[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   11.308548] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   16.335470] random: sshd: uninitialized urandom read (32 bytes read)
[   16.507037] audit: type=1400 audit(1567648201.722:6): avc:  denied  { map } for  pid=1758 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   16.591433] random: sshd: uninitialized urandom read (32 bytes read)
[   17.142041] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.174' (ECDSA) to the list of known hosts.
[   22.966553] urandom_read: 1 callbacks suppressed
[   22.966557] random: sshd: uninitialized urandom read (32 bytes read)
2019/09/05 01:50:08 parsed 1 programs
[   23.074095] audit: type=1400 audit(1567648208.292:7): avc:  denied  { map } for  pid=1776 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   23.136281] audit: type=1400 audit(1567648208.352:8): avc:  denied  { map } for  pid=1776 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=5044 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
[   23.673124] random: cc1: uninitialized urandom read (8 bytes read)
2019/09/05 01:50:09 executed programs: 0
[   24.528599] audit: type=1400 audit(1567648209.742:9): avc:  denied  { map } for  pid=1776 comm="syz-execprog" path="/root/syzkaller-shm915688996" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
[   28.780867] ==================================================================
[   28.788366] BUG: KASAN: stack-out-of-bounds in unwind_next_frame+0x169f/0x1810
[   28.795727] Read of size 8 at addr ffff8881d7397860 by task syz-executor.1/2854
[   28.803154] 
[   28.804772] CPU: 0 PID: 2854 Comm: syz-executor.1 Not tainted 4.14.141+ #0
[   28.811764] Call Trace:
[   28.814345]  dump_stack+0xca/0x134
[   28.817870]  ? unwind_next_frame+0x169f/0x1810
[   28.822449]  ? unwind_next_frame+0x169f/0x1810
[   28.827013]  print_address_description+0x60/0x226
[   28.832024]  ? unwind_next_frame+0x169f/0x1810
[   28.836588]  ? unwind_next_frame+0x169f/0x1810
[   28.841151]  __kasan_report.cold+0x1a/0x41
[   28.845372]  ? unwind_next_frame+0x169f/0x1810
[   28.849938]  unwind_next_frame+0x169f/0x1810
[   28.854330]  ? retint_kernel+0x2d/0x2d
[   28.858200]  ? perf_callchain_user+0x4a7/0xf80
[   28.862775]  ? deref_stack_reg+0xe0/0xe0
[   28.866816]  ? perf_callchain_user+0x2d1/0xf80
[   28.871380]  ? retint_kernel+0x2d/0x2d
[   28.875250]  perf_callchain_kernel+0x3a0/0x540
[   28.879813]  ? perf_callchain_kernel+0x540/0x540
[   28.884550]  ? arch_perf_update_userpage+0x330/0x330
[   28.889648]  ? perf_callchain+0x147/0x190
[   28.893794]  ? futex_wait_setup+0x132/0x330
[   28.898113]  get_perf_callchain+0x2f5/0x770
[   28.902419]  ? put_callchain_buffers+0x60/0x60
[   28.906987]  ? perf_callchain+0x150/0x190
[   28.911131]  perf_callchain+0x147/0x190
[   28.915107]  perf_prepare_sample+0x6a8/0x1360
[   28.919587]  ? perf_output_sample+0x1700/0x1700
[   28.924242]  ? perf_prepare_sample+0x1360/0x1360
[   28.928978]  ? perf_swevent_put_recursion_context+0x1a/0xa0
[   28.934673]  perf_event_output_forward+0xdc/0x220
[   28.939498]  ? perf_prepare_sample+0x1360/0x1360
[   28.944249]  ? __perf_event_overflow+0x1cc/0x340
[   28.948999]  ? check_preemption_disabled+0x35/0x1f0
[   28.954000]  __perf_event_overflow+0x12d/0x340
[   28.959433]  perf_swevent_overflow+0x7a/0xf0
[   28.963824]  perf_swevent_event+0x112/0x270
[   28.968127]  perf_tp_event+0x633/0x7f0
[   28.972000]  ? perf_swevent_put_recursion_context+0xa0/0xa0
