[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 22.811106] random: sshd: uninitialized urandom read (32 bytes read) [ 23.158667] audit: type=1400 audit(1543094537.502:6): avc: denied { map } for pid=1768 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 23.204651] random: sshd: uninitialized urandom read (32 bytes read) [ 23.659447] random: sshd: uninitialized urandom read (32 bytes read) [ 89.154761] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.84' (ECDSA) to the list of known hosts. [ 94.845727] random: sshd: uninitialized urandom read (32 bytes read) [ 94.951213] audit: type=1400 audit(1543094609.302:7): avc: denied { map } for pid=1822 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2018/11/24 21:23:29 parsed 1 programs [ 95.499451] audit: type=1400 audit(1543094609.842:8): avc: denied { map } for pid=1822 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=4999 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 95.922540] random: cc1: uninitialized urandom read (8 bytes read) 2018/11/24 21:23:30 executed programs: 0 [ 96.615070] audit: type=1400 audit(1543094610.962:9): avc: denied { map } for pid=1822 comm="syz-execprog" path="/root/syzkaller-shm808981132" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 2018/11/24 21:23:35 executed programs: 191 2018/11/24 21:23:40 executed programs: 669 INIT: Id "1" respawning too fast: disabled for 5 minutes INIT: Id "3" respawning too fast: disabled for 5 minutes INIT: Id "2" respawning too fast: disabled for 5 minutes INIT: Id "4" respawning too fast: disabled for 5 minutes INIT: Id "6" respawning too fast: disabled for 5 minutes INIT: Id "5" respawning too fast: disabled for 5 minutes 2018/11/24 21:23:45 executed programs: 1138 2018/11/24 21:23:50 executed programs: 1625 [ 120.235254] ================================================================== [ 120.242674] BUG: KASAN: user-memory-access in n_tty_set_termios+0xee/0xcb0 [ 120.249665] Write of size 512 at addr 0000000000001060 by task syz-executor0/9739 [ 120.257263] [ 120.258890] CPU: 0 PID: 9739 Comm: syz-executor0 Not tainted 4.14.83+ #9 [ 120.265714] Call Trace: [ 120.268284] dump_stack+0xb9/0x11b [ 120.271809] kasan_report.cold.6+0x6d/0x2dd [ 120.276106] ? n_tty_set_termios+0xee/0xcb0 [ 120.280411] memset+0x1f/0x40 [ 120.283517] n_tty_set_termios+0xee/0xcb0 [ 120.287647] ? process_echoes+0x140/0x140 [ 120.291771] tty_set_termios+0x5fd/0x860 [ 120.295814] ? tty_wait_until_sent+0x480/0x480 [ 120.300372] ? lock_downgrade+0x560/0x560 [ 120.304520] set_termios+0x2bf/0x440 [ 120.308230] ? __tty_perform_flush+0x200/0x200 [ 120.312803] tty_mode_ioctl+0x870/0x920 [ 120.316752] ? tty_perform_flush+0x70/0x70 [ 120.320961] ? __ldsem_down_read_nested+0xb6/0x5b0 [ 120.325866] ? __ldsem_down_read_nested+0xd4/0x5b0 [ 120.330776] ? lock_release+0x3d0/0x720 [ 120.334724] ? __ldsem_wake+0x320/0x320 [ 120.338680] ? avc_has_extended_perms+0x406/0xd50 [ 120.343514] n_tty_ioctl_helper+0x3f/0x350 [ 120.347727] n_tty_ioctl+0x43/0x2e0 [ 120.351333] ? pty_write_room+0xc0/0xc0 [ 120.355286] tty_ioctl+0x551/0x13e0 [ 120.358897] ? n_tty_receive_buf+0x40/0x40 [ 120.363106] ? tty_vhangup+0x30/0x30 [ 120.366797] ? avc_ss_reset+0x100/0x100 [ 120.370752] ? __lock_acquire+0x619/0x4320 [ 120.374974] ? trace_hardirqs_on+0x10/0x10 [ 120.379196] ? trace_hardirqs_on+0x10/0x10 [ 120.383412] ? trace_hardirqs_on+0x10/0x10 [ 120.387624] ? trace_hardirqs_on_caller+0x381/0x520 [ 120.392622] ? tty_vhangup+0x30/0x30 [ 120.396463] do_vfs_ioctl+0x1a0/0x1030 [ 120.400339] ? ioctl_preallocate+0x1d0/0x1d0 [ 120.404726] ? selinux_parse_skb.constprop.42+0x1a90/0x1a90 [ 120.410417] ? __lockdep_init_map+0xb2/0x480 [ 120.414802] ? lock_acquire+0x10f/0x380 [ 120.418764] ? check_preemption_disabled+0x34/0x1e0 [ 120.423769] ? assoc_array_gc+0x10eb/0x1120 [ 120.428071] ? __fget+0x22b/0x3a0 [ 120.431529] ? security_file_ioctl+0x7c/0xb0 [ 120.435917] SyS_ioctl+0x7e/0xb0 [ 120.439258] ? do_vfs_ioctl+0x1030/0x1030 [ 120.443390] do_syscall_64+0x19b/0x4b0 [ 120.447259] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 120.452433] RIP: 0033:0x457569 [ 120.455597] RSP: 002b:00007f9ee50e9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 120.463280] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 120.470527] RDX: 0000000020000080 RSI: 0000000000005402 RDI: 0000000000000005 [ 120.477772] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 120.485034] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9ee50ea6d4 [ 120.492279] R13: 00000000004c10be R14: 00000000004d2410 R15: 00000000ffffffff [ 120.499536] ================================================================== [ 120.506870] Disabling lock debugging due to kernel taint [ 120.513419] Kernel panic - not syncing: panic_on_warn set ... [ 120.513419] [ 120.520803] CPU: 1 PID: 9739 Comm: syz-executor0 Tainted: G B 4.14.83+ #9 [ 120.528828] Call Trace: [ 120.531429] dump_stack+0xb9/0x11b [ 120.534948] panic+0x1bf/0x3a4 [ 120.538121] ? add_taint.cold.4+0x16/0x16 [ 120.542246] ? ___preempt_schedule+0x16/0x18 [ 120.546633] kasan_end_report+0x43/0x49 [ 120.550593] kasan_report.cold.6+0x77/0x2dd [ 120.554890] ? n_tty_set_termios+0xee/0xcb0 [ 120.559191] memset+0x1f/0x40 [ 120.562275] n_tty_set_termios+0xee/0xcb0 [ 120.566413] ? process_echoes+0x140/0x140 [ 120.570535] tty_set_termios+0x5fd/0x860 [ 120.574572] ? tty_wait_until_sent+0x480/0x480 [ 120.579135] ? lock_downgrade+0x560/0x560 [ 120.583264] set_termios+0x2bf/0x440 [ 120.586965] ? __tty_perform_flush+0x200/0x200 [ 120.591531] tty_mode_ioctl+0x870/0x920 [ 120.595481] ? tty_perform_flush+0x70/0x70 [ 120.599760] ? __ldsem_down_read_nested+0xb6/0x5b0 [ 120.604667] ? __ldsem_down_read_nested+0xd4/0x5b0 [ 120.609578] ? lock_release+0x3d0/0x720 [ 120.613539] ? __ldsem_wake+0x320/0x320 [ 120.617505] ? avc_has_extended_perms+0x406/0xd50 [ 120.622329] n_tty_ioctl_helper+0x3f/0x350 [ 120.626541] n_tty_ioctl+0x43/0x2e0 [ 120.630159] ? pty_write_room+0xc0/0xc0 [ 120.634116] tty_ioctl+0x551/0x13e0 [ 120.637723] ? n_tty_receive_buf+0x40/0x40 [ 120.641948] ? tty_vhangup+0x30/0x30 [ 120.645641] ? avc_ss_reset+0x100/0x100 [ 120.649595] ? __lock_acquire+0x619/0x4320 [ 120.653807] ? trace_hardirqs_on+0x10/0x10 [ 120.658023] ? trace_hardirqs_on+0x10/0x10 [ 120.662244] ? trace_hardirqs_on+0x10/0x10 [ 120.666453] ? trace_hardirqs_on_caller+0x381/0x520 [ 120.671460] ? tty_vhangup+0x30/0x30 [ 120.675161] do_vfs_ioctl+0x1a0/0x1030 [ 120.679030] ? ioctl_preallocate+0x1d0/0x1d0 [ 120.683432] ? selinux_parse_skb.constprop.42+0x1a90/0x1a90 [ 120.689127] ? __lockdep_init_map+0xb2/0x480 [ 120.693526] ? lock_acquire+0x10f/0x380 [ 120.697479] ? check_preemption_disabled+0x34/0x1e0 [ 120.702478] ? assoc_array_gc+0x10eb/0x1120 [ 120.706866] ? __fget+0x22b/0x3a0 [ 120.710296] ? security_file_ioctl+0x7c/0xb0 [ 120.714680] SyS_ioctl+0x7e/0xb0 [ 120.718071] ? do_vfs_ioctl+0x1030/0x1030 [ 120.722196] do_syscall_64+0x19b/0x4b0 [ 120.726063] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 120.731229] RIP: 0033:0x457569 [ 120.734400] RSP: 002b:00007f9ee50e9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 120.742082] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 120.749328] RDX: 0000000020000080 RSI: 0000000000005402 RDI: 0000000000000005 [ 120.756577] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 120.763822] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9ee50ea6d4 [ 120.771066] R13: 00000000004c10be R14: 00000000004d2410 R15: 00000000ffffffff [ 120.778668] Kernel Offset: 0x39600000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 120.789570] Rebooting in 86400 seconds..