[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 35.255401] random: sshd: uninitialized urandom read (32 bytes read) [ 35.514393] audit: type=1400 audit(1537927079.931:6): avc: denied { map } for pid=1775 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 35.561654] random: sshd: uninitialized urandom read (32 bytes read) [ 36.021835] random: sshd: uninitialized urandom read (32 bytes read) [ 50.615391] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.42' (ECDSA) to the list of known hosts. [ 56.132163] random: sshd: uninitialized urandom read (32 bytes read) executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 56.231332] audit: type=1400 audit(1537927100.651:7): avc: denied { map } for pid=1799 comm="syz-executor628" path="/root/syz-executor628809021" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 executing program executing program executing program executing program executing program [ 56.363482] ------------[ cut here ]------------ [ 56.368317] WARNING: CPU: 0 PID: 1819 at fs/attr.c:213 notify_change2+0xae4/0xdd0 [ 56.375916] Kernel panic - not syncing: panic_on_warn set ... [ 56.375916] [ 56.383252] CPU: 0 PID: 1819 Comm: syz-executor628 Not tainted 4.14.71+ #8 [ 56.390235] Call Trace: [ 56.392799] dump_stack+0xb9/0x11b [ 56.396332] ? notify_change2+0xa00/0xdd0 [ 56.400453] panic+0x1bf/0x3a4 [ 56.403620] ? add_taint.cold.4+0x16/0x16 [ 56.407760] ? __probe_kernel_read+0x163/0x1c0 [ 56.412336] ? notify_change2+0xae4/0xdd0 [ 56.416458] __warn.cold.7+0x148/0x185 [ 56.420319] ? notify_change2+0xae4/0xdd0 [ 56.424443] report_bug+0x1f7/0x26c [ 56.428050] do_error_trap+0x1ba/0x2c0 [ 56.431918] ? math_error+0x2d0/0x2d0 [ 56.435693] ? simple_xattr_get+0xe5/0x150 [ 56.439916] ? lock_downgrade+0x560/0x560 [ 56.444039] ? lock_acquire+0x10f/0x380 [ 56.447986] ? simple_xattr_get+0x2c/0x150 [ 56.452198] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 56.457022] invalid_op+0x18/0x40 [ 56.460523] RIP: 0010:notify_change2+0xae4/0xdd0 [ 56.465271] RSP: 0018:ffff8801cf6875a0 EFLAGS: 00010297 [ 56.470611] RAX: ffff8801cf6ac680 RBX: 0000000000004200 RCX: 0000000000000000 [ 56.477859] RDX: 0000000000000000 RSI: ffff8801d99fcf20 RDI: ffff8801d930e860 [ 56.485115] RBP: ffff8801cf687608 R08: 0000000000000001 R09: 0000000000000000 [ 56.492362] R10: ffff8801cf6aceb0 R11: 0000000000000001 R12: ffff8801d930e780 [ 56.499607] R13: ffff8801cf687638 R14: ffff8801d99fcf20 R15: ffff8801d930e78c [ 56.506884] ? cap_inode_need_killpriv+0x3c/0x50 [ 56.511630] file_remove_privs+0x25c/0x440 [ 56.515850] ? dentry_needs_remove_privs.part.12+0x50/0x50 [ 56.521459] ? kernel_text_address+0x10b/0x120 [ 56.526019] ? __kernel_text_address+0x9/0x30 [ 56.530503] ? unwind_get_return_address+0x51/0x90 [ 56.535408] __generic_file_write_iter+0x155/0x540 [ 56.540316] blkdev_write_iter+0x1fa/0x3d0 [ 56.544605] ? kasan_kmalloc.part.1+0xa9/0xd0 [ 56.549091] ? check_disk_change+0x120/0x120 [ 56.553490] ? direct_splice_actor+0x116/0x160 [ 56.558056] do_iter_readv_writev+0x3a4/0x560 [ 56.562527] ? clone_verify_area+0x1e0/0x1e0 [ 56.566915] ? security_file_permission+0x88/0x1e0 [ 56.571850] do_iter_write+0x156/0x530 [ 56.575723] ? kasan_unpoison_shadow+0x30/0x40 [ 56.580278] ? kasan_kmalloc+0x76/0xc0 [ 56.584143] vfs_iter_write+0x70/0xa0 [ 56.587923] iter_file_splice_write+0x5b4/0xab0 [ 56.592574] ? vmsplice_to_user+0x1e0/0x1e0 [ 56.596885] ? avc_policy_seqno+0x5/0x10 [ 56.600936] ? vmsplice_to_user+0x1e0/0x1e0 [ 56.605235] direct_splice_actor+0x116/0x160 [ 56.609622] splice_direct_to_actor+0x28c/0x750 [ 56.614266] ? pipe_to_sendpage+0x300/0x300 [ 56.618568] ? do_splice_to+0x150/0x150 [ 56.622522] ? security_file_permission+0x88/0x1e0 [ 56.627429] do_splice_direct+0x17b/0x220 [ 56.631551] ? splice_direct_to_actor+0x750/0x750 [ 56.636400] do_sendfile+0x4a1/0xb50 [ 56.640126] ? do_compat_pwritev64+0x170/0x170 [ 56.644694] ? __might_fault+0xd4/0x1b0 [ 56.648658] ? __might_fault+0x177/0x1b0 [ 56.652700] SyS_sendfile64+0xab/0x140 [ 56.656565] ? SyS_sendfile+0x150/0x150 [ 56.660542] ? do_syscall_64+0x43/0x4b0 [ 56.664489] ? SyS_sendfile+0x150/0x150 [ 56.668436] do_syscall_64+0x19b/0x4b0 [ 56.672302] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 56.677465] RIP: 0033:0x444ca9 [ 56.680629] RSP: 002b:00007ffd4d062ce8 EFLAGS: 00000286 ORIG_RAX: 0000000000000028 [ 56.688309] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 0000000000444ca9 [ 56.695559] RDX: 0000000020000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 56.702802] RBP: 0000000000000000 R08: 00000000004002e0 R09: 00000000004002e0 [ 56.710051] R10: 0000000002000005 R11: 0000000000000286 R12: 000000000000dbc2 [ 56.717328] R13: 0000000000401ff0 R14: 0000000000000000 R15: 0000000000000000 [ 56.724868] Kernel Offset: 0x37200000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 56.736152] Rebooting in 86400 seconds..