[[ 36.972556] audit: type=1800 audit(1555510469.946:34): pid=6961 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 ....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 41.807974] random: sshd: uninitialized urandom read (32 bytes read) [ 42.207732] audit: type=1400 audit(1555510475.206:35): avc: denied { map } for pid=7133 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 42.252773] random: sshd: uninitialized urandom read (32 bytes read) [ 42.824708] random: sshd: uninitialized urandom read (32 bytes read) [ 43.017641] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.1.17' (ECDSA) to the list of known hosts. [ 48.989409] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 49.115993] audit: type=1400 audit(1555510482.116:36): avc: denied { map } for pid=7145 comm="syz-executor348" path="/root/syz-executor348569542" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 49.122385] ------------[ cut here ]------------ [ 49.147216] WARNING: CPU: 0 PID: 7145 at drivers/dma-buf/dma-buf.c:1039 dma_buf_vunmap+0x18f/0x200 [ 49.156517] Kernel panic - not syncing: panic_on_warn set ... [ 49.156517] [ 49.163959] CPU: 0 PID: 7145 Comm: syz-executor348 Not tainted 4.14.112 #2 [ 49.171194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.180804] Call Trace: [ 49.183382] dump_stack+0x138/0x19c [ 49.187196] panic+0x1f2/0x438 [ 49.190749] ? add_taint.cold+0x16/0x16 [ 49.194718] ? dma_buf_vunmap+0x18f/0x200 [ 49.198953] ? dma_buf_vunmap+0x18f/0x200 [ 49.203294] __warn.cold+0x2f/0x34 [ 49.206828] ? ist_end_non_atomic+0x10/0x10 [ 49.211270] ? dma_buf_vunmap+0x18f/0x200 [ 49.215408] report_bug+0x216/0x254 [ 49.219194] do_error_trap+0x1bb/0x310 [ 49.223195] ? math_error+0x360/0x360 [ 49.226982] ? __lock_is_held+0xb6/0x140 [ 49.231026] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 49.235861] do_invalid_op+0x1b/0x20 [ 49.240273] invalid_op+0x1b/0x40 [ 49.243946] RIP: 0010:dma_buf_vunmap+0x18f/0x200 [ 49.248812] RSP: 0018:ffff8880939bfa88 EFLAGS: 00010297 [ 49.254167] RAX: ffff8880a57f8340 RBX: 0000000000000000 RCX: 1ffff11013e66ca7 [ 49.261561] RDX: 0000000000000000 RSI: ffffc90005daf000 RDI: 0000000000000000 [ 49.268965] RBP: ffff8880939bfab0 R08: dffffc0000000000 R09: ffffffff88c839e8 [ 49.276225] R10: ffff8880939bfba0 R11: ffff8880a57f8340 R12: ffffc90005daf000 [ 49.283482] R13: ffffc90005daf000 R14: ffff888090de4ca8 R15: ffff888089352c00 [ 49.291008] ? dma_buf_vunmap+0x18f/0x200 [ 49.295145] vb2_vmalloc_detach_dmabuf+0x5e/0x90 [ 49.299893] ? vb2_vmalloc_map_dmabuf+0x90/0x90 [ 49.304587] __vb2_plane_dmabuf_put.isra.0+0x10f/0x300 [ 49.309866] __vb2_queue_free+0x610/0x7e0 [ 49.314054] vb2_core_queue_release+0x64/0x80 [ 49.318552] _vb2_fop_release+0x1cf/0x2a0 [ 49.322689] vb2_fop_release+0x75/0xc0 [ 49.326575] vivid_fop_release+0x180/0x3f0 [ 49.330797] ? vivid_remove+0x3d0/0x3d0 [ 49.334797] ? dev_debug_store+0xe0/0xe0 [ 49.338889] v4l2_release+0xfb/0x190 [ 49.342597] __fput+0x277/0x7a0 [ 49.345916] ____fput+0x16/0x20 [ 49.349405] task_work_run+0x119/0x190 [ 49.353488] do_exit+0x7df/0x2c10 [ 49.357160] ? do_vfs_ioctl+0xef/0x1070 [ 49.361121] ? ioctl_preallocate+0x1c0/0x1c0 [ 49.365518] ? putname+0xa1/0x120 [ 49.369059] ? mm_update_next_owner+0x5d0/0x5d0 [ 49.373808] ? do_sys_open+0x221/0x430 [ 49.377724] do_group_exit+0x111/0x330 [ 49.381695] SyS_exit_group+0x1d/0x20 [ 49.385485] ? do_group_exit+0x330/0x330 [ 49.389548] do_syscall_64+0x1eb/0x630 [ 49.393616] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 49.398673] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 49.403850] RIP: 0033:0x442ba8 [ 49.407019] RSP: 002b:00007ffcf2d5cc58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 49.415018] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442ba8 [ 49.422426] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 49.429724] RBP: 00000000004c2588 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 49.436985] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 49.444373] R13: 00000000006d4180 R14: 0000000000000000 R15: 0000000000000000 [ 49.452693] Kernel Offset: disabled [ 49.456589] Rebooting in 86400 seconds..