[ 34.149966] audit: type=1800 audit(1565367721.324:33): pid=6910 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 34.173704] audit: type=1800 audit(1565367721.334:34): pid=6910 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 38.742368] random: sshd: uninitialized urandom read (32 bytes read) [ 39.200772] audit: type=1400 audit(1565367726.384:35): avc: denied { map } for pid=7084 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 39.253201] random: sshd: uninitialized urandom read (32 bytes read) [ 39.867882] random: sshd: uninitialized urandom read (32 bytes read) [ 40.059014] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.250' (ECDSA) to the list of known hosts. [ 45.681051] random: sshd: uninitialized urandom read (32 bytes read) [ 45.810561] audit: type=1400 audit(1565367732.994:36): avc: denied { map } for pid=7096 comm="syz-executor741" path="/root/syz-executor741403045" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 46.061389] IPVS: ftp: loaded support on port[0] = 21 [ 46.864630] chnl_net:caif_netlink_parms(): no params data found [ 46.897063] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.905641] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.913279] device bridge_slave_0 entered promiscuous mode [ 46.921217] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.927958] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.936059] device bridge_slave_1 entered promiscuous mode [ 46.952135] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 46.962322] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 46.979169] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 46.987934] team0: Port device team_slave_0 added [ 46.993838] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 47.001448] team0: Port device team_slave_1 added [ 47.007182] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 47.015199] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 47.072536] device hsr_slave_0 entered promiscuous mode [ 47.130624] device hsr_slave_1 entered promiscuous mode [ 47.180644] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 47.189401] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 47.203482] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.210121] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.217298] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.225450] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.255861] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 47.264132] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.274502] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 47.284640] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.303552] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.311325] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.323548] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 47.332049] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.344105] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.352709] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.359428] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.369121] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.378193] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.385058] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.401603] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 47.411790] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 47.422831] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 47.435924] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 47.446836] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 47.459245] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 47.467582] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 47.476637] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 47.485367] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 47.498885] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready executing program [ 47.509638] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.541018] IPv6: ADDRCONF(NETDEV_CHANGE): rose0: link becomes ready [ 47.660492] kasan: CONFIG_KASAN_INLINE enabled [ 47.668048] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 47.676849] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 47.684029] Modules linked in: [ 47.687312] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.14.137 #33 [ 47.693772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.703128] task: ffff8880a9d1c340 task.stack: ffff8880a9d28000 [ 47.709464] RIP: 0010:rose_send_frame+0x18d/0x270 [ 47.714299] RSP: 0018:ffff8880aef07b40 EFLAGS: 00010202 [ 47.719910] RAX: dffffc0000000000 RBX: ffff88809b4c6080 RCX: 0000000000000006 [ 47.728339] RDX: 000000000000006b RSI: ffffffff86fa1fe0 RDI: 0000000000000358 [ 47.736821] RBP: ffff8880aef07b70 R08: 1ffff11012a8a168 R09: ffff888095450b40 [ 47.744665] R10: ffffed1012a8a16c R11: ffff888095450b63 R12: ffff888087e05b40 [ 47.753019] R13: 0000000000000078 R14: 0000000000000005 R15: 0000000000000000 [ 47.760555] FS: 0000000000000000(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000 [ 47.769794] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 47.776271] CR2: 0000000020000190 CR3: 0000000087eb8000 CR4: 00000000001406e0 [ 47.784483] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 47.791867] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 47.799261] Call Trace: [ 47.802037] [ 47.804214] ? skb_put+0x161/0x1c0 [ 47.807754] rose_transmit_clear_request+0x1da/0x290 [ 47.813119] ? __local_bh_enable_ip+0x99/0x1a0 [ 47.817855] rose_rx_call_request+0x443/0x1a40 [ 47.823712] ? rose_dev_get+0x1c5/0x2b0 [ 47.828511] ? rose_release+0x3e0/0x3e0 [ 47.833922] rose_loopback_timer+0x147/0x430 [ 47.840360] call_timer_fn+0x161/0x670 [ 47.844833] ? rose_link_rx_restart.cold+0xa0/0xa0 [ 47.850364] ? __next_timer_interrupt+0x140/0x140 [ 47.859077] ? trace_hardirqs_on_caller+0x19b/0x590 [ 47.864955] run_timer_softirq+0x5b4/0x1570 [ 47.870109] ? rose_link_rx_restart.cold+0xa0/0xa0 [ 47.875767] ? add_timer+0xae0/0xae0 [ 47.879490] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 47.885066] __do_softirq+0x244/0x9a0 [ 47.889027] ? sched_clock+0x2e/0x50 [ 47.892752] irq_exit+0x160/0x1b0 [ 47.896388] smp_apic_timer_interrupt+0x146/0x5e0 [ 47.901410] apic_timer_interrupt+0x96/0xa0 [ 47.905864] [ 47.908108] RIP: 0010:native_safe_halt+0xe/0x10 [ 47.912904] RSP: 0018:ffff8880a9d2fe70 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff10 [ 47.922177] RAX: 1ffffffff0ee2a5c RBX: ffff8880a9d1c340 RCX: 0000000000000000 [ 47.930431] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffff8880a9d1cbbc [ 47.938719] RBP: ffff8880a9d2fe98 R08: 1ffffffff104a501 R09: 0000000000000000 [ 47.946589] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff877152d0 [ 47.954311] R13: 0000000000000000 R14: 0000000000000000 R15: ffff8880a9d1c340 [ 47.961910] ? default_idle+0x4c/0x370 [ 47.965833] arch_cpu_idle+0xa/0x10 [ 47.970120] default_idle_call+0x36/0x90 [ 47.974363] do_idle+0x262/0x3d0 [ 47.977742] cpu_startup_entry+0x1b/0x20 [ 47.981934] start_secondary+0x346/0x4b0 [ 47.986090] secondary_startup_64+0xa5/0xb0 [ 47.990408] Code: fa 48 c1 ea 03 80 3c 02 00 0f 85 8b 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 7b 20 49 8d bf 58 03 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 75 7d 49 8b 97 58 03 00 00 e9 c7 fe ff ff e8 3c 85 [ 48.010142] RIP: rose_send_frame+0x18d/0x270 RSP: ffff8880aef07b40 [ 48.016634] ---[ end trace 10ce65f5e991c1bf ]--- [ 48.021834] Kernel panic - not syncing: Fatal exception in interrupt [ 48.030787] Kernel Offset: disabled [ 48.034616] Rebooting in 86400 seconds..