ntaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 34.806035] random: sshd: uninitialized urandom read (32 bytes read) [ 34.998248] kauditd_printk_skb: 9 callbacks suppressed [ 34.998262] audit: type=1400 audit(1566599679.619:35): avc: denied { map } for pid=6903 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 35.047480] random: sshd: uninitialized urandom read (32 bytes read) [ 35.570321] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.4' (ECDSA) to the list of known hosts. [ 41.234907] urandom_read: 1 callbacks suppressed [ 41.234912] random: sshd: uninitialized urandom read (32 bytes read) [ 41.359856] audit: type=1400 audit(1566599685.979:36): avc: denied { map } for pid=6915 comm="syz-executor961" path="/root/syz-executor961454783" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 41.590880] IPVS: ftp: loaded support on port[0] = 21 executing program [ 42.404255] audit: type=1400 audit(1566599687.029:37): avc: denied { create } for pid=6916 comm="syz-executor961" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 42.406900] [ 42.428837] audit: type=1400 audit(1566599687.029:38): avc: denied { write } for pid=6916 comm="syz-executor961" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 42.429961] ============================= [ 42.454243] audit: type=1400 audit(1566599687.029:39): avc: denied { read } for pid=6916 comm="syz-executor961" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 42.457978] WARNING: suspicious RCU usage [ 42.486475] 4.14.139 #35 Not tainted [ 42.490310] ----------------------------- [ 42.494449] net/tipc/bearer.c:177 suspicious rcu_dereference_protected() usage! [ 42.501948] [ 42.501948] other info that might help us debug this: [ 42.501948] [ 42.510115] [ 42.510115] rcu_scheduler_active = 2, debug_locks = 1 [ 42.516758] 2 locks held by syz-executor961/6916: [ 42.521632] #0: (cb_lock){++++}, at: [] genl_rcv+0x1a/0x40 [ 42.529033] #1: (genl_mutex){+.+.}, at: [] genl_rcv_msg+0x119/0x150 [ 42.537217] [ 42.537217] stack backtrace: [ 42.541729] CPU: 0 PID: 6916 Comm: syz-executor961 Not tainted 4.14.139 #35 [ 42.548800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.558126] Call Trace: [ 42.560691] dump_stack+0x138/0x19c [ 42.564295] lockdep_rcu_suspicious+0x153/0x15d [ 42.568938] tipc_bearer_find+0x20a/0x300 [ 42.573076] tipc_nl_compat_link_set+0x433/0xbf0 [ 42.577805] tipc_nl_compat_doit+0x1a2/0x550 [ 42.582187] ? security_capable+0x8e/0xc0 [ 42.586307] ? tipc_nl_compat_link_stat_dump+0x2080/0x2080 [ 42.591905] ? ns_capable_common+0x12c/0x160 [ 42.596284] ? ns_capable+0x23/0x30 [ 42.599883] ? __netlink_ns_capable+0xe2/0x130 [ 42.604440] tipc_nl_compat_recv+0x9ec/0xb20 [ 42.608821] ? is_bpf_text_address+0xa6/0x120 [ 42.613288] ? tipc_nl_compat_doit+0x550/0x550 [ 42.617845] ? tipc_nl_node_dump+0xc90/0xc90 [ 42.622228] ? tipc_nl_compat_bearer_enable+0x570/0x570 [ 42.627577] ? lock_acquire+0x16f/0x430 [ 42.631536] ? genl_rcv_msg+0x119/0x150 [ 42.635486] ? genl_rcv_msg+0x119/0x150 [ 42.639494] genl_family_rcv_msg+0x614/0xc30 [ 42.644336] ? genl_rcv+0x40/0x40 [ 42.647779] genl_rcv_msg+0xb4/0x150 [ 42.651470] netlink_rcv_skb+0x14f/0x3c0 [ 42.655510] ? genl_family_rcv_msg+0xc30/0xc30 [ 42.660071] ? netlink_ack+0x9a0/0x9a0 [ 42.663940] ? genl_rcv+0x1a/0x40 [ 42.667375] genl_rcv+0x29/0x40 [ 42.670629] netlink_unicast+0x45d/0x640 [ 42.674682] ? netlink_attachskb+0x6a0/0x6a0 [ 42.679072] ? security_netlink_send+0x81/0xb0 [ 42.683628] netlink_sendmsg+0x7c4/0xc60 [ 42.687663] ? netlink_unicast+0x640/0x640 [ 42.691887] ? security_socket_sendmsg+0x89/0xb0 [ 42.696628] ? netlink_unicast+0x640/0x640 [ 42.700840] sock_sendmsg+0xce/0x110 [ 42.704531] ___sys_sendmsg+0x70a/0x840 [ 42.708605] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 42.713340] ? __lock_acquire+0x5f7/0x4620 [ 42.717551] ? save_trace+0x290/0x290 [ 42.721334] ? trace_hardirqs_on+0x10/0x10 [ 42.725549] ? save_trace+0x290/0x290 [ 42.729323] ? lock_downgrade+0x6e0/0x6e0 [ 42.733449] ? task_work_run+0xf0/0x190 [ 42.737401] ? __fget_light+0x172/0x1f0 [ 42.741350] ? __fdget+0x1b/0x20 [ 42.744692] ? sockfd_lookup_light+0xb4/0x160 [ 42.749164] __sys_sendmsg+0xb9/0x140 [ 42.752944] ? SyS_shutdown+0x170/0x170 [ 42.756907] ? trace_hardirqs_on_caller+0x400/0x590 [ 42.761906] SyS_sendmsg+0x2d/0x50 [ 42.765421] ? __sys_sendmsg+0x140/0x140 [ 42.769457] do_syscall_64+0x1e8/0x640 [ 42.773316] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 42.778135] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 42.783297] RIP: 0033:0x4449e9 [ 42.786463] RSP: 002b:00007ffd66d9a5e8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 42.794148] RAX: ffffffffffffffda RBX: 00000000004a61f0 RCX: 00000000004449e9 [ 42.801403] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000003 [ 42.808707] RBP: 00000000006cf018 R08: 0000000000000000 R09: 0000000120080522 [ 42.815967] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402310 [ 42.823212] R13: 00000000004023a0 R14: 0000000000000000 R15: 0000000000000000