[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 9.366197] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 30.424155] random: sshd: uninitialized urandom read (32 bytes read) [ 30.678132] audit: type=1400 audit(1546837329.687:6): avc: denied { map } for pid=1752 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 30.712369] random: sshd: uninitialized urandom read (32 bytes read) [ 31.149857] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.65' (ECDSA) to the list of known hosts. [ 36.921010] urandom_read: 1 callbacks suppressed [ 36.921013] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 37.004527] audit: type=1400 audit(1546837336.017:7): avc: denied { map } for pid=1764 comm="syz-executor440" path="/root/syz-executor440467685" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 37.007216] ------------[ cut here ]------------ [ 37.035930] kernel BUG at net/core/skbuff.c:1452! [ 37.040837] invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 37.046696] Modules linked in: [ 37.049863] CPU: 0 PID: 1767 Comm: syz-executor440 Not tainted 4.14.91+ #3 [ 37.056846] task: ffff8881ce2a1780 task.stack: ffff8881cc0e8000 [ 37.062880] RIP: 0010:pskb_expand_head+0xa7c/0xb30 [ 37.067784] RSP: 0018:ffff8881cc0ef8e0 EFLAGS: 00010297 [ 37.073127] RAX: ffff8881ce2a1780 RBX: ffff8881ccfb0500 RCX: 0000000001080020 [ 37.080377] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8881ccfb05dc [ 37.087735] RBP: 0000000001080020 R08: ffff8881ccfb05ba R09: 0000000000000000 [ 37.094982] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8881ccfb05c4 [ 37.102224] R13: 0000000000000000 R14: 000000000000003f R15: ffff8881ccfb0500 [ 37.109518] FS: 00007fdcc63e4700(0000) GS:ffff8881d7600000(0000) knlGS:0000000000000000 [ 37.117720] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 37.123574] CR2: 00007fdcc63e3e78 CR3: 00000001cc328002 CR4: 00000000001606b0 [ 37.130820] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 37.138062] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 37.145303] Call Trace: [ 37.147867] ? __skb_try_recv_datagram+0x23c/0x3b0 [ 37.152777] ? __skb_try_recv_datagram+0x2e8/0x3b0 [ 37.157770] __pskb_pull_tail+0xc8/0x1390 [ 37.161888] ? __skb_try_recv_from_queue+0x7b0/0x7b0 [ 37.166975] ip6_datagram_recv_specific_ctl+0x1493/0x16e0 [ 37.172490] ? ip6_datagram_recv_common_ctl+0x3c0/0x3c0 [ 37.177925] ? ip6_datagram_recv_common_ctl+0x283/0x3c0 [ 37.183313] ? ipv6_recv_rxpmtu+0x790/0x790 [ 37.187609] ? skb_copy_datagram_iter+0x19d/0x8f0 [ 37.192441] rawv6_recvmsg+0x8f3/0xb50 [ 37.196301] ? rawv6_bind+0x7a0/0x7a0 [ 37.200072] ? lock_acquire+0x10f/0x380 [ 37.204019] sock_common_recvmsg+0xf6/0x190 [ 37.208427] ? compat_sock_common_getsockopt+0x130/0x130 [ 37.213858] ? security_socket_recvmsg+0x91/0xc0 [ 37.218587] ? compat_sock_common_getsockopt+0x130/0x130 [ 37.224140] sock_recvmsg+0xc2/0x100 [ 37.227832] SyS_recvfrom+0x1a8/0x2e0 [ 37.231778] ? SyS_send+0x40/0x40 [ 37.235215] ? SyS_futex+0x1c5/0x2c3 [ 37.238899] ? SyS_futex+0x1cf/0x2c3 [ 37.242585] ? do_futex+0x17f0/0x17f0 [ 37.246360] ? finish_task_switch+0x1b7/0x620 [ 37.250827] ? _raw_spin_unlock_irq+0x24/0x50 [ 37.255312] ? do_syscall_64+0x43/0x4b0 [ 37.259256] ? SyS_send+0x40/0x40 [ 37.262683] do_syscall_64+0x19b/0x4b0 [ 37.266546] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 37.271881] Code: 48 8b 7c 24 18 e8 55 e1 25 ff e9 fd f6 ff ff 4c 89 f7 e8 48 e1 25 ff e9 8d fd ff ff e8 3e e1 25 ff e9 76 fc ff ff e8 e4 f4 03 ff <0f> 0b 48 8b 7c 24 18 e8 28 e1 25 ff e9 dd fa ff ff 4c 89 f7 e8 [ 37.290932] RIP: pskb_expand_head+0xa7c/0xb30 RSP: ffff8881cc0ef8e0 [ 37.297517] ---[ end trace e5c2c4f08cbfae01 ]--- [ 37.302285] Kernel panic - not syncing: Fatal exception [ 37.308023] Kernel Offset: 0xdc00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 37.318829] Rebooting in 86400 seconds..