[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 19.847432] random: sshd: uninitialized urandom read (32 bytes read) [ 20.249057] audit: type=1400 audit(1542483545.765:6): avc: denied { map } for pid=1769 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 20.293412] random: sshd: uninitialized urandom read (32 bytes read) [ 20.708485] random: sshd: uninitialized urandom read (32 bytes read) [ 57.266344] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.93' (ECDSA) to the list of known hosts. [ 62.840499] random: sshd: uninitialized urandom read (32 bytes read) [ 62.927786] audit: type=1400 audit(1542483588.445:7): avc: denied { map } for pid=1811 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2018/11/17 19:39:48 parsed 1 programs [ 63.434631] audit: type=1400 audit(1542483588.955:8): avc: denied { map } for pid=1811 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=4999 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 63.908231] random: cc1: uninitialized urandom read (8 bytes read) 2018/11/17 19:39:50 executed programs: 0 [ 64.966068] audit: type=1400 audit(1542483590.485:9): avc: denied { map } for pid=1811 comm="syz-execprog" path="/root/syzkaller-shm244819464" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 2018/11/17 19:39:55 executed programs: 134 2018/11/17 19:40:00 executed programs: 441 2018/11/17 19:40:05 executed programs: 746 2018/11/17 19:40:10 executed programs: 1030 2018/11/17 19:40:15 executed programs: 1307 2018/11/17 19:40:20 executed programs: 1578 2018/11/17 19:40:25 executed programs: 1855 2018/11/17 19:40:30 executed programs: 2129 2018/11/17 19:40:35 executed programs: 2404 [ 111.135430] ================================================================== [ 111.142867] BUG: KASAN: user-memory-access in n_tty_set_termios+0xee/0xcb0 [ 111.149868] Write of size 512 at addr 0000000000001060 by task syz-executor0/17073 [ 111.157548] [ 111.159152] CPU: 1 PID: 17073 Comm: syz-executor0 Not tainted 4.14.81+ #6 [ 111.166061] Call Trace: [ 111.168628] dump_stack+0xb9/0x11b [ 111.172150] kasan_report.cold.6+0x6d/0x2dd [ 111.176467] ? n_tty_set_termios+0xee/0xcb0 [ 111.180769] memset+0x1f/0x40 [ 111.183852] n_tty_set_termios+0xee/0xcb0 [ 111.187993] ? process_echoes+0x140/0x140 [ 111.192119] tty_set_termios+0x5fd/0x860 [ 111.196158] ? tty_wait_until_sent+0x480/0x480 [ 111.200735] set_termios+0x2bf/0x440 [ 111.204424] ? __tty_perform_flush+0x200/0x200 [ 111.209000] tty_mode_ioctl+0x870/0x920 [ 111.212951] ? tty_perform_flush+0x70/0x70 [ 111.217166] ? __ldsem_down_read_nested+0xb6/0x5b0 [ 111.222072] ? __ldsem_down_read_nested+0xd4/0x5b0 [ 111.226996] ? wake_up_q+0xed/0x150 [ 111.230601] ? hash_futex+0x12/0x200 [ 111.234305] ? __ldsem_wake+0x320/0x320 [ 111.238254] ? avc_has_extended_perms+0x406/0xd50 [ 111.243076] n_tty_ioctl_helper+0x3f/0x350 [ 111.247288] n_tty_ioctl+0x43/0x2e0 [ 111.250889] ? pty_write_room+0xc0/0xc0 [ 111.254855] tty_ioctl+0x551/0x13e0 [ 111.258484] ? n_tty_receive_buf+0x40/0x40 [ 111.262695] ? tty_vhangup+0x30/0x30 [ 111.266387] ? avc_ss_reset+0x100/0x100 [ 111.270342] ? __lock_acquire+0x619/0x4320 [ 111.274550] ? trace_hardirqs_on+0x10/0x10 [ 111.278761] ? trace_hardirqs_on+0x10/0x10 [ 111.282992] ? trace_hardirqs_on+0x10/0x10 [ 111.287220] ? trace_hardirqs_on_caller+0x381/0x520 [ 111.292224] ? tty_vhangup+0x30/0x30 [ 111.295915] do_vfs_ioctl+0x1a0/0x1030 [ 111.299802] ? ioctl_preallocate+0x1d0/0x1d0 [ 111.304192] ? selinux_parse_skb.constprop.42+0x1a90/0x1a90 [ 111.309895] ? register_lock_class+0x12b2/0x13d0 [ 111.314642] ? lock_acquire+0x10f/0x380 [ 111.318605] ? check_preemption_disabled+0x34/0x1e0 [ 111.323595] ? assoc_array_gc+0x111b/0x1120 [ 111.327910] ? __fget+0x22b/0x3a0 [ 