[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 10.671395] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 15.522257] random: sshd: uninitialized urandom read (32 bytes read) [ 15.717449] audit: type=1400 audit(1575236749.990:6): avc: denied { map } for pid=1762 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 15.765714] random: sshd: uninitialized urandom read (32 bytes read) [ 16.291295] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.25' (ECDSA) to the list of known hosts. [ 21.933354] urandom_read: 1 callbacks suppressed [ 21.933358] random: sshd: uninitialized urandom read (32 bytes read) 2019/12/01 21:45:56 parsed 1 programs [ 22.032248] audit: type=1400 audit(1575236756.310:7): avc: denied { map } for pid=1780 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 22.518010] random: cc1: uninitialized urandom read (8 bytes read) 2019/12/01 21:45:57 executed programs: 0 [ 23.662925] audit: type=1400 audit(1575236757.930:8): avc: denied { map } for pid=1780 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=5044 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 23.690965] audit: type=1400 audit(1575236757.950:9): avc: denied { map } for pid=1780 comm="syz-execprog" path="/root/syzkaller-shm176685908" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 28.579195] refcount_t: saturated; leaking memory. [ 28.584408] ------------[ cut here ]------------ [ 28.589177] WARNING: CPU: 0 PID: 2192 at lib/refcount.c:78 refcount_add_not_zero.cold+0x18/0x1f [ 28.599652] Kernel panic - not syncing: panic_on_warn set ... [ 28.599652] [ 28.607007] CPU: 0 PID: 2192 Comm: syz-executor.0 Not tainted 4.14.157-syzkaller #0 [ 28.614792] Call Trace: [ 28.617393] dump_stack+0xe5/0x154 [ 28.620926] panic+0x1f1/0x3da [ 28.624100] ? add_taint.cold+0x16/0x16 [ 28.628056] ? refcount_add_not_zero.cold+0x18/0x1f [ 28.633524] ? __probe_kernel_read+0x163/0x1c0 [ 28.638104] ? refcount_add_not_zero.cold+0x18/0x1f [ 28.643187] __warn.cold+0x2f/0x33 [ 28.646716] ? refcount_add_not_zero.cold+0x18/0x1f [ 28.651810] report_bug+0x20a/0x248 [ 28.655421] do_error_trap+0x1bf/0x2d0 [ 28.659297] ? math_error+0x2d0/0x2d0 [ 28.663084] ? vprintk_emit+0xd5/0x330 [ 28.666952] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 28.671795] invalid_op+0x18/0x40 [ 28.675231] RIP: 0010:refcount_add_not_zero.cold+0x18/0x1f [ 28.680830] RSP: 0018:ffff8881c9fcf5c8 EFLAGS: 00010282 [ 28.686231] RAX: 0000000000000026 RBX: 00000000ffffffff RCX: 0000000000000000 [ 28.693503] RDX: 0000000000000000 RSI: ffffffff9e46a420 RDI: ffffed10393f9eab [ 28.701494] RBP: ffff8881cbabc9bc R08: 0000000000000026 R09: ffffed103b744ce9 [ 28.708838] R10: ffffed103b744ce8 R11: ffff8881dba26747 R12: 1ffff110393f9eba [ 28.716109] R13: 0000000000080100 R14: 00000000ffffff01 R15: 0000000000000024 [ 28.723389] ? refcount_add_not_zero.cold+0x18/0x1f [ 28.728395] ? refcount_dec_if_one+0xb0/0xb0 [ 28.732800] ? __alloc_skb+0x3bc/0x5c0 [ 28.736671] ? __kmalloc_reserve.isra.0+0xc0/0xc0 [ 28.741500] refcount_add+0x17/0x40 [ 28.745217] skb_set_owner_w+0x1ef/0x300 [ 28.749262] sock_wmalloc+0xce/0x110 [ 28.754639] ip_append_page+0x5de/0xe50 [ 28.758615] udp_sendpage+0x168/0x3d0 [ 28.762426] ? udp_destroy_sock+0x190/0x190 [ 28.766739] ? find_get_entry+0x2bb/0x560 [ 28.770874] ? lock_downgrade+0x630/0x630 [ 28.775015] ? check_preemption_disabled+0x35/0x1f0 [ 28.780031] ? check_preemption_disabled+0x35/0x1f0 [ 28.785045] inet_sendpage+0x197/0x5d0 [ 28.788929] ? udp_destroy_sock+0x190/0x190 [ 28.793238] ? check_preemption_disabled+0x35/0x1f0 [ 28.798237] ? inet_getname+0x390/0x390 [ 28.802202] kernel_sendpage+0x84/0xd0 [ 28.806088] sock_sendpage+0x84/0xa0 [ 28.809785] pipe_to_sendpage+0x23d/0x300 [ 28.813916] ? kernel_sendpage+0xd0/0xd0 [ 28.817976] ? direct_splice_actor+0x160/0x160 [ 28.822545] ? splice_from_pipe_next.part.0+0x1e4/0x290 [ 28.827903] __splice_from_pipe+0x331/0x740 [ 28.832255] ? direct_splice_actor+0x160/0x160 [ 28.836830] ? direct_splice_actor+0x160/0x160 [ 28.841395] splice_from_pipe+0xd9/0x140 [ 28.845482] ? splice_shrink_spd+0xb0/0xb0 [ 28.849704] ? security_file_permission+0x88/0x1e0 [ 28.854630] ? splice_from_pipe+0x140/0x140 [ 28.859051] direct_splice_actor+0x118/0x160 [ 28.863718] splice_direct_to_actor+0x292/0x760 [ 28.868399] ? generic_pipe_buf_nosteal+0x10/0x10 [ 28.873244] ? do_splice_to+0x150/0x150 [ 28.877209] ? security_file_permission+0x88/0x1e0 [ 28.882133] do_splice_direct+0x177/0x240 [ 28.886265] ? splice_direct_to_actor+0x760/0x760 [ 28.891093] ? security_file_permission+0x88/0x1e0 [ 28.896010] do_sendfile+0x493/0xb20 [ 28.899709] ? do_compat_pwritev64+0x170/0x170 [ 28.904272] ? put_timespec64+0xbe/0x110 [ 28.908313] ? nsecs_to_jiffies+0x30/0x30 [ 28.912445] SyS_sendfile64+0x11f/0x140 [ 28.916400] ? SyS_sendfile+0x150/0x150 [ 28.920395] ? do_clock_gettime+0xd0/0xd0 [ 28.924548] ? do_syscall_64+0x43/0x520 [ 28.928512] ? SyS_sendfile+0x150/0x150 [ 28.932492] do_syscall_64+0x19b/0x520 [ 28.936394] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 28.941577] RIP: 0033:0x45a679 [ 28.944759] RSP: 002b:00007fdb31a8bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 28.952447] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a679 [ 28.959695] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005 [ 28.966965] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 28.974235] R10: 0000000000010001 R11: 0000000000000246 R12: 00007fdb31a8c6d4 [ 28.981494] R13: 00000000004c8652 R14: 00000000004df368 R15: 00000000ffffffff [ 28.990628] Kernel Offset: 0x1b600000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 29.001582] Rebooting in 86400 seconds..