[....] Starting OpenBSD Secure Shell server: sshd[   10.713838] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   18.826355] random: sshd: uninitialized urandom read (32 bytes read)
[   19.205026] audit: type=1400 audit(1567729917.521:6): avc:  denied  { map } for  pid=1757 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   19.244193] random: sshd: uninitialized urandom read (32 bytes read)
[   19.722350] random: sshd: uninitialized urandom read (32 bytes read)
[   39.283688] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.48' (ECDSA) to the list of known hosts.
[   44.831427] random: sshd: uninitialized urandom read (32 bytes read)
[   44.925541] audit: type=1400 audit(1567729943.241:7): avc:  denied  { map } for  pid=1787 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2019/09/06 00:32:23 parsed 1 programs
[   44.989738] audit: type=1400 audit(1567729943.301:8): avc:  denied  { map } for  pid=1787 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=5044 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
[   45.728148] random: cc1: uninitialized urandom read (8 bytes read)
2019/09/06 00:32:25 executed programs: 0
[   46.952567] audit: type=1400 audit(1567729945.271:9): avc:  denied  { map } for  pid=1787 comm="syz-execprog" path="/root/syzkaller-shm789495278" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
2019/09/06 00:32:30 executed programs: 93
2019/09/06 00:32:35 executed programs: 409
[   58.845545] ==================================================================
[   58.852964] BUG: KASAN: stack-out-of-bounds in unwind_next_frame+0x169f/0x1810
[   58.860322] Read of size 8 at addr ffff8881c0e7f860 by task syz-executor.1/4260
[   58.867744] 
[   58.869356] CPU: 0 PID: 4260 Comm: syz-executor.1 Not tainted 4.14.141+ #0
[   58.876348] Call Trace:
[   58.879122]  dump_stack+0xca/0x134
[   58.882749]  ? unwind_next_frame+0x169f/0x1810
[   58.887386]  ? unwind_next_frame+0x169f/0x1810
[   58.891963]  print_address_description+0x60/0x226
[   58.896788]  ? unwind_next_frame+0x169f/0x1810
[   58.901351]  ? unwind_next_frame+0x169f/0x1810
[   58.905912]  __kasan_report.cold+0x1a/0x41
[   58.910126]  ? unwind_next_frame+0x169f/0x1810
[   58.915644]  unwind_next_frame+0x169f/0x1810
[   58.920038]  ? retint_kernel+0x2d/0x2d
[   58.923923]  ? perf_callchain_user+0x4a7/0xf80
[   58.928485]  ? deref_stack_reg+0xe0/0xe0
[   58.932525]  ? perf_callchain_user+0x2d1/0xf80
[   58.937083]  ? retint_kernel+0x2d/0x2d
[   58.940948]  perf_callchain_kernel+0x3a0/0x540
[   58.945510]  ? perf_callchain_kernel+0x540/0x540
[   58.950245]  ? arch_perf_update_userpage+0x330/0x330
[   58.955332]  ? perf_callchain+0x147/0x190
[   58.959462]  ? futex_wait_setup+0x132/0x330
[   58.963779]  get_perf_callchain+0x2f5/0x770
[   58.968097]  ? put_callchain_buffers+0x60/0x60
[   58.972659]  ? perf_callchain+0x150/0x190
[   58.976806]  perf_callchain+0x147/0x190
[   58.980853]  perf_prepare_sample+0x6a8/0x1360
[   58.985329]  ? perf_output_sample+0x1700/0x1700
[   58.989977]  ? perf_prepare_sample+0x1360/0x1360
[   58.994711]  ? perf_swevent_put_recursion_context+0x1a/0xa0
[   59.000402]  perf_event_output_forward+0xdc/0x220
[   59.005225]  ? perf_prepare_sample+0x1360/0x1360
[   59.009980]  ? __perf_event_overflow+0x1cc/0x340
[   59.014784]  ? check_preemption_disabled+0x35/0x1f0
[   59.019793]  __perf_event_overflow+0x12d/0x340
[   59.024375]  perf_swevent_overflow+0x7a/0xf0
[   59.028816]  perf_swevent_event+0x112/0x270
[   59.033216]  perf_tp_event+0x633/0x7f0