[   28.977733]  ? trace_hardirqs_on+0x10/0x10
[   28.981951]  ? __lock_acquire+0x5d7/0x4320
[   28.986258]  ? perf_trace_run_bpf_submit+0x113/0x170
[   28.991349]  ? check_preemption_disabled+0x35/0x1f0
[   28.996348]  perf_trace_run_bpf_submit+0x113/0x170
[   29.001264]  perf_trace_lock_acquire+0x341/0x4e0
[   29.006005]  ? HARDIRQ_verbose+0x10/0x10
[   29.010051]  ? retint_kernel+0x2d/0x2d
[   29.013934]  ? get_futex_key+0x4c1/0xf90
[   29.017992]  lock_acquire+0x279/0x360
[   29.021775]  ? futex_wait_setup+0x132/0x330
[   29.026093]  _raw_spin_lock+0x2a/0x40
[   29.029878]  ? futex_wait_setup+0x132/0x330
[   29.034180]  futex_wait_setup+0x132/0x330
[   29.038327]  ? get_futex_key+0xf90/0xf90
[   29.042382]  futex_wait+0x1ad/0x570
[   29.045994]  ? futex_wait_setup+0x330/0x330
[   29.050309]  ? wake_up_q+0xea/0x150
[   29.053920]  ? drop_futex_key_refs.isra.0+0x17/0xb0
[   29.058929]  ? futex_wake+0x15b/0x440
[   29.062719]  do_futex+0x13f/0x1980
[   29.066242]  ? trace_hardirqs_on+0x10/0x10
[   29.070459]  ? perf_trace_lock_acquire+0x341/0x4e0
[   29.075384]  ? exit_robust_list+0x240/0x240
[   29.079699]  ? HARDIRQ_verbose+0x10/0x10
[   29.083747]  ? __might_fault+0x104/0x1b0
[   29.087883]  ? lock_downgrade+0x5d0/0x5d0
[   29.092012]  ? lock_acquire+0x12b/0x360
[   29.095984]  ? __might_fault+0xd4/0x1b0
[   29.099957]  ? __might_fault+0x177/0x1b0
[   29.104013]  ? _copy_to_user+0x82/0xd0
[   29.107900]  SyS_futex+0x1c5/0x2c3
[   29.111429]  ? do_futex+0x1980/0x1980
[   29.115210]  ? SyS_clock_gettime+0x7d/0xe0
[   29.119425]  ? do_clock_gettime+0xd0/0xd0
[   29.123572]  ? do_syscall_64+0x43/0x520
[   29.127523]  ? do_futex+0x1980/0x1980
[   29.131303]  do_syscall_64+0x19b/0x520
[   29.135172]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   29.140355] RIP: 0033:0x459879
[   29.143534] RSP: 002b:00007fdc08e83cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[   29.151231] RAX: ffffffffffffffda RBX: 000000000075bf28 RCX: 0000000000459879
[   29.158479] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000075bf28
[   29.165738] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[   29.172988] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bf2c
[   29.180257] R13: 00007ffe4052c1ef R14: 00007fdc08e849c0 R15: 000000000075bf2c
[   29.187682] 
[   29.189286] The buggy address belongs to the page:
[   29.194194] page:ffffea00075ce5c0 count:0 mapcount:0 mapping:          (null) index:0x0
[   29.202325] flags: 0x4000000000000000()
[   29.206278] raw: 4000000000000000 0000000000000000 0000000000000000 00000000ffffffff
[   29.214149] raw: 0000000000000000 ffffea00075ce5e0 0000000000000000 0000000000000000
[   29.222006] page dumped because: kasan: bad access detected
[   29.227690] 
[   29.229293] Memory state around the buggy address:
[   29.234198]  ffff8881d7397700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.241532]  ffff8881d7397780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.248877] >ffff8881d7397800: 00 00 00 f1 f1 f1 f1 f1 f1 04 f2 00 f3 f3 f3 00
[   29.256213]                                                        ^
[   29.262691]  ffff8881d7397880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.270031]  ffff8881d7397900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.277365] ==================================================================
[   29.284701] Disabling lock debugging due to kernel taint
[   29.290128] Kernel panic - not syncing: panic_on_warn set ...