111.331347] ? security_file_ioctl+0x7c/0xb0 [ 111.335735] SyS_ioctl+0x7e/0xb0 [ 111.339078] ? do_vfs_ioctl+0x1030/0x1030 [ 111.343204] do_syscall_64+0x19b/0x4b0 [ 111.347079] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 111.352244] RIP: 0033:0x457569 [ 111.355417] RSP: 002b:00007f12acc8ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 111.363187] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 111.370438] RDX: 0000000020000100 RSI: 0000000000005402 RDI: 0000000000000005 [ 111.377681] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 111.384924] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f12acc8f6d4 [ 111.392176] R13: 00000000004c0ffe R14: 00000000004d1d88 R15: 00000000ffffffff [ 111.399430] ================================================================== [ 111.406761] Disabling lock debugging due to kernel taint [ 111.414149] Kernel panic - not syncing: panic_on_warn set ... [ 111.414149] [ 111.421521] CPU: 1 PID: 17073 Comm: syz-executor0 Tainted: G B 4.14.81+ #6 [ 111.429646] Call Trace: [ 111.432218] dump_stack+0xb9/0x11b [ 111.435748] panic+0x1bf/0x3a4 [ 111.438912] ? add_taint.cold.4+0x16/0x16 [ 111.443037] ? ___preempt_schedule+0x16/0x18 [ 111.447430] kasan_end_report+0x43/0x49 [ 111.451380] kasan_report.cold.6+0x77/0x2dd [ 111.455678] ? n_tty_set_termios+0xee/0xcb0 [ 111.459980] memset+0x1f/0x40 [ 111.463077] n_tty_set_termios+0xee/0xcb0 [ 111.467201] ? process_echoes+0x140/0x140 [ 111.471335] tty_set_termios+0x5fd/0x860 [ 111.475373] ? tty_wait_until_sent+0x480/0x480 [ 111.479930] set_termios+0x2bf/0x440 [ 111.483617] ? __tty_perform_flush+0x200/0x200 [ 111.488192] tty_mode_ioctl+0x870/0x920 [ 111.492145] ? tty_perform_flush+0x70/0x70 [ 111.496361] ? __ldsem_down_read_nested+0xb6/0x5b0 [ 111.501263] ? __ldsem_down_read_nested+0xd4/0x5b0 [ 111.506166] ? wake_up_q+0xed/0x150 [ 111.509798] ? hash_futex+0x12/0x200 [ 111.513491] ? __ldsem_wake+0x320/0x320 [ 111.517443] ? avc_has_extended_perms+0x406/0xd50 [ 111.522264] n_tty_ioctl_helper+0x3f/0x350 [ 111.526473] n_tty_ioctl+0x43/0x2e0 [ 111.530078] ? pty_write_room+0xc0/0xc0 [ 111.534059] tty_ioctl+0x551/0x13e0 [ 111.537667] ? n_tty_receive_buf+0x40/0x40 [ 111.541886] ? tty_vhangup+0x30/0x30 [ 111.545577] ? avc_ss_reset+0x100/0x100 [ 111.549545] ? __lock_acquire+0x619/0x4320 [ 111.553756] ? trace_hardirqs_on+0x10/0x10 [ 111.557966] ? trace_hardirqs_on+0x10/0x10 [ 111.562188] ? trace_hardirqs_on+0x10/0x10 [ 111.566405] ? trace_hardirqs_on_caller+0x381/0x520 [ 111.571409] ? tty_vhangup+0x30/0x30 [ 111.575096] do_vfs_ioctl+0x1a0/0x1030 [ 111.578955] ? ioctl_preallocate+0x1d0/0x1d0 [ 111.583346] ? selinux_parse_skb.constprop.42+0x1a90/0x1a90 [ 111.589042] ? register_lock_class+0x12b2/0x13d0 [ 111.593788] ? lock_acquire+0x10f/0x380 [ 111.597738] ? check_preemption_disabled+0x34/0x1e0 [ 111.602739] ? assoc_array_gc+0x111b/0x1120 [ 111.607036] ? __fget+0x22b/0x3a0 [ 111.610466] ? security_file_ioctl+0x7c/0xb0 [ 111.614870] SyS_ioctl+0x7e/0xb0 [ 111.618218] ? do_vfs_ioctl+0x1030/0x1030 [ 111.622342] do_syscall_64+0x19b/0x4b0 [ 111.626206] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 111.631375] RIP: 0033:0x457569 [ 111.634539] RSP: 002b:00007f12acc8ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 111.642234] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 111.649500] RDX: 0000000020000100 RSI: 0000000000005402 RDI: 0000000000000005 [ 111.656744] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 111.663999] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f12acc8f6d4 [ 111.671243] R13: 00000000004c0ffe R14: 00000000004d1d88 R15: 00000000ffffffff [ 111.678835] Kernel Offset: 0x12800000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 111.689741] Rebooting in 86400 seconds..