[....] Starting OpenBSD Secure Shell server: sshd[ 10.929278] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 36.550346] random: sshd: uninitialized urandom read (32 bytes read) [ 36.847730] audit: type=1400 audit(1540038370.262:6): avc: denied { map } for pid=1772 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 36.894293] random: sshd: uninitialized urandom read (32 bytes read) [ 37.351619] random: sshd: uninitialized urandom read (32 bytes read) [ 59.852467] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.108' (ECDSA) to the list of known hosts. [ 65.723214] random: sshd: uninitialized urandom read (32 bytes read) [ 65.809993] audit: type=1400 audit(1540038399.222:7): avc: denied { map } for pid=1802 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2018/10/20 12:26:39 parsed 1 programs [ 66.313495] audit: type=1400 audit(1540038399.732:8): avc: denied { map } for pid=1802 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=4999 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 67.040449] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/20 12:26:41 executed programs: 0 [ 68.452152] audit: type=1400 audit(1540038401.872:9): avc: denied { map } for pid=1802 comm="syz-execprog" path="/root/syzkaller-shm494866241" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 2018/10/20 12:26:48 executed programs: 6 2018/10/20 12:26:53 executed programs: 405 [ 84.336989] kasan: CONFIG_KASAN_INLINE enabled [ 84.357685] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 84.390671] general protection fault: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 84.397431] Modules linked in: [ 84.400624] CPU: 1 PID: 7610 Comm: syz-executor2 Not tainted 4.14.77+ #21 [ 84.407537] task: ffff8801c9bec680 task.stack: ffff8801c84f0000 [ 84.413591] RIP: 0010:reset_buffer_flags+0x21/0x150 [ 84.418595] RSP: 0018:ffff8801c84f78e0 EFLAGS: 00010202 [ 84.423952] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 84.431213] RDX: 000000000000044c RSI: ffff8801c9becf00 RDI: 0000000000002260 [ 84.438476] RBP: ffff8801ccfda200 R08: 0000000000003624 R09: ffffffff950df7c0 [ 84.445739] R10: ffff8801c9becf00 R11: 0000000000000001 R12: ffff8801ccfda438 [ 84.453000] R13: ffff8801c84f7938 R14: ffff8801d60ae4a0 R15: 000000000000000b [ 84.460255] FS: 00007fa1d5e32700(0000) GS:ffff8801dbb00000(0000) knlGS:0000000000000000 [ 84.468454] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 84.474308] CR2: 00007ffc7273afbc CR3: 00000001ca4cc006 CR4: 00000000001606a0 [ 84.481555] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 84.488800] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 84.496045] Call Trace: [ 84.498625] n_tty_flush_buffer+0x49/0xeb [ 84.502748] set_termios+0x259/0x440 [ 84.506437] ? n_tty_read+0x15e0/0x15e0 [ 84.510389] ? __tty_perform_flush+0x200/0x200 [ 84.514951] tty_mode_ioctl+0x238/0x920 [ 84.518902] ? tty_perform_flush+0x70/0x70 [ 84.523120] ? __ldsem_down_read_nested+0xb6/0x5b0 [ 84.528023] ? __ldsem_down_read_nested+0xd4/0x5b0 [ 84.532926] ? hash_futex+0x12/0x200 [ 84.536613] ? __ldsem_wake+0x320/0x320 [ 84.540564] ? avc_has_extended_perms+0x406/0xd50 [ 84.545394] n_tty_ioctl_helper+0x3f/0x350 [ 84.549620] n_tty_ioctl+0x43/0x2e0 [ 84.553223] ? pty_write_room+0xc0/0xc0 [ 84.557176] tty_ioctl+0x551/0x13e0 [ 84.560779] ? n_tty_receive_buf+0x40/0x40 [ 84.564988] ? tty_vhangup+0x30/0x30 [ 84.568678] ? avc_ss_reset+0x100/0x100 [ 84.572633] ? __lock_acquire+0x619/0x4320 [ 84.576840] ? trace_hardirqs_on+0x10/0x10 [ 84.581051] ? trace_hardirqs_on+0x10/0x10 [ 84.585260] ? trace_hardirqs_on+0x10/0x10 [ 84.589465] ? trace_hardirqs_on_caller+0x381/0x520 [ 84.594455] ? tty_vhangup+0x30/0x30 [ 84.598145] do_vfs_ioctl+0x1a0/0x1030 [ 84.602008] ? ioctl_preallocate+0x1d0/0x1d0 [ 84.606392] ? selinux_parse_skb.constprop.42+0x1a90/0x1a90 [ 84.612078] ? __lockdep_init_map+0x54/0x480 [ 84.616459] ? lock_acquire+0x10f/0x380 [ 84.620410] ? check_preemption_disabled+0x34/0x160 [ 84.625401] ? assoc_array_gc+0x10bb/0x1120 [ 84.629720] ? __fget+0x22b/0x3a0 [ 84.633152] ? security_file_ioctl+0x7c/0xb0 [ 84.637543] SyS_ioctl+0x7e/0xb0 [ 84.640885] ? do_vfs_ioctl+0x1030/0x1030 [ 84.645024] do_syscall_64+0x19b/0x4b0 [ 84.648893] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 84.654064] RIP: 0033:0x457569 [ 84.657227] RSP: 002b:00007fa1d5e31c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 84.664908] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 84.672153] RDX: 0000000020000000 RSI: 0000000000005404 RDI: 0000000000000005 [ 84.679403] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 84.686655] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa1d5e326d4 [ 84.693908] R13: 00000000004c0da4 R14: 00000000004d17d0 R15: 00000000ffffffff [ 84.701164] Code: 41 ff 5b 5d e9 81 b6 5e ff 90 53 48 89 fb e8 77 b6 5e ff 48 8d bb 60 22 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 0f 01 00 00 48 c7 83 60 22 00 00 00 00 00 00 [ 84.720238] RIP: reset_buffer_flags+0x21/0x150 RSP: ffff8801c84f78e0 [ 84.730556] ---[ end trace d0396a3043962b80 ]--- [ 84.735323] Kernel panic - not syncing: Fatal exception [ 84.740973] Kernel Offset: 0x10c00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 84.751873] Rebooting in 86400 seconds..