[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 26.923566] random: sshd: uninitialized urandom read (32 bytes read) [ 27.522781] audit: type=1400 audit(1569532433.879:6): avc: denied { map } for pid=1770 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 27.572022] random: sshd: uninitialized urandom read (32 bytes read) [ 28.070131] random: sshd: uninitialized urandom read (32 bytes read) [ 28.232603] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.222' (ECDSA) to the list of known hosts. [ 33.642142] random: sshd: uninitialized urandom read (32 bytes read) 2019/09/26 21:14:00 parsed 1 programs [ 33.731481] audit: type=1400 audit(1569532440.089:7): avc: denied { map } for pid=1788 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 33.790482] audit: type=1400 audit(1569532440.149:8): avc: denied { map } for pid=1788 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=5044 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 34.407312] random: cc1: uninitialized urandom read (8 bytes read) 2019/09/26 21:14:01 executed programs: 0 [ 35.589364] audit: type=1400 audit(1569532441.939:9): avc: denied { map } for pid=1788 comm="syz-execprog" path="/root/syzkaller-shm097800402" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 38.429184] bdi-block not registered [ 38.433278] ------------[ cut here ]------------ [ 38.438047] WARNING: CPU: 1 PID: 2695 at fs/fs-writeback.c:2204 __mark_inode_dirty.cold+0x2f/0x42 [ 38.447050] Kernel panic - not syncing: panic_on_warn set ... [ 38.447050] [ 38.454507] CPU: 1 PID: 2695 Comm: syz-executor.4 Not tainted 4.14.146+ #0 [ 38.461507] Call Trace: [ 38.464094] dump_stack+0xca/0x134 [ 38.467635] panic+0x1ea/0x3d3 [ 38.470823] ? add_taint.cold+0x16/0x16 [ 38.474802] ? __mark_inode_dirty.cold+0x2f/0x42 [ 38.479552] ? __probe_kernel_read+0x163/0x1c0 [ 38.484140] ? __mark_inode_dirty.cold+0x2f/0x42 [ 38.488976] __warn.cold+0x2f/0x3a [ 38.492513] ? __mark_inode_dirty.cold+0x2f/0x42 [ 38.497264] report_bug+0x20a/0x248 [ 38.500906] do_error_trap+0x1bf/0x2d0 [ 38.504791] ? math_error+0x2d0/0x2d0 [ 38.508602] ? vprintk_emit+0xd5/0x330 [ 38.512485] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.517335] invalid_op+0x18/0x40 [ 38.520783] RIP: 0010:__mark_inode_dirty.cold+0x2f/0x42 [ 38.526131] RSP: 0018:ffff8881d315f448 EFLAGS: 00010286 [ 38.531479] RAX: 0000000000000018 RBX: ffff8881da417a58 RCX: 0000000000000000 [ 38.538730] RDX: 0000000000000000 RSI: ffffffffb8669f80 RDI: ffffed103a62be7b [ 38.545981] RBP: ffff8881d9378000 R08: 0000000000000018 R09: ffffed103b764ce9 [ 38.553230] R10: ffffed103b764ce8 R11: ffff8881dbb26747 R12: ffff8881d9378058 [ 38.560480] R13: ffff8881da417b30 R14: ffff8881d93780b0 R15: ffff8881d9378000 [ 38.567762] ? __mark_inode_dirty.cold+0x2f/0x42 [ 38.572514] mark_buffer_dirty+0x258/0x490 [ 38.576733] __block_commit_write.isra.0+0x138/0x210 [ 38.581913] block_write_end+0x42/0xf0 [ 38.585784] blkdev_write_end+0x3c/0x130 [ 38.589832] generic_perform_write+0x281/0x460 [ 38.594404] ? filemap_page_mkwrite+0x2d0/0x2d0 [ 38.599055] ? current_time+0xb0/0xb0 [ 38.602856] ? depot_save_stack+0x201/0x418 [ 38.607273] __generic_file_write_iter+0x32e/0x550 [ 38.612185] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 38.617270] blkdev_write_iter+0x1fb/0x3d0 [ 38.621484] ? _raw_spin_unlock_irqrestore+0x41/0x70 [ 38.626568] ? check_disk_change+0x120/0x120 [ 38.630974] do_iter_readv_writev+0x379/0x580 [ 38.635455] ? clone_verify_area+0x1e0/0x1e0 [ 38.640717] ? avc_policy_seqno+0x5/0x10 [ 38.645120] ? security_file_permission+0x88/0x1e0 [ 38.650041] do_iter_write+0x152/0x550 [ 38.653921] vfs_iter_write+0x70/0xa0 [ 38.657710] iter_file_splice_write+0x560/0xa50 [ 38.662381] ? generic_file_splice_read+0x377/0x540 [ 38.667379] ? vmsplice_to_user+0x1e0/0x1e0 [ 38.671680] ? add_to_pipe+0x350/0x350 [ 38.675561] ? security_file_permission+0x88/0x1e0 [ 38.680474] ? vmsplice_to_user+0x1e0/0x1e0 [ 38.684789] direct_splice_actor+0x118/0x160 [ 38.689192] splice_direct_to_actor+0x292/0x760 [ 38.693858] ? generic_pipe_buf_nosteal+0x10/0x10 [ 38.698685] ? do_splice_to+0x150/0x150 [ 38.702658] ? security_file_permission+0x88/0x1e0 [ 38.707574] do_splice_direct+0x177/0x240 [ 38.711707] ? splice_direct_to_actor+0x760/0x760 [ 38.716536] ? security_file_permission+0x88/0x1e0 [ 38.721454] do_sendfile+0x493/0xb20 [ 38.725165] ? do_compat_pwritev64+0x170/0x170 [ 38.729731] ? put_timespec64+0xbe/0x110 [ 38.733804] ? nsecs_to_jiffies+0x30/0x30 [ 38.737951] SyS_sendfile64+0x11f/0x140 [ 38.741919] ? SyS_sendfile+0x150/0x150 [ 38.745892] ? do_clock_gettime+0xd0/0xd0 [ 38.754120] ? do_syscall_64+0x43/0x520 [ 38.758082] ? SyS_sendfile+0x150/0x150 [ 38.762041] do_syscall_64+0x19b/0x520 [ 38.765921] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 38.771110] RIP: 0033:0x459a29 [ 38.774281] RSP: 002b:00007fe0f2705c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 38.781972] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000459a29 [ 38.789224] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006 [ 38.796484] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 38.803746] R10: 0020000102000007 R11: 0000000000000246 R12: 00007fe0f27066d4 [ 38.811009] R13: 00000000004c720a R14: 00000000004dca00 R15: 00000000ffffffff [ 38.819037] Kernel Offset: 0x35800000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 38.830012] Rebooting in 86400 seconds..