[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 30.782243] random: sshd: uninitialized urandom read (32 bytes read) [ 31.285992] audit: type=1400 audit(1540009042.779:6): avc: denied { map } for pid=1771 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 31.328595] random: sshd: uninitialized urandom read (32 bytes read) [ 31.753304] random: sshd: uninitialized urandom read (32 bytes read) [ 53.097968] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.66' (ECDSA) to the list of known hosts. [ 58.770249] random: sshd: uninitialized urandom read (32 bytes read) [ 58.858775] audit: type=1400 audit(1540009070.349:7): avc: denied { map } for pid=1795 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2018/10/20 04:17:50 parsed 1 programs [ 59.395088] audit: type=1400 audit(1540009070.889:8): avc: denied { map } for pid=1795 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=4999 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 59.944448] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/20 04:17:52 executed programs: 0 [ 60.898719] audit: type=1400 audit(1540009072.389:9): avc: denied { map } for pid=1795 comm="syz-execprog" path="/root/syzkaller-shm857765909" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 65.209738] kasan: CONFIG_KASAN_INLINE enabled [ 65.215491] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 65.224388] general protection fault: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 65.231271] Modules linked in: [ 65.234448] CPU: 1 PID: 2803 Comm: syz-executor0 Not tainted 4.14.77+ #21 [ 65.241348] task: ffff8801c5872f00 task.stack: ffff8801c5818000 [ 65.247386] RIP: 0010:n_tty_set_termios+0x291/0xcb0 [ 65.252446] RSP: 0018:ffff8801c581f7f8 EFLAGS: 00010202 [ 65.257855] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 1ffffffff4e8b59e [ 65.265148] RDX: 000000000000000b RSI: ffff8801c581f878 RDI: ffff8801c581f884 [ 65.272467] RBP: ffff8801c5947700 R08: 0000000000000001 R09: 0000000000000000 [ 65.279891] R10: ffff8801c5873780 R11: 0000000000000001 R12: ffff8801c5947ab4 [ 65.287188] R13: 0000000000000001 R14: 000000000000005d R15: ffff8801c581f878 [ 65.294483] FS: 00007fa2e8e18700(0000) GS:ffff8801db900000(0000) knlGS:0000000000000000 [ 65.302698] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 65.308567] CR2: 00000000008f4c30 CR3: 00000001c7682005 CR4: 00000000001606a0 [ 65.315917] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 65.323169] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 65.330417] Call Trace: [ 65.332990] ? process_echoes+0x140/0x140 [ 65.337113] tty_set_termios+0x5fd/0x860 [ 65.341147] ? tty_wait_until_sent+0x480/0x480 [ 65.345706] set_termios+0x2bf/0x440 [ 65.349395] ? __tty_perform_flush+0x200/0x200 [ 65.353956] tty_mode_ioctl+0x7f9/0x920 [ 65.357906] ? tty_perform_flush+0x70/0x70 [ 65.362191] ? __ldsem_down_read_nested+0xb6/0x5b0 [ 65.367100] ? __ldsem_down_read_nested+0xd4/0x5b0 [ 65.372048] ? hash_futex+0x12/0x200 [ 65.375745] ? __ldsem_wake+0x320/0x320 [ 65.379701] ? avc_has_extended_perms+0x406/0xd50 [ 65.384523] n_tty_ioctl_helper+0x3f/0x350 [ 65.388734] n_tty_ioctl+0x43/0x2e0 [ 65.392336] ? pty_write_room+0xc0/0xc0 [ 65.396287] tty_ioctl+0x551/0x13e0 [ 65.399893] ? n_tty_receive_buf+0x40/0x40 [ 65.404101] ? tty_vhangup+0x30/0x30 [ 65.407793] ? avc_ss_reset+0x100/0x100 [ 65.411747] ? __lock_acquire+0x619/0x4320 [ 65.416099] ? trace_hardirqs_on+0x10/0x10 [ 65.420412] ? trace_hardirqs_on+0x10/0x10 [ 65.424632] ? trace_hardirqs_on+0x10/0x10 [ 65.428853] ? trace_hardirqs_on_caller+0x381/0x520 [ 65.433847] ? tty_vhangup+0x30/0x30 [ 65.437536] do_vfs_ioctl+0x1a0/0x1030 [ 65.441462] ? ioctl_preallocate+0x1d0/0x1d0 [ 65.445855] ? selinux_parse_skb.constprop.42+0x1a90/0x1a90 [ 65.451540] ? __lockdep_init_map+0x57/0x480 [ 65.455922] ? lock_acquire+0x10f/0x380 [ 65.459873] ? check_preemption_disabled+0x34/0x160 [ 65.464860] ? assoc_array_gc+0x10bb/0x1120 [ 65.469156] ? __fget+0x22b/0x3a0 [ 65.472583] ? security_file_ioctl+0x7c/0xb0 [ 65.476965] SyS_ioctl+0x7e/0xb0 [ 65.480304] ? do_vfs_ioctl+0x1030/0x1030 [ 65.484425] do_syscall_64+0x19b/0x4b0 [ 65.488287] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 65.493450] RIP: 0033:0x457569 [ 65.496617] RSP: 002b:00007fa2e8e17c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 65.505949] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 65.513197] RDX: 0000000020000040 RSI: 0000000000005407 RDI: 0000000000000005 [ 65.520446] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 65.527694] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa2e8e186d4 [ 65.534945] R13: 00000000004c0d89 R14: 00000000004d17a0 R15: 00000000ffffffff [ 65.542522] Code: d2 0f 85 14 09 00 00 44 8b ad b4 03 00 00 e8 67 8a 5e ff 4c 89 f2 41 d1 ed 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 41 83 e5 01 <0f> b6 04 02 4c 89 f2 83 e2 07 38 d0 7f 08 84 c0 0f 85 f1 07 00 [ 65.561588] RIP: n_tty_set_termios+0x291/0xcb0 RSP: ffff8801c581f7f8 [ 65.568290] ---[ end trace 18e02e08a9806cd1 ]--- [ 65.573495] Kernel panic - not syncing: Fatal exception [ 65.579235] Kernel Offset: 0x23e00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 65.590148] Rebooting in 86400 seconds..