[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   34.133142] random: sshd: uninitialized urandom read (32 bytes read)
[   34.574686] audit: type=1400 audit(1537473628.452:6): avc:  denied  { map } for  pid=5525 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   34.635257] random: sshd: uninitialized urandom read (32 bytes read)
[   35.267140] random: sshd: uninitialized urandom read (32 bytes read)
[   35.512658] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.47' (ECDSA) to the list of known hosts.
[   41.119543] random: sshd: uninitialized urandom read (32 bytes read)
[   41.256201] audit: type=1400 audit(1537473635.132:7): avc:  denied  { map } for  pid=5539 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2018/09/20 20:00:35 parsed 1 programs
[   41.775060] audit: type=1400 audit(1537473635.652:8): avc:  denied  { map } for  pid=5539 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=14701 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
[   42.457661] random: cc1: uninitialized urandom read (8 bytes read)
2018/09/20 20:00:37 executed programs: 0
[   44.075596] audit: type=1400 audit(1537473637.952:9): avc:  denied  { map } for  pid=5539 comm="syz-execprog" path="/root/syzkaller-shm691774152" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
[   44.115346] IPVS: ftp: loaded support on port[0] = 21
[   44.380030] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.387017] bridge0: port 1(bridge_slave_0) entered disabled state
[   44.394601] device bridge_slave_0 entered promiscuous mode
[   44.413845] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.420267] bridge0: port 2(bridge_slave_1) entered disabled state
[   44.427589] device bridge_slave_1 entered promiscuous mode
[   44.446785] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   44.465911] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   44.518684] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   44.540455] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   44.618323] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   44.625888] team0: Port device team_slave_0 added
[   44.643109] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   44.650225] team0: Port device team_slave_1 added
[   44.669898] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   44.690620] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   44.709625] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   44.730313] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   44.834632] ip (5639) used greatest stack depth: 15816 bytes left
[   44.884878] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.891300] bridge0: port 2(bridge_slave_1) entered forwarding state
[   44.898280] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.904676] bridge0: port 1(bridge_slave_0) entered forwarding state
[   45.430245] 8021q: adding VLAN 0 to HW filter on device bond0
[   45.482955] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   45.536625] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   45.542950] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   45.550261] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   45.603362] 8021q: adding VLAN 0 to HW filter on device team0
2018/09/20 20:00:42 executed programs: 163
2018/09/20 20:00:47 executed programs: 429
2018/09/20 20:00:52 executed programs: 692
2018/09/20 20:00:58 executed programs: 957
2018/09/20 20:01:03 executed programs: 1209
2018/09/20 20:01:08 executed programs: 1470
2018/09/20 20:01:13 executed programs: 1721
2018/09/20 20:01:18 executed programs: 1988
[   85.818844] ------------[ cut here ]------------
[   85.823817] refcount_t: increment on 0; use-after-free.
[   85.829371] WARNING: CPU: 1 PID: 13494 at lib/refcount.c:153 refcount_inc_checked+0x5d/0x70
[   85.837846] Kernel panic - not syncing: panic_on_warn set ...
