[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 32.031095] kauditd_printk_skb: 10 callbacks suppressed [ 32.031103] audit: type=1400 audit(1575904734.902:35): avc: denied { map } for pid=7062 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 32.086401] random: sshd: uninitialized urandom read (32 bytes read) [ 32.658939] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 [ 32.846953] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.15.210' (ECDSA) to the list of known hosts. syzkaller login: [ 38.414120] random: sshd: uninitialized urandom read (32 bytes read) executing program executing program executing program executing program executing program executing program [ 38.533433] audit: type=1400 audit(1575904741.402:36): avc: denied { map } for pid=7075 comm="syz-executor403" path="/root/syz-executor403158587" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 38.576654] sp1: Synchronizing with TNC [ 38.581429] sp0: Synchronizing with TNC [ 38.586678] sp1: Found TNC [ 38.593626] sp2: Synchronizing with TNC [ 38.599267] sp3: Synchronizing with TNC [ 38.609696] sp5: Synchronizing with TNC [ 38.614694] sp4: Synchronizing with TNC [ 38.621462] sp3: Found TNC [ 38.627411] sp5: Found TNC [ 38.636390] sp0: Found TNC [ 38.642397] sp2: Found TNC [ 38.666955] sp4: Found TNC executing program executing program executing program executing program executing program [ 38.827568] sp0: Synchronizing with TNC executing program [ 38.902452] sp0: Found TNC [ 38.938558] sp2: Synchronizing with TNC [ 38.950867] sp3: Synchronizing with TNC [ 38.955953] sp1: Synchronizing with TNC [ 38.970399] sp2: Found TNC [ 38.993966] sp3: Found TNC [ 39.013386] sp1: Found TNC [ 39.025847] sp4: Synchronizing with TNC [ 39.035441] sp5: Synchronizing with TNC [ 39.103447] sp5: Found TNC [ 39.122864] sp4: Found TNC executing program executing program executing program executing program executing program [ 39.536585] sp0: Synchronizing with TNC [ 39.545593] sp0: Found TNC [ 39.744352] sp0: Synchronizing with TNC [ 39.751742] sp1: Synchronizing with TNC [ 39.760929] sp2: Synchronizing with TNC [ 39.768932] sp0: Found TNC [ 39.770969] sp3: Synchronizing with TNC executing program [ 39.795850] sp1: Found TNC [ 39.805088] sp2: Found TNC [ 39.816736] sp3: Found TNC executing program [ 39.941147] sp4: Synchronizing with TNC [ 40.054403] sp4: Found TNC [ 40.555203] sp0: Synchronizing with TNC [ 40.565845] sp0: Found TNC executing program executing program executing program executing program executing program [ 40.971929] sp2: Synchronizing with TNC [ 40.980266] sp1: Synchronizing with TNC [ 40.984419] sp0: Synchronizing with TNC [ 41.033808] sp2: Found TNC [ 41.069880] sp1: Found TNC [ 41.082107] sp0: Found TNC executing program executing program [ 41.187045] sp3: Synchronizing with TNC [ 41.301206] sp3: Found TNC [ 41.623265] sp0: Synchronizing with TNC [ 41.631921] sp1: Synchronizing with TNC [ 41.643544] sp1: Found TNC [ 41.657511] sp0: Found TNC executing program executing program executing program executing program executing program [ 42.091953] sp1: Synchronizing with TNC [ 42.107875] sp0: Synchronizing with TNC [ 42.112588] sp1: Found TNC [ 42.129619] sp0: Found TNC [ 42.220666] sp2: Synchronizing with TNC [ 42.251642] sp3: Synchronizing with TNC [ 42.332279] sp2: Found TNC [ 42.345191] sp3: Found TNC executing program [ 42.392496] sp0: Synchronizing with TNC [ 42.407073] sp0: Found TNC executing program [ 42.722798] sp1: Synchronizing with TNC [ 42.729426] sp1: Found TNC executing program executing program executing program [ 43.062434] sp0: Synchronizing with TNC [ 43.076552] sp3: Synchronizing with TNC [ 43.080983] sp2: Synchronizing with TNC [ 43.085721] sp0: Found TNC [ 43.108165] sp1: Synchronizing with TNC executing