[   29.290128] 
[   29.297470] CPU: 0 PID: 2854 Comm: syz-executor.1 Tainted: G    B           4.14.141+ #0
[   29.305673] Call Trace:
[   29.308336]  dump_stack+0xca/0x134
[   29.311857]  panic+0x1ea/0x3d3
[   29.315028]  ? add_taint.cold+0x16/0x16
[   29.318991]  ? lock_downgrade+0x5d0/0x5d0
[   29.323129]  ? unwind_next_frame+0x169f/0x1810
[   29.327695]  end_report+0x43/0x49
[   29.331140]  ? unwind_next_frame+0x169f/0x1810
[   29.335698]  __kasan_report.cold+0xd/0x41
[   29.339824]  ? unwind_next_frame+0x169f/0x1810
[   29.344386]  unwind_next_frame+0x169f/0x1810
[   29.348771]  ? retint_kernel+0x2d/0x2d
[   29.352637]  ? perf_callchain_user+0x4a7/0xf80
[   29.357197]  ? deref_stack_reg+0xe0/0xe0
[   29.361237]  ? perf_callchain_user+0x2d1/0xf80
[   29.365797]  ? retint_kernel+0x2d/0x2d
[   29.369670]  perf_callchain_kernel+0x3a0/0x540
[   29.374242]  ? perf_callchain_kernel+0x540/0x540
[   29.378978]  ? arch_perf_update_userpage+0x330/0x330
[   29.384059]  ? perf_callchain+0x147/0x190
[   29.388188]  ? futex_wait_setup+0x132/0x330
[   29.392502]  get_perf_callchain+0x2f5/0x770
[   29.396805]  ? put_callchain_buffers+0x60/0x60
[   29.401367]  ? perf_callchain+0x150/0x190
[   29.405495]  perf_callchain+0x147/0x190
[   29.409464]  perf_prepare_sample+0x6a8/0x1360
[   29.413946]  ? perf_output_sample+0x1700/0x1700
[   29.418596]  ? perf_prepare_sample+0x1360/0x1360
[   29.423338]  ? perf_swevent_put_recursion_context+0x1a/0xa0
[   29.429040]  perf_event_output_forward+0xdc/0x220
[   29.433877]  ? perf_prepare_sample+0x1360/0x1360
[   29.438621]  ? __perf_event_overflow+0x1cc/0x340
[   29.443364]  ? check_preemption_disabled+0x35/0x1f0
[   29.448361]  __perf_event_overflow+0x12d/0x340
[   29.452922]  perf_swevent_overflow+0x7a/0xf0
[   29.457328]  perf_swevent_event+0x112/0x270
[   29.461627]  perf_tp_event+0x633/0x7f0
[   29.465494]  ? perf_swevent_put_recursion_context+0xa0/0xa0
[   29.471191]  ? trace_hardirqs_on+0x10/0x10
[   29.475423]  ? __lock_acquire+0x5d7/0x4320
[   29.479650]  ? perf_trace_run_bpf_submit+0x113/0x170
[   29.484731]  ? check_preemption_disabled+0x35/0x1f0
[   29.489724]  perf_trace_run_bpf_submit+0x113/0x170
[   29.494635]  perf_trace_lock_acquire+0x341/0x4e0
[   29.499370]  ? HARDIRQ_verbose+0x10/0x10
[   29.503421]  ? retint_kernel+0x2d/0x2d
[   29.507286]  ? get_futex_key+0x4c1/0xf90
[   29.511326]  lock_acquire+0x279/0x360
[   29.515107]  ? futex_wait_setup+0x132/0x330
[   29.519409]  _raw_spin_lock+0x2a/0x40
[   29.523186]  ? futex_wait_setup+0x132/0x330
[   29.527485]  futex_wait_setup+0x132/0x330
[   29.531612]  ? get_futex_key+0xf90/0xf90
[   29.535675]  futex_wait+0x1ad/0x570
[   29.539284]  ? futex_wait_setup+0x330/0x330
[   29.543581]  ? wake_up_q+0xea/0x150
[   29.547188]  ? drop_futex_key_refs.isra.0+0x17/0xb0
[   29.552193]  ? futex_wake+0x15b/0x440
[   29.555978]  do_futex+0x13f/0x1980
[   29.559500]  ? trace_hardirqs_on+0x10/0x10
[   29.563714]  ? perf_trace_lock_acquire+0x341/0x4e0
[   29.568656]  ? exit_robust_list+0x240/0x240
[   29.572965]  ? HARDIRQ_verbose+0x10/0x10
[   29.577163]  ? __might_fault+0x104/0x1b0
[   29.581238]  ? lock_downgrade+0x5d0/0x5d0
[   29.585375]  ? lock_acquire+0x12b/0x360
[   29.589338]  ? __might_fault+0xd4/0x1b0
[   29.593309]  ? __might_fault+0x177/0x1b0
[   29.597357]  ? _copy_to_user+0x82/0xd0
[   29.601231]  SyS_futex+0x1c5/0x2c3
[   29.604768]  ? do_futex+0x1980/0x1980
[   29.608551]  ? SyS_clock_gettime+0x7d/0xe0
[   29.612767]  ? do_clock_gettime+0xd0/0xd0
[   29.616897]  ? do_syscall_64+0x43/0x520
[   29.620863]  ? do_futex+0x1980/0x1980
[   29.624650]  do_syscall_64+0x19b/0x520
[   29.628520]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   29.633687] RIP: 0033:0x459879
[   29.636855] RSP: 002b:00007fdc08e83cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[   29.644540] RAX: ffffffffffffffda RBX: 000000000075bf28 RCX: 0000000000459879
[   29.651799] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000075bf28
[   29.659067] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[   29.666317] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bf2c
[   29.673576] R13: 00007ffe4052c1ef R14: 00007fdc08e849c0 R15: 000000000075bf2c
[   29.681733] Kernel Offset: 0x5400000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[   29.692631] Rebooting in 86400 seconds..