[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 33.806713] random: sshd: uninitialized urandom read (32 bytes read) [ 34.129681] audit: type=1400 audit(1536630404.764:6): avc: denied { map } for pid=5538 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 34.188373] random: sshd: uninitialized urandom read (32 bytes read) [ 34.814451] random: sshd: uninitialized urandom read (32 bytes read) [ 64.406570] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.8' (ECDSA) to the list of known hosts. [ 69.963490] random: sshd: uninitialized urandom read (32 bytes read) [ 70.102171] audit: type=1400 audit(1536630440.734:7): avc: denied { map } for pid=5552 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2018/09/11 01:47:21 parsed 1 programs [ 70.614880] audit: type=1400 audit(1536630441.244:8): avc: denied { map } for pid=5552 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=1102 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 71.551379] random: cc1: uninitialized urandom read (8 bytes read) 2018/09/11 01:47:24 executed programs: 0 [ 73.424835] audit: type=1400 audit(1536630444.054:9): avc: denied { map } for pid=5552 comm="syz-execprog" path="/root/syzkaller-shm476653257" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 73.461020] IPVS: ftp: loaded support on port[0] = 21 [ 73.738455] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.745060] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.752877] device bridge_slave_0 entered promiscuous mode [ 73.771461] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.778085] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.785527] device bridge_slave_1 entered promiscuous mode [ 73.803570] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 73.822822] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 73.877858] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 73.898562] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 73.981671] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 73.989209] team0: Port device team_slave_0 added [ 74.008020] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 74.016549] team0: Port device team_slave_1 added [ 74.033880] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 74.053917] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 74.073712] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 74.093079] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 74.251929] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.258465] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.265455] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.271825] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.811591] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.863352] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 74.917805] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 74.923939] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 74.932250] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 74.980674] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.292915] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 75.324961] WARNING: CPU: 0 PID: 5821 at arch/x86/kvm/vmx.c:8247 enter_vmx_operation+0x391/0x470 [ 75.334037] Kernel panic - not syncing: panic_on_warn set ... [ 75.334037] [ 75.341482] CPU: 0 PID: 5821 Comm: syz-executor0 Not tainted 4.19.0-rc3+ #10 [ 75.350130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 75.359485] Call Trace: [ 75.362068] dump_stack+0x1c4/0x2b4 [ 75.365703] ? dump_stack_print_info.cold.2+0x52/0x52 [ 75.370901] panic+0x238/0x4e7 [ 75.374083] ? add_taint.cold.5+0x16/0x16 [ 75.378245] ? __warn.cold.8+0x148/0x1ba [ 75.382301] ? __warn.cold.8+0x117/0x1ba [ 75.386354] ? enter_vmx_operation+0x391/0x470 [ 75.390951] __warn.cold.8+0x163/0x1ba [ 75.394830] ? rcu_bh_qs+0xc0/0xc0 [ 75.398359] ? enter_vmx_operation+0x391/0x470 [ 75.402937] report_bug+0x254/0x2d0 [ 75.406558] do_error_trap+0x1fc/0x4d0 [ 75.410481] ? cache_grow_end+0xa8/0x190 [ 75.414559] ? math_error+0x3f0/0x3f0 [ 75.418354] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 75.423213] ? trace_hardirqs_on_caller+0x310/0x310 [ 75.428266] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 75.433122] do_invalid_op+0x1b/0x20 [ 75.436827] invalid_op+0x14/0x20 [ 75.440270] RIP: 0010:enter_vmx_operation+0x391/0x470 [ 75.445457] Code: 00 4c 89 ef bb f4 ff ff ff e8 eb c6 ff ff e9 f2 fe ff ff e8 