ 48.941751] bridge0: port 2(bridge_slave_1) entered blocking state
[ 48.948150] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 48.955131] bridge0: port 1(bridge_slave_0) entered blocking state
[ 48.961497] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 48.991917] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[ 48.998014] 8021q: adding VLAN 0 to HW filter on device bond0
[ 49.007162] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 49.016484] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 49.035225] bridge0: port 1(bridge_slave_0) entered disabled state
[ 49.042874] bridge0: port 2(bridge_slave_1) entered disabled state
[ 49.053355] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[ 49.059429] 8021q: adding VLAN 0 to HW filter on device team0
[ 49.068550] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 49.076718] bridge0: port 1(bridge_slave_0) entered blocking state
[ 49.083079] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 49.093929] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 49.101854] bridge0: port 2(bridge_slave_1) entered blocking state
[ 49.108184] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 49.128073] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 49.138696] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 49.149560] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[ 49.157146] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 49.165415] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 49.173427] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 49.181213] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 49.189304] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 49.196946] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 49.208794] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready
[ 49.215995] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 49.222789] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 49.235804] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 49.640388] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 54.013495] refcount_t overflow at skb_set_owner_w+0x1f8/0x300 in syz-executor.0[7357], uid/euid: 0/0
[ 54.023327] ------------[ cut here ]------------
[ 54.028198] WARNING: CPU: 0 PID: 7357 at kernel/panic.c:613 refcount_error_report+0x1b2/0x210
[ 54.036860] Kernel panic - not syncing: panic_on_warn set ...
[ 54.036860]
[ 54.044212] CPU: 0 PID: 7357 Comm: syz-executor.0 Not tainted 4.14.157-syzkaller #0
[ 54.052018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 54.061360] Call Trace:
[ 54.063948] dump_stack+0x142/0x197
[ 54.067587] panic+0x1f9/0x42d
[ 54.070767] ? add_taint.cold+0x16/0x16
[ 54.074740] ? refcount_error_report+0x1b2/0x210
[ 54.079489] ? refcount_error_report+0x1b2/0x210
[ 54.084250] __warn.cold+0x2f/0x2f
[ 54.087781] ? ist_end_non_atomic+0x10/0x10
[ 54.092096] ? refcount_error_report+0x1b2/0x210
[ 54.096865] report_bug+0x216/0x254
[ 54.100483] do_error_trap+0x1bb/0x310
[ 54.104356] ? math_error+0x360/0x360
[ 54.108146] ? vprintk_emit+0x171/0x600
[ 54.112127] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 54.116951] do_invalid_op+0x1b/0x20
[ 54.120655] invalid_op+0x1b/0x40
[ 54.124099] RIP: 0010:refcount_error_report+0x1b2/0x210
[ 54.129440] RSP: 0018:ffff888097d773b0 EFLAGS: 00010286
[ 54.134807] RAX: 0000000000000059 RBX: ffff888097d775c8 RCX: 0000000000000000
[ 54.142083] RDX: 0000000000000000 RSI: ffffffff86ac2f80 RDI: ffffed1012faee6c
[ 54.149341] RBP: ffff888097d773e8 R08: 0000000000000059 R09: ffff888076196b20
