[....] Starting OpenBSD Secure Shell server: sshd[ 11.592723] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 33.886453] random: sshd: uninitialized urandom read (32 bytes read) [ 34.367976] audit: type=1400 audit(1552224414.308:6): avc: denied { map } for pid=1773 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 34.412838] random: sshd: uninitialized urandom read (32 bytes read) [ 34.883751] random: sshd: uninitialized urandom read (32 bytes read) [ 35.025733] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.190' (ECDSA) to the list of known hosts. [ 40.628935] random: sshd: uninitialized urandom read (32 bytes read) [ 40.718593] audit: type=1400 audit(1552224420.658:7): avc: denied { map } for pid=1785 comm="syz-executor103" path="/root/syz-executor103657884" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 executing program [ 40.970511] netlink: 8 bytes leftover after parsing attributes in process `syz-executor103'. [ 41.021991] [ 41.023674] ============================= [ 41.027793] WARNING: suspicious RCU usage [ 41.031979] 4.14.105+ #29 Not tainted [ 41.035764] ----------------------------- [ 41.039934] net/ipv6/ip6_fib.c:1590 suspicious rcu_dereference_protected() usage! [ 41.047720] [ 41.047720] other info that might help us debug this: [ 41.047720] [ 41.055984] [ 41.055984] rcu_scheduler_active = 2, debug_locks = 1 [ 41.062689] 4 locks held by syz-executor103/1786: [ 41.067510] #0: (rtnl_mutex){+.+.}, at: [] tun_chr_close+0x34/0x60 [ 41.075654] #1: (&(&net->ipv6.fib6_gc_lock)->rlock){+...}, at: [] fib6_run_gc+0x1ff/0x2a0 [ 41.085754] #2: (rcu_read_lock){....}, at: [] __fib6_clean_all+0x0/0x230 [ 41.094388] #3: (&tb->tb6_lock){++..}, at: [] __fib6_clean_all+0xde/0x230 [ 41.103099] [ 41.103099] stack backtrace: [ 41.107595] CPU: 0 PID: 1786 Comm: syz-executor103 Not tainted 4.14.105+ #29 [ 41.114761] Call Trace: [ 41.117343] dump_stack+0xb9/0x10e [ 41.120939] fib6_del+0x8c2/0xbe0 [ 41.124384] ? free_object+0x240/0x240 [ 41.128253] ? fib6_age+0xfc/0x460 [ 41.131778] fib6_clean_node+0x270/0x440 [ 41.135821] ? fib6_del+0xbe0/0xbe0 [ 41.139436] ? fib6_walk+0x85/0xe0 [ 41.142961] ? fib6_walker_link+0x29/0x130 [ 41.147184] fib6_walk_continue+0x3a5/0x5f0 [ 41.151495] fib6_walk+0x8d/0xe0 [ 41.154851] ? call_fib6_entry_notifiers+0x150/0x150 [ 41.159933] fib6_clean_tree+0xd4/0x110 [ 41.163887] ? fib6_walk+0xe0/0xe0 [ 41.167410] ? fib6_del+0xbe0/0xbe0 [ 41.171024] ? call_fib6_entry_notifiers+0x150/0x150 [ 41.176115] ? __fib6_clean_all+0xde/0x230 [ 41.180334] ? check_preemption_disabled+0x35/0x1f0 [ 41.185340] ? call_fib6_entry_notifiers+0x150/0x150 [ 41.190538] __fib6_clean_all+0xf5/0x230 [ 41.194591] fib6_run_gc+0x104/0x2a0 [ 41.198290] ? fib6_clean_all+0x30/0x30 [ 41.202247] ? neigh_ifdown+0x23a/0x2d0 [ 41.206210] ndisc_netdev_event+0x32b/0x3d0 [ 41.210568] notifier_call_chain+0x10c/0x1a0 [ 41.214970] ? dev_close_many+0x2df/0x600 [ 41.219104] ? __dev_close_many+0x260/0x260 [ 41.223414] ? __queue_work+0x3e3/0xe50 [ 41.227384] ? rollback_registered_many+0x35b/0xab0 [ 41.232766] ? free_netdev+0x3a0/0x3a0 [ 41.236649] ? _raw_spin_unlock+0x3b/0x40 [ 41.240780] ? __queue_work+0x3e3/0xe50 [ 41.244857] ? rollback_registered+0xe6/0x1a0 [ 41.249331] ? rollback_registered_many+0xab0/0xab0 [ 41.254335] ? unregister_netdevice_queue+0x1a1/0x220 [ 41.259517] ? __tun_detach+0xa9d/0xcf0 [ 41.263478] ? __tun_detach+0xcf0/0xcf0 [ 41.267446] ? tun_chr_close+0x41/0x60 [ 41.271319] ? __fput+0x25e/0x700 [ 41.274772] ? task_work_run+0x118/0x190 [ 41.278826] ? do_exit+0x903/0x2960 [ 41.282446] ? __do_page_fault+0x48e/0xb80 [ 41.286667] ? mm_update_next_owner+0x5b0/0x5b0 [ 41.291323] ? up_read+0x17/0x30 [ 41.294712] ? do_group_exit+0x100/0x2e0 [ 41.298761] ? SyS_exit_group+0x19/0x20 [ 41.302729] ? do_group_exit+0x2e0/0x2e0 [ 41.306773] ? do_syscall_64+0x19b/0x4b0 [ 41.310818] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7