[   59.037088]  ? perf_swevent_put_recursion_context+0xa0/0xa0
[   59.042900]  ? trace_hardirqs_on+0x10/0x10
[   59.047128]  ? __lock_acquire+0x5d7/0x4320
[   59.051356]  ? perf_trace_run_bpf_submit+0x113/0x170
[   59.056629]  ? check_preemption_disabled+0x35/0x1f0
[   59.061657]  perf_trace_run_bpf_submit+0x113/0x170
[   59.066601]  perf_trace_lock_acquire+0x341/0x4e0
[   59.071346]  ? HARDIRQ_verbose+0x10/0x10
[   59.075399]  ? retint_kernel+0x2d/0x2d
[   59.079288]  ? get_futex_key+0x4c1/0xf90
[   59.083336]  lock_acquire+0x279/0x360
[   59.087120]  ? futex_wait_setup+0x132/0x330
[   59.091424]  _raw_spin_lock+0x2a/0x40
[   59.095203]  ? futex_wait_setup+0x132/0x330
[   59.099502]  futex_wait_setup+0x132/0x330
[   59.103643]  ? get_futex_key+0xf90/0xf90
[   59.107685]  futex_wait+0x1ad/0x570
[   59.111294]  ? futex_wait_setup+0x330/0x330
[   59.115596]  ? wake_up_q+0xea/0x150
[   59.119203]  ? drop_futex_key_refs.isra.0+0x17/0xb0
[   59.124235]  ? futex_wake+0x15b/0x440
[   59.128029]  do_futex+0x13f/0x1980
[   59.131576]  ? trace_hardirqs_on+0x10/0x10
[   59.135809]  ? perf_trace_lock_acquire+0x341/0x4e0
[   59.140719]  ? exit_robust_list+0x240/0x240
[   59.145030]  ? HARDIRQ_verbose+0x10/0x10
[   59.149073]  ? __might_fault+0x104/0x1b0
[   59.153763]  ? lock_downgrade+0x5d0/0x5d0
[   59.157890]  ? lock_acquire+0x12b/0x360
[   59.161842]  ? __might_fault+0xd4/0x1b0
[   59.165798]  ? __might_fault+0x177/0x1b0
[   59.169844]  ? _copy_to_user+0x82/0xd0
[   59.173711]  SyS_futex+0x1c5/0x2c3
[   59.177247]  ? do_futex+0x1980/0x1980
[   59.181032]  ? SyS_clock_gettime+0x7d/0xe0
[   59.185244]  ? do_clock_gettime+0xd0/0xd0
[   59.189374]  ? do_syscall_64+0x43/0x520
[   59.193340]  ? do_futex+0x1980/0x1980
[   59.197131]  do_syscall_64+0x19b/0x520
[   59.201019]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   59.206187] RIP: 0033:0x459879
[   59.209353] RSP: 002b:00007fd62917dcf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[   59.217038] RAX: ffffffffffffffda RBX: 000000000075bf28 RCX: 0000000000459879
[   59.224308] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000075bf28
[   59.231562] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[   59.238813] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bf2c
[   59.246060] R13: 00007ffdb496c8cf R14: 00007fd62917e9c0 R15: 000000000075bf2c
[   59.253328] 
[   59.254934] The buggy address belongs to the page:
[   59.259845] page:ffffea0007039fc0 count:0 mapcount:0 mapping:          (null) index:0x0
[   59.267982] flags: 0x4000000000000000()
[   59.271942] raw: 4000000000000000 0000000000000000 0000000000000000 00000000ffffffff
[   59.279799] raw: 0000000000000000 ffffea0007039fe0 0000000000000000 0000000000000000
[   59.287660] page dumped because: kasan: bad access detected
[   59.293349] 
[   59.296456] Memory state around the buggy address:
[   59.301367]  ffff8881c0e7f700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   59.308718]  ffff8881c0e7f780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   59.316066] >ffff8881c0e7f800: 00 00 00 f1 f1 f1 f1 f1 f1 04 f2 00 f3 f3 f3 00
[   59.323403]                                                        ^
[   59.329874]  ffff8881c0e7f880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   59.337211]  ffff8881c0e7f900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   59.344575] ==================================================================
[   59.353036] Disabling lock debugging due to kernel taint
[   59.358461] Kernel panic - not syncing: panic_on_warn set ...