program [ 43.174696] sp3: Found TNC [ 43.177986] sp2: Found TNC [ 43.207774] sp1: Found TNC [ 43.509687] sp0: Synchronizing with TNC executing program [ 43.532299] sp0: Found TNC executing program executing program executing program executing program [ 43.827086] sp0: Synchronizing with TNC [ 43.834135] sp0: Found TNC executing program [ 44.002424] sp1: Synchronizing with TNC [ 44.014942] sp3: Synchronizing with TNC [ 44.022812] sp2: Synchronizing with TNC [ 44.037159] sp0: Synchronizing with TNC [ 44.088444] sp3: Found TNC [ 44.118464] sp1: Found TNC [ 44.126933] sp2: Found TNC [ 44.145422] sp0: Found TNC [ 44.189350] sp4: Synchronizing with TNC executing program [ 44.318725] sp4: Found TNC [ 44.879453] sp0: Synchronizing with TNC [ 44.888794] sp0: Found TNC executing program executing program executing program executing program [ 45.186314] sp0: Synchronizing with TNC [ 45.193482] sp1: Synchronizing with TNC [ 45.204134] sp2: Synchronizing with TNC executing program executing program [ 45.302212] sp0: Found TNC [ 45.309452] sp1: Found TNC [ 45.330220] sp3: Synchronizing with TNC [ 45.342120] sp2: Found TNC [ 45.455415] sp0: Synchronizing with TNC [ 45.466154] sp0: Found TNC [ 45.477884] sp3: Found TNC [ 45.658663] sp2: Synchronizing with TNC [ 45.671422] sp2: Found TNC executing program executing program executing program executing program executing program [ 46.288259] sp0: Synchronizing with TNC [ 46.300441] sp1: Synchronizing with TNC [ 46.305455] sp0: Found TNC [ 46.421635] sp1: Found TNC [ 46.455851] sp2: Synchronizing with TNC [ 46.524812] sp3: Synchronizing with TNC [ 46.557812] sp2: Found TNC [ 46.657708] sp3: Found TNC [ 46.677779] sp0: Synchronizing with TNC executing program [ 46.712776] sp0: Found TNC executing program [ 47.145972] sp1: Synchronizing with TNC [ 47.160771] sp1: Found TNC executing program executing program executing program [ 47.434533] sp0: Synchronizing with TNC [ 47.454264] sp1: Synchronizing with TNC [ 47.458820] sp0: Found TNC [ 47.503598] sp2: Synchronizing with TNC executing program [ 47.530801] sp1: Found TNC [ 47.627885] sp2: Found TNC [ 47.643209] sp3: Synchronizing with TNC [ 47.767378] sp3: Found TNC executing program [ 47.968186] sp0: Synchronizing with TNC [ 47.974846] sp0: Found TNC executing program executing program executing program executing program [ 48.318440] sp0: Synchronizing with TNC [ 48.325978] sp0: Found TNC [ 48.387215] sp1: Synchronizing with TNC [ 48.458698] sp2: Synchronizing with TNC executing program [ 48.507814] sp1: Found TNC [ 48.521979] sp3: Synchronizing with TNC [ 48.533025] sp4: Synchronizing with TNC [ 48.562241] sp2: Found TNC [ 48.608710] sp4: Found TNC [ 48.665994] sp3: Found TNC [ 48.793111] sp0: Synchronizing with TNC [ 48.797513] sp0: Found TNC executing program executing program executing program [ 49.369548] sp0: Synchronizing with TNC executing program executing program [ 49.453971] sp0: Found TNC executing program [ 49.512001] sp1: Synchronizing with TNC [ 49.523701] sp2: Synchronizing with TNC [ 49.566036] sp4: Synchronizing with TNC [ 49.597476] sp3: Synchronizing with TNC [ 49.602078] sp2: Found TNC [ 49.635241] sp1: Found TNC [ 49.656751] sp4: Found TNC [ 49.707561] sp3: Found TNC [ 49.734459] sp0: Synchronizing with TNC [ 49.809759] sp0: Found TNC executing program executing program executing program executing program executing program [ 50.464755] sp0: Synchronizing with TNC [ 50.515658] sp0: Found TNC [ 50.590877] sp2: Synchronizing with TNC [ 50.615311] sp1: Synchronizing with TNC executing program [ 50.655311] sp4: Synchronizing with TNC [ 50.663967] sp4: Found TNC [ 50.690933] sp2: Found TNC [ 50.706734] sp1: Found TNC [ 50.707111] sp3: Synchronizing with TNC [ 50.834532] sp0: Synchronizing with TNC [ 50.842257] sp3: Found TNC [ 50.903809] sp0: Found TNC executing program executing program executing program executing program executing program [ 51.587880] sp2: Synchronizing with TNC [ 51.607150] sp1: Synchronizing with TNC [ 51.613915] sp0: Synchronizing with TNC [ 51.674066] sp4: Synchronizing with TNC [ 51.686098] sp2: Found TNC [ 51.689424] sp4: Found TNC [ 51.695048] sp3: Synchronizing with TNC executing program [ 51.717540] sp1: Found TNC [ 51.726434] sp0: Found TNC [ 51.769872] sp3: Found TNC [ 52.229342] sp0: Synchronizing with TNC [ 52.252785] sp0: Found TNC executing program executing program executing program executing program [ 52.598699] sp0: Synchronizing with TNC [ 52.610903] sp1: Synchronizing with TNC [ 52.621721] sp2: Synchronizing with TNC [ 52.693140] sp3: Synchronizing with TNC [ 52.708870] sp0: Found TNC executing program [ 52.741722] sp1: Found TNC executing program [ 52.763117] sp3: Found TNC [ 52.765642] sp2: Found TNC [ 52.865912] sp4: Synchronizing with TNC [ 52.981296] sp4: Found TNC [ 52.986216] sp0: Synchronizing with TNC [ 53.003014] sp0: Found TNC executing program executing program executing program executing program executing program [ 53.566221] sp0: Synchronizing with TNC [ 53.572945] sp1: Synchronizing with TNC [ 53.618249] sp0: Found TNC [ 53.669416] sp1: Found TNC [ 53.706422] sp2: Synchronizing with TNC [ 53.800535] sp2: Found TNC [ 53.868286] sp1: Synchronizing with TNC [ 53.889160] sp1: Found TNC executing program [ 54.032540] sp0: Synchronizing with TNC [ 54.043258] sp0: Found TNC executing program executing program [ 54.338008] sp1: Synchronizing with TNC [ 54.348670] sp1: Found TNC executing program executing program [ 54.472567] sp0: Synchronizing with TNC [ 54.484428] sp0: Found TNC [ 54.499926] sp2: Synchronizing with TNC [ 54.639971] sp2: Found TNC [ 54.672064] sp1: Synchronizing with TNC [ 54.717739] sp1: Found TNC executing program executing program [ 54.823225] sp0: Synchronizing with TNC [ 54.838950] sp0: Found TNC [ 55.159975] sp1: Synchronizing with TNC [ 55.166957] sp2: Synchronizing with TNC [ 55.177134] sp2: Found TNC [ 55.196578] sp1: Found TNC executing program executing program executing program executing program [ 55.631920] sp0: Synchronizing with TNC [ 55.639270] sp1: Synchronizing with TNC [ 55.655425] sp0: Found TNC [ 55.674250] sp2: Synchronizing with TNC [ 55.678910] sp1: Found TNC executing program [ 55.810327] sp2: Found TNC executing program [ 55.843202] sp1: Synchronizing with TNC [ 55.851488] sp1: Found TNC [ 56.012880] sp0: Synchronizing with TNC [ 56.017342] sp0: Found TNC [ 56.026812] sp3: Synchronizing with TNC [ 56.126484] sp3: Found TNC executing program executing program executing program executing program executing program [ 57.177751] sp0: Synchronizing with TNC [ 57.189665] sp0: Found TNC [ 57.289168] sp1: Synchronizing with TNC [ 57.336107] sp1: Found TNC [ 57.349361] sp2: Synchronizing with TNC [ 57.443911] sp2: Found TNC executing program [ 57.467058] sp0: Synchronizing with TNC [ 57.472779] sp3: Synchronizing with TNC [ 57.477219] sp3: Found TNC [ 57.491713] sp0: Found TNC executing program [ 57.634602] sp0: Synchronizing with TNC [ 57.712904] sp1: Synchronizing with TNC executing program executing program [ 57.743375] sp0: Found TNC [ 57.801964] sp1: Found TNC executing program executing program [ 57.842966] sp2: Synchronizing with TNC [ 57.888199] sp3: Synchronizing with TNC [ 57.955613] sp2: Found TNC [ 58.009834] sp3: Found TNC [ 58.072390] sp0: Synchronizing with TNC [ 58.078432] sp1: Synchronizing with TNC [ 58.084810] sp0: Found TNC [ 58.089929] sp1: Found TNC [ 58.096370] ------------[ cut here ]------------ [ 58.101131] kernel BUG at kernel/time/timer.c:1089! executing program executing program executing program