[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 32.836328] random: sshd: uninitialized urandom read (32 bytes read) [ 33.115188] kauditd_printk_skb: 10 callbacks suppressed [ 33.115196] audit: type=1400 audit(1574903363.649:35): avc: denied { map } for pid=6877 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 33.169771] random: sshd: uninitialized urandom read (32 bytes read) [ 33.712068] random: sshd: uninitialized urandom read (32 bytes read) [ 33.893124] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.109' (ECDSA) to the list of known hosts. [ 39.535613] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 39.648841] audit: type=1400 audit(1574903370.179:36): avc: denied { map } for pid=6890 comm="syz-executor657" path="/root/syz-executor657340102" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 39.654177] [ 39.675244] audit: type=1400 audit(1574903370.189:37): avc: denied { create } for pid=6890 comm="syz-executor657" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 39.676854] ============================= [ 39.704019] audit: type=1400 audit(1574903370.189:38): avc: denied { write } for pid=6890 comm="syz-executor657" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 39.707815] WARNING: suspicious RCU usage [ 39.732037] audit: type=1400 audit(1574903370.189:39): avc: denied { read } for pid=6890 comm="syz-executor657" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 39.735838] 4.14.156-syzkaller #0 Not tainted [ 39.764785] ----------------------------- [ 39.768914] net/tipc/bearer.c:177 suspicious rcu_dereference_protected() usage! [ 39.776398] [ 39.776398] other info that might help us debug this: [ 39.776398] [ 39.784974] [ 39.784974] rcu_scheduler_active = 2, debug_locks = 1 [ 39.791676] 2 locks held by syz-executor657/6890: [ 39.796505] #0: (cb_lock){++++}, at: [] genl_rcv+0x1a/0x40 [ 39.803949] #1: (genl_mutex){+.+.}, at: [] genl_rcv_msg+0x119/0x150 [ 39.812140] [ 39.812140] stack backtrace: [ 39.816629] CPU: 0 PID: 6890 Comm: syz-executor657 Not tainted 4.14.156-syzkaller #0 [ 39.824485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.833814] Call Trace: [ 39.836381] dump_stack+0x142/0x197 [ 39.839990] lockdep_rcu_suspicious+0x153/0x15d [ 39.844641] tipc_bearer_find+0x20a/0x300 [ 39.848767] tipc_nl_compat_link_set+0x433/0xbf0 [ 39.853507] tipc_nl_compat_doit+0x1a2/0x550 [ 39.857895] ? security_capable+0x8e/0xc0 [ 39.862019] ? tipc_nl_compat_link_stat_dump+0x2080/0x2080 [ 39.867621] ? ns_capable_common+0x12c/0x160 [ 39.872021] ? ns_capable+0x23/0x30 [ 39.875629] ? __netlink_ns_capable+0xe2/0x130 [ 39.880203] tipc_nl_compat_recv+0x9ec/0xb20 [ 39.884592] ? is_bpf_text_address+0xa6/0x120 [ 39.889066] ? tipc_nl_compat_doit+0x550/0x550 [ 39.893639] ? tipc_nl_node_dump+0xc90/0xc90 [ 39.898022] ? tipc_nl_compat_bearer_enable+0x570/0x570 [ 39.903365] ? lock_acquire+0x16f/0x430 [ 39.907318] ? genl_rcv_msg+0x119/0x150 [ 39.911291] ? genl_rcv_msg+0x119/0x150 [ 39.915245] genl_family_rcv_msg+0x614/0xc30 [ 39.919632] ? genl_unregister_family+0x6a0/0x6a0 [ 39.924460] genl_rcv_msg+0xb4/0x150 [ 39.928150] netlink_rcv_skb+0x14f/0x3c0 [ 39.932187] ? genl_family_rcv_msg+0xc30/0xc30 [ 39.936760] ? netlink_ack+0x9a0/0x9a0 [ 39.940623] ? genl_rcv+0x1a/0x40 [ 39.944057] genl_rcv+0x29/0x40 [ 39.947315] netlink_unicast+0x45d/0x640 [ 39.951354] ? netlink_attachskb+0x6a0/0x6a0 [ 39.955745] ? security_netlink_send+0x81/0xb0 [ 39.960304] netlink_sendmsg+0x7c4/0xc60 [ 39.964358] ? netlink_unicast+0x640/0x640 [ 39.968574] ? security_socket_sendmsg+0x89/0xb0 [ 39.973323] ? netlink_unicast+0x640/0x640 [ 39.977545] sock_sendmsg+0xce/0x110 [ 39.981235] ___sys_sendmsg+0x70a/0x840 [ 39.985199] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 39.989933] ? __lock_acquire+0x5f7/0x4620 [ 39.994167] ? save_trace+0x290/0x290 [ 39.997963] ? trace_hardirqs_on+0x10/0x10 [ 40.002218] ? save_trace+0x290/0x290 [ 40.006001] ? lock_downgrade+0x740/0x740 [ 40.010135] ? task_work_run+0xf0/0x190 [ 40.014091] ? __fget_light+0x172/0x1f0 [ 40.018059] ? __fdget+0x1b/0x20 [ 40.021419] ? sockfd_lookup_light+0xb4/0x160 [ 40.025897] __sys_sendmsg+0xb9/0x140 [ 40.029681] ? SyS_shutdown+0x170/0x170 [ 40.033654] ? trace_hardirqs_on_caller+0x400/0x590 [ 40.038675] SyS_sendmsg+0x2d/0x50 [ 40.042195] ? __sys_sendmsg+0x140/0x140 [ 40.046237] do_syscall_64+0x1e8/0x640 [ 40.050106] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 40.054938] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 40.060118] RIP: 0033:0x444229 [ 40.063300] RSP: 002b:00007ffc79a8d2e8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 40.070998] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000444229 [ 40.078259] RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000003 [ 40.085506] RBP: 00000000006ce018 R08: 0000000000000000 R09: 00000000004002e0 [ 40.092758] R10: 0000000000001800 R11: 0000000000000246 R12: 0000000000401ed0 [ 40.1000