[   85.837846] 
[   85.845197] CPU: 1 PID: 13494 Comm: syz-executor0 Not tainted 4.19.0-rc4+ #26
[   85.852450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   85.861787] Call Trace:
[   85.864388]  dump_stack+0x1c4/0x2b4
[   85.868015]  ? dump_stack_print_info.cold.2+0x52/0x52
[   85.873198]  panic+0x238/0x4e7
[   85.876401]  ? add_taint.cold.5+0x16/0x16
[   85.880564]  ? __warn.cold.8+0x148/0x1ba
[   85.884613]  ? __warn.cold.8+0x117/0x1ba
[   85.888668]  ? refcount_inc_checked+0x5d/0x70
[   85.893171]  __warn.cold.8+0x163/0x1ba
[   85.897047]  ? rcu_bh_qs+0xc0/0xc0
[   85.900576]  ? refcount_inc_checked+0x5d/0x70
[   85.905060]  report_bug+0x254/0x2d0
[   85.908681]  do_error_trap+0x1fc/0x4d0
[   85.912558]  ? math_error+0x3f0/0x3f0
[   85.916346]  ? vprintk_default+0x28/0x30
[   85.920396]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   85.925231]  ? trace_hardirqs_on_caller+0x310/0x310
[   85.930240]  ? printk+0xa7/0xcf
[   85.933527]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   85.938372]  do_invalid_op+0x1b/0x20
[   85.942080]  invalid_op+0x14/0x20
[   85.945523] RIP: 0010:refcount_inc_checked+0x5d/0x70
[   85.950612] Code: 1d a2 83 91 06 31 ff 89 de e8 7f 8e ef fd 84 db 75 df e8 a6 8d ef fd 48 c7 c7 40 82 44 88 c6 05 82 83 91 06 01 e8 63 74 b9 fd <0f> 0b eb c3 0f 1f 44 00 00 66 2e 0f 1f 84 00 00 00 00 00 55 48 89
[   85.969509] RSP: 0018:ffff8801c7fdeca0 EFLAGS: 00010282
[   85.974864] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[   85.982121] RDX: 0000000000000000 RSI: ffffffff8164fce5 RDI: 0000000000000005
[   85.989376] RBP: ffff8801c7fdeca8 R08: ffff8801c67da1c0 R09: ffffed003b5e3ee2
[   85.996638] R10: ffffed003b5e3ee2 R11: ffff8801daf1f717 R12: 0000000000000000
[   86.003899] R13: 0000000000000008 R14: ffff8801b465f640 R15: dffffc0000000000
[   86.011169]  ? vprintk_func+0x85/0x181
[   86.015051]  igmp_start_timer+0xaf/0xe0
[   86.019015]  igmp_rcv+0x190e/0x3020
[   86.022642]  ? ip_mc_leave_group+0x4b0/0x4b0
[   86.027046]  ? raw_rcv_skb+0x43/0x70
[   86.030754]  ? kasan_check_write+0x14/0x20
[   86.034985]  ? do_raw_read_unlock+0x3f/0x60
[   86.039299]  ? _raw_read_unlock+0x2c/0x50
[   86.043444]  ? raw_local_deliver+0x2ca/0xc3a
[   86.047844]  ? graph_lock+0x170/0x170
[   86.051639]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   86.057164]  ? check_preemption_disabled+0x48/0x200
[   86.062168]  ? check_preemption_disabled+0x48/0x200
[   86.067455]  ? __lock_is_held+0xb5/0x140
[   86.071521]  ip_local_deliver_finish+0x2e9/0xda0
[   86.076270]  ? ip_sublist_rcv_finish+0x3f0/0x3f0
[   86.081026]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   86.086046]  ? nf_hook_slow+0x11e/0x1c0
[   86.090023]  ip_local_deliver+0x1e9/0x750
[   86.094167]  ? ip_call_ra_chain+0x730/0x730
[   86.098485]  ? ip_sublist_rcv_finish+0x3f0/0x3f0
[   86.103234]  ? rcu_read_unlock_special.part.39+0x11f0/0x11f0
[   86.109040]  ? kasan_check_read+0x11/0x20
[   86.113198]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   86.118203]  ? rcu_bh_qs+0xc0/0xc0
[   86.121733]  ip_rcv_finish+0x1f9/0x300
[   86.125617]  ip_rcv+0xed/0x610
[   86.128815]  ? ip_local_deliver+0x750/0x750
[   86.133150]  ? pvclock_read_flags+0x160/0x160
[   86.137641]  ? ip_rcv_finish_core.isra.15+0x1f40/0x1f40
[   86.142993]  ? rcu_bh_qs+0xc0/0xc0
[   86.146526]  ? lock_acquire+0x1ed/0x520
[   86.150496]  __netif_receive_skb_one_core+0x14d/0x200
[   86.155677]  ? __netif_receive_skb_core+0x3b60/0x3b60
[   86.160855]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[   86.166140]  ? rcu_bh_qs+0xc0/0xc0