31 85 61 00 48 8b 4d d0 48 85 c9 0f 84 08 ff ff ff e8 1f 85 61 00 <0f> 0b e9 0e fe ff ff e8 d3 eb a4 00 e9 c1 fe ff ff e8 e9 eb a4 00 [ 75.464518] RSP: 0018:ffff8801b46df2d8 EFLAGS: 00010293 [ 75.470642] RAX: ffff8801bf04a6c0 RBX: ffff8801bde88040 RCX: ffff8801c1349000 [ 75.477936] RDX: 0000000000000000 RSI: ffffffff811d4ba1 RDI: ffff8801bde8d820 [ 75.485237] RBP: ffff8801b46df310 R08: ffff8801bf04a6c0 R09: 1ffffffff12b43d5 [ 75.492652] R10: ffffed003b5c4732 R11: ffff8801dae23993 R12: ffff8801bde8dba8 [ 75.499960] R13: ffff8801bde8dbb8 R14: ffff8801bde8dba0 R15: ffff8801bde8d7a8 [ 75.507425] ? enter_vmx_operation+0x391/0x470 [ 75.512207] ? enter_vmx_operation+0x391/0x470 [ 75.525638] handle_vmon+0x46b/0x500 [ 75.535517] ? nested_vmx_get_vmptr+0x1d0/0x1d0 [ 75.549831] ? nested_vmx_get_vmptr+0x1d0/0x1d0 [ 75.554523] vmx_handle_exit+0x2f7/0x17e0 [ 75.558722] ? lock_acquire+0x1ed/0x520 [ 75.567880] ? vcpu_enter_guest+0x12f2/0x62e0 [ 75.572397] ? vcpu_enter_guest+0x1271/0x62e0 [ 75.576930] ? handle_vmfunc+0x9d0/0x9d0 [ 75.590228] ? trace_hardirqs_on+0xbd/0x310 [ 75.594616] ? kvm_arch_vcpu_ioctl_run+0x375/0x16e0 [ 75.599658] ? check_preemption_disabled+0x48/0x200 [ 75.604688] ? check_preemption_disabled+0x48/0x200 [ 75.620477] vcpu_enter_guest+0x14a9/0x62e0 [ 75.624847] ? emulator_read_emulated+0x50/0x50 [ 75.629540] ? vmx_vcpu_load+0xb06/0x1030 [ 75.633692] ? find_held_lock+0x36/0x1c0 [ 75.637773] ? vmx_write_tsc_offset+0x680/0x680 [ 75.642464] ? graph_lock+0x170/0x170 [ 75.646263] ? kvm_vcpu_ioctl+0x28c/0x1150 [ 75.650702] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 75.658790] ? check_preemption_disabled+0x48/0x200 [ 75.663810] ? check_preemption_disabled+0x48/0x200 [ 75.668836] ? __lock_is_held+0xb5/0x140 [ 75.672907] ? kvm_check_async_pf_completion+0x3ae/0x5c0 [ 75.678365] ? kvm_clear_async_pf_completion_queue+0x770/0x770 [ 75.686900] ? kvm_arch_dev_ioctl+0x630/0x630 [ 75.691393] ? preempt_notifier_dec+0x20/0x20 [ 75.695933] kvm_arch_vcpu_ioctl_run+0x375/0x16e0 [ 75.700810] ? kvm_arch_vcpu_ioctl_run+0x375/0x16e0 [ 75.705859] kvm_vcpu_ioctl+0x72b/0x1150 [ 75.709916] ? kvm_vcpu_block+0x1030/0x1030 [ 75.714229] ? add_mm_counter_fast+0xd0/0xd0 [ 75.718632] ? exit_robust_list+0x280/0x280 [ 75.722982] ? _raw_spin_unlock+0x2c/0x50 [ 75.727170] ? __handle_mm_fault+0x9ab/0x53e0 [ 75.731671] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 75.736540] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 75.742091] ? print_usage_bug+0xc0/0xc0 [ 75.746159] ? rcu_is_watching+0x30/0x30 [ 75.750219] ? graph_lock+0x170/0x170 [ 75.754011] ? graph_lock+0x170/0x170 [ 75.757835] ? graph_lock+0x170/0x170 [ 75.761638] ? find_held_lock+0x36/0x1c0 [ 75.765703] ? kvm_vcpu_block+0x1030/0x1030 [ 75.770033] do_vfs_ioctl+0x1de/0x1720 [ 75.773919] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 75.779551] ? ioctl_preallocate+0x300/0x300 [ 75.783974] ? selinux_file_mprotect+0x620/0x620 [ 75.788767] ? __x64_sys_futex+0x47f/0x6a0 [ 75.793004] ? do_syscall_64+0x9a/0x820 [ 75.797717] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 75.803435] ? security_file_ioctl+0x94/0xc0 [ 75.807843] ksys_ioctl+0xa9/0xd0 [ 75.811290] __x64_sys_ioctl+0x73/0xb0 [ 75.817015] do_syscall_64+0x1b9/0x820 [ 75.820909] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 75.826291] ? syscall_return_slowpath+0x5e0/0x5e0 [ 75.831220] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 75.836060] ? trace_hardirqs_on_caller+0x310/0x310 [ 75.841071] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 75.846085] ? prepare_exit_to_usermode+0x291/0x3b0 [ 75.851100] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 75.855943] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 75.861127] RIP: 0033:0x4572a9 [ 75.864335] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 75.883236] RSP: 002b:00007ffd3381f7d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 75.890945] RAX: ffffffffffffffda RBX: 0000000002707914 RCX: 00000000004572a9 [ 75.898211] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 75.905479] RBP: 00000000009300a0 R08: 0000000000000000 R09: 0000000000000000 [ 75.912751] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 75.920015] R13: 00000000004cf9b0 R14: 00000000004c5c37 R15: 0000000000000000 [ 75.928221] Dumping ftrace buffer: [ 75.931859] (ftrace buffer empty) [ 75.936126] Kernel Offset: disabled [ 75.939772] Rebooting in 86400 seconds..