[ 11.231546] random: sshd: uninitialized urandom read (32 bytes read) [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 17.101151] random: sshd: uninitialized urandom read (32 bytes read) [ 17.264041] audit: type=1400 audit(1568124337.301:6): avc: denied { map } for pid=1763 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 17.297951] random: sshd: uninitialized urandom read (32 bytes read) [ 17.785727] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.215' (ECDSA) to the list of known hosts. [ 23.400722] urandom_read: 1 callbacks suppressed [ 23.400726] random: sshd: uninitialized urandom read (32 bytes read) [ 23.502984] audit: type=1400 audit(1568124343.541:7): avc: denied { map } for pid=1781 comm="syz-executor380" path="/root/syz-executor380565999" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 24.490088] invalid inflight: 1 state 4 cwnd 10 mss 21888 [ 24.496823] ------------[ cut here ]------------ [ 24.501593] WARNING: CPU: 0 PID: 1997 at net/ipv4/tcp_output.c:2507 tcp_send_loss_probe.cold+0x7e/0x94 [ 24.511133] Kernel panic - not syncing: panic_on_warn set ... [ 24.511133] [ 24.518570] CPU: 0 PID: 1997 Comm: syz-executor380 Not tainted 4.14.143+ #0 [ 24.525650] Call Trace: [ 24.528238] [ 24.530375] dump_stack+0xca/0x134 [ 24.533897] panic+0x1ea/0x3d3 [ 24.537072] ? add_taint.cold+0x16/0x16 [ 24.541137] ? tcp_send_loss_probe.cold+0x7e/0x94 [ 24.545967] ? __probe_kernel_read+0x163/0x1c0 [ 24.550601] ? tcp_send_loss_probe.cold+0x7e/0x94 [ 24.555458] __warn.cold+0x2f/0x3a [ 24.559150] ? tcp_send_loss_probe.cold+0x7e/0x94 [ 24.564085] report_bug+0x20a/0x248 [ 24.567921] do_error_trap+0x1bf/0x2d0 [ 24.571820] ? math_error+0x2d0/0x2d0 [ 24.575623] ? vprintk_emit+0xd5/0x330 [ 24.579498] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 24.584497] invalid_op+0x18/0x40 [ 24.587950] RIP: 0010:tcp_send_loss_probe.cold+0x7e/0x94 [ 24.593579] RSP: 0018:ffff8881dba07ca8 EFLAGS: 00010286 [ 24.598947] RAX: 000000000000002d RBX: 0000000000000000 RCX: 0000000000000000 [ 24.606205] RDX: 0000000000000000 RSI: ffffffff83469f80 RDI: ffffed103b740f87 [ 24.613471] RBP: ffff8881d45b9500 R08: 000000000000002d R09: ffffed103b744ce9 [ 24.620786] R10: ffffed103b744ce8 R11: ffff8881dba26747 R12: 0000000000005580 [ 24.628151] R13: 0000000000000001 R14: 000000000000000a R15: ffff8881d45b9500 [ 24.635478] ? tcp_send_loss_probe.cold+0x7e/0x94 [ 24.640405] ? tcp_write_timer_handler+0x780/0x780 [ 24.645322] tcp_write_timer_handler+0x46b/0x780 [ 24.650081] tcp_write_timer+0xc9/0x170 [ 24.654049] call_timer_fn+0x15b/0x6a0 [ 24.658444] ? collect_expired_timers+0x280/0x280 [ 24.663394] ? mark_held_locks+0xa6/0xf0 [ 24.667447] ? _raw_spin_unlock_irq+0x24/0x50 [ 24.671945] ? tcp_write_timer_handler+0x780/0x780 [ 24.676955] expire_timers+0x227/0x4c0 [ 24.680975] run_timer_softirq+0x1eb/0x5d0 [ 24.685202] ? expire_timers+0x4c0/0x4c0 [ 24.689358] ? check_preemption_disabled+0x35/0x1f0 [ 24.694377] ? check_preemption_disabled+0x35/0x1f0 [ 24.699393] __do_softirq+0x234/0x9ec [ 24.703191] ? check_preemption_disabled+0x35/0x1f0 [ 24.708213] irq_exit+0x114/0x150 [ 24.711658] smp_apic_timer_interrupt+0x1a7/0x650 [ 24.716593] apic_timer_interrupt+0x8c/0xa0 [ 24.720909] [ 24.723148] RIP: 0010:stack_access_ok+0x2f/0x130 [ 24.727901] RSP: 0018:ffff8881d15873f0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10 [ 24.735622] RAX: 0000000000000000 RBX: 1ffff1103a2b0e83 RCX: 1ffff1103a2b0eae [ 24.747497] RDX: 0000000000000008 RSI: ffff8881d1587898 RDI: ffff8881d1587570 [ 24.754763] RBP: ffff8881d1587898 R08: 0000000000000001 R09: ffff8881d1587870 [ 24.771631] R10: ffff8881d15875a5 R11: 000000000001c033 R12: ffff8881d1587570 [ 24.779104] R13: dffffc0000000000 R14: ffff8881d15878c8 R15: 0000000000000001 [ 24.786399] deref_stack_reg+0x66/0xe0 [ 24.790276] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 24.796240] ? deref_stack_reg+0xe0/0xe0 [ 24.800307] ? free_pgtables+0xab/0x1c0 [ 24.804281] unwind_next_frame+0xe07/0x1810 [ 24.808678] ? unlink_anon_vmas+0x284/0x7e0 [ 24.813001] ? deref_stack_reg+0xe0/0xe0 [ 24.817152] ? trace_hardirqs_on+0x10/0x10 [ 24.821373] __save_stack_trace+0x7a/0xf0 [ 24.825629] ? free_pgtables+0xab/0x1c0 [ 24.829648] __kasan_slab_free+0x164/0x210 [ 24.834067] ? __kasan_slab_free+0x164/0x210 [ 24.838549] ? kmem_cache_free+0xd7/0x3b0 [ 24.842689] ? unlink_anon_vmas+0x284/0x7e0 [ 24.847011] ? debug_check_no_obj_freed+0x2a9/0x5c0 [ 24.852037] ? mark_held_locks+0xa6/0xf0 [ 24.856182] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 24.861278] ? trace_hardirqs_on_caller+0x37b/0x540 [ 24.866301] ? _raw_spin_unlock_irqrestore+0x41/0x70 [ 24.871396] ? debug_check_no_obj_freed+0x2a9/0x5c0 [ 24.876508] ? debug_object_activate+0x4f0/0x4f0 [ 24.881441] ? mark_held_locks+0xa6/0xf0 [ 24.885572] ? kmem_cache_free+0xb2/0x3b0 [ 24.889718] ? unlink_anon_vmas+0x284/0x7e0 [ 24.894120] kmem_cache_free+0xd7/0x3b0 [ 24.898092] unlink_anon_vmas+0x284/0x7e0 [ 24.902233] ? up_write+0x17/0x60 [ 24.906017] free_pgtables+0xab/0x1c0 [ 24.909804] exit_mmap+0x222/0x440 [ 24.913330] ? SyS_munmap+0x30/0x30 [ 24.916943] ? exit_aio+0x264/0x340 [ 24.920551] ? reacquire_held_locks+0xb5/0x3f0 [ 24.925135] mmput+0xeb/0x370 [ 24.928225] do_exit+0x905/0x2a20 [ 24.931668] ? mm_update_next_owner+0x610/0x610 [ 24.936320] ? get_signal+0x334/0x1cc0 [ 24.940188] ? lock_downgrade+0x5d0/0x5d0 [ 24.944314] ? lock_acquire+0x12b/0x360 [ 24.948483] ? get_signal+0x1e7/0x1cc0 [ 24.952364] do_group_exit+0x100/0x2e0 [ 24.956358] get_signal+0x39f/0x1cc0 [ 24.960079] ? mark_held_locks+0xa6/0xf0 [ 24.964138] do_signal+0x96/0x15d0 [ 24.967659] ? inet_sendmsg+0x163/0x520 [ 24.971624] ? inet_recvmsg+0x550/0x550 [ 24.975586] ? sock_sendmsg+0xc6/0x100 [ 24.979476] ? setup_sigcontext+0x810/0x810 [ 24.983883] ? SyS_getpeername+0x250/0x250 [ 24.988129] ? SyS_setsockopt+0x14b/0x210 [ 24.992267] ? SyS_recv+0x40/0x40 [ 24.995704] ? exit_to_usermode_loop+0xcd/0x160 [ 25.000477] exit_to_usermode_loop+0x11d/0x160 [ 25.005271] do_syscall_64+0x3a3/0x520 [ 25.009272] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 25.014454] RIP: 0033:0x442579 [ 25.017746] RSP: 002b:00007ffdb12d79e8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 25.025534] RAX: ffffffffffffffe0 RBX: 0000000000000003 RCX: 0000000000442579 [ 25.032802] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 25.040073] RBP: 0000000000005fa4 R08: 0000000000000000 R09: 0000000000000000 [ 25.047346] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdb12d7a50 [ 25.054611] R13: 00000000004034d0 R14: 0000000000000000 R15: 0000000000000000 [ 25.063277] Kernel Offset: 0x600000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 25.074082] Rebooting in 86400 seconds..