[   86.169673]  __netif_receive_skb+0x2c/0x1e0
[   86.173987]  netif_receive_skb_internal+0x12c/0x620
[   86.179007]  ? check_preemption_disabled+0x48/0x200
[   86.184032]  ? dev_cpu_dead+0xa80/0xa80
[   86.188002]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[   86.193529]  ? eth_type_trans+0x2ea/0x760
[   86.197666]  ? eth_gro_receive+0x920/0x920
[   86.201911]  napi_gro_frags+0x75a/0xc90
[   86.205884]  ? napi_gro_receive+0x5f0/0x5f0
[   86.210201]  ? eth_get_headlen+0x173/0x1f0
[   86.214455]  ? eth_type_trans+0x760/0x760
[   86.218619]  ? tun_get_user+0x31ac/0x42a0
[   86.222764]  tun_get_user+0x31d5/0x42a0
[   86.226738]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   86.231954]  ? tun_build_skb.isra.54+0x2230/0x2230
[   86.236880]  ? futex_wait_setup+0x3e0/0x3e0
[   86.241194]  ? drop_futex_key_refs.isra.15+0x6d/0xe0
[   86.246288]  ? futex_wake+0x304/0x760
[   86.250107]  ? tun_get+0x206/0x370
[   86.253638]  ? lock_downgrade+0x900/0x900
[   86.257792]  ? check_preemption_disabled+0x48/0x200
[   86.262805]  ? rcu_read_unlock_special.part.39+0x11f0/0x11f0
[   86.268598]  ? kasan_check_read+0x11/0x20
[   86.272737]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[   86.278005]  ? rcu_bh_qs+0xc0/0xc0
[   86.281541]  ? tun_get+0x22d/0x370
[   86.285091]  ? tun_chr_close+0x180/0x180
[   86.289148]  tun_chr_write_iter+0xb9/0x154
[   86.293378]  do_iter_readv_writev+0x8b0/0xa80
[   86.297871]  ? vfs_dedupe_file_range+0x670/0x670
[   86.302618]  ? rw_verify_area+0x118/0x360
[   86.306760]  do_iter_write+0x185/0x5f0
[   86.310641]  ? dup_iter+0x270/0x270
[   86.314280]  ? rcu_bh_qs+0xc0/0xc0
[   86.317842]  vfs_writev+0x1f1/0x360
[   86.321459]  ? vfs_iter_write+0xb0/0xb0
[   86.325457]  ? sockfd_lookup_light+0xc5/0x160
[   86.329964]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   86.335507]  ? __fdget_pos+0xde/0x200
[   86.339303]  ? __fdget_raw+0x20/0x20
[   86.343008]  ? __alloc_fd+0x6e0/0x6e0
[   86.346814]  ? fput+0x130/0x1a0
[   86.350091]  do_writev+0x11a/0x310
[   86.353624]  ? vfs_writev+0x360/0x360
[   86.357416]  ? __bpf_trace_preemptirq_template+0x30/0x30
[   86.362862]  __x64_sys_writev+0x75/0xb0
[   86.366828]  do_syscall_64+0x1b9/0x820
[   86.370705]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   86.376059]  ? syscall_return_slowpath+0x5e0/0x5e0
[   86.380981]  ? trace_hardirqs_on_caller+0x310/0x310
[   86.385985]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   86.390992]  ? recalc_sigpending_tsk+0x180/0x180
[   86.395754]  ? kasan_check_write+0x14/0x20
[   86.399985]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   86.404823]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   86.409998] RIP: 0033:0x457531
[   86.413180] Code: 75 14 b8 14 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 54 b5 fb ff c3 48 83 ec 08 e8 1a 2d 00 00 48 89 04 24 b8 14 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 63 2d 00 00 48 89 d0 48 83 c4 08 48 3d 01
[   86.432075] RSP: 002b:00007f1448a89ba0 EFLAGS: 00000293 ORIG_RAX: 0000000000000014
[   86.439799] RAX: ffffffffffffffda RBX: 000000000000002a RCX: 0000000000457531
[   86.447074] RDX: 0000000000000001 RSI: 00007f1448a89bf0 RDI: 00000000000000f0
[   86.454339] RBP: 0000000020000240 R08: 00000000000000f0 R09: 0000000000000000
[   86.461600] R10: 0000000000000000 R11: 0000000000000293 R12: 00000000ffffffff
[   86.468861] R13: 00000000004d7938 R14: 00000000004c48b4 R15: 0000000000000000
[   86.477183] Kernel Offset: disabled
[   86.480882] Rebooting in 86400 seconds..