[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 24.474001] random: sshd: uninitialized urandom read (32 bytes read) [ 24.755905] audit: type=1400 audit(1569000266.128:6): avc: denied { map } for pid=1770 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 24.798933] random: sshd: uninitialized urandom read (32 bytes read) [ 25.322645] random: sshd: uninitialized urandom read (32 bytes read) [ 38.872376] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.142' (ECDSA) to the list of known hosts. [ 44.343791] random: sshd: uninitialized urandom read (32 bytes read) [ 44.444489] audit: type=1400 audit(1569000285.818:7): avc: denied { map } for pid=1794 comm="syz-executor247" path="/root/syz-executor247473471" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 45.390129] invalid inflight: 1 state 4 cwnd 10 mss 21888 [ 45.395824] ------------[ cut here ]------------ [ 45.400794] WARNING: CPU: 1 PID: 0 at net/ipv4/tcp_output.c:2507 tcp_send_loss_probe.cold+0x7e/0x94 [ 45.410008] Kernel panic - not syncing: panic_on_warn set ... [ 45.410008] [ 45.417360] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.14.145+ #0 [ 45.423658] Call Trace: [ 45.426219] [ 45.428366] dump_stack+0xca/0x134 [ 45.431890] panic+0x1ea/0x3d3 [ 45.435060] ? add_taint.cold+0x16/0x16 [ 45.439022] ? tcp_send_loss_probe.cold+0x7e/0x94 [ 45.443843] ? __probe_kernel_read+0x163/0x1c0 [ 45.448417] ? tcp_send_loss_probe.cold+0x7e/0x94 [ 45.453282] __warn.cold+0x2f/0x3a [ 45.456812] ? tcp_send_loss_probe.cold+0x7e/0x94 [ 45.461645] report_bug+0x20a/0x248 [ 45.465261] do_error_trap+0x1bf/0x2d0 [ 45.469126] ? math_error+0x2d0/0x2d0 [ 45.472925] ? vprintk_emit+0xd5/0x330 [ 45.476794] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 45.481617] invalid_op+0x18/0x40 [ 45.485046] RIP: 0010:tcp_send_loss_probe.cold+0x7e/0x94 [ 45.490471] RSP: 0018:ffff8881d7707ca8 EFLAGS: 00010286 [ 45.495821] RAX: 000000000000002d RBX: 0000000000000000 RCX: 0000000000000000 [ 45.503068] RDX: 0000000000000000 RSI: ffffffffa7269f80 RDI: ffffed103aee0f87 [ 45.510324] RBP: ffff8881cf6a9f80 R08: 000000000000002d R09: ffffed103aee4ce9 [ 45.517570] R10: ffffed103aee4ce8 R11: ffff8881d7726747 R12: 0000000000005580 [ 45.524841] R13: 0000000000000001 R14: 000000000000000a R15: ffff8881cf6a9f80 [ 45.532109] ? tcp_send_loss_probe.cold+0x7e/0x94 [ 45.536932] ? tcp_write_timer_handler+0x780/0x780 [ 45.541847] tcp_write_timer_handler+0x46b/0x780 [ 45.546590] tcp_write_timer+0xc9/0x170 [ 45.550554] call_timer_fn+0x15b/0x6a0 [ 45.554427] ? collect_expired_timers+0x280/0x280 [ 45.559251] ? check_preemption_disabled+0x35/0x1f0 [ 45.564252] ? _raw_spin_unlock_irq+0x24/0x50 [ 45.568730] ? tcp_write_timer_handler+0x780/0x780 [ 45.573637] expire_timers+0x227/0x4c0 [ 45.577506] run_timer_softirq+0x1eb/0x5d0 [ 45.581721] ? expire_timers+0x4c0/0x4c0 [ 45.585766] ? check_preemption_disabled+0x35/0x1f0 [ 45.590763] ? check_preemption_disabled+0x35/0x1f0 [ 45.595762] __do_softirq+0x234/0x9ec [ 45.599542] ? check_preemption_disabled+0x35/0x1f0 [ 45.604540] irq_exit+0x114/0x150 [ 45.607969] smp_apic_timer_interrupt+0x1a7/0x650 [ 45.612792] apic_timer_interrupt+0x8c/0xa0 [ 45.617097] [ 45.619311] RIP: 0010:native_safe_halt+0x13/0x20 [ 45.624051] RSP: 0018:ffff8881d668fd60 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10 [ 45.631738] RAX: 0000000000000000 RBX: ffffffffa7c2eb68 RCX: 0000000000000000 [ 45.638995] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8881d667372c [ 45.646267] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 45.653526] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 45.660778] R13: 0000000000000000 R14: ffff8881d6672f00 R15: dffffc0000000000 [ 45.668044] default_idle+0x61/0x3b0 [ 45.671741] do_idle+0x2e6/0x390 [ 45.675099] ? arch_cpu_idle_exit+0x40/0x40 [ 45.679399] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 45.684484] ? trace_hardirqs_on_caller+0x37b/0x540 [ 45.689479] cpu_startup_entry+0xc6/0xd0 [ 45.693532] ? cpu_in_idle+0x20/0x20 [ 45.697243] ? trace_hardirqs_on_caller+0x37b/0x540 [ 45.702242] start_secondary+0x3a8/0x4b0 [ 45.706283] ? set_cpu_sibling_map+0x1110/0x1110 [ 45.711023] secondary_startup_64+0xa5/0xb0 [ 45.716058] Kernel Offset: 0x24400000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 45.726999] Rebooting in 86400 seconds..