[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [ 10.105024] random: sshd: uninitialized urandom read (32 bytes read) [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. D[ 11.276512] random: crng init done ebian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.80' (ECDSA) to the list of known hosts. 2018/10/22 01:17:37 parsed 1 programs 2018/10/22 01:17:38 executed programs: 0 syzkaller login: [ 41.472428] audit: type=1400 audit(1540171063.405:5): avc: denied { associate } for pid=2066 comm="syz-executor4" name="syz4" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 41.860008] ================================================================== [ 41.867409] BUG: KASAN: user-memory-access in n_tty_set_termios+0xf6/0xd30 [ 41.874410] Write of size 512 at addr 0000000000001060 by task syz-executor4/4781 [ 41.882017] [ 41.883625] CPU: 1 PID: 4781 Comm: syz-executor4 Not tainted 4.9.135+ #57 [ 41.890532] ffff8801d95cf708 ffffffff81b36bf9 0000000000001060 0000000000000200 [ 41.898600] 0000000000000001 000000000000005d ffff8801d95cf848 ffff8801d95cf750 [ 41.906898] ffffffff81500be2 ffffffff81d23486 0000000000000286 ae537966de16b293 [ 41.914904] Call Trace: [ 41.917476] [] dump_stack+0xc1/0x128 [ 41.922831] [] kasan_report.cold.6+0x6d/0x2fe [ 41.928955] [] ? n_tty_set_termios+0xf6/0xd30 [ 41.935076] [] check_memory_region+0x14d/0x1b0 [ 41.941290] [] memset+0x23/0x40 [ 41.946215] [] n_tty_set_termios+0xf6/0xd30 [ 41.952178] [] ? process_echoes+0x150/0x150 [ 41.958136] [] tty_set_termios+0x626/0x8a0 [ 41.964001] [] ? tty_wait_until_sent+0x4d0/0x4d0 [ 41.970401] [] set_termios+0x38f/0x620 [ 41.975937] [] ? __tty_perform_flush+0x220/0x220 [ 41.982342] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 41.989158] [] ? ldsem_down_read+0x32/0x40 [ 41.995017] [] tty_mode_ioctl+0x8c2/0x980 [ 42.000801] [] ? tty_perform_flush+0x80/0x80 [ 42.006838] [] ? __ldsem_down_read_nested+0xce/0x610 [ 42.013596] [] ? ldsem_down_read+0x32/0x40 [ 42.019465] [] ? futex_wake+0x1aa/0x450 [ 42.025075] [] ? __ldsem_wake+0x330/0x330 [ 42.030847] [] n_tty_ioctl_helper+0x44/0x370 [ 42.036882] [] n_tty_ioctl+0x46/0x2e0 [ 42.042321] [] ? ldsem_down_read+0x32/0x40 [ 42.048235] [] tty_ioctl+0x440/0x2190 [ 42.053671] [] ? n_tty_receive_buf+0x40/0x40 [ 42.059701] [] ? no_tty+0xa0/0xa0 [ 42.064804] [] ? avc_ss_reset+0x110/0x110 [ 42.070583] [] ? __lock_acquire+0x654/0x4a10 [ 42.076630] [] ? __might_sleep+0x95/0x1a0 [ 42.082413] [] ? no_tty+0xa0/0xa0 [ 42.087496] [] do_vfs_ioctl+0x1ac/0x11a0 [ 42.093197] [] ? ioctl_preallocate+0x220/0x220 [ 42.099417] [] ? selinux_parse_skb.constprop.42+0x1a90/0x1a90 [ 42.106929] [] ? check_preemption_disabled+0x3b/0x170 [ 42.113745] [] ? __fget+0x214/0x3d0 [ 42.118999] [] ? __fget+0x23b/0x3d0 [ 42.124265] [] ? __fget+0x47/0x3d0 [ 42.129433] [] ? security_file_ioctl+0x8f/0xc0 [ 42.135640] [] SyS_ioctl+0x8f/0xc0 [ 42.140816] [] ? do_vfs_ioctl+0x11a0/0x11a0 [ 42.146775] [] do_syscall_64+0x19f/0x550 [ 42.152461] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 42.159365] ================================================================== [ 42.166701] Disabling lock debugging due to kernel taint [ 42.172403] Kernel panic - not syncing: panic_on_warn set ... [ 42.172403] [ 42.179765] CPU: 1 PID: 4781 Comm: syz-executor4 Tainted: G B 4.9.135+ #57 [ 42.187880] ffff8801d95cf630 ffffffff81b36bf9 ffffffff82e35bc8 00000000ffffffff [ 42.195886] 0000000000000000 0000000000000001 ffff8801d95cf848 ffff8801d95cf6f0 [ 42.203895] ffffffff813f6aa5 0000000041b58ab3 ffffffff82e29bcb ffffffff813f68e6 [ 42.211893] Call Trace: [ 42.214474] [] dump_stack+0xc1/0x128 [ 42.219814] [] panic+0x1bf/0x39f [ 42.224806] [] ? add_taint.cold.6+0x16/0x16 [ 42.230755] [] ? ___preempt_schedule+0x16/0x18 [ 42.236965] [] kasan_end_report+0x47/0x4f [ 42.242749] [] kasan_report.cold.6+0x76/0x2fe [ 42.248871] [] ? n_tty_set_termios+0xf6/0xd30 [ 42.254991] [] check_memory_region+0x14d/0x1b0 [ 42.261201] [] memset+0x23/0x40 [ 42.266107] [] n_tty_set_termios+0xf6/0xd30 [ 42.272056] [] ? process_echoes+0x150/0x150 [ 42.278000] [] tty_set_termios+0x626/0x8a0 [ 42.283858] [] ? tty_wait_until_sent+0x4d0/0x4d0 [ 42.290241] [] set_termios+0x38f/0x620 [ 42.295752] [] ? __tty_perform_flush+0x220/0x220 [ 42.302134] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 42.308950] [] ? ldsem_down_read+0x32/0x40 [ 42.314823] [] tty_mode_ioctl+0x8c2/0x980 [ 42.320607] [] ? tty_perform_flush+0x80/0x80 [ 42.326660] [] ? __ldsem_down_read_nested+0xce/0x610 [ 42.333402] [] ? ldsem_down_read+0x32/0x40 [ 42.339260] [] ? futex_wake+0x1aa/0x450 [ 42.344863] [] ? __ldsem_wake+0x330/0x330 [ 42.350647] [] n_tty_ioctl_helper+0x44/0x370 [ 42.356683] [] n_tty_ioctl+0x46/0x2e0 [ 42.362112] [] ? ldsem_down_read+0x32/0x40 [ 42.367996] [] tty_ioctl+0x440/0x2190 [ 42.373425] [] ? n_tty_receive_buf+0x40/0x40 [ 42.379456] [] ? no_tty+0xa0/0xa0 [ 42.384535] [] ? avc_ss_reset+0x110/0x110 [ 42.390309] [] ? __lock_acquire+0x654/0x4a10 [ 42.396342] [] ? __might_sleep+0x95/0x1a0 [ 42.402119] [] ? no_tty+0xa0/0xa0 [ 42.407196] [] do_vfs_ioctl+0x1ac/0x11a0 [ 42.412909] [] ? ioctl_preallocate+0x220/0x220 [ 42.419129] [] ? selinux_parse_skb.constprop.42+0x1a90/0x1a90 [ 42.426640] [] ? check_preemption_disabled+0x3b/0x170 [ 42.433459] [] ? __fget+0x214/0x3d0 [ 42.438747] [] ? __fget+0x23b/0x3d0 [ 42.444011] [] ? __fget+0x47/0x3d0 [ 42.449177] [] ? security_file_ioctl+0x8f/0xc0 [ 42.455383] [] SyS_ioctl+0x8f/0xc0 [ 42.460547] [] ? do_vfs_ioctl+0x11a0/0x11a0 [ 42.466501] [] do_syscall_64+0x19f/0x550 [ 42.472201] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 42.479407] Kernel Offset: disabled [ 42.483018] Rebooting in 86400 seconds..