[ 54.156603] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff86a81e20
[ 54.163875] R13: 0000000000000000 R14: ffff888076196280 R15: 0000000000000006
[ 54.171159] ? inat_get_avx_attribute+0x3be7/0x7965
[ 54.176188] ex_handler_refcount+0x126/0x1a0
[ 54.180595] ? ex_handler_clear_fs+0xb0/0xb0
[ 54.185205] fixup_exception+0x8b/0xb9
[ 54.189078] do_trap+0x65/0x250
[ 54.192341] do_error_trap+0x153/0x310
[ 54.196218] ? math_error+0x360/0x360
[ 54.200009] ? inat_get_avx_attribute+0x3be7/0x7965
[ 54.205021] ? rcu_read_lock_sched_held+0x110/0x130
[ 54.210033] ? kmem_cache_alloc_node_trace+0x379/0x770
[ 54.215304] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 54.220128] do_invalid_op+0x1b/0x20
[ 54.223839] invalid_op+0x1b/0x40
[ 54.227331] RIP: 0010:skb_set_owner_w+0x1f8/0x300
[ 54.232273] RSP: 0018:ffff888097d77670 EFLAGS: 00010a82
[ 54.237633] RAX: 0000000000040100 RBX: ffff88809e685400 RCX: ffff88809dac787c
[ 54.244921] RDX: 1ffff11013cd0a9c RSI: ffff88809dac7640 RDI: ffff88809e6854e0
[ 54.252195] RBP: ffff888097d77690 R08: 1ffff110313c8c90 R09: ffff888189e46480
[ 54.259599] R10: ffffed10313c8c94 R11: ffff888189e464a3 R12: ffff88809dac7640
[ 54.267004] R13: ffff88809e685460 R14: ffff88809e685418 R15: ffff88809dac7640
[ 54.274296] sock_wmalloc+0xc6/0xf0
[ 54.278037] ip_append_page+0x5fd/0xe40
[ 54.282030] udp_sendpage+0x176/0x3e0
[ 54.285844] ? udp_destroy_sock+0x1a0/0x1a0
[ 54.290190] ? lock_downgrade+0x740/0x740
[ 54.294324] ? copy_page_to_iter+0x427/0xc40
[ 54.298718] inet_sendpage+0x157/0x580
[ 54.302587] ? udp_destroy_sock+0x1a0/0x1a0
[ 54.306894] kernel_sendpage+0x92/0xf0
[ 54.310774] ? inet_sendmsg+0x500/0x500
[ 54.314765] sock_sendpage+0x8b/0xc0
[ 54.318601] ? kernel_sendpage+0xf0/0xf0
[ 54.322659] pipe_to_sendpage+0x242/0x340
[ 54.326885] ? direct_splice_actor+0x190/0x190
[ 54.331450] __splice_from_pipe+0x348/0x780
[ 54.335753] ? direct_splice_actor+0x190/0x190
[ 54.340317] ? direct_splice_actor+0x190/0x190
[ 54.344876] splice_from_pipe+0xf0/0x150
[ 54.348922] ? splice_shrink_spd+0xb0/0xb0
[ 54.353141] generic_splice_sendpage+0x3c/0x50
[ 54.357702] ? splice_from_pipe+0x150/0x150
[ 54.362004] direct_splice_actor+0x123/0x190
[ 54.366394] splice_direct_to_actor+0x29e/0x7b0
[ 54.371052] ? generic_pipe_buf_nosteal+0x10/0x10
[ 54.375881] ? do_splice_to+0x170/0x170
[ 54.379848] ? rw_verify_area+0xea/0x2b0
[ 54.383905] do_splice_direct+0x18d/0x230
[ 54.388032] ? splice_direct_to_actor+0x7b0/0x7b0
[ 54.392861] ? rw_verify_area+0xea/0x2b0
[ 54.396995] do_sendfile+0x4db/0xbd0
[ 54.400691] ? do_compat_pwritev64+0x140/0x140
[ 54.405269] ? put_timespec64+0xb4/0x100
[ 54.409326] ? nsecs_to_jiffies+0x30/0x30
[ 54.413456] SyS_sendfile64+0x102/0x110
[ 54.417416] ? SyS_sendfile+0x130/0x130
[ 54.421370] ? do_syscall_64+0x53/0x640
[ 54.425324] ? SyS_sendfile+0x130/0x130
[ 54.429276] do_syscall_64+0x1e8/0x640
[ 54.433148] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 54.437991] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 54.443258] RIP: 0033:0x45a679
[ 54.446453] RSP: 002b:00007f624d297c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 54.454149] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a679
[ 54.461403] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005
[ 54.468828] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000
[ 54.477066] R10: 0000000000010001 R11: 0000000000000246 R12: 00007f624d2986d4
[ 54.484342] R13: 00000000004c8d9f R14: 00000000004e0670 R15: 00000000ffffffff
[ 54.493010] Kernel Offset: disabled
[ 54.496727] Rebooting in 86400 seconds..