[   59.358461] 
[   59.365811] CPU: 0 PID: 4260 Comm: syz-executor.1 Tainted: G    B           4.14.141+ #0
[   59.374019] Call Trace:
[   59.376602]  dump_stack+0xca/0x134
[   59.380124]  panic+0x1ea/0x3d3
[   59.383303]  ? add_taint.cold+0x16/0x16
[   59.387256]  ? lock_downgrade+0x5d0/0x5d0
[   59.391383]  ? unwind_next_frame+0x169f/0x1810
[   59.395942]  end_report+0x43/0x49
[   59.399368]  ? unwind_next_frame+0x169f/0x1810
[   59.403925]  __kasan_report.cold+0xd/0x41
[   59.408052]  ? unwind_next_frame+0x169f/0x1810
[   59.412616]  unwind_next_frame+0x169f/0x1810
[   59.417000]  ? retint_kernel+0x2d/0x2d
[   59.420866]  ? perf_callchain_user+0x4a7/0xf80
[   59.425422]  ? deref_stack_reg+0xe0/0xe0
[   59.429467]  ? perf_callchain_user+0x2d1/0xf80
[   59.434023]  ? retint_kernel+0x2d/0x2d
[   59.437887]  perf_callchain_kernel+0x3a0/0x540
[   59.442457]  ? perf_callchain_kernel+0x540/0x540
[   59.447200]  ? arch_perf_update_userpage+0x330/0x330
[   59.452283]  ? perf_callchain+0x147/0x190
[   59.456409]  ? futex_wait_setup+0x132/0x330
[   59.460710]  get_perf_callchain+0x2f5/0x770
[   59.465009]  ? put_callchain_buffers+0x60/0x60
[   59.469577]  ? perf_callchain+0x150/0x190
[   59.473707]  perf_callchain+0x147/0x190
[   59.477657]  perf_prepare_sample+0x6a8/0x1360
[   59.482130]  ? perf_output_sample+0x1700/0x1700
[   59.486778]  ? perf_prepare_sample+0x1360/0x1360
[   59.491518]  ? perf_swevent_put_recursion_context+0x1a/0xa0
[   59.497215]  perf_event_output_forward+0xdc/0x220
[   59.502034]  ? perf_prepare_sample+0x1360/0x1360
[   59.506763]  ? __perf_event_overflow+0x1cc/0x340
[   59.511498]  ? check_preemption_disabled+0x35/0x1f0
[   59.516491]  __perf_event_overflow+0x12d/0x340
[   59.521138]  perf_swevent_overflow+0x7a/0xf0
[   59.525531]  perf_swevent_event+0x112/0x270
[   59.529838]  perf_tp_event+0x633/0x7f0
[   59.534149]  ? perf_swevent_put_recursion_context+0xa0/0xa0
[   59.539842]  ? trace_hardirqs_on+0x10/0x10
[   59.544054]  ? __lock_acquire+0x5d7/0x4320
[   59.548268]  ? perf_trace_run_bpf_submit+0x113/0x170
[   59.553347]  ? check_preemption_disabled+0x35/0x1f0
[   59.558339]  perf_trace_run_bpf_submit+0x113/0x170
[   59.563245]  perf_trace_lock_acquire+0x341/0x4e0
[   59.567978]  ? HARDIRQ_verbose+0x10/0x10
[   59.572022]  ? retint_kernel+0x2d/0x2d
[   59.575884]  ? get_futex_key+0x4c1/0xf90
[   59.579924]  lock_acquire+0x279/0x360
[   59.583701]  ? futex_wait_setup+0x132/0x330
[   59.587999]  _raw_spin_lock+0x2a/0x40
[   59.591775]  ? futex_wait_setup+0x132/0x330
[   59.596071]  futex_wait_setup+0x132/0x330
[   59.600198]  ? get_futex_key+0xf90/0xf90
[   59.604237]  futex_wait+0x1ad/0x570
[   59.607840]  ? futex_wait_setup+0x330/0x330
[   59.612142]  ? wake_up_q+0xea/0x150
[   59.615746]  ? drop_futex_key_refs.isra.0+0x17/0xb0
[   59.620757]  ? futex_wake+0x15b/0x440
[   59.624539]  do_futex+0x13f/0x1980
[   59.628055]  ? trace_hardirqs_on+0x10/0x10
[   59.632273]  ? perf_trace_lock_acquire+0x341/0x4e0
[   59.637188]  ? exit_robust_list+0x240/0x240
[   59.641494]  ? HARDIRQ_verbose+0x10/0x10
[   59.645538]  ? __might_fault+0x104/0x1b0
[   59.649574]  ? lock_downgrade+0x5d0/0x5d0
[   59.653695]  ? lock_acquire+0x12b/0x360
[   59.657642]  ? __might_fault+0xd4/0x1b0
[   59.661603]  ? __might_fault+0x177/0x1b0
[   59.665646]  ? _copy_to_user+0x82/0xd0
[   59.669533]  SyS_futex+0x1c5/0x2c3
[   59.673049]  ? do_futex+0x1980/0x1980
[   59.676824]  ? SyS_clock_gettime+0x7d/0xe0
[   59.681035]  ? do_clock_gettime+0xd0/0xd0
[   59.685160]  ? do_syscall_64+0x43/0x520
[   59.689109]  ? do_futex+0x1980/0x1980
[   59.692885]  do_syscall_64+0x19b/0x520
[   59.696757]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   59.701924] RIP: 0033:0x459879
[   59.705100] RSP: 002b:00007fd62917dcf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[   59.712783] RAX: ffffffffffffffda RBX: 000000000075bf28 RCX: 0000000000459879
[   59.720032] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000075bf28
[   59.727296] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[   59.734543] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bf2c
[   59.741791] R13: 00007ffdb496c8cf R14: 00007fd62917e9c0 R15: 000000000075bf2c
[   59.749899] Kernel Offset: 0x2c800000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[   59.760799] Rebooting in 86400 seconds..