executing program [ 58.339747] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 58.345147] Modules linked in: [ 58.348341] CPU: 0 PID: 320 Comm: kworker/u4:3 Not tainted 4.14.158-syzkaller #0 [ 58.356012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.365374] Workqueue: events_unbound flush_to_ldisc [ 58.370949] task: ffff8880a900a380 task.stack: ffff8880a9010000 [ 58.377009] RIP: 0010:add_timer+0x689/0xae0 [ 58.381328] RSP: 0018:ffff8880a9017b38 EFLAGS: 00010297 [ 58.386686] RAX: ffff8880a900a380 RBX: ffff8880a9017ba8 RCX: 0000000000000000 [ 58.393950] RDX: 0000000000000000 RSI: ffff8880a900ac78 RDI: ffff88807408ef08 [ 58.401214] RBP: ffff8880a9017bd0 R08: ffff8880a900a380 R09: ffff8880a900ac98 [ 58.408658] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88807408ef00 [ 58.415934] R13: dffffc0000000000 R14: ffff88808e1d6af1 R15: ffff88807408ef00 [ 58.423315] FS: 0000000000000000(0000) GS:ffff8880aec00000(0000) knlGS:0000000000000000 [ 58.431537] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 58.437413] CR2: 00007faa858c29de CR3: 0000000089d73000 CR4: 00000000001406f0 [ 58.444684] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 58.451956] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 58.459420] Call Trace: [ 58.462006] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 58.467108] ? mod_timer+0xeb0/0xeb0 [ 58.470820] ? pty_write+0x6b/0x1d0 [ 58.474446] sixpack_receive_buf+0xc9a/0x1170 [ 58.478950] ? decode_data.part.0+0x270/0x270 [ 58.483462] tty_ldisc_receive_buf+0x14d/0x1a0 [ 58.488043] tty_port_default_receive_buf+0x73/0xa0 [ 58.493056] flush_to_ldisc+0x1ec/0x400 [ 58.497042] process_one_work+0x863/0x1600 [ 58.501304] ? pwq_dec_nr_in_flight+0x2e0/0x2e0 [ 58.505991] worker_thread+0x5d9/0x1050 [ 58.509972] kthread+0x319/0x430 [ 58.513338] ? process_one_work+0x1600/0x1600 [ 58.518178] ? kthread_create_on_node+0xd0/0xd0 [ 58.522847] ret_from_fork+0x24/0x30 [ 58.526558] Code: 84 8a 00 00 00 e8 c8 10 0d 00 65 ff 0d 61 af b1 7e 0f 85 3c fd ff ff e8 b6 10 0d 00 e8 05 04 b0 ff e9 2d fd ff ff e8 a7 10 0d 00 <0f> 0b e8 a0 10 0d 00 49 c7 c5 80 4a 02 00 e8 14 b3 ba 01 48 ba [ 58.545750] RIP: add_timer+0x689/0xae0 RSP: ffff8880a9017b38 [ 58.556983] kobject: 'sp0' (ffff8880a46205b0): kobject_add_internal: parent: 'net', set: 'devices' [ 58.630785] kobject: 'sp0' (ffff8880a46205b0): kobject_uevent_env [ 58.733430] kobject: 'sp0' (ffff8880a46205b0): fill_kobj_path: path = '/devices/virtual/net/sp0' [ 58.851261] kobject: 'queues' (ffff8880a09ddc48): kobject_add_internal: parent: 'sp0', set: '' [ 58.962422] kobject: 'queues' (ffff8880a09ddc48): kobject_uevent_env [ 59.049249] kobject: 'queues' (ffff8880a09ddc48): kobject_uevent_env: filter function caused the event to drop! [ 59.178595] kobject: 'rx-0' (ffff88809fea1190): kobject_add_internal: parent: 'queues', set: 'queues' [ 59.267689] kobject: 'rx-0' (ffff88809fea1190): kobject_uevent_env [ 59.320224] kobject: 'rx-0' (ffff88809fea1190): fill_kobj_path: path = '/devices/virtual/net/sp0/queues/rx-0' [ 59.378229] kobject: 'tx-0' (ffff88809ff89d58): kobject_add_internal: parent: 'queues', set: 'queues' [ 59.410080] kobject: 'tx-0' (ffff88809ff89d58): kobject_uevent_env [ 59.416692] kobject: 'tx-0' (ffff88809ff89d58): fill_kobj_path: path = '/devices/virtual/net/sp0/queues/tx-0' [ 59.430465] kobject: 'sp2' (ffff888095ca9270): kobject_add_internal: parent: 'net', set: 'devices' [ 59.442228] sp0: Synchronizing with TNC [ 59.446651] kobject: 'sp2' (ffff888095ca9270): kobject_uevent_env [ 59.450049] ---[ end trace 5228ba54d8f8ea05 ]--- [ 59.453047] 6pack: protocol violation [ 59.458006] Kernel panic - not syncing: Fatal exception [ 59.462721] 6pack: protocol violation [ 59.467618] Kernel Offset: disabled [ 59.475015] Rebooting in 